Trojan abuses Microsoft Phone Link app to steal your passwords

The CloudZ Trojan steals data through Microsoft Phone Link. The campaign has been active since at least January 2026.  Follow ...

AI Won’t Replace Cybersecurity Experts, But It Could Elevate Them

From a defensive perspective, AI excels at accelerating pattern recognition, automating repetitive workflows and analyzing ...

MuddyWater hackers use Chaos ransomware as a decoy in attacks

The MuddyWater Iranian hackers disguised their operations as a Chaos ransomware attack, relying on Microsoft Teams social ...
The Hacker News

âš¡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

Critical cPanel flaw under attack, Copy Fail Linux privilege escalation, TeamPCP supply chain campaign, GitHub RCE & major ...

One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...
The Hacker News

ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

SMS blasters, npm supply chain hits, and unpatched Windows flaws. Stay ahead of new phishing kits and exposed servers.
Bleeping Computer

Critical flaw in wolfSSL library enables forged certificate use

A critical vulnerability in the wolfSSL SSL/TLS library can weaken security via improper verification of the hash algorithm or its size when checking Elliptic Curve Digital Signature Algorithm (ECDSA) ...
TechCrunch

Adobe fixes PDF zero-day security bug that hackers have exploited for months

Adobe has patched a vulnerability in its flagship document-reading apps, Acrobat DC, Reader DC and Acrobat 2024, that hackers have been actively exploiting for at least four months. The vulnerability, ...