ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...

Kalshi allegedly violated users' privacy by disclosing certain financial information about them to Google and LinkedIn, a California resident alleges in a new class-action complaint.

The real difference lies deeper – because where should a web office suite run in the first place? All answers are legitimate: ...

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Researchers at Cyera found six vulnerabilities in prtobuf.js, including a flaw that can turn attacker-controlled schema data ...

Microsoft confirms it temporarily removed GitHub repos after Miasma worm compromised 73 of its open-source projects to inject ...

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a victim's repositories, including private ones. They could have initiated ...

Unleash your inner 80s slasher in Roblox Survive the Killer, where you stalk and eliminate your victims. But did you know you could do all that hacking and slashing in style? We have listed all the ...

JavaScript is the foundation of the modern web. From simple button clicks to complex web applications, almost everything interactive you see online runs on JavaScript. Whether you are a beginner ...

A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions with more than 50,000 downloads, to monitor browser activity and plant a backdoor. The ...