New
VoidStealer malware steals Chrome master key via debugger trick
An information stealer called VoidStealer uses a new approach to bypass Chrome’s Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser.
VoidStealer malware steals Chrome master key via debugger trick
An information stealer called VoidStealer uses a new approach to bypass Chrome’s Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser.
DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover
A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, according to reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout. According to GTIG, multiple commercial.
Google paid $17.1 million for vulnerability reports in 2025
Google paid over $17 million to 747 security researchers who reported security bugs through its Vulnerability Reward Program (VRP) in 2025.
APT28 hackers deploy customized variant of Covenant open-source tool
The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations.
Zero‑Day Attacks on Enterprise Software Reach Record High, Google Warns
Almost a quarter of the zero days detected by Google in 2025 targeted security and networking appliances
Iran-linked hackers target IP cameras across Israel and Gulf states for military intelligence
Researchers observed Iran-linked actors targeting IP cameras across Israel and Gulf countries, likely to support military intelligence and battle damage assessment. According to the Check Point Cyber Security Report 2026, cyber operations are increasingly used to support.
Threat modeling AI applications
AI threat modeling helps teams identify misuse, emergent risk, and failure modes in probabilistic and agentic AI systems. The post Threat modeling AI applications appeared first on Microsoft Security Blog .