Cybersecurity researchers are warning about a new attack campaign targeting human resources departments with malicious job applications disguised as legitimate resumes. According to security research from Aryaka and reporting by Cybernews, attackers are sending resume files that secretly install malware designed to disable security tools and steal sensitive data. The attack begins with a recruiter

Continue Reading

A critical SQL injection vulnerability discovered in a widely used WordPress plugin has placed more than 400,000 websites at risk of database data exposure. Security researchers at Wordfence identified the flaw in “Ally – Web Accessibility & Usability,” a plugin designed to improve website accessibility. The issue affects versions up to 4.0.3 and has been

Continue Reading

Microsoft has released its March 2026 Patch Tuesday security updates, addressing 83 vulnerabilities across Windows, Office, SQL Server, Azure, and developer platforms. Among the fixes are eight critical vulnerabilities, along with two zero-day vulnerabilities that were publicly disclosed before patches became available. While Microsoft has not reported active exploitation at the time of release, publicly

Continue Reading

Artificial intelligence is rapidly transforming how security vulnerabilities are discovered and fixed. Recent developments from major AI companies suggest that automated security research may soon become a standard part of software development. Two separate initiatives highlight the shift: OpenAI’s Codex Security and a collaboration between Anthropic and Mozilla to identify vulnerabilities in the Firefox browser.

Continue Reading

A newly uncovered campaign shows how attackers can quietly transform legitimate browser extensions into malware—simply by acquiring them. As reported by TheHackerNews, security researchers recently discovered that two Google Chrome extensions turned malicious after their ownership changed hands, allowing attackers to inject code, steal sensitive data, and potentially compromise entire systems. From Helpful Tool to

Continue Reading

Security researchers at Malwarebytes have newly discovered a phishing campaign abusing legitimate Windows device management features to take control of victims’ computers without installing traditional malware. Instead of tricking users into downloading a malicious file, the attack relies on a convincing fake Google Meet update prompt. A Simple but Effective Phishing Page Victims encounter a

Continue Reading

A newly disclosed vulnerability in a widely used WordPress membership plugin is being actively exploited, allowing attackers to create administrator accounts and potentially take full control of affected websites. The flaw impacts the User Registration & Membership plugin developed by WPEverest, a popular WordPress extension used to manage registration forms, memberships, and payment integrations such

Continue Reading

Password manager provider LastPass is warning customers about an ongoing phishing campaign designed to steal login credentials by impersonating legitimate account activity notifications. According to the LastPass’ Threat Intelligence, Mitigation, and Escalation (TIME) team, the campaign began around March 1, 2026 and relies on fake email chains crafted to look like internal discussions about suspicious

Continue Reading