AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Google rushes Chrome update fixing two zero-days already under attack

CVE-2026-3909 is an out-of-bounds write flaw in Skia, the graphics library Chrome uses to render web content and parts of its ...

Critical 0-Click Microsoft Excel Security Bug Lets Copilot Steal Data

Excel users are warned to update now, as a critical vulnerability has been confirmed that can lead to “zero-click information ...
PC Magazine

Microsoft Bug Let Copilot Access Confidential Emails Without Consent

Microsoft has admitted that a coding bug accidentally allowed Copilot Chat to access and summarize confidential emails. As Bleeping Computer reports, the flaw bypasses data loss prevention (DLP) ...