Cybersecurity researchers have revealed a new Android banking trojan named Sturnus, which facilitates credential theft and complete device takeover for financial fraud. A significant feature of Sturnus is its ability to bypass encrypted messaging services. According to ThreatFabric, the trojan captures content directly from the device screen after decryption, enabling it to m...

Many enterprises today grapple with the challenge of managing non-human identities, such as service accounts and AI agents, which operate in the background without clear ownership or oversight. These identities are proliferating rapidly, often outnumbering human users by more than 80 to 1. Traditional identity management tools struggle to address the unique characteristics of...

Oligo Security has issued a warning regarding ongoing attacks that exploit a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework. This vulnerability allows infected clusters with NVIDIA GPUs to be transformed into a self-replicating cryptocurrency mining botnet, known as ShadowRay 2.0. The attack primarily takes advantage of a critical mis...

Threat actors with ties to Iran have increasingly engaged in cyber warfare to facilitate and enhance physical, real-world attacks, a trend identified by Amazon as cyber-enabled kinetic targeting. This development indicates a blurring of lines between state-sponsored cyber attacks and kinetic warfare, prompting the need for a new category of warfare, as highlighted in a report...

A critical vulnerability in the WPvivid Backup & Migration WordPress plugin allows unauthenticated attackers to upload files and execute code on the server, potentially leading to full site takeover. This issue, tracked as CVE-2026-1357, has been assigned a severity score of 9.8 (Critical) and affects all plugin versions up to and including 0.9.123. A fix is available in...