Hackers can now take over WordPress sites instantly using a simple plugin flaw ...

A convincing impersonation of TidBITS contributor Glenn Fleishman on our public Slack group fooled an experienced IT professional into installing the OSX.Odyssey infostealer. Because Slack is designed ...

Programmable blockchain Solana's SOL token has hit five-week lows after an exploit at one of its largest perpetual decentralized exchange, Drift, underscored that security risks go beyond just smart ...

Sen. Chris Van Hollen (D-Md.) discusses what he views as threats to free speech following the brief suspension of late-night host Jimmy Kimmel and the Trump ...

The decade-old ActiveMQ flaw was uncovered and weaponized in minutes, showing AI’s exploit-building potential amid the Mythos ...

Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support ...

Email subscription bombing (also known as subscription flooding or email spam bombing) is an attack technique that overwhelms ...

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.

Resolv’s USR dollar stablecoin is trading at just $0.24 after an attacker minted 80 million unbacked tokens, forcing a full protocol pause and reopening fears over stablecoin risk. Resolv Labs has ...

A pre‑authentication bug in SAML Web SSO, combined with weak access controls and cryptography, allows attackers to escalate privileges and achieve remote code execution.

Last week, cybersecurity researchers uncovered a hacking campaign targeting iPhone users that used an advanced hacking tool called DarkSword. Now someone has leaked a newer version of DarkSword and ...

The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize ...