Hackers can use some Generative Artificial Intelligence (GenAI) tools as command-and-control (C2) infrastructure, hiding malicious traffic in plain sight and even using them as decision-making engines ...

CVE-2026-2329 allows unauthenticated root-level access to SMB phones, so attackers can intercept calls, commit toll fraud, and impersonate users.

A China-related attacker has exploited the vendor flaw since mid-2024, allowing it to move laterally, maintain persistent access, and deploy malware.

AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate ...

Critical CVE-2026-2329 flaw in Grandstream GXP1600 VoIP phones enables unauthenticated RCE, call interception, and credential theft.

Vulnerabilities in PDF platforms from Foxit and Apryse could have been exploited for account takeover, data exfiltration, and ...

Researchers show AI assistants can act as stealth C2 proxies, enabling malware communication, evasion, and runtime attack automation.

The new security option is designed to thwart prompt-injection attacks that aim to steal your confidential data.

Five extensions were doing all sorts of malicious acts, including stealing payment data.

Palo Alto Networks held its Ignite on Tour London 2026 event recently and an element of the organisation’s presentations mentioned the now-released Global Incident Report 2026.

Credential stuffing attacks use stolen passwords to log in at scale. Learn how they work, why they’re rising, and how to defend with stronger authentication.