The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical ...

A phishing campaign targeting healthcare, government, hospitality, and education sectors uses several evasion techniques to avoid detection.

Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain. The attack typically begins when a victim downloads a business-themed ZIP ...

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, worm-like malware across dozens of packages, security firms say. Named CanisterWorm ...

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across developer systems.

As hundreds of vendors descend on San Francisco for the RSAC 2026 Conference, the sheer volume of news can be overwhelming. To help you navigate the noise, SecurityWeek is providing a daily digest of ...

Vibe coding, like many other technological revolutions, started as a thing of wonder. Now we are seeing its large-scale application in building software and apps, and as a critical tool of business ...

Opal Security, the modern identity security and access governance company, today announced three new AI-native capabilities that together form the industry's first unified platform for seeing, ...

Wondering if Linux has AI companions that are as accessible, capable, and easy to use as Microsoft Copilot? Try these AI ...

The US cybersecurity agency CISA has flagged a critical code injection flaw in Langflow, the open-source visual framework widely used to build AI agent ...

There's a lot more to a model than just benchmarks.