New stealthy Quasar Linux malware targets software developers

A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers' systems with a mix of rootkit, ...

Instructure hacker claims data theft from 8,800 schools, universities

The hacker behind a breach at education technology giant Instructure claims to have stolen 280 million data records for students and staff from 8,809 colleges, school districts, and online education ...

DAEMON Tools trojanized in supply-chain attack to deploy backdoor

Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems ...

Student hacked Taiwan high-speed rail to trigger emergency brakes

A 23-year-old university student in Taiwan was arrested for interfering with the TETRA communication system used by the ...

Google now offers up to $1.5 million for some Android exploits

Google overhauls its Android and Chrome vulnerability rewards programs, offering bounties of up to $1.5 million for the most ...

Vimeo data breach exposes personal information of 119,000 people

The ShinyHunters extortion gang stole personal information belonging to over 119,000 people after hacking the Vimeo online ...

The EOL Blind Spot in Your CVE Feed: What SCA Tools Miss

Critical vulnerabilities can exist in open source software your scanners don't check. HeroDevs reveals how EOL software ...

Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison

A Latvian national extradited to the United States was sentenced to 8.5 years in prison for his "cold case" negotiator role ...

CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs

A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that ...

ScarCruft hackers push BirdCall Android malware via game platform

The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain ...

Weaver E-cology critical bug exploited in attacks since March

Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since ...

CISA says ‘Copy Fail’ flaw now exploited to root Linux systems

CISA has warned that threat actors have started exploiting the "Copy Fail" Linux security vulnerability in the wild, one day ...