Weekly Scan: Cloud, Cybersecurity, AI News — Feb 15, 2026

This week's critical security updates and vulnerability disclosures:

• CVE-2019-25376 | OPNsense 19.1 Proxy Endpoint ignoreLogACL cross site scripting (Exploit 46351 / EDB-46351) (6 mentions)
• CVE-2026-2530 | Wavlink WL-WN579A3 up to 20210219 /cgi-bin/wireless.cgi AddMac macAddr command injection (5 mentions)
• CVE-2025-9961 (3 mentions)

Lots of fascinating threat model-related advances, new risk management tools, games, and more!

Read Full Article →

The normalization of deviance, exciting threat modeling news, and a question of do regulatory threats change ‘the threat model’ as much as GPS attacks? Not yet.

Read Full Article →

A 29-year-old Polish man has been charged in connection with a data breach that exposed the personal details of around 2.5 million customers of the popular Polish e-commerce website Morele.net. Read more in my article on the Hot for Security blog.

Read Full Article →

Read Full Article →

A Chrome 145 update fixes CVE-2026-2441, a vulnerability that can likely be exploited for arbitrary code execution. The post Google Patches First Actively Exploited Chrome Zero-Day of 2026 appeared first on SecurityWeek .

Read Full Article →

Read Full Article →

Read Full Article →

A new preprint shows GPT-5.2 proposing a new formula for a gluon amplitude, later formally proved and verified by OpenAI and academic collaborators.

Read Full Article →

Introducing Lockdown Mode and Elevated Risk labels in ChatGPT to help organizations defend against prompt injection and AI-driven data exfiltration.

Read Full Article →

GABRIEL is a new open-source toolkit from OpenAI that uses GPT to turn qualitative text and images into quantitative data, helping social scientists analyze research at scale.

Read Full Article →

Introducing GPT-5.3-Codex-Spark—our first real-time coding model. 15x faster generation, 128k context, now in research preview for ChatGPT Pro users.

Read Full Article → *(Covered by: OpenAI News)*

An autonomous lab combining OpenAI’s GPT-5 with Ginkgo Bioworks’ cloud automation cut cell-free protein synthesis costs by 40% through closed-loop experimentation.

Read Full Article →

GPT‑5.3-Codex is the most capable agentic coding model to date, combining the frontier coding performance of GPT‑5.2-Codex with the reasoning and professional knowledge capabilities of GPT‑5.2.

Read Full Article →

How OpenAI built an in-house AI data agent that uses GPT-5, Codex, and memory to reason over massive datasets and deliver reliable insights in minutes.

Read Full Article →

On February 13, 2026, alongside the previously announced retirement⁠ of GPT‑5 (Instant, Thinking, and Pro), we will retire GPT‑4o, GPT‑4.1, GPT‑4.1 mini, and OpenAI o4-mini from ChatGPT. In the API, there are no changes at this time.

Read Full Article →

Taisei Corporation uses ChatGPT Enterprise to support HR-led talent development and scale generative AI across its global construction business.

Read Full Article →

Learn how OpenAI protects user data when AI agents open links, preventing URL-based data exfiltration and prompt injection with built-in safeguards.

Read Full Article →

Read Full Article →

Prism is a free LaTeX-native workspace with GPT-5.2 built in, helping researchers write, collaborate, and reason in one place.

Read Full Article →

How Praktika uses GPT-4.1 and GPT-5.2 to build adaptive AI tutors that personalize lessons, track progress, and help learners achieve real-world language fluency

Read Full Article →

A data-driven report on how workers across industries use ChatGPT—covering adoption trends, top tasks, departmental patterns, and the future of AI at work.

Read Full Article →

Discover how Higgsfield gives creators cinematic, social-first video output from simple inputs using OpenAI GPT-4.1, GPT-5, and Sora 2.

Read Full Article →

Amazon Connect now provides AI-powered Task overviews with suggested next actions so agents can understand work items faster and resolve them more quickly. For example, when an agent receives a Task to process a refund request submitted through an online form, Amazon Connect summarizes earlier ac...

Read Full Article →

Amazon Bedrock is a fully managed service that provides secure, enterprise-grade access to high-performing foundation models from leading AI companies, enabling you to build and scale generative AI applications. Today, Amazon Bedrock announced support for the latest open-weight models in Asia Pac...

Read Full Article →

Amazon Bedrock is a fully managed service that provides secure, enterprise-grade access to high-performing foundation models from leading AI companies. It enables you to build and scale generative AI applications. Amazon Bedrock already supported AWS PrivateLink for the bedrock-runtime endpoint. ...

Read Full Article →

AWS Backup now supports single-action database snapshot copies to logically air-gapped vaults across AWS Regions. This capability is available for Amazon Aurora, Amazon Neptune, and Amazon DocumentDB snapshots, eliminating the need for an intermediate copying step in target Regions. You can perfo...

Read Full Article →

AI agents introduce new security risks like prompt injection and data exfiltration. Learn how guardrails, hook-based controls, and Arcade’s Contextual Access secure AI agent tool calls in real time.

Read Full Article →

Today, AWS Payment Cryptography has become one of the first cloud-based payment cryptography services to obtain approval from Groupement des Cartes Bancaires (CB ), France's national card payment network. This CB approval, combined with existing compliance credentials, enables customers to run pa...

Read Full Article →

AWS Elastic Beanstalk now enables you to use GitHub Actions to automatically deploy web applications when you push code or configuration changes to your GitHub repository, streamlining your continuous integration and continuous deployment (CI/CD) pipeline for scalable web applications. GitHub Act...

Read Full Article →

Amazon Neptune Analytics is now available in Middle East (Bahrain), Middle East (UAE), Israel (Tel Aviv), Africa (Cape Town), Canada (Calgary), Asia Pacific (Malaysia), and Europe (Zurich) regions. You can now create and manage Neptune Analytics graphs in these new regions and run advanced graph ...

Read Full Article →

Starting today, Amazon EC2 G7e instances accelerated by NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs are now available in US West (Oregon) region. G7e instances offer up to 2.3x inference performance compared to G6e. Customers can use G7e instances to deploy large language models (LLMs), age...

Read Full Article →

Read Full Article → *(Covered by: Hong Kong PCPD)*

Read Full Article →

Read Full Article →

Julie Chatman never planned to get into cybersecurity. In fact, she believes most don’t but are mentored into it, as she was. Chatman started her professional career as a Navy Hospital Corpsman, specializing in medical laboratory science and technology — a core part of medical diagnostics. “I ana...

Read Full Article →

A Chrome 145 update fixes CVE-2026-2441, a vulnerability that can likely be exploited for arbitrary code execution. The post Google Patches First Actively Exploited Chrome Zero-Day of 2026 appeared first on SecurityWeek .

Read Full Article → *(Covered by: CyberScoop, SecurityWeek)*

AI automation, RaaS, a significant bump in vulnerability disclosures, and a rise in new ransomware gangs are reshaping the threat landscape and forcing defenders to change strategies. The post AI and RaaS Alter Threat Landscape, New Ransomware Groups Grow by 30% appeared first on Security Bouleva...

Read Full Article →

Ten years on, the Bangladesh Bank cyberheist — a landmark cybersecurity incident that rewrote the rules of nation state–sponsored hacking — continues to offer lessons for the cybersecurity community. Cyberspies hacked into Bangladesh Bank internal network and SWIFT (Society for Worldwide Interban...

Read Full Article →

Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Faz...

Read Full Article →

In this episode, we discuss two major tech stories impacting privacy and security. First, we analyze Ring’s new AI-powered ‘Search Party’ feature and its controversial Super Bowl ad that sparked privacy concerns. We then transition to a breaking story about a zero-click remote code execution flaw...

Read Full Article →

The article discusses the normalization of

Read Full Article → *(Covered by: Shostack + Friends Blog)*

GPS attacks trigger revisiting threat models

Read Full Article →

Prompted by participants, a few closing thoughts for 2025

Read Full Article →

Read up on Adam's New Thing from October

Read Full Article →

Understanding ‘prompt engineering’

Read Full Article →

LLM Insurance is, and will remain, a great source of insurer profits.

Read Full Article →

LLMs will change threat modeling. Will it be for the better?

Read Full Article →

Everyone wants robots to help with threat models. How’s that working out?

Read Full Article →

A 2025 view of threat modeling tools

Read Full Article → *(Covered by: Shostack + Friends Blog)*

What if we think about LLM coding as if it’s a compiler stage?

Read Full Article →

Threat modeling finds threats; risk management helps us deal with the tricky ones.

Read Full Article →

The CRA is coming and it's going to be a dramatic change for technology producers

Read Full Article →

Thinking of threat modeling with a knob helps you get more out of it.

Read Full Article →

The article indicates advancements in

Read Full Article → *(Covered by: Shostack + Friends Blog)*

What can we learn from Google’s approach to AI Agent Security

Read Full Article →

We think you should publish your threat model, and we’re publishing our arguments.

Read Full Article →

Automation sounds great, but what about the essence and beauty?

Read Full Article →

Andor teaches us about insider threats

Read Full Article →

What Andor can teach us about Information disclosure threats

Read Full Article →

What’s next for the CVE program?

Read Full Article →

Thoughts on the CVE funding crisis

Read Full Article →

Read Full Article →

Grateful to introduce the Hackers' Almanack!

Read Full Article →

A group of us have urged HHS to require better handling of security reports

Read Full Article →

Clarifying how to threat model AI

Read Full Article →

Some thoughts on the Voyager Episode ‘Inside Man’

Read Full Article →

BlackHat invites human factors work

Read Full Article → *(Covered by: Shostack + Friends Blog)*

Our comments on the National Cyber Incident Plan

Read Full Article →

Do diagrams leverage the brain in a different way?

Read Full Article →

Emerging research on Cyber Public Health

Read Full Article →

A few thoughts from a clickbait headline

Read Full Article →

Some thoughts on 25 years of the CVE program

Read Full Article →

A new paper on 'Pandemic Scale Cyber Events

Read Full Article →

Cyber Public Health is prompting fascinating conversations

Read Full Article →

Why is it hard to count lockbit infections?

Read Full Article →

How to effectively threat model authentication.

Read Full Article →

A new universal threat model - what can we learn from it?

Read Full Article →

The most important stories around threat modeling, appsec and secure by design for May, 2024.

Read Full Article →

Read Full Article →

What do we need to assess if memory safe langages are 'sufficient'?

Read Full Article →

Making an LLM forget is harder than it seems

Read Full Article →

The CSRB has released its report into an intrusion at Microsoft, and...it’s a doozy.

Read Full Article →

Read Full Article →

The NVD is in crisis, and so is patch management. It’s time to modernize.

Read Full Article →

Exploring LLM-driven coding as I get ready for Archimedes

Read Full Article →

Thoughts on the British Library incident

Read Full Article →

A busy month in appsec, AI, and regulation.

Read Full Article → *(Covered by: Shostack + Friends Blog)*

Solving hallucinations in legal briefs is playing on easy mode —— and still too hard

Read Full Article →

2024 is bringing lots of AI, and Liability, too

Read Full Article →

Read Full Article →

Principles are lovely, but do they lead us to actionable results?

Read Full Article →

We can learn a lot from comparing retrospectives

Read Full Article →

Adam featured on ML Sec Ops podcast

Read Full Article →

My latest at Dark Reading draws attention to how Microsoft can fix ransomware tomorrow.

Read Full Article →

Books that I read in the second quater that are worth your time include two memoirs, a great book on the security of ML, and more!

Read Full Article →

Read Full Article →

Phishing behaviors, as observed in the wild.

Read Full Article →

Some inferences from layoffs in responsible AI teams

Read Full Article →

Some diagrams to help clarify machine learning threats

Read Full Article →

Reflecting on the framing of the Threats book

Read Full Article →

A few tools, some thoughts on injection, some standards, and some of Adam’s appsec news.

Read Full Article → *(Covered by: Shostack + Friends Blog)*

Read Full Article →

The serious side of the book

Read Full Article →

Like the Force, each threat has a light side, and a dark side.

Read Full Article →

More thoughts about AI and threat modeling

Read Full Article →

Pointer to Adam’s latest Darkreading article

Read Full Article →

The OpenAI chatbot is shockingly improved — its capabilities deserve attention.

Read Full Article → *(Covered by: Shostack + Friends Blog)*

You don’t have to be technical, but you can’t make informed decisions about your business without threat modeling.

Read Full Article →

Threat modeling doesn't need to be a slow, heavyweight activity!

Read Full Article →

Tremendous training opportunities in threat modeling and other topics at Appsec Global 2021

Read Full Article →

What happened when Microsoft tried to buy climate abatements

Read Full Article →

The US Government's lead cybersecurity agencies have released an interesting report, and I wanted to use this for a Threat Model Thursday, where we take a respectful look at threat modeling work products to see what we can learn.

Read Full Article →

Arbitrarily powerful software -- applications, operating systems -- is a problem, as is preventing it from running on enterprise systems.

Read Full Article →

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can't delve into all of it.I did want to talk about one small aspect, which is the way responders talk about Darkside.

Read Full Article →

The timing of updates is not coincidental.

Read Full Article →

Thoughts on the issues with the Ever Given blocking the Suez Canal.

Read Full Article →

Bringing threat modeling to more and more people, now through a series of courses on LinkedIn.

Read Full Article →

For Data Breach Today, I spoke with Anna Delaney about threat modeling for issues that are in the news right now.

Read Full Article →

You may have noticed that my end of the year posts are all science focused. Today, a set of resources on the COVID vaccines.

Read Full Article →

Inspired by the recent story of Tesla's insider, I'd like to discuss insider threat as it fits into threat modeling.

Read Full Article →

Thoughts on Mark Rasch's essay, Conceal and Fail to Report - The Uber CSO Indictment

Read Full Article →

I have something to disclose...

Read Full Article →

I'm excited to see that they're Re-introducing the Cyentia Research Library, with cool (new?) features like an RSS feed. There are over 1,000 corporate research reports with data that companies paid to collect, massage, and release in a way they felt would be helpful to the rest of the world.

Read Full Article →

I want to call out some impressive aspects of a report by Proofpoint.

Read Full Article →

Understanding the way intrusions really happen is a long-standing interest of mine.

Read Full Article →

Exploring supply chain threat modeling with Alexa

Read Full Article →

For my first blog post of 2020, I want to look at threat modeling machine learning systems.

Read Full Article →

Let's talk CAKED, a threat model for managed attribution.

Read Full Article →

Sharing for you, bookmarking for me.

Read Full Article →

A breakdown of CTFs and eSports

Read Full Article →

What have we learned and what steps can we take?

Read Full Article →

I'm happy to say that some new research by Jay Jacobs, Wade Baker, and myself is now available, thanks to the Global Cyber Alliance.

Read Full Article →

My newest post over at Dark Reading ponders regulation.

Read Full Article →

Today is the last Star Wars Day before Episode 9 comes out, and brings the Skywalker saga to its end.

Read Full Article →

Over-inflated numbers won't scare me into buying your ‘solution’.

Read Full Article →

An unexpected book review.

Read Full Article →

Discussing the value of Security Advisory Boards

Read Full Article →

I'm pleased to be able to share work that Shostack + Associates and the Cyentia Institute have been doing for the Global Cyber Alliance.

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

There are a number of reports out recently, breathlessly presenting their analysis of one threatening group of baddies or another. Most readers should, at most, skim their analysis of the perpetrators. Read on for why.

Read Full Article →

Cambodia promises to dismantle cyber scam compounds by April, CISA urges companies to adopt the OpenEoX standard, Linux gets post-quantum crypto support, and Palo Alto Networks avoids attributing an APT to China.

Read Full Article →

Researchers found malicious npm and PyPI packages tied to a fake recruitment campaign linked to North Korea’s Lazarus Group. ReversingLabs researcher uncovered new malicious packages on npm and PyPI connected to a fake job recruitment campaign attributed to the North Korea-linked Lazarus Group. T...

Read Full Article → *(Covered by: Security Affairs)*

CTM360 reports 4,000+ malicious Google Groups and 3,500+ Google-hosted URLs used to spread the Lumma Stealer infostealing malware and a trojanized "Ninja Browser." The report details how attackers abuse trusted Google services to steal credentials and maintain persistence across Windows and Linux...

Read Full Article →

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT Breaking Down ZeroDayRAT – New Spyware Targeting Android and iOS Old-School IRC,...

Read Full Article → *(Covered by: Security Affairs)*

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Fintech firm Figure disclosed data breach afte...

Read Full Article → *(Covered by: Security Affairs)*

SSHStalker botnet uses old IRC communication, automated SSH brute-forcing, cron persistence, and cryptomining to efficiently exploit Linux servers.

Read Full Article →

Fintech firm Figure confirmed a data breach after hackers used social engineering to trick an employee and steal a limited number of files. Blockchain-based lending firm Figure confirmed a data breach after an employee fell victim to a social engineering attack. According to a company spokesperso...

Read Full Article → *(Covered by: Security Affairs)*

Threat intelligence observations show that a single threat actor is responsible for most of the active exploitation of two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340. [...]

Read Full Article →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an BeyondTrust RS and PRA vulnerability, tracked as CVE-2026-1731 (CVSS sco...

Read Full Article → *(Covered by: Security Affairs)*

Threat actors are sending physical letters pretending to be from Trezor and Ledger, makers of cryptocurrency hardware wallets, to trick users into submitting recovery phrases in crypto theft attacks. [...]

Read Full Article →

A new alleged Russia-linked APT group targeted Ukrainian defense, government, and energy groups, with CANFAIL malware. Google Threat Intelligence Group identified a previously undocumented threat actor behind attacks on Ukrainian organizations using CANFAIL malware. The group is possibly linked t...

Read Full Article → *(Covered by: Security Affairs)*

[](/images/nobody-is-talking-about-generalized-hill-climbing-header.webp) All the labs are using a combination of pre-training and [RL](https://en.wikipedia.org/wiki/Reinforc...

Read Full Article →

Researchers warn that a critical vulnerability patched this week in BeyondTrust Remote Support is being exploited in the wild to compromise self-hosted deployments, including Bomgar remote support appliances, which included affected versions of the impacted software. Bomgar, a provider of privile...

Read Full Article →

A new threat actor, UAT-9921, uses the modular VoidLink framework to target technology and financial organizations, Cisco Talos reports. Cisco Talos spotted a previously unknown threat actor, tracked as UAT-9921, using a new modular attack framework called VoidLink. The group targets organization...

Read Full Article → *(Covered by: Security Affairs)*

Zscaler's acquisition of SquareX comes as competitors like CrowdStrike and Palo Alto Networks are also investing in secure browser technologies.

Read Full Article →

The company said hackers downloaded “a limited number of files” after breaking into an employee’s account. The hacking group ShinyHunters took responsibility for the breach.

Read Full Article →

Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. [...]

Read Full Article →

WPvivid Backup & Migration plugin allows for arbitrary file upload which can lead to remote code execution.

Read Full Article →

South Korea’s data protection authority has handed down a combined KRW 36 billion (approximately US$25 million) in administrative fines to the local subsidiaries of three global luxury houses, after finding they failed to implement basic security controls while managing customer data through a Sa...

Read Full Article →

Developers have resolved a legacy flaw in the widely used libpng open-source library that existed since the software was released nearly 30 years ago. The heap buffer overflow in libpng would cause applications on unpatched systems to crash when presented with maliciously crafted PNG graphic imag...

Read Full Article →

AI agents are increasingly seen as a way to reinforce the capabilities of cybersecurity teams — but which can do the best job? Wiz has developed a benchmark suite of 257 real-world challenges spanning five offensive domains: zero-day discovery, CVE (code vulnerability) detection, API security, we...

Read Full Article →

A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hacking group as possibly affiliated with Russian intelligence services. The threat actor is assessed to hav...

Read Full Article →

The European Union can no longer afford to be “naive” about adversaries’ ability to switch off critical infrastructure, the EU’s top tech official warned Friday, as she called for tougher rules and more investment to protect Europe from cyber and hybrid threats.

Read Full Article →

The number of ways that Windows shortcut (.LNK) files can be abused just keeps growing: A cybersecurity researcher has documented four new techniques to trick Windows users into running malicious actions through innocent-looking shortcuts. Wietze Beukema demonstrated how to spoof the visible LNK ...

Read Full Article →

The Dutch phone giant Odido is the latest phone and internet company to be hacked in recent months, as governments and financially motivated hackers continue to steal highly confidential information about phone customers.

Read Full Article →

A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. "This threat actor seems to have been active since 2019, alt...

Read Full Article →

Attackers quickly targeted BeyondTrust flaw CVE-2026-1731 after a PoC was released, enabling unauthenticated remote code execution. Threat actors rapidly began exploiting a newly patched BeyondTrust vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), soon after a proof-of-concept exploit...

Read Full Article → *(Covered by: Security Affairs)*

Other noteworthy stories that might have slipped under the radar: vulnerabilities at 277 water systems, DoD employee acting as money mule, 200 airports exposed by flaw. The post In Other News: Google Looks at AI Abuse, Trump Pauses China Bans, Disney’s $2.7M Fine appeared first on SecurityWeek .

Read Full Article →

Hackers stole personal information such as names, addresses, and phone numbers from a customer contact system. The post Dutch Carrier Odido Discloses Data Breach Impacting 6 Million appeared first on SecurityWeek .

Read Full Article →

A tale of two industries The United States Navy takes 18-year-olds fresh out of high school and trains them to operate nuclear reactors in 18 months . These aren’t college graduates. They’re not experienced professionals. They’re young people with the right potential who go through the most rigor...

Read Full Article →

Google detected and blocked a campaign involving more than 100,000 prompts that it claimed were designed to copy the proprietary reasoning capabilities of its Gemini AI model, according to a quarterly threat report released by Google Threat Intelligence Group. The prompts looked like a coordinate...

Read Full Article →

Dutch telecommunications giant confirms breach, but says payment data remains secure.

Read Full Article →

AI-driven crypto scams surge as cybercrime hits $17B, with deepfakes, fraud kits, and industrial social engineering reshaping digital asset threats and defenses.

Read Full Article →

Exploitation attempts target CVE-2026-1731, a critical unauthenticated remote code execution flaw in BeyondTrust Remote Support. The post BeyondTrust Vulnerability Targeted by Hackers Within 24 Hours of PoC Release appeared first on SecurityWeek .

Read Full Article →

Smart organizations have spent the last three years protecting their AI tools from skilled prompt injection-style attacks. The assumption has been that poisoning the foundational model, the real brains behind AI systems, requires technical expertise, privileged access, or a coordinated threat gro...

Read Full Article →

Google says nation-state actors used Gemini AI for reconnaissance and attack support in cyber operations. Google DeepMind and GTIG report a rise in model extraction or “distillation” attacks aimed at stealing AI intellectual property, which Google has detected and blocked. While APT groups have n...

Read Full Article → *(Covered by: Security Affairs)*

Attackers are exploiting a recently patched critical vulnerability (CVE-2026-1731) in internet-facing BeyondTrust Remote Support and Privileged Remote Access instances. “Attackers are abusing get_portal_info to extract the x-ns-company value before establishing a WebSocket channel,” Ryan Dewhurst...

Read Full Article →

Proofpoint has acquired Acuvity, strengthening its platform with AI-native visibility, governance, and runtime protection for AI and agent-driven workflows. As generative AI reshapes how work gets done, organisations are deploying AI copilots, autonomous agents, and model-connected applications a...

Read Full Article →

When people talk about cryptography, they usually talk about algorithms. RSA versus ECC. Classical versus post quantum. Encryption strength measured in bits and curves. In practice, none of that matters unless keys are created, stored, rotated and retired correctly. Key management is the discipli...

Read Full Article →

Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr. "Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors," Ryan De...

Read Full Article →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Web Hel...

Read Full Article → *(Covered by: Security Affairs)*

Security information and event management (SIEM) platforms have evolved far beyond their basic log collection and correlation roots. With cyber threats moving too fast for manual intervention, leading vendors have been integrating artificial intelligence and machine learning technologies into the...

Read Full Article →

A multi-cloud strategy, building a distributed system, your Kubernetes pods need secure, passwordless authentication across AWS, Azure, and GCP. Read All

Read Full Article →

Sie fühlen sich leer ohne Security-Dashboard? Diese Dokumentationen überbrücken den Schmerz bis zum nächsten Arbeitstag. Foto: Gorodenkoff – shutterstock.com Wenn Sie in Ihrer Profession als Sicherheitsentscheider voll aufgehen, brauchen Sie möglicherweise auch zwischen den Arbeitstagen ihre tägl...

Read Full Article →

A threat actor is abusing an employee monitoring application and a remote monitoring and management platform in an attempt to deploy ransomware and steal cryptocurrency. According to researchers at Huntress , the unknown threat actor is leveraging NetworkLookout’s Net Monitor for Employees Profes...

Read Full Article →

Proofpoint is snapping up the startup to solve the industry’s newest headache: knowing what your autonomous AI is actually doing. The post Proofpoint acquires Acuvity to tackle the security risks of agentic AI appeared first on CyberScoop .

Read Full Article →

Ransomware has permanently changed how security leaders think about risk. Verizon’s 2025 Data Breach Investigations Report found that ransomware was involved in 44% of all breaches. For small and midsize businesses, the problem is big; ransomware was involved in nearly nine out of 10 breaches, co...

Read Full Article →

The research underscores how AI tools have matured in their cyber offensive capabilities, even as it doesn’t reveal novel or paradigm shifting uses of the technology. The post Google finds state-sponsored hackers use AI at ‘all stages’ of attack cycle appeared first on CyberScoop .

Read Full Article →

The AI-powered product delivers expert-grade malware analysis and reverse engineering in minutes.

Read Full Article →

A blind spot in Microsoft’s app and add-in marketplace security allowed an eagle-eyed hacker to hijack an abandoned Outlook add-in to carry out phishing attacks that compromised 4,000 users, researchers have discovered. The app in question, AgreeTo, is, or was, a meeting scheduling tool that firs...

Read Full Article →

Someone posted 150GB of emails to the dark web, claiming to hold 6.8 billion unique email addresses.

Read Full Article →

Die neue CYROS-App verknüpft Sicherheitswarnungen von Behörden und Fachquellen, um über Cybersicherheitsvorfälle zu informieren. Rawat Yapathanasap – shutterstock.com Ransomware-Attacken, Phishing und digitale Sabotage: Vor dem Hintergrund der zunehmenden Cyberbedrohungslage hat das Frankfurter C...

Read Full Article →

Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber a...

Read Full Article →

One industry official told CyberScoop the town halls are probably not what CIRCIA needs right now. The post CISA to host industry feedback sessions on cyber incident reporting regulation appeared first on CyberScoop .

Read Full Article →

Coupang’s massive data breach has sparked U.S. investor lawsuits against the South Korean government over alleged discrimination.

Read Full Article →

Full payment data, in cleartext, was leaked, affecting at least 6,000 OneFly customers.

Read Full Article →

Accenture Cybersecurity warns over difficult to detect, “sophisticated toolset” being deployed as part of extortion campaigns

Read Full Article →

Microsoft Patch Tuesday addresses high-severity flaw in Windows 11 Notepad that enabled remote code execution attacks.

Read Full Article →

When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle

Read Full Article →

Flashpoint warns of a dramatic drop in the average time between vulnerability disclosure and exploitation

Read Full Article →

A Polish individual has been charged

Read Full Article →

Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, tracked as CVE-2026-20700 (CVSS score: 7.8), has been described as a memory corruption issue in d...

Read Full Article →

AI assistants apparently can't distinguish between instructions and data, and that is at the center of many zero-click prompt injection attacks.

Read Full Article →

Tom Uren and Amberleigh Jack talk about Microsoft CEO Satya Nadella’s messaging around personnel changes at the top of its security organisation. These signal a focus on selling security products rather than on making secure products. They also discuss Expedition Cloud, a Chinese cyber range that...

Read Full Article →

Most signs suggest the group is running a massive hoax by claiming hundreds of initial victims, but at least some of the threat 0APT poses is grounded in truth backed by proven capabilities. The post 0APT ransomware group rises swiftly with bluster, along with genuine threat of attack appeared fi...

Read Full Article →

Acting Director Madhu Gottumukkala said it could affect everything from responding to threats to finalizing CIRCIA regulations. The post Acting CISA chief says DHS funding lapse would limit, halt some agency work appeared first on CyberScoop .

Read Full Article →

In moving away from traditional banks to focus on Web3 companies, the threat actor is leveraging LLMs, deepfakes, legitimate platforms, and ClickFix.

Read Full Article →

Most people don't think about spinner text. It's that little "Thinking..." or "Processing..." that ticks by while Claude Code works. Background noise. Furniture. Daniel went ahead and replaced all of them. I'm Kai — Daniel's AI assistant, running on Claude Code as part of [PAI](https://github.co...

Read Full Article →

AI apps are making their way into healthcare. It’s not clear that rigorous data security or privacy practices will be part of the package. The post Your AI doctor doesn’t have to follow the same privacy rules as your real one appeared first on CyberScoop .

Read Full Article →

NEW YORK, Feb. 11, 2026, CyberNewswire — GitGuardian , a leading secrets and Non-Human Identity (NHI) security platform and #1 app on GitHub Marketplace, today announced a $50 million Series C funding round led by global software investor Insight Partners … (more…) The post News alert: GitGuardia...

Read Full Article →

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fa...

Read Full Article →

Campaign combines stolen Telegram accounts, fake Zoom calls and ClickFix attacks to deploy infostealer malware

Read Full Article →

The Conduent breach keeps getting worse, with Volvo North America now involved.

Read Full Article →

"There is a lot of talk about Skills recently, both in terms of capabilities and security concerns. However, so far I haven\u0026rsquo;t seen anyone bring up hidden …"

Read Full Article →

Interesting research: “ CHAI: Command Hijacking Against Embodied AI .” Abstract: Embodied Artificial Intelligence (AI) promises to handle edge cases in robotic vehicle systems where data is scarce by using common-sense reasoning grounded in perception and action to generalize beyond training dist...

Read Full Article →

Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild. Of the 59 flaws, five are rated Critical, 52 are rated Important, and two are rated Moderate in severity. Twenty-five of the...

Read Full Article →

Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat (IRC) communication protocol for command-and-control (C2) purposes. "The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners (u...

Read Full Article →

The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft. "The intrusion relied on a social engineering scheme involving a compromised Te...

Read Full Article →

Microsoft said three of the exploited vulnerabilities were publicly known, suggesting attackers already had details about the defects prior to Tuesday’s release. The post Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities appeared first on CyberS...

Read Full Article →

Just one neglected server was enough to suffer a ransomware infection but this time, the damage was minimal.

Read Full Article →

High-volume phishing campaign delivers Phorpiex malware via malicious Windows Shortcut files

Read Full Article →

The Cybersecurity and Infrastructure Security Agency said the attack highlighted threats from vulnerable edge devices to operational technology and industrial control systems. The post After major Poland energy grid cyberattack, CISA issues warning to U.S. audience appeared first on CyberScoop .

Read Full Article →

Researchers reveal the new 0APT cyber group is fabricating attacks on large organisations. Learn how they use fake data to trick companies into paying.

Read Full Article →

Organizations must build on existing security practices and embrace phishing-resistant authentication to deliver robust protection.

Read Full Article →

Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself. BYOVD refers to an adversarial technique that...

