A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.

A forged cross-chain message bypassed state proof validation on the bridge contract, granting admin control over the bridged ...

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged ...

A threat actor started exploiting CVE-2026-39987, an unauthenticated RCE vulnerability in Marimo, nine hours after public ...

Anthropic's new initiative, Project Glasswing, unites a dozen major organizations—including Apple, Google, Microsoft, AWS, ...

The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing malicious Telnyx package versions to PyPI in an effort to plant credential-stealing malware on ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

iPhone users should be on alert: DarkSword spyware has been posted in the wild. Credit: Cheng Xin/Getty Images DarkSword, the web-based hacker tool that can be used to steal data from millions of ...

The exploit, revealed last week by Google’s Threat Intelligence Group, is now publicly available on GitHub, increasing the urgency for older iPhones and iPads to run the latest available iOS and ...

Threat actors have demonstrated just how quickly they operate today after exploiting a critical open source vulnerability within 20 hours, working only from the advisory description. The bug, CVE-2026 ...

Following its recent disclosure of the Coruna exploit chain targeting older iOS versions, the company has now revealed a similar attack believed to be called DarkSword. Here are the details. A few ...

A new exploit kit for iOS devices and delivery framework dubbed “DarkSword” has been used to steal a wide range of personal information, including data from cryptocurrency wallet apps. DarkSword ...