This is a current list of where and when I am scheduled to speak: I’m giving a virtual talk on “The Security of Trust in the Age of AI,” hosted by the Financial...

!https://www.bleepstatic.com/content/hl-images/2026/05/14/NGINX.jpg An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scan...

!https://www.bleepstatic.com/content/posts/2026/05/14/trucking-logistics-header-image.jpg Written by Ben Wilkens, director of cybersecurity, NMFTA Working in cy...

!https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEld5BcqD9rYWVjx7o_XlV5pN_9djvilow0iIYP-LlFEzGReX8fTPZ0gKi9zMGVLTT8qddHu5FyBMaZpQroEzYFpsoPWf96hD7Je...

2026-05-14 9 min read !https://cf-assets.www.cloudflare.com/zkvhlag99gkb/Oks4iSyX4BLy7M5BvPGaN/d25ec1ab5e087ce062af37f969060972/image9.png At Cloudflare, we are...

Introduction I, Dwight Bedsaul, believe there is something interesting about building tools people use every single day without even thinking about them. URL s...

!https://www.bleepstatic.com/content/hl-images/2026/02/17/Microsoft-Teams.jpg Initial access broker KongTuke has moved to Microsoft Teams for social engineering...

!PraisonAIhttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2IaSkdVZD_wyJJT-sODoazviDXhw3MGkn5XHYocnTL1YfLJpgJ-1wNaAm0Rk0phyrIv8vS73SNNkPSmlxRkK9ySAQG...

!https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi45HPlwBwWVoL1fRSEGy7bjtz4Z05lAO8NWxLqPrzQ93c3j5aaj_CaK5gCrJC6aYP0ePV36n27rw33vJv5mUXf3mtdOEItJjHrSk...

Constantly signing in to websites and apps is a huge inconvenience, even when you employ a password managerhttps://www.androidauthority.com/lastpass-password-ma...

Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software...

Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation LPE vulnerability that allows local attackers to gain root ac...

Overview Cybersecurity researchers have disclosed multiple security vulnerabilities affecting NGINX Plus and NGINX Open, including a critical flaw that remaine...

Apple has published the full list of security fixes for Safari 26.5, which includes fixes for 20 WebKit vulnerabilities and a WebRTC issue that could cause an u...

!https://www.bleepstatic.com/content/hl-images/2026/04/07/Iranian-hackers.jpg The Iran‑linked hacking group MuddyWater also known as Seedworm or Static Kitten l...

Overview A new Linux local privilege escalation vulnerability named Fragnesia has been disclosed. It is a Dirty Frag-like flaw that allows arbitrary byte write...

Apple has stepped in to warn that EU proposals to force Google to open Android to competing AI services pose serious risks to user privacy, security, and safety...

Image: Windows AI Introducing MDASH Microsoft has unveiled a new multi‑model artificial‑intelligence AI‑driven system called MDASH to facilitate vulnerability d...

A threat actor with affiliations to China has been linked to a “multi‑wave intrusion” targeting an unnamed Azerbaijani oil and gas company between late December...

The UK’s AI Security Institute evaluated GPT‑5.5’s ability to find security vulnerabilities and found that it is comparable to Claude Mythos. The OpenAI model i...

Android Adds Intrusion Logging !Android Intrusion Logginghttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBNoTD0wrxHsoNUfZVLT2ImOUNC-2Md_wih6gTim-zb...

Description The toXml function provides a sanitize option that developers enable to protect XML output from injection. However, sanitization is only applied to...

!https://www.bleepstatic.com/content/hl-images/2026/05/07/canvas-logo.jpg Congressional request for testimony The U.S. House Committee on Homeland Security has...

!https://www.bleepstatic.com/content/hl-images/2026/05/12/0_Android-Shield.jpg Scam‑call and banking‑app protections Android 17, expected to roll out next month...

Enhanced protection against banking scam calls Google announced a new spoof‑calling protection feature that automatically ends calls from numbers impersonating...

!RubyGems attack imagehttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggIbYm86Vn45Nd86Hd5IEqHufRIS5Ud3spGUy5JWHy-My-NBVocyj-aR7E3gBKibPnrWd5DRYnDfmba...

Overview Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network TON for command‑and‑control C2....

From finance and procurement to supply chain and manufacturing, specialized AI agents are moving into the enterprise systems where business decisions are made,...

Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn’t always alert volume; it’s the blind...

Overview TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of npm and PyPI packages from TanStack, UiPat...

Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likel...

OpenAI has launched Daybreak, a new cybersecurity initiative that combines frontier artificial‑intelligence model capabilities with Codex Securityhttps://thehac...

Overview Both privilege‑escalation vulnerabilities stem from bugs in the Linux kernel’s handling of page caches stored in memory, allowing untrusted users to m...

Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing AST plugin had been published on the Jenkins Marketplace. The...

Compromised Jenkins AST Plugin !Jenkins AST plugin imagehttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq0A3_8O89uC968dpFnFxE4v3J4fpr5nEqC-2QiSJ_rt...

A threat actor known as Mr_Rot13 has been actively exploiting the recently disclosed critical cPanel vulnerability CVE‑2026‑41940 to deploy a backdoor dubbed Fi...

Google on Monday disclosed that it identified an unknown threat actor using a zero‑day exploit that it said was likely developed with an artificial intelligence...

!https://www.bleepstatic.com/content/hl-images/2026/05/11/ai.jpg Zero‑Day Exploit Generated with AI Researchers at Google Threat Intelligence Group GTIG say a z...

Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes w...

Comments Privacy – May 11, 2026 8:07 AM To hide text, try white text on a white background. The human eye won’t see it but the computer will. If you want to te...

Summary A malicious Hugging Face repository managed to reach the platform's trending list by impersonating OpenAI's Privacy Filter open‑weight model. The repos...

!https://www.androidauthority.com/wp-content/uploads/2023/02/grapheneos-boot-animation.jpg TL;DR - GrapheneOS claims Google and Apple are increasingly using dev...

!https://www.bleepstatic.com/content/hl-images/2026/05/07/Claude_AI.png Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malv...

!https://www.bleepstatic.com/content/hl-images/2026/04/29/Law_enforcement_arrest.jpg German authorities have shut down a relaunch version of the criminal market...

!Ollama Vulnerabilityhttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj92eUjjTTMJPizvUJGwq7Ych7nrXHwGRNt3hS9yjNGRJk5d3pdIKjeZhQDVuFp0DnKjP4qoieGWFjswm...

markdown !JDownloader Headerhttps://www.bleepstatic.com/content/hl-images/2026/05/09/jdownloader-header.jpg JDownloader Supply‑Chain Attack May 2026 The officia...

!https://www.bleepstatic.com/content/hl-images/2026/03/24/hacker_box.jpg Overview A malicious Hugging Face repository that reached the platform’s trending list...

About Bruce Schneier !https://www.schneier.com/wp-content/uploads/2019/10/Bruce-Schneier.jpg I am a public-interest technologisthttps://public-interest-tech.co...