Read Full Article →

Are ransomware and encryption still the defining signals of modern cyberattacks, or has the industry been too fixated on noise while missing a more dangerous shift happening quietly all around them? According to Picus Labs’ new Red Report 2026, which analyzed over 1.1 million malicious files and ...

Read Full Article →

Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0. "An improper neutralization of spe...

Read Full Article →

Attackers are using Pride Month themed phishing emails to target employees worldwide, abusing trusted email platforms like SendGrid to harvest credentials.

Read Full Article →

In 2023, the science fiction literary magazine Clarkesworld stopped accepting new submissions because so many were generated by artificial intelligence. Near as the editors could tell, many submitters pasted the magazine’s detailed story guidelines into an AI and sent in the results. And they wer...

Read Full Article →

Someone targeted a company operating multiple stalkerware apps and leaked names, email addresses, and partial payment card data.

Read Full Article →

SmarterTools confirmed last week that the Warlock (aka Storm-2603) ransomware gang breached its network by exploiting an unpatched SmarterMail instance. The incident took place on January 29, 2026, when a mail server that was not updated to the latest version was compromised, the company's Chief ...

Read Full Article →

The ransomware group breached SmarterTools through a vulnerability in the company's own SmarterMail product.

Read Full Article →

The threat actor has been compromising cloud environments at scale with automated worm-like attacks on exposed services and interfaces.

Read Full Article →

Researchers discovered a newly disclosed vulnerable driver embedded in Reynolds' ransomware, illustrating the increasing popularity of the defense-evasion technique.

Read Full Article →

US Secret Service gets involved, as merchants report cash payments only.

Read Full Article →

Security researchers from LayerX identified a new flaw in 50 Claude Desktop Extensions that could lead to unauthorized remote code execution

Read Full Article →

The Cyber Security Agency (CSA) of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector. "UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore's telecommunications sector," CSA said. "Al...

Read Full Article →

VoidLink, a Linux-based C2 framework, facilitates credential theft, data exfiltration across clouds

Read Full Article →

Popular image sharing site had its data compromised in a third-party breach.

Read Full Article →

Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths. A clear pattern ...

Read Full Article →

The services of Florida-based payments platform BridgePay are offline due to a ransomware attack

Read Full Article →

The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT. Cybersecurity vendor Kaspersky is tracking the activity under the moniker Stan Ghouls. The threat actor is known to be active ...

Read Full Article →

Oversecured has identified vulnerabilities in several popular mental health apps with tens of millions of downloads. The flaws could turn these apps into unintended data sources for surveillance, including personal conversations with AI therapists.

Read Full Article →

BeyondTrust has released updates to address a critical security flaw impacting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could result in remote code execution. "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote A...

Read Full Article →

A software company gets hacked through vulnerabilities in its own product, European agencies are hacked via recent Ivanti zero-days, Senegal is being extorted by hackers, and a state actor is behind a Signal phishing campaign in Germany.

Read Full Article →

Germany's Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carry...

Read Full Article →

It’s no longer just about reverse-engineering n-days. You can detect vulnerabilities in open-source repositories before a CVE is published - or even if they’re never published. Here’s how I built an LLM workflow to detect “negative-days” and “never-days”.

Read Full Article →

Tens of millions of people are most likely affected by the January 2025 Conduent breach.

Read Full Article →

Substack did not specify the number of users affected by the data breach

Read Full Article →

Betterment accounts were not compromised, but users might start getting phishing emails.

Read Full Article →

Popular creator platform Substack breached in October 2025, but hasn't noticed until months later.

Read Full Article →

A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year, according to new findings from Palo Alto Networks Unit 42. In addition, the hacking crew has been...

Read Full Article →

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution. The compromised versions of the ...

Read Full Article →

Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF. Claude Opus 4.6, which was launched Thurs...

Read Full Article →

He promised "the best security there is" to hundreds of thousands of drug buyers, while quietly making the kind of mistake that guaranteed a 30-year sentence. And maybe training police on cryptocurrency while running a running a vast Tor-hidden drug bazaar wasn't such a good idea. Read more in my...

Read Full Article →

An alleged ransomware attack has taken down the systems of the Sapienza University of Rome.

Read Full Article →

Most high-profile ransomware groups were using the same Russian-based infrastructure for years

Read Full Article →

The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds. Cloudflare, which automatically detected and mitigated the activity, said it's part of a growing number...

Read Full Article →

In this excerpt of a TrendAI Research Services vulnerability report, Jonathan Lein and Simon Humbert of the TrendAI Research team detail a recently patched command injection vulnerability in the Arista NG Firewall. This bug was originally discovered by Gereon Huppertz and reported through the Tren

Read Full Article →

Proton's latest report shatters the myth that hackers only target big banks, urging European startups to "build in private" before it's too late.

Read Full Article →

Welcome to the Top 10 Web Hacking Techniques of 2025, the 19th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year

Read Full Article →

The ransomware attack at Conduent allowed hackers to steal a "significant number of individuals’ personal information" from the govtech giant's systems. Conduent handles personal and health data of more than 100 million people across America.

Read Full Article →

The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of Januar...

Read Full Article →

"Last week I saw this paper from OpenAI called \u0026ldquo;Preventing URL-Based Data Exfiltration in Language-Model Agents\u0026rdquo;, which goes into detail on new …"

Read Full Article →

Iranian threat actors have been stealing credentials from people of interest across the Middle East, using spear-phishing and social engineering.

Read Full Article →

A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypas...

Read Full Article →

Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker's infrastructure. Datadog Security Labs said it observed threat actors associated...

Read Full Article →

TL;DR In December 2025, Cisco published https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4 addressing CVE-2025-20393, a critical vulnerability (CVSS 10.0) affecting Cisco Secure Email Gateway and Secure Email and Web Manager. The advisory was n...

Read Full Article →

DragonForce is taking cues from organized crime, emphasizing cooperation and coordination among ransomware gangs.

Read Full Article →

A third of the "flipped" CVEs affected network edge devices, leading one researcher to conclude, "Ransomware operators are building playbooks around your perimeter."

Read Full Article →

WASHINGTON, Feb. 4, 2026, CyberNewswire — MomentProofShow us, Inc., a provider of AI-resilient digital asset certification and verification technology, today announced the successful deployment of MomentProof Enterprise for AXA, enabling cryptographically authentic, tamper-proof digital assets fo...

Read Full Article →

Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models (LLMs) and improve the overall trust in artificial intelligence (AI) systems. The tech giant's AI Security team said the scanner leverages three observable signals tha...

Read Full Article →

SystemBC malware linked to 10,000 infected IPs, posing risks to sensitive government infrastructure

Read Full Article →

ShadowSyndicate cluster expands with new SSH fingerprints connecting servers to other ransomware ops

Read Full Article →

Cofense claims AI is making phishing emails more personalized and sophisticated

Read Full Article →

Key Points Introduction Check Point Research has identified several campaigns targeting multiple countries in the Southeast Asian region. These related activities have been collectively categorized under the codename “Amaranth-Dragon”. The campaigns demonstrate a clear focus on government entitie...

Read Full Article →

A hacktivist group claims a 2.3-terabyte data breach exposes the information of 36 million Mexicans, but no sensitive accounts are at risk, says government.

Read Full Article →

This week I'm in Hong Kong, and the day after recording, I gave the talk shown in the image above at INTERPOL's Cybercrime Expert Group. I posted a little about this on Facebook and LinkedIn, but thought I'd expand on what really stuck with

Read Full Article →

40,000 WordPress sites are vulnerable to SQL injection in Quiz and Survey Master plugin

Read Full Article →

A new ransomware-as-a-service operation dubbed “Vect” features custom malware

Read Full Article →

Elon Musk and X’s former CEO were summoned for voluntary interviews in Paris on April 20, 2026

Read Full Article →

TL;DR We’re launching Internal Scanning, bringing our proprietary security engines, research-led crawling and fuzzing engine for internal vulnerability scanning behind your firewall. Built by Detectify’s ... The post Introducing Detectify Internal Scanning for internal scanning behind the firewal...

Read Full Article →

Multi-stage attack begins with fake message relating to business requests and evades detection with link hidden in a PDF

Read Full Article →

Discover how Mercari, Japan's largest marketplace app, transformed their mobile security program with Oversecured, uncovering critical vulnerabilities missed by previous tools and achieving reliable automated scanning at scale.

Read Full Article →

Read Full Article →

A malware-free phishing campaign targets corporate inboxes and asks employees to view "request orders," ultimately leading to Dropbox credential theft.

Read Full Article →

Following their attacks on Salesforce instances last year, members of the cybercrime group have broadened their targeting and gotten more aggressive with extortion tactics.

Read Full Article →

NSA released new guidelines to help organizations achieve target-level Zero Trust maturity

Read Full Article →

A supply chain attack on Notepad++ update process was linked to compromised hosting infrastructure

Read Full Article →

Bitdefender has discovered a new Android malware campaign that uses Hugging Face

Read Full Article →

Beyond ACLs: Mapping Windows Privilege Escalation Paths with

Read Full Article →

The FBI has seized control of RAMP, a notorious cybercrime online forum that bragged to be the only place that allowed ransomware, and boasted over 14,000 active users. Now some of those users' details are likely to be in the hands of the police... Read more in my article on the Bitdefender blog.

Read Full Article →

When Ivanti removed the embargoes from CVE-2026-1281 and CVE-2026-1340 - pre-auth Remote Command Execution vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM) solution - we sighed with relief. Clearly, the universe had decided to continue mocking Secure-By-Design signers right on schedule ...

Read Full Article →

CrowdStrike assessed that two new threat actor groups have spun off from North Korean Labyrinth Chollima hackers

Read Full Article →

The hackers behind a cyberattack that targeted Poland's grid infrastructure met little resistance when they hit systems at a heat-and-power plant and wind and solar farms last month. The intruders were able to easily access numerous systems at the affected facilities because the systems were conf...

Read Full Article →

The RedKitten campaign distributes lures designed to target people seeking information about missing persons or political dissidents in Iran

Read Full Article →

After two years of daily ChatGPT use, I recently started experimenting with Claude, Anthropic’s competing AI assistant. Related: Microsofts see a ‘protopian’ AI future Claude is four to five times slower generating responses. But something emerged that matters more than … (more…) The post MY TAKE...

Read Full Article →

Google has taken coordinated action against the massive IPIDEA residential proxy network, enhancing customer protections and disrupting cybercrime operations

Read Full Article →

The French data protection regulator said that France Travail’s response to a 2024 data breach violated GDPR

Read Full Article →

The dark web forum administrator confirmed the takedown and said they had “no plans to rebuild”

Read Full Article →

Ransomware victims surged in Q4 2025 despite fewer active extortion groups, with data leaks rising 50%, ReliaQuest researchers report

Read Full Article →

In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with Pegasus spyware — exposing how a single, seemingly harmless text message can turn a smartphone into a round-the-clock surveillance device. Plus, we go looking for professional h...

