wolfSSL Vulnerability Hits IoT, Routers and Military Systems, Update to 5.9.1 Now
Critical wolfSSL flaw CVE-2026-5194 allows digital ID forgery across billions of devices, update to version 5.9.1 to fix the issue and reduce risk.
Kraken Exchange Faces Extortion After Insider Recorded System Footage
Kraken exchange faces extortion after a staff member misused access to record internal systems, about 2,000 accounts affected, no funds or systems breached.
Ransomware-Linked ViperTunnel Malware Hits UK and US Businesses
ViperTunnel is a Python-based backdoor linked to DragonForce ransomware that targets businesses using Windows servers across the US and the UK.
OpenAI Rotates macOS Certificates Following Axios Supply Chain Breach
OpenAI rotates macOS certificates after downloading a compromised Axios version, urging users to update apps before revoked certificates are blocked in May 2026.
BITTER APT Uses Signal, Google, and Zoom Lures to Spread ProSpy Spyware
BITTER APT spreads ProSpy and ToSpy via Signal, Google, and Zoom lures, targeting journalists through LinkedIn and iMessage spearphishing.
OpenSSF Flags Malware Campaign on Slack Posing as Linux Foundation Figures
OpenSSF warns hackers impersonate Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems.
Alleged German DDoS-for-Hire Kingpin Behind Fluxstress Caught in Thailand
Alleged German cybercrime figure behind Fluxstress and Neldowner arrested in Thailand after years running global DDoS-for-hire services across countries.
Hacker Used Claude Code, GPT-4.1 to Exfiltrate Hundreds of Millions of Mexican Records
A lone hacker used Claude Code and GPT-4.1 to exfiltrate hundreds of millions of Mexican citizen records from 9 government agencies.
FBI Recovers Deleted Signal Messages Through iPhone Notifications
Signal messages may persist in iPhone notification data, enabling FBI access even after deletion, a court case reveals.
Google Chrome Update Disrupts Infostealer Cookie Theft
Google adds Device Bound Session Credentials (DBSC) to Chrome 146, using hardware keys to block infostealer use of stolen session cookies on Windows.