The OnyxC2 stealer surfaced on a cybercrime network earlier this year and is available through Malware-as-a-Service (MaaS) for hire starting at $250 per month. The rental price for OnyxC2 is at the higher end of stealer costs. This is primarily… Read More "OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month"
Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts, vCards,… Read More "New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets"
Corporate IT and security teams have the unenviable task of keeping relentless and increasingly sophisticated adversaries at bay. They’re often faced with limited resources and expanding attack surfaces, but recruiting and retaining top-tier security professionals to run an in-house Security… Read More "How SMBs use threat research and MDR to build a defensive edge"
Cybersecurity firm Group-IB has revealed that a recent Interpol-led cybercrime law enforcement operation has led to the takedown of an established phishing-as-a-service (PhaaS) platform and the arrest of its main operator developer. The crackdown, dubbed Operation Ramz, ran from October… Read More "Interpol Dismantles SniperDz Phishing-as-a-Service Platform"
For the past year, Spotify has been quietly purging tens of thousands of podcasts that advertised illegal online pharmacies. A report released Thursday by Senator Maggie Hassan, ranking member of the Joint Economic Committee, faults the company for acting only… Read More "Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts"
The US Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday announced a new directive that requires federal agencies to prioritize patching the highest-risk security flaws. CISA established the Known Exploited Vulnerabilities (KEV) catalog in 2021, accompanied by BOD 22-01, which… Read More "CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk"
Ravie LakshmananJun 11, 2026Hacking News / Cybersecurity News It’s been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there’s a supply chain attack kit in a public repo, a… Read More "Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories"
How age-weighted reputation became the blind spot Most enterprise mail filters from major vendors, including Microsoft Defender for Office 365, Proofpoint, Mimecast and Cisco Talos, factor domain age heavily into their classification decisions. A freshly registered .com triggers immediate reputation… Read More "Aged-domain acquisition: The tradecraft phishing operators are using to bypass your mail filter’s reputation score"
The ability to continue operating safely in an unsafe environment where competitors cannot is a competitive advantage that is rarely measured or discussed 06 Mar 2026 • , 5 min. read Cybersecurity is one of the few business functions where… Read More "What cybersecurity actually does for your business"
US federal agencies have been instructed to overhaul their vulnerability management practices, shifting away from rigid, deadline-driven patching toward a risk-based approach that prioritizes the most actively exploited threats, under new guidance from the Cybersecurity and Infrastructure Security Agency (CISA).… Read More "CISA Orders Agencies to Patch by Risk, Not Severity"