Read Full Article →

Check Point's flagship report delivers industry leading intelligence shaping the decisions security leaders will make in 2026

Read Full Article →

Two critical security flaws in n8n have exposed sandboxing vulnerabilities, enabling remote code execution for attackers

Read Full Article →

Researchers discover that PureRAT’s code now contains emojis – indicating it has been written by AI based-on comments ripped from social media.

Read Full Article →

Zscaler analysts found critical vulnerabilities in 100% of enterprise AI systems, with 90% compromised in under 90 minutes

Read Full Article →

[this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead] This post details several vulnerabilities discovered in the popular online game Command & Conquer: Generals. We recently presented some of this work at an information security conference and this post contain

Read Full Article →

Critical sandbox escape vulnerability in Grist-Core enables remote code execution via a malicious formula

Read Full Article →

Nike is investigating after the World Leaks ransomware group posted a 1.4TB data dump

Read Full Article →

The US law firm Hagens Berman will lead a class action lawsuit against Coupang over security failures that led to a June 2025 data breach

Read Full Article →

Threat actors posing as IT support teams use phishing kits to generate fake login sites in real-time to trick victims into handing over credentials

Read Full Article →

A destructive cyber attack targeting Poland’s energy sector has been linked to Russian APT group Sandworm

Read Full Article →

A cyberattack that targeted power plants and other energy producers in Poland at the end of December used malware known as a “wiper” that was intended to erase computers as part of an operation intended to cause a power outage and other disruption to services, says European security

Read Full Article →

Under Armour said there is no evidence at this point to suggest the incident affected systems used to process payments or store customer passwords

Read Full Article →

MIAMI, Jan. 22, 2026, CyberNewswire — Halo Security , a leading provider of external attack surface management and penetration testing services, today announced it has successfully achieved SOC 2 Type II compliance following an extensive multi-month audit by Insight Assurance.… (more…) The post N...

Read Full Article →

Critical vulnerability in Appsmith allows account takeover via flawed password reset process

Read Full Article →

North Korea-linked threat group KONNI targets countries across APAC, specifically in blockchain sectors, with AI-generated malware

Read Full Article →

Phoney email alerts suggest users need to backup their LastPass accounts within 24 hours. LastPass says it would never require this action from users

Read Full Article →

DLA Piper finds 22% increase in breached firms notifying European GDPR regulators

Read Full Article →

Well, well, well - look what we’re back with. You may recall that merely two weeks ago, we analyzed CVE-2025-52691 - a pre-auth RCE vulnerability in the SmarterTools SmarterMail email solution with a timeline that is typically reserved for KEV holders. The plot of that story had everything; * A g...

Read Full Article →

### Summary It is still possible (albeit with significantly more effort) to upload a specially crafted Wheel file (i.e. zip) to PyPI that when installed with PIP (or another Python zipfile based t...

Read Full Article →

Cyber risks for the Milano-Cortina 2026 Winter Games include phishing and spoofed websites as key threat vectors

Read Full Article →

Loan phishing operation in Peru is stealing card info by impersonating financial institutions

Read Full Article →

AI hallucination is still the deal-breaker. Related: Correcting LLM hallucinations As companies rush AI into production, executives face a basic constraint: you cannot automate a workflow if you cannot trust the output. A model that fabricates facts becomes a risk … (more…) The post SHARED INTEL ...

Read Full Article →

Gartner predicts 50% of organizations will adopt zero trust data governance by 2028

Read Full Article →

ATLANTA, Jan. 20, 2026, CyberNewswire — Airlock Digital , a leader in proactive application control and endpoint security, announced the release of The Total Economic Impact (TEI) of Airlock Digital , an independent study commissioned by Airlock Digital and conducted … (more…) The post News alert...

Read Full Article →

ALISO VIEJO, Calif., Jan. 20, 2026, CyberNewswire — One Identity, a trusted leader in identity security , today announces a major upgrade to One Identity Manager, a top-rated IGA solution , strengthening identity governance as a critical security control for … (more…) The post News alert: One Ide...

Read Full Article →

Learn how we are using the newly released GitHub Security Lab Taskflow Agent to triage categories of vulnerabilities in GitHub Actions and JavaScript projects.

Read Full Article →

A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf's ability to scan the local networks of comp...

Read Full Article →

Three vulnerabilities in Anthropic's Git server for the MCP can be exploited via prompt injection

Read Full Article →

Cybersecurity Researchers at ReliaQuest warn of an ongoing campaign delivered to “high-value individuals” via LinkedIn messages

Read Full Article →

In cybersecurity, an inaccessible tool isn’t just a nuisance: it’s a vulnerability. With the European Accessibility Act tightening regulations across Sweden and the EU, “good ... The post Why inaccessible cybersecurity is a security risk: our path to accessibility appeared first on Blog Detectify .

Read Full Article →

Weaponized AI is fueling a new wave of cybercrime, said Group-IB in its latest report

Read Full Article →

VoidLink's framework marks the first evidence of fully AI-designed and built advanced malware, beginning a new era of AI-generated malware

Read Full Article →

Read Full Article → *(Covered by: 0day Fans)*

UK NCSC warned of disruptive cyber attacks by Russian hacktivists targeting critical infrastructure

Read Full Article →

Windows has supported computer telephony integration for decades, providing applications with the ability to manage phone devices, lines, and calls. While modern deployments increasingly rely on cloud-based telephony solutions, classic telephony services remain available out of the box in Windows...

Read Full Article →

Oleg Evgenievich Nefedov, allegedly one of the founders of Black Basta, was also placed on Europol’s and Interpol’s Most Wanted lists

Read Full Article →

Recently I ran an experiment where I built agents on top of Opus 4.5 and GPT-5.2 and then challenged them to write exploits for a zeroday vulnerability in the QuickJS Javascript interpreter. I adde…

Read Full Article →

Read Full Article →

Read Full Article →

Read Full Article →

Read Full Article →

Guardicore Labs uncovers a Ransomware detection campaign targeting MySQL servers. Attackers use Double Extortion and publish data to pressure victims.

Read Full Article →

Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident res...

Read Full Article →

We discuss the extensive use of malicious QR codes using URL shorteners, in-app deep links and direct APK downloads to bypass mobile security. The post Phishing on the Edge of the Web and Mobile Using QR Codes appeared first on Unit 42 .

Read Full Article →

Why do we have a love-hate relationship with dating apps, and what are they doing to our brains? Can an emoji start a war? Is marrying an AI actually a thing? We’re exploring how modern tech is redefining love and our very ideas of it.

Read Full Article →

Agentic AI promises a lot – but it also introduces more risk. Sophos’ CISO explores the challenges and how to address them Categories: Threat Research Tags: AI, LLM, OpenClaw, CISO, risk, Sophos X-Ops

Read Full Article →

Copilot Studio agents are increasingly powerful. With that power comes risk: small misconfigurations, over‑broad sharing, unauthenticated access, and weak orchestration controls can create real exposure. This article consolidates the ten most common risks we observe and maps each to practical det...

Read Full Article →

In this week’s newsletter, Amy examines the rise of Shannon, an autonomous AI penetration testing tool, and what it means for security teams and risk management.

Read Full Article →

Microsoft Security returns to RSAC Conference to show how Frontier Firms—organizations that are human-led and agent-operated—can stay ahead. The post Your complete guide to Microsoft experiences at RSAC™ 2026 Conference appeared first on Microsoft Security Blog .

Read Full Article →

Kaspersky experts have uncovered fraudulent schemes targeting the Winter Olympics in Italy. Here’s how to stay protected.

Read Full Article →

“Tenable’s asset and attack surface coverage, its application of AI and its reputation for vulnerability assessment makes it the front-runner in AI-powered exposure assessment,” Gartner writes in “AI Vendor Race: Tenable Is the Company to Beat for AI-Powered Exposure Assessment.” Key takeaways fr...

Read Full Article →

When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle

Read Full Article →

AI agents introduce new security risks like prompt injection and data exfiltration. Learn how guardrails, hook-based controls, and Arcade’s Contextual Access secure AI agent tool calls in real time.

Read Full Article →

Unit 42 reveals new infrastructure associated with the Notepad++ attack. This expands understanding of threat actor operations and malware delivery. The post Nation-State Actors Exploit Notepad++ Supply Chain appeared first on Unit 42 .

Read Full Article →

Breaking down the major trends in phishing and scams, featuring the most creative schemes discovered by Kaspersky experts in 2025.

Read Full Article →

We disclose new details about campaigns involving RenEngine and HijackLoader malware. Since March 2025, attackers have been distributing the Lumma stealer in a complex chain of infections, and in February 2026, ongoing attacks using ACR Stealer became known.

Read Full Article →

The report contains statistics on spam and phishing in 2025, outlining the main trends: phishing and scam QR codes, ClickFix attacks, ChatGPT subscription lures and others.

Read Full Article →

Cisco Talos recently discovered a new threat actor, UAT-9221, leveraging VoidLink in campaigns. Their activities may go as far back as 2019, even without VoidLink.

Read Full Article →

Microsoft has released its monthly security update for February 2026, which includes 55 vulnerabilities affecting a range of products, including one (CVE-2025-59498) that Microsoft marked as “Critical”.

Read Full Article →

2 Critical 51 Important 1 Moderate 0 Low Microsoft addresses 54 CVEs in the February 2026 Patch Tuesday released, including six zero-day vulnerabilities that were exploited in the wild and three publicly disclosed CVEs. Microsoft patched 54 CVEs in its February 2026 Patch Tuesday release, with tw...

Read Full Article →

The conversation around AI security is full of anxiety. Every week, new headlines warn of jailbreaks, prompt injection, agents gone rogue, and the rise of LLM-enabled cybercrime. It’s easy to come away with the impression that AI is fundamentally uncontrollable and dangerous, and therefore someth...

Read Full Article →

Read Microsoft's new Cyber Pulse report for straightforward, practical insights and guidance on new cybersecurity risks. The post 80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new frontier appeared first on Microsoft Security Blog .

Read Full Article →

That helpful “Summarize with AI” button? It might be secretly manipulating what your AI recommends. Microsoft security researchers have discovered a growing trend of AI memory poisoning attacks used for promotional purposes, a technique we call AI Recommendation Poisoning. The post Manipulating A...

Read Full Article →

We explore whether OpenClaw can be safely installed and configured, and the risks involved in running this experiment.

