A sophisticated macOS infostealer campaign that leverages deceptive ClickFix-style social engineering to distribute MacSync, a Malware-as-a-Service (MaaS) credential-stealing tool targeting cryptocurrency users. The attack chain begins…
The final day of Pwn2Own Automotive 2026 brought the world’s elite security researchers to the finish line with a spectacular display of hacking prowess. Over…
A sophisticated three-stage malware attack campaign against Windows users in South Korea using specially crafted LNK (shortcut) files. The attack begins with a deceptive LNK…
Node.js has implemented a new quality control measure on its HackerOne bug bounty program, requiring researchers to maintain a minimum Signal reputation score of 1.0…
The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalogue with four critical security flaws affecting widely-used enterprise software and…
A critical backdoor vulnerability discovered in the LA-Studio Element Kit for the Elementor plugin poses an immediate threat to more than 20,000 WordPress installations. The…
Fake Captcha and “ClickFix” lures have emerged as among the most persistent and deceptive malware-delivery mechanisms on the modern web. These pages mimic legitimate verification…
TrustAsia has revoked 143 SSL/TLS certificates following the discovery of a critical vulnerability in its LiteSSL ACME service. The flaw, disclosed on January 21, 2026,…
Fortinet has officially confirmed active exploitation of critical FortiCloud single sign-on (SSO) authentication bypass vulnerabilities affecting multiple enterprise security appliances. The company disclosed two vulnerabilities…
Day Two of Pwn2Own Automotive 2026 kicked off with high intensity, as security researchers targeted automotive infotainment systems, EV chargers, and gateways. Building on Day…
Miami, Florida, January 22nd, 2026, CyberNewsWire Halo Security, a leading provider of external attack surface management and penetration testing services, today announced it has successfully…
A critical code injection vulnerability in the popular Node.js binary-parser library exposes applications to arbitrary JavaScript execution. CERT/CC published Vulnerability Note VU#102648 on January 20,…
