416 posts from this source
Cybersecurity researchers have discovered a new iteration of an Android malware family called NGate that has been found to abuse a legitimate application called...
Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment IDE, Antigravity, that could be exploited to ac...
Newly Added Vulnerabilities The U.S. Cybersecurity and Infrastructure Security Agency CISA added eight new vulnerabilities to its Known Exploited Vulnerabiliti...
Overview A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible s...
Monday’s recap shows the same pattern in different places. A third‑party tool becomes a way in, then leads to internal access. A trusted download path is briefl...
The fastest way to fall in love with an AI tool is to watch the demo. Everything moves quickly. Prompts land cleanly. The system produces impressive outputs in...
Cybersecurity researchers have discovered a critical “by design” weakness in the Model Context Protocol’s MCP architecture that could pave the way for remote co...
Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalinati...
Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials Web infrastructure provider Vercel has disclosed a security breach that allows bad a...
Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised s...
Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or r...
The National Institute of Standards and Technology NIST has announced changes to the way it handles cybersecurity vulnerabilities and exposures CVEs listed in i...
An international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed denial‑of‑service DDoS o...
A recently disclosed high‑severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infra...
Overview Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumen...
You know that feeling when you open your feed on a Thursday morning and it's just… a lot? Yeah. This week delivered. We've got hackers getting creative in ways...
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non‑human identities...
Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution...
Overview A bank approved a Taboola pixel. That pixel quietly redirected logged‑in users to a Temu tracking endpoint. This occurred without the bank’s knowledge...
A 'novel' social engineering campaign has been observed abusing Obsidian, a cross‑platform note‑taking application, as an initial access vector to distribute a...
Overview The Computer Emergencies Response Team of Ukraine CERT‑UA has disclosed details of a new campaign that targeted governments and municipal healthcare i...
Overview Unknown threat actors compromised CPUID cpuid.com, a website that hosts popular hardware monitoring tools such as CPU‑Z, HWMonitor, HWMonitor Pro, and...
Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, a...
Overview Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to t...
Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily in...
While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there's a wide-open window nobody's guarding: AI browse...
Google has made Device Bound Session Credentials DBSC generally available to all Windows users of its Chrome web browser, months after it began testing the secu...
A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosu...
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoo...
Overview Details have emerged about a now‑patched security vulnerability in a widely used third‑party Android software development kit SDK called EngageLab SDK...
Overview Details have emerged about a now‑patched security vulnerability in a widely used third‑party Android software development kit SDK called EngageLab SDK...
A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear‑phishing campaigns targeting Taiwanese non‑governmental organizations NGO...
Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting...
As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, au...
Threat actors have been exploiting a previously unknown zero‑day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2...
An apparent hack‑for‑hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and gover...
Cybersecurity researchers have flagged a new variant of malware called Chaos that is capable of hitting misconfigured cloud deployments, marking an expansion of...
Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial‑of‑service DDoS attacks. Called Masjesu, the botne...
APT28 aka Forest Blizzard and Pawn Storm has been linked to a fresh spear‑phishing campaign targeting Ukraine and its allies to deploy a previously undocumented...
The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragme...
Artificial Intelligence AI company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new fronti...
The North Korea‑linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and P...
Overview Iran‑affiliated cyber actors are targeting internet‑facing operational technology OT devices across critical infrastructures in the United States, inc...
The Russia‑linked threat actor known as APT28 aka Forest Blizzard has been linked to a new campaign that has compromised insecure MikroTik and TP‑Link routers a...
Vulnerability Details A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins...
An active campaign has been observed targeting internet‑exposed instances running ComfyUI, a popular Stable Diffusion platform, to enlist them into a cryptocurr...
In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: identity programs are maturing, yet the r...
When talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the ave...
