Ken Underhill

Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via malicious websites.

A Chrome extension posing as an Amazon ad blocker was caught hijacking affiliate links in the background, redirecting commissions without user consent.

Microsoft released an emergency Office patch to fix an actively exploited zero-day flaw that lets attackers bypass security via malicious files.

Microsoft patched a Windows Remote Assistance flaw that lets attackers bypass Mark of the Web, weakening protections against malicious downloads and phishing files.

OX Security reveals how malicious Chrome extensions exposed AI chats from ChatGPT and DeepSeek, silently siphoning sensitive data from 900,000 users.

A newly disclosed macOS vulnerability bypasses Apple’s TCC privacy controls, allowing silent access to files, microphone data, and user activity.

Researchers warn that attackers are abusing Google notifications and cloud services to deliver phishing emails that bypass traditional email security controls.

An unsecured database exposed 4.3 billion LinkedIn-derived records, enabling large-scale phishing and identity-based attacks.

A fake Leonardo DiCaprio movie torrent is spreading Agent Tesla malware through trusted Windows tools

Explore the top cybersecurity predictions for 2026, from AI-driven threats to predictive SOCs and new risks to trust, identity, and critical systems.

Splunk for Windows has a high-severity flaw that lets local users escalate privileges through misconfigured file permissions. Learn how to fix it.

Researchers say Russia’s Gamaredon and North Korea’s Lazarus may be sharing infrastructure — a rare APT collaboration.