If you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse. 10 Apr 2026 • , 5 min. read The worst… Read More "Here’s how to avoid a ‘second strike’"
AI is the Top Cyber Priority for Defenders as Criminals Exploit it
Cyber criminals have embraced AI as a core component of campaigns, allowing even low-level hackers to conduct far more sophisticated and prolific attacks, PwC has warned. A new report from global consultancy firm’s incident response team has revealed that the… Read More "AI is the Top Cyber Priority for Defenders as Criminals Exploit it"
HTTPS certificate industry phasing out less secure domain validation methods
Posted by Chrome Root Program Team Secure connections are the backbone of the modern web, but a certificate is only as trustworthy as the validation process and issuance practices behind it. Recently, the Chrome Root Program and the CA/Browser Forum… Read More "HTTPS certificate industry phasing out less secure domain validation methods"
AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
A recent decision by HackerOne to suspend new vulnerability submissions to its crowdsourced Internet Bug Bounty (IBB) program has spotlighted the growing remediation challenges across the industry, driven by the rapid advancement of AI-assisted bug hunting and discovery. Launched in… Read More "AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties"
EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts
A new EtherRAT malware campaign using Ethereum smart contracts to hide command-and-control (C2) infrastructure has been identified by researchers. According to a new advisory published by eSentire on March 25, the activity was observed during a March 2026 incident response… Read More "EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts"
Google Online Security Blog: New Android Theft Protection Feature Updates: Smarter, Stronger
Posted by Nataliya Stanetsky, Fabricio Ferracioli, Elliot Sisteron, Irene Ang of the Android Security Team Phone theft is more than just losing a device; it’s a form of financial fraud that can leave you suddenly vulnerable to personal data and… Read More "Google Online Security Blog: New Android Theft Protection Feature Updates: Smarter, Stronger"
Russia’s Forest Blizzard Nabs Rafts of Logins via SOHO Routers
A Russian espionage group has been silently sniffing Internet traffic from targets across the planet for more than a year now, using old bugs in unloved and Internet-exposed small office/home office (SOHO) routers. Victims include ministries of foreign affairs and… Read More "Russia’s Forest Blizzard Nabs Rafts of Logins via SOHO Routers"
Rapid Exploitation of CVE-2026-21962 Hits Oracle WebLogic
A critical Oracle WebLogic vulnerability was weaponized almost immediately after public exploit code became available, according to a new honeypot-based analysis covering attack activity between January 22 and February 3, 2026. The research focused on CVE-2026-21962, a remote code execution (RCE)… Read More "Rapid Exploitation of CVE-2026-21962 Hits Oracle WebLogic"
Keeping Google Play & Android app ecosystems safe in 2025
Posted by Vijaya Kaza, VP and GM, App & Ecosystem Trust The Android ecosystem is a thriving global community built on trust, giving billions of users the confidence to download the latest apps. In order to maintain that trust, we’re… Read More "Keeping Google Play & Android app ecosystems safe in 2025"
‘BlueHammer’ Windows Exploit Signals Microsoft Disclosure Issues
The leak online of exploit code for an apparent Windows zero-day flaw dubbed “BlueHammer” could be the sign of a larger issue that security researchers face when collaborating with Microsoft on vulnerability disclosure. Using the alias “Chaotic Eclipse,” a researcher… Read More "‘BlueHammer’ Windows Exploit Signals Microsoft Disclosure Issues"