UnsolicitedBooker targets Central Asian telecoms with LuciDoor and MarsSnake, while PseudoSticky and Cloud Atlas hit Russia.

RoguePilot flaw let GitHub Copilot leak GITHUB_TOKEN, while new studies expose LLM side channels, ShadowLogic backdoors, and promptware risks.

Russia-linked UAC-0050 targeted a European financial institution using a spoofed Ukrainian domain to deploy RMS remote access malware.

The campaigns detailed by AI upstart entail the use of fraudulent accounts and commercial proxy services to access Claude at scale while avoiding detection. Anthropic said it was able to attribute ...

Lazarus Group used Medusa ransomware in Middle East and U.S. healthcare attacks, with average $260,000 demands and 366 claimed incidents.

Identity risk escalates when control gaps, hygiene failures, impact, and intent align, forming toxic combinations that drive real breaches ...

Researchers uncover wormable XMRig campaign using BYOVD exploit and LLM-built React2Shell attacks hitting 90+ hosts.

AI attackers exploit Microsoft 365 misconfigurations at scale, with 13M phishing emails blocked in October 2025.

Critical vulnerabilities in four widely used VS Code extensions could enable file theft and remote code execution across 125M ...

CISA adds four actively exploited vulnerabilities to its KEV catalog, including Chrome RCE, Zimbra SSRF, Windows ActiveX, and ...

ThreatsDay Bulletin tracks active exploits, phishing waves, AI risks, major flaws, and cybercrime crackdowns shaping this week’s threat landscape.

FBI reports 1,900 ATM jackpotting cases since 2020, with $40.73M lost to Ploutus malware bypassing bank authorization.