Read Full Article →

Read about the new ransomware reality and what most security strategies get wrong. Learn how to protect your organization in 2026.

Read Full Article →

This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during September and October Categories: Threat Research Tags: EDR killer, infostealer, Ransomware

Read Full Article →

Easily enable adoption of sanctioned generative AI solutions Categories: Products & Services Tags: Workspace

Read Full Article →

AI can find vulnerabilities with unprecedented speed, but discovery alone doesn’t reduce cyber risk. We need exposure prioritization, contextual risk analysis, and AI-driven remediation to transform findings into security outcomes. Key takeaways AI is dramatically accelerating vulnerability disco...

Read Full Article →

A straightforward guide to the differences between risk and threat, security and compliance, and other frequently confused cybersecurity terms.

Read Full Article →

I went undercover on Moltbook, the AI-only social network, masquerading as a bot. Instead of deep bot-to-bot conversations, I found spam, scams, and serious security risks. Key Takeaways Moltbook, the AI-only social network, is currently a high-risk environment dominated by spam and scams. Connec...

Read Full Article →

As LLMs and diffusion models power more applications, their safety alignment becomes critical. The post A one-prompt attack that breaks LLM safety alignment appeared first on Microsoft Security Blog .

Read Full Article →

We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain compromise; here is how to patch, hunt, and mitigate now. The post Analysis of active exploitation of SolarWinds Web Help Desk appeared first on Microsoft Security Blog .

Read Full Article →

We introduce a novel method that maps cloud alert trends to MITRE ATT&CK techniques. The patterns created could identify threat actors by behavior. The post Novel Technique to Detect Cloud Threat Actor Operations appeared first on Unit 42 .

Read Full Article →

Here’s how to spot deepfakes, protect yourself from identity theft, and avoid falling for neural network scams.

Read Full Article →

This week, Joe cautions the rush to adopt AI tools rife with truly awful security vulnerabilities.

Read Full Article →

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems. The post New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan appeared first on Microsoft Secur...

Read Full Article →

Most security incidents happen in the gap between knowing what matters and actually implementing security controls consistently. Read how Microsoft is helping organizations close this implementation gap. The post The security implementation gap: Why Microsoft is supporting Operation Winter SHIELD...

Read Full Article →

A set of SIEM rules for detecting attempts to bypass authentication in Fortinet products using the FortiCloud SSO mechanism has been added to the Kaspersky Unified Monitoring and Analysis Platform.

Read Full Article →

When Rapid7 published its analysis of the Chrysalis backdoor linked to a compromise of Notepad++ update infrastructure, it raised understandable questions from customers and security teams. The investigation showed that attackers did not exploit a flaw in the application itself. Instead, they com...

Read Full Article →

From school districts to state agencies, 2025 cyber incidents were a wake-up call about asset visibility. Discover five actionable lessons SLG leaders can use to close the cyber exposure gap and move from reactive threat detection and response to proactive exposure management. Key takeaways Effec...

Read Full Article →

Cisco Talos uncovered “DKnife,” a fully featured gateway-monitoring and adversary-in-the-middle (AitM) framework comprising seven Linux-based implants.

Read Full Article →

In 2025 a threat group compromised government and critical infrastructure in 37 countries, with reconnaissance in 155. The post The Shadow Campaigns: Uncovering Global Espionage appeared first on Unit 42 .

Read Full Article →

We analyze the recent Stan Ghouls campaign targeting organizations in Russia and Uzbekistan: Java-based loaders, the NetSupport RAT, and a potential interest in IoT.

Read Full Article →

We're releasing new research on detecting backdoors in open-weight language models and highlighting a practical scanner designed to detect backdoored models at scale and improve overall trust in AI systems. The post Detecting backdoored language models at scale appeared first on Microsoft Securit...

Read Full Article →

Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance. Google moved swiftly to patch these issues. Organizations running Looker on-prem should verify they have upgraded to the patched versions. Key takeaways ...

Read Full Article →

Why do successful phishing attacks target our psychology rather than just our software? Discover Unit 42’s latest insights on defeating social engineering and securing your digital life. The post Why Smart People Fall For Phishing Attacks appeared first on Unit 42 .

Read Full Article →

Bulletproof hosting providers are abusing the legitimate ISPsystem infrastructure to supply virtual machines to cybercriminals Categories: Threat Research Tags: virtual machine, cybercrime, Ransomware, ISPs

Read Full Article →

Moltbot, the viral AI agent, offers immense power but is riddled with critical vulnerabilities, including remote code execution (RCE), exposed control interfaces, and malicious extensions. Read on to understand the vulnerabilities associated with Moltbot and the immediate security practices users...

Read Full Article →

Threat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Change log Update February 4: This FAQ blog has been updated to note that CVE-2025-15556 was assigned for this security incident. Click here to re...

Read Full Article →

Kaspersky GReAT experts discovered previously undocumented infection chains used in the Notepad++ supply chain attacks. The article provides new IoCs related to those incidents which employ DLL sideloading and Cobalt Strike Beacon delivery.

Read Full Article →

Why it would be useful to identify the specific hacking group behind a malware file found in your infrastructure.

Read Full Article →

Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central Am...

Read Full Article →

Tenable Cloud Security continues to expand the technical depth of our Tenable One exposure management platform. Our latest enhancements include unified multi-cloud exploration, high-fidelity network validation, and expanded entitlement visibility across infrastructure and identity providers. Key ...

Read Full Article →

Kaspersky Unified Monitoring and Analysis Platform, version 4.2: detecting compromised accounts using AI, updated correlator, and other innovations.

Read Full Article →

We detail our discovery of CVE-2025-0921. This privileged file system flaw in SCADA system Iconics Suite could lead to a denial-of-service (DoS) attack. The post Privileged File System Vulnerability Present in a SCADA System appeared first on Unit 42 .

Read Full Article →

Two Critical vulnerabilities in Ivanti’s popular mobile device management solution have been exploited in the wild in limited attacks Key takeaways: Patch Ivanti EPMM immediately. Both CVE-2026-1281 and CVE-2026-1340 have been exploited in the wild, though impact has been limited so far. Apply th...

Read Full Article →

Hazel reflects on how to find balance while staying informed, then delivers practical updates and insights on the latest cybersecurity threats.

Read Full Article →

On January 20, Kaspersky solutions detected malware used in eScan antivirus supply chain attack. In this article we provide available information on the threat: indicators of compromise, threat hunting and mitigating tips, etc.

Read Full Article →

AI toys have been found discussing knives, drugs, sex, and mature games with children. We dive into the latest research results and the risks to security and privacy.

Read Full Article →

Microsoft has published three out-of-band (OOB) updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has been reportedly exploited in the wild.

Read Full Article →

Cisco Talos has identified a new, regionally targeted campaign by UAT-8099 that leverages advanced persistence techniques and custom BadIIS malware variants to compromise IIS servers, particularly in Thailand and Vietnam.

Read Full Article →

A drop in exploitation and ransomware, but a spike in phishing and credential abuse, show why timely patching and robust MFA matter more than ever.

Read Full Article →

Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.

Read Full Article →

Read Full Article →

In this week's newsletter, Bill hammers home the old adage, "Know your environment" — even throughout alert fatigue.

Read Full Article →

SmarterMail versions prior to Build 9511 are vulnerable to privileged account takeover and remote code execution. Learn more about the latest Huntress DE&TH Team’s findings.

Read Full Article →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS.

Read Full Article →

We discuss a novel AI-augmented attack method where malicious webpages use LLM services to generate dynamic code in real-time within a browser. The post The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time appeared first on Unit 42 .

Read Full Article →

We've identified an aspect of Azure’s Private Endpoint architecture that could expose Azure resources to denial of service (DoS) attacks. The post DNS OverDoS: Are Private Endpoints Too Private? appeared first on Unit 42 .

Read Full Article →

In the olden days, an administrator password on a BIOS was a mere annoyance, one quickly remedied by powering off the system and pulling its CMOS battery or moving a …read more

Read Full Article →

PLUS: Fake ransomware group exposed; EC blesses Google's big Wiz deal; Alleged sewage hacker cuffed; And more Infosec in Brief The former General Manager of defense contractor L3Harris’s cyber subsidiary Trenchant sold eight zero-day exploit kits to Russia, according to a court filing last week.…

Read Full Article →

But that doesn't mean AI is ready to dispense justice ai-pocalypse Legal scholars have found that OpenAI's GPT-5 follows the law better than human judges, but they leave open the question of whether AI is right for the job.…

Read Full Article →

「視覚＝正解」という明確なフィードバックループとマルチモーダルAIの脅威 フロントエンド開発が他のエンジニアリング職種に比べてAIに代替されやすい最大の理由は、その成果物が「視覚的」であり、正誤の判定が極めて容易であるという点にあります。バックエンド開発におけるデータベースの整合性や、マイクロサービス間の複雑なトランザクション処理は、目に見えない論理構造の中で動いており、その正しさを検証するには深いコンテキストの理解と複雑なテストケースが必要です。対して、フロントエンドの主要なタスクは「デザインデータ通りに画面を描画すること」や「ユーザーの操作に対して期待通りのインタラクションを返すこと...

Read Full Article →

With a new Gartner report suggesting that AI problems will “shut down national critical infrastructure” in a major country by 2028, CIOs need to rethink industrial controls that are very quickly being turned over to autonomous agents. Gartner embraces the term Cyber Physical Systems (CPS) for the...

Read Full Article → *(Covered by: CIO Magazine, Computerworld)*

Long before Taco Tuesday became part of the pop-culture vernacular, Tuesdays were synonymous with security — and for anyone in the tech world, they still are. Patch Tuesday , as you most likely know, refers to the day each month when Microsoft releases security updates and patches for its softwar...

Read Full Article →

Each month, the team at Readiness analyzes the latest Patch Tuesday updates from Microsoft and provides detailed, actionable testing guidance. The company’s Patch Tuesday release for February addresses 59 CVEs across the company’s product family — roughly half the volume of January’s 159 patches ...

Read Full Article →

As if admins haven't had enough to do this week Ignore patches at your own risk. According to Uncle Sam, a SQL injection flaw in Microsoft Configuration Manager patched in October 2024 is now being actively exploited, exposing unpatched businesses and government agencies to attack.…

Read Full Article →

The number of ways that Windows shortcut (.LNK) files can be abused just keeps growing: A cybersecurity researcher has documented four new techniques to trick Windows users into running malicious actions through innocent-looking shortcuts. Wietze Beukema demonstrated how to spoof the visible LNK ...

Read Full Article →

“AI” systems aren’t just great for raising the price of your electronics, giving you wrong search results, and filling up your social media feed with slop. It’s also handy for hackers! Apparently the large language model of choice for state-sponsored attacks from countries like Russia, China, Nor...

