threats

Millions of websites based on React and Next.js contain an easy-to-exploit vulnerability that can lead to complete server takeover. How can you check if your server is vulnerable and protect corporate web assets?

The Whisper Leak attack allows its perpetrator to guess the topic of your conversation with an AI assistant — without decrypting the traffic. We explore how this is possible, and what you can do to protect your AI chats.

Here’s how to mitigate the risks of targeted attacks on your organization’s mail servers.

How attackers use AI-generated fake websites to distribute trojanized builds of the legitimate Syncro remote access tool (RAT).

Systematic measures and tools that organizations can use to defend against malicious browser extensions.

How malicious extensions can spoof AI sidebars in the Comet and Atlas browsers, intercept user queries, and manipulate model responses.

We examine how popular Canon printers could become a foothold for attackers within an organization’s network.

Pixnapping is an Android vulnerability discovered by researchers that allows apps to steal passwords, one-time codes, and other confidential information from the screen without any special permissions from the operating system. How does it work, and what can you do to protect yourself?

You’ve received a threatening email. What’s your next move?

Researchers have discovered that 50% of data transmitted via satellites is unencrypted. This includes your mobile calls and texts, along with banking, military, government, and other sensitive information. How did this happen, and what can we do about it?

Which social networks mostly just display your posts to your friends, and which ones use them for AI training and ad targeting? We explore the 2025 privacy rankings for popular social media platforms.

Which messaging apps leak the least amount of your data, and provide the most control over your privacy? Today we discuss the latest rankings of popular communication platforms.

Attackers are abusing legitimate websites to host hidden SEO links. We break down their tactics, and what you can do about it.

Can hackers really hijack your car in 2025?

Any game based on the popular Unity engine made in the last eight years can allow attackers to get into your computer or smartphone. Here’s what to do about it.

Artificial intelligence has given scammers a new set of tools for deception — from generating deepfakes, to instantly setting up phishing websites or fraudulent email campaigns. Let’s discuss the latest AI trends in phishing and scams — and how to stay safe.

A new large-scale attack on a popular JavaScript code registry has hit around 150 packages. The automatic propagation of the threat makes it especially dangerous — developers need to react ASAP.

How 5G smartphone connectivity can be compromised, and what it means for subscribers.

This article explains what might happen if someone transfers you funds and then you withdraw the equivalent in cash from your account to give to them, or if you use your own card to pay for a purchase they make.

WordPress sites are increasingly becoming targets of attacks exploiting vulnerabilities in plugins and themes. In this post, we examine recent cases and share protection tips.

A popular developer tool has been trojanized and is uploading secrets to public GitHub repositories. We discuss what’s important to know for both developers and cybersecurity services.