A Denver startup called Koloma -- backed by Bill Gates' Breakthrough Energy organization and Amazon's climate fund -- has ...
Three popular plugins served malicious JavaScript through a compromised CDN.
CVE-2026-48907 in the Widget Factory Joomla Content Editor (JCE) is currently being exploited in automated attacks. The Joomla JCE exploit requires no authentication ...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited ...
Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 (CVSS ...
With the ability to take control of distributed devices at scale, HalluSquatting has the potential to achieve various ...
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit, ...
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal ...
Two critical Cursor IDE vulnerabilities, dubbed DuneSlide, let prompt injection break the editor's command sandbox with no ...
An exposed WP-SHELLSTORM server revealed tools, logs, cloud credentials, and thousands of webshells used in a large website ...
A year ago, ESET Research was part of two major operations that disrupted some of the leading cybercriminal operations at the time, Lumma Stealer and Danabot. More recently, our researchers are once ...