Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks
Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed...
researchers
Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now
Oct 08, 2025Ravie LakshmananVulnerability / Software Security Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp...
XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities
Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range...
CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief
Oct 04, 2025Ravie LakshmananAgentic AI / Enterprise Security Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting...
North Korea Remote Worker Scam Goes Global, Expands Target Industries
A report by Okta researchers says the notorious North Korea IT worker scams, which have focused on U.S. tech and...
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown
Oct 02, 2025Ravie LakshmananPython / Malware Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository...
Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro
Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to...
Smashing Security podcast #437: Salesforce’s trusted domain of doom
Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed “ForcedLeak”, let them smuggle AI-read instructions in...
Researchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud Exploits
Sep 30, 2025Ravie LakshmananArtificial Intelligence / Vulnerability Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence...
New Android Trojan “Datzbro” Tricking Elderly with AI-Generated Facebook Travel Events
Cybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover (DTO) attacks and...
Security Breaches Found in AI-Powered Repair Tool Wondershare RepairIt
Image: Sashkin/Adobe Stock Cybersecurity researchers have revealed two critical flaws in Wondershare RepairIt, an AI-powered repair tool used by millions,...
Microsoft Sniffs Out AI-Based Phishing Campaign Using Its AI-Based Tools
Microsoft’s threat researchers recently detected and blocked a phishing campaign that appeared to use a large language model (LLM) to...
First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package
Sep 29, 2025Ravie LakshmananMCP Server / Vulnerability Cybersecurity researchers have discovered what has been described as the first-ever instance of...
New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module
Sep 26, 2025Ravie LakshmananMalware / Browser Security Cybersecurity researchers have discovered an updated version of a known Apple macOS malware...
Post-Quantum Cryptography and the Future of Data Security
Quantum computing is no longer science fiction. In the last ten years, researchers and tech companies have competed to build...