Read Full Article →

ServiceNow has agreed to acquire Pyramid Analytics, the developer of a data preparation and analytics platform, to boost its existing business intelligence (BI) and self-service analytics capabilities. “Most analytics tools force business users to wait on data teams for answers. Pyramid Analytics...

Read Full Article →

Google detected and blocked a campaign involving more than 100,000 prompts that it claimed were designed to copy the proprietary reasoning capabilities of its Gemini AI model, according to a quarterly threat report released by Google Threat Intelligence Group. The prompts looked like a coordinate...

Read Full Article →

As generative AI moves from experimentation into day-to-day operations, many technology leaders are reaching the conclusion that a powerful model by itself does not offer sufficient long-term differentiation. Gartner reports that more than half of organizations are already piloting or running gen...

Read Full Article →

Technology decisions aren’t immune to the macroeconomic context in which the companies making them must operate. So politics, emerging threats, and regulations will shape the agenda of IT directors this year. And among the trends that Gartner has identified as shaping the technology agenda throug...

Read Full Article →

이번에 공개된 재판지원 AI는 대법원 판례 및 판결문, 법령 및 대법원규칙, 결정례와 유권해석, 판사와 법원 직원들이 참고하는 실무 안내서(실무제요)와 법령 해설서(주석서) 등 다양한 사법 자료를 활용한다. 단순한 키워드 검색을 넘어 사용자의 질의 취지를 분석해 관련 법률 쟁점과 자료를 찾아 정리해 제시하는 방식이다. 또한 답변과 함께 관련 판례와 법령 등 참고자료를 제공해 이용자가 원문을 확인할 수 있도록 했다. 해당 재판지원 AI는 외부의 거대 언어모델(LLM)이나 공개형 AI 서비스에 의존하지 않고, 법원 내부 인프라를 ...

Read Full Article →

Dramatic phrases like ‘Saas is dead,’ ‘SaaSpocalypse,’ and others have dominated recent discussions in the IT world. However, that narrative is premature, according to Deloitte. Yes, in 2026, established SaaS vendors will face competition from AI-native ones, the firm forecasts, but the real stor...

Read Full Article →

A threat actor is abusing an employee monitoring application and a remote monitoring and management platform in an attempt to deploy ransomware and steal cryptocurrency. According to researchers at Huntress , the unknown threat actor is leveraging NetworkLookout’s Net Monitor for Employees Profes...

Read Full Article →

GPT-5.3-Codex-Spark may be a mouthfull, but it's certainly fast at 1,000 Tok/s running on Nvidia rival's CS3 accelerators Nvidia and AMD can take a seat. On Thursday, OpenAI unveiled GPT-5.3-Codex-Spark, its first model that will run on Cerebras Systems' dinner-place-sized AI accelerators, which ...

Read Full Article →

As if snooping on your workers wasn't bad enough Your supervisor may like using employee monitoring apps to keep tabs on you, but crims like the snooping software even more. Threat actors are now using legit bossware to blend into corporate networks and attempt ransomware deployment.…

Read Full Article →

A blind spot in Microsoft’s app and add-in marketplace security allowed an eagle-eyed hacker to hijack an abandoned Outlook add-in to carry out phishing attacks that compromised 4,000 users, researchers have discovered. The app in question, AgreeTo, is, or was, a meeting scheduling tool that firs...

Read Full Article →

Big Red joins AWS on a multi-cloud defense platform Oracle has picked up an $88 million contract with the US Air Force to provide cloud infrastructure services for the department's Cloud One program.…

Read Full Article →

If you’re an avid TikTok user, you probably already know that the app collects a lot of data about you. However, an analysis by the BBC has now revealed something more alarming: even if you don’t have a TikTok account, the app can track your every move. There’s a sophisticated advertising algorit...

Read Full Article →

Google has fixed 11 security vulnerabilities in the latest Chrome versions 145.0.7632.45/46 for Windows and macOS and 145.0.7632.45 for Linux. According to Google, none of these vulnerabilities are being actively exploited in the wild yet. Chrome 145 was actually scheduled for release last week. ...

Read Full Article →

Put a brand-new laptop or desktop PC in front of most people, and they’ll begin installing their favorite programs. Me? I check out its security setup. That’s not just making sure basics like antivirus is active. I also look at Windows and installed apps to make sure the whole computer is configu...

Read Full Article →

Last-minute problems might have cropped up that will require Apple to slow the rollout of its Google Gemini-boosted Siri; though the improved smart assistant will still ship this year, it might not arrive as expected this spring. These claims come from the eerily accurate fingers of Bloomberg’s M...

Read Full Article →

Researchers say breaches link identity abuse, SaaS compromise, and ransomware into a cascading cycle Cybercriminals are turning supply chain attacks into an industrial-scale operation, linking breaches, credential theft, and ransomware into a "self-reinforcing" ecosystem, researchers say.…

Read Full Article →

The German Federal Cabinet has approved a draft legislation to implement the EU’s AI Act, designating the Federal Network Agency (Bundesnetzagentur) as the country’s central AI supervisory authority. Under the draft AI Market Surveillance and Innovation Promotion Act (KI-MIG), Germany will establ...

Read Full Article →

A new fine-tuning technique aims to solve “ catastrophic forgetting ,” a limitation that often complicates repeated model updates in enterprise deployments. Researchers at MIT, the Improbable AI Lab, and ETH Zurich have introduced a fine-tuning method designed to let models learn new tasks while ...

Read Full Article →

That handy ‘Summarize with AI’ button embedded in a growing number of websites, browsers, and apps to give users a quick overview of their content could in some cases be hiding a dark secret: a new form of AI prompt manipulation called “AI recommendation poisoning.” So says Microsoft, which this ...

Read Full Article →

At the risk of going into old-man-yells-at-cloud mode, I remember when Notepad was the most basic text editor around. Some coders and writers liked the program—which comes included in every single version of Windows (and earlier)—for that reason. But Microsoft has been building out Notepad ever s...

Read Full Article →

Yesterday, February 10th, was Patch Tuesday. Microsoft released security updates to address 58 new security vulnerabilities. In addition to Windows and Office, Exchange Server, Internet Explorer, Azure, and the Windows Subsystem for Linux (WSL) are also affected. Six zero-day vulnerabilities are ...

Read Full Article →

Read Full Article →

VPNs aren’t just useful for keeping your online activities safe and private, they’re also a great way to bypass restrictions on streaming content in other countries. The top VPN providers work hard to stay one step ahead of streaming services in a never-ending cat-and-mouse game, ensuring that yo...

Read Full Article →

Security researchers have discovered new Android malware that allows attackers to track almost every action taken on a smartphone. Among other details, this includes PIN entries, login credentials, and content within messaging and banking apps. What makes this particularly insidious is that the m...

Read Full Article →

VPNs, or virtual private networks, are one of the most effective ways to stay safe online. Not only do they allow you to stay anonymous, but they can help safeguard your data and keep intrusive trackers at bay. Plus, they allow you to get around region blocks on streaming services and avoid ISP t...

Read Full Article →

Substack has informed some of its users of a data breach in which email addresses and phone numbers were stolen. The attack occurred in October 2025, but the breach was first discovered on February 3rd, 2026, reports BleepingComputer . According to Substack CEO Chris Best, an unauthorized party g...

Read Full Article →

Many Windows 10 users are still struggling to take that leap of faith and switch over to Windows 11. The move has long seemed to be one that’s inevitable even if postponed for as long as possible, but data protection experts are now advising that it’s the smart move: don’t switch to Windows 11 an...

Read Full Article →

Microsoft is apparently integrating System Monitor (Sysmon) directly into Windows 11. This pro-level tool allows you to detect suspicious processes caused by malware or hackers on a Windows PC. Part of the popular Sysinternals suite, it’s free to download directly from Microsoft . Developed by so...

Read Full Article →

When looking for a top-notch VPN, the two most important things to watch out for are privacy and speed. While privacy is crucial to a good VPN, speed shouldn’t be overlooked. Faster speeds mean quicker file downloads and website load times, higher-quality streaming, and just a better all-around e...

Read Full Article →

Towards the end of January, security researchers at Cybernews published a study on AI apps in the Google Play Store. The study revealed that numerous AI apps had inadequate security, leading them to inadvertently leak data from Google’s cloud servers. The result? A whopping total of 730 million T...

Read Full Article →

Read Full Article →

Currently trending CVE - Hype Score: 20

Read Full Article →

Currently trending CVE - Hype Score: 18 - An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500. The exploit can only be conducted via a Man-In-The-Middle (MITM) attack. This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX150...

Read Full Article → *(Covered by: Intruder Intel CVE Feed)*

Currently trending CVE - Hype Score: 12 - A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The a...

Read Full Article →

Currently trending CVE - Hype Score: 6 - A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The ...

Read Full Article →

Currently trending CVE - Hype Score: 4 - Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH pro...

Read Full Article →

Currently trending CVE - Hype Score: 3 - NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver.

Read Full Article →

Currently trending CVE - Hype Score: 3 - A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service. This vulnerability is due to improper handling of malicious HTTP requests t...

Read Full Article →

Currently trending CVE - Hype Score: 2 - Microsoft Configuration Manager Remote Code Execution Vulnerability

Read Full Article →

A vulnerability marked as problematic has been reported in glib-networking . Impacted is the function g_tls_client_connection_openssl_get_property of the component OpenSSL Backend . The manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2026-2574 . Remote expl...

Read Full Article →

A vulnerability labeled as critical has been found in RegistrationMagic Plugin up to 6.0.2.1 on WordPress. This issue affects some unknown processing. Executing a manipulation can lead to missing authorization. The identification of this vulnerability is CVE-2026-0929 . The attack may be launched...

Read Full Article →

Read Full Article →

A vulnerability identified as critical has been detected in Wavlink WL-NU516U1 20251208 . This vulnerability affects the function sub_401218 of the file /cgi-bin/nas.cgi . Performing a manipulation of the argument User1Passwd results in stack-based buffer overflow. This vulnerability was named CV...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability categorized as critical has been discovered in Wavlink WL-NU516U1 up to 130/260 . This affects the function sub_406194 of the file /cgi-bin/adm.cgi . Such manipulation of the argument firmware_url leads to stack-based buffer overflow. This vulnerability is uniquely identified as C...

Read Full Article →

A vulnerability was found in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T . It has been declared as critical . Affected by this vulnerability is an unknown functionality of the file /OutsideCmd . The manipulation results in weak password recovery. This vulnerability is known as CVE-2026-2564 . It is...

