Finding Balance in US AI Regulation

A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale. Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign –…

You probably can’t break FIDO authentication. Still, researchers have shown that there are ways to get around it.

Researchers say a likely Russian APT used a compromised employee email account to attack Kazakhstan’s biggest company, though the oil and gas firm claims it was a pen test.

Cybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index (PyPI) repository that come with capabilities to steal data and even delete sensitive data from infected systems. The list of identified packages is below – @async-mutex/mutex, a typosquat of async-mute (npm) dexscreener, which masquerades as a library for accessing…

Google has announced that it’s discontinuing its dark web report tool in February 2026, less than two years after it was launched as a way for users to monitor if their personal information is found on the dark web. To that end, scans for new dark web breaches will be stopped on January 15, 2026,…

Ransomware groups target enterprises during off-hours, weekends, and holidays when security teams are stretched thin and response times lag.