FIRESTARTER backdoor hit Cisco ASA in Sept 2025, persists after patching CVE-2025-20333, risking continued federal network ...

FakeWallet apps since fall 2025 hijack crypto recovery phrases via Apple App Store China accounts, enabling wallet theft.

Tropic Trooper used trojanized SumatraPDF and GitHub C2 in 2024 to deploy AdaptixC2, enabling covert VS Code tunnel access.

AI agents inherit hidden authority from fragmented identities, creating a delegation gap that demands real-time governance.

CVE-2026-33626 exploited within 13 hours of disclosure, enabling SSRF-based cloud credential theft and internal scanning.

ThreatsDay Bulletin: active exploits, supply chain attacks, AI abuse, and stealth data risks observed this week.

UNC6692 has been attributed to a large email campaign that's designed to overwhelm a target's inbox with a flood of spam ...

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...

Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they ...

GopherWhisper infected 12 Mongolian government systems in January 2025, abusing Slack and Discord for C2, exposing wider ...

Apple fixes CVE-2026-28950 in iOS 26.4.2 after deleted notifications were retained, mitigating forensic data exposure.

AI-driven attacks collapse exploit windows, widening the patch gap and forcing faster vulnerability prioritization strategies ...