A serious security problem has been discovered in Cursor, the AI-powered code editor. Researchers revealed that malicious code can run on a developer’s computer the very moment a project folder is opened in Cursor, and the frightening part is that it happens without any warning or confirmation prompt. The flaw exists because Cursor ships with … Continued
A new wave of malware known as EvilAI is worrying security researchers because it uses artificial intelligence to stay hidden and look trustworthy. Instead of being obvious viruses, these threats are disguised as normal productivity or AI apps. At first glance, they seem safe, but once installed, they quietly deliver harmful code into a system. … Continued
A Ukrainian man accused of carrying out large-scale ransomware attacks has officially been added to Europe’s Most Wanted list. Authorities say he played a key role in cyberattacks that caused serious financial and operational damage to companies around the world. The fugitive has been identified as Volodymyr Viktorovych Tymoshchuk, a 28-year-old Ukrainian citizen. Law enforcement … Continued
Cybersecurity researchers have discovered that attackers are misusing ConnectWise ScreenConnect, a widely used remote access tool, to deliver AsyncRAT, a dangerous Remote Access Trojan. The malicious campaign is designed to steal sensitive data, login credentials, and even cryptocurrency from unsuspecting victims. The attack begins when a victim downloads or installs a tampered version of the … Continued
In July 2025, just before key trade talks between the United States and China in Sweden, a suspicious email began making rounds. The email looked like it was sent by Representative John Moolenaar, who chairs the House committee on U.S.–China competition. It asked recipients to review a draft of legislation, but the attachment was actually … Continued
A major security incident has hit the JavaScript ecosystem as more than 20 popular npm packages were compromised in a supply chain attack. These packages together are downloaded over 2 billion times every week, making the attack one of the most serious seen in recent years. Well-known libraries like chalk and debug were among the … Continued
A new security report has revealed that a dangerous flaw in Apple’s Messages app was used to spy on journalists. At the same time, businesses using SAP S/4HANA are being warned about a critical vulnerability that attackers are already exploiting. Both cases show how quickly hackers move and why updating software immediately is more important … Continued
A new zero-day vulnerability has been discovered in Sitecore, and attackers are already taking advantage of it. The flaw is tracked as CVE-2025-53690 and has been linked to active exploitation in the wild. Security researchers from Mandiant revealed that hackers are using this weakness to run malicious code on vulnerable servers, giving them a direct … Continued
Security researchers have discovered a cyber campaign where Chinese-linked hackers are secretly manipulating Google search results to push gambling websites. The operation, uncovered by cybersecurity company ESET, has been named GhostRedirector. Evidence shows it started in August 2024 and was still active in June 2025, running undetected for many months. The attackers managed to compromise … Continued
Japan, South Korea, and the United States recently held a joint forum in Tokyo to tackle a sophisticated scam. In this scheme, individuals connected to North Korea pretend to be IT professionals. They apply for remote jobs, get hired by unsuspecting companies, then steal data, funnel money back to North Korea, or launder payroll. At … Continued
