The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login ...

CVE-2026-41940 exploitation by 2,000 IPs enabled Filemanager backdoor attacks, causing credential theft and persistent access ...

The official White House app bypasses privacy consent dialogs, has dormant GPS tracking, and loads code from a random ...

Then imagine it replying: "Sorry, the website won't let me in." That's the quiet failure mode behind most AI agents today.

A security researcher who decompiled the White House's new mobile app says it contains hidden GPS-tracking capabilities, weak ...

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...

Be honest with me. How many of your passwords are still some version of your pet’s name followed by a number? Studies have shown that roughly 80% of data breaches involve weak or reused passwords.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again. Use AARP’s interactive scam-tracking map to easily search for ...

Google recently published – and then quickly hid – a potentially dangerous bug found in the Chromium web browser. The ...

21st May 2026: We added new Heartopia codes to the list! Heartopia is our first new favourite game of 2026! This free-to-play, mobile-first "slow life sim" really delivers on its promise — it's the ...

The cybercrime group ShinyHunters claimed to have hacked Instructure again, defacing the login pages of several Instructure customer schools with an extortion message.