416 posts from this source
Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then some...
Overview cPanel has released security updates to address a vulnerability affecting various authentication paths that could allow an attacker to gain access to...
Added Vulnerabilities - CVE‑2024‑1708 - CVSS v3.1 Score: 8.4 - Description: Path traversal vulnerability in ConnectWise ScreenConnect. - Reference: https://cve...
In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python pac...
Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an auth...
A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer ca...
Overview Threat hunters are warning that the cyber‑criminal operation known as VECT 2.0 acts more like a wiper than ransomware due to a critical flaw in its en...
Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data th...
Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open‑source robotics platform with nearly 24,000...
When patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve been tracking advancements in AI, you know the exploit window—the short bu...
A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the United States from Italy. Xu Zewei, 34, was arrested i...
An administrative role meant for artificial intelligence AI agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, ac...
Overview Microsoft on Monday revised its advisory for a now‑patched, high‑severity security flaw impacting Windows Shell to acknowledge that it has been active...
Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cyber‑criminal group published data relate...
Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help d...
Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity‑focused...
A pro‑Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video‑conferencing software in Ru...
Cybersecurity researchers have discovered a new Lua‑based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran's nuclear program...
Added Vulnerabilities - CVE‑2024‑57726 – CVSS score: 9.9 Description: A missing authorization vulnerability affecting SimpleHelp. Additional vulnerabilities af...
The U.S. Cybersecurity and Infrastructure Security Agency CISA has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Se...
The Office of Inspector General OIG of the U.S. National Aeronautics and Space Administration NASA has revealed how a Chinese national posed as a U.S. researche...
The AI Agent Authority Gap - From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security...
Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal...
Overview Chinese‑speaking individuals are the target of a new campaign that uses a trojanized version of the SumatraPDF reader to deploy the AdaptixC2 Beacon p...
Summary A high‑severity security flaw in LMDeploy, an open‑source toolkit for compressing, deploying, and serving large language models LLMs, has been actively...
UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. As with many other in...
Threat Overview A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams...
Overview Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from JFrog a...
You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Sa...
Imagine a world where hackers don't sleep, don't take breaks, and find weak spots in your systems instantly. Well, that world is already here. Thanks to AI, att...
Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of post...
Mongolian governmental institutions have emerged as the target of a previously undocumented China‑aligned advanced persistent threat APT group tracked as Gopher...
Vercel revealed on Wednesday that it has identified an additional set of customer accounts compromised as part of a security incident that allowed unauthorized...
Overview Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the de...
Overview Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the de...
Cybersecurity researchers have warned of malicious images pushed to the official checkmarx/kicshttps://hub.docker.com/r/checkmarx/kics Docker Hub repository. In...
Overview Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self‑propagating worm that spread...
Overview The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor, deployed as part of attacks likely targeting ent...
Overview Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last ye...
On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses...
Overview Microsoft has released out‑of‑band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. Vu...
Overview Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking...
Overview A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vul...
Threat actors associated with The Gentlemen ransomware‑as‑a‑service RaaS operation have been observed attempting to deploy a known proxy malware called SystemBC...
Summary Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial‑to‑IP converters from Lantronix and Silex that could be ex...
Case Summary A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023....
Security teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the environment is an hour of potential...
Identity-based attacks remain a dominant initial access vector in breaches today. Attackers obtain valid credentials through credential stuffing....
