Chargebacks only capture a narrow slice of fraud losses, hiding bigger issues that affect revenue, customer experience, and long-term profitability.
Two malicious versions of Axios, the most downloaded JavaScript HTTP client library, were briefly published to NPM and contained a cross-platform RAT. Google has attributed the attack to suspected North Korean threat actor UNC1069.
Forgotten laptops issued to contractors and former employees represent a growing and underappreciated attack surface, combining credential exposure, lateral movement risk, and compliance failures into one persistent blind spot.
Government agencies across Latin America are being hammered by cyberattacks at a rate far exceeding the global average, with incidents striking Colombia's health ministry, Puerto Rico's transport department, and Mexico's government systems.
Researchers at Rutgers University have developed VitalID, a biometric authentication system that uses low-frequency skull vibrations generated by breathing and heartbeat to verify the identity of XR headset users without requiring any additional hardware.
Most AI detection systems learn from post-compromise artifacts, but new data from GreyNoise reveals that attacker behavior — including fresh infrastructure and behavioral spikes — frequently surfaces well before a breach is confirmed.
Fortinet has released an emergency hotfix for CVE-2026-35616, a critical 9.1-scored authentication bypass flaw in FortiClient EMS that is already being exploited in the wild. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog, mandating federal agencies patch by April 9.
A new Ekoparty report based on 605 LatAm cybersecurity professionals reveals the region faces 40% more cyberattacks than the global average while struggling to tap its largely self-trained talent pool.
OpenAI has introduced a new $100 monthly Pro subscription for ChatGPT, directly mirroring Anthropic Claude's pricing structure and targeting coders and enterprise users who need advanced AI capabilities.
The threat group TeamPCP is leveraging credentials harvested from supply chain attacks on open source projects to rapidly breach AWS, Azure, and SaaS environments, with some victims compromised within 24 hours of initial theft.