Read Full Article →

A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533 . It has been classified as critical . Affected is the function set_stcreenen_deabled_status/get_status of the file /f/service/controlDevice of the component jdcapp_rpc . The manipulation leads to privilege escalation. Th...

Read Full Article →

A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533 and classified as critical . This impacts the function cast_streen of the file /jdcapi of the component jdcweb_rpc . Executing a manipulation of the argument File can lead to privilege escalation. This vulnerability appea...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability, which was classified as critical , was found in kalcaddle kodbox up to 1.64.05 . The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Preview Plugin . Such manipulation of the argument localFile leads to os c...

Read Full Article →

A vulnerability, which was classified as critical , has been found in GeekAI up to 4.2.4 . The affected element is the function Download of the file api/handler/net_handler.go . This manipulation of the argument url causes server-side request forgery. This vulnerability is registered as CVE-2026-...

Read Full Article →

A vulnerability classified as problematic was found in cskefu up to 8.0.1 . Impacted is the function Upload of the file com/cskefu/cc/controller/resource/MediaController.java of the component File Upload . The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-20...

Read Full Article →

A vulnerability classified as critical has been found in cskefu up to 8.0.1 . This issue affects some unknown processing of the file com/cskefu/cc/controller/resource/MediaController.java of the component Endpoint . The manipulation of the argument url leads to server-side request forgery. This v...

Read Full Article →

A vulnerability described as critical has been identified in JeecgBoot 3.9.1 . This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation . Executing a manipulation ...

Read Full Article →

A vulnerability marked as critical has been reported in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15 . This affects an unknown part of the file /home.php of the component HTTP POST Request Handler . Performing a manipulation of the argument Name/Email results...

Read Full Article →

A vulnerability labeled as critical has been found in ZenTao up to 21.7.8 . Affected by this issue is the function delete of the file editor/control.php of the component Committer . Such manipulation of the argument filePath leads to path traversal. This vulnerability is referenced as CVE-2026-25...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability categorized as critical has been discovered in EFM iptime A6004MX 14.18.2 . Affected is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi . The manipulation results in unrestricted upload. This vulnerability was named CVE-2026-2550 . The attack may be performed f...

Read Full Article →

A vulnerability was found in zhanghuanhao LibrarySystem 图书馆管理系统 up to 1.1.1 . It has been rated as critical . This impacts an unknown function of the file BookController.java . The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2026-2549 . The att...

Read Full Article →

A vulnerability was found in WAYOS FBM-220G 24.10.19 . It has been declared as critical . This affects the function sub_40F820 of the file rc . Executing a manipulation of the argument upnp_waniface/upnp_ssdp_interval/upnp_max_age can lead to command injection. This vulnerability is handled as CV...

Read Full Article →

A vulnerability was found in LigeroSmart up to 6.1.26 . It has been classified as problematic . The impacted element is the function AgentDashboard of the file /otrs/index.pl . Performing a manipulation of the argument Subaction results in cross site scripting. This vulnerability is known as CVE-...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability has been found in LigeroSmart up to 6.1.26 and classified as problematic . Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketSearch . This manipulation of the argument Profile causes cross site scripting. This vulnerability appears as CVE-2026-2545 . The...

Read Full Article →

A vulnerability, which was classified as critical , was found in yued-fe LuLu UI up to 3.0.0 . This issue affects the function child_process.exec of the file run.js . The manipulation results in os command injection. This vulnerability is reported as CVE-2026-2544 . The attack can be launched rem...

Read Full Article →

A vulnerability, which was classified as critical , has been found in vichan-devel vichan up to 5.1.5 . This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler . The manipulation of the argument Password leads to unverified password change. T...

Read Full Article →

A vulnerability classified as problematic was found in ArangoDB Community Edition 3.4.2-1 . This affects an unknown part of the file /_db/_system/_admin/aardvark/index.html of the component Aardvark Web Admin Interface . Executing a manipulation can lead to cross site scripting. This vulnerabilit...

Read Full Article →

A **cross-site

Read Full Article → *(Covered by: VulnDB)*

A vulnerability marked as critical has been reported in JUNG eNet SMART HOME server 2.2.1 (46056)/2.3.1 (46841) . Affected is an unknown function of the file /jsonrpc/management of the component HTTP POST Request Handler . This manipulation causes improper privilege management. This vulnerability...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability identified as very critical has been detected in JUNG eNet SMART HOME server 2.2.1 (46056)/2.3.1 (46841) . This affects an unknown function of the component Password Change Handler . The manipulation leads to use of default credentials. This vulnerability is referenced as CVE-2026...

Read Full Article →

A vulnerability categorized as critical has been discovered in Bosch Infotainment System ECU 283C30861E . The impacted element is an unknown function of the component SSH Server . Executing a manipulation can lead to missing authentication. The identification of this vulnerability is CVE-2025-320...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability was found in Bosch Infotainment System ECU 283C30861E . It has been rated as critical . The affected element is an unknown function of the component RH850 Module . Performing a manipulation results in stack-based buffer overflow. This vulnerability was named CVE-2025-32058 . The a...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability was found in Micca Auto Electronics Car Alarm System KE700/KE700+ . It has been declared as problematic . Impacted is an unknown function. Such manipulation leads to insufficient entropy. This vulnerability is uniquely identified as CVE-2026-2541 . The attack can only be initiated...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability, which was classified as problematic , was found in Micca Auto Electronics Car Alarm System KE700/KE700+ . Affected by this issue is some unknown functionality of the component RF Communication . Executing a manipulation can lead to cleartext transmission of sensitive information....

Read Full Article →

A vulnerability described as problematic has been identified in OPNsense 19.1 . This affects an unknown function of the file system_advanced_sysctl.php of the component POST Request Handler . The manipulation of the argument Value results in cross site scripting. This vulnerability is cataloged a...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability labeled as problematic has been found in OPNsense 19.1 . The affected element is an unknown function of the file vpn_ipsec_settings.php . Executing a manipulation of the argument passthrough_networks can lead to cross site scripting. This vulnerability is tracked as CVE-2019-25374...

Read Full Article →

A vulnerability was found in OPNsense 19.1 . It has been rated as problematic . This vulnerability affects unknown code of the file interfaces_vlan_edit.php . This manipulation of the argument tag/descr/vlanif causes cross site scripting. The identification of this vulnerability is CVE-2019-25370...

Read Full Article →

A vulnerability was found in Total VPN 0.5.29.0 on Windows and classified as problematic . Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe . Executing a manipulation can lead to unquoted search path. This vulnerability is handled a...

Read Full Article →

A vulnerability has been found in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25 and classified as problematic . Affected is an unknown function in the library Msimg32.dll . Performing a manipulation results in uncontrolled search path. This vulnerability is known as CVE-2026-2538 . Attacking...

Read Full Article →

A vulnerability, which was classified as critical , was found in Comfast CF-E4 2.6.0.1 . This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=ntp_timezone of the component HTTP POST Request Handler . Such manipulation of the argument timestr leads to command inject...

Read Full Article →

A vulnerability, which was classified as problematic , has been found in opencc JFlow up to 20260129 . This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine . This manipulation of the argument File causes xml externa...

Read Full Article →

A vulnerability classified as critical was found in Comfast CF-N1 V2 2.6.0.2 . The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET§ion=ptest_channel . The manipulation of the argument channel results in command injection. This vulnerability is reported ...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability described as critical has been identified in Tosei Self-service Washing Machine 4.02 . Impacted is an unknown function of the file /cgi-bin/tosei_datasend.php . Executing a manipulation of the argument adr_txt_1 can lead to command injection. This vulnerability is registered as CV...

Read Full Article →

A vulnerability marked as critical has been reported in lintsinghua DeepAudit up to 3.0.3 . This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding_config.py of the component IP Address Handler . Performing a manipulation results in server-side request forger...

Read Full Article →

A vulnerability labeled as critical has been found in MindsDB up to 25.14.1 . This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload . Such manipulation leads to server-side request forgery. This vulnerability is listed as CVE...

Read Full Article →

A **critical vulnerability**

Read Full Article → *(Covered by: VulnDB)*

A vulnerability was found in Free5GC up to 4.1.0 and classified as problematic . This affects an unknown function of the component PFCP UDP Endpoint . Such manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2026-2525 . The attack can be launched remotely. Mo...

Read Full Article →

A vulnerability has been found in Open5GS 2.7.6 and classified as problematic . The impacted element is the function mme_s11_handle_create_session_response of the component MME . This manipulation causes denial of service. This vulnerability is handled as CVE-2026-2524 . The attack can be initiat...

Read Full Article →

A vulnerability, which was classified as problematic , was found in Open5GS up to 2.7.6 . The affected element is the function smf_gn_handle_create_pdp_context_request of the file /src/smf/gn-handler.c of the component SMF . The manipulation results in reachable assertion. This vulnerability is k...

Read Full Article →

A vulnerability, which was classified as problematic , has been found in Open5GS up to 2.7.6 . Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME . The manipulation leads to memory corruption. This vulnerability is traded as CVE-2026-2522 . It is possible to ini...

Read Full Article →

A vulnerability classified as critical was found in Open5GS up to 2.7.6 . This issue affects the function sgwc_s5c_handle_create_session_response of the component SGW-C . Executing a manipulation can lead to memory corruption. This vulnerability appears as CVE-2026-2521 . The attack may be perfor...

Read Full Article →

A vulnerability classified as problematic has been found in Open5GS up to 2.7.6 . This vulnerability affects the function ogs_gtp2_parse_tft in the library lib/gtp/v2/types.c of the component SMF . Performing a manipulation of the argument pf[0].content.length results in denial of service. This v...

Read Full Article →

A vulnerability described as problematic has been identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit. This affects an unknown part in the library SHFOLDER.dll . Such manipulation leads to uncontrolled search path. This vulnerability is documented as CVE-2026-2516 . The ...

Read Full Article →

A vulnerability marked as critical has been reported in Element Pack Addons for Elementor Plugin up to 8.3.17 on WordPress. Affected by this issue is the function render_svg of the component SVG Widget . This manipulation causes path traversal. This vulnerability is registered as CVE-2026-1793 . ...

Read Full Article →

A vulnerability labeled as critical has been found in Ecwid by Lightspeed Ecommerce Shopping Cart Plugin up to 7.0.7 on WordPress. Affected by this vulnerability is the function save_custom_user_profile_fields . The manipulation of the argument ec_store_admin_access results in improper privilege ...

Read Full Article →

A vulnerability identified as problematic has been detected in CleanTalk Spam protection, Anti-Spam, FireWall Plugin up to 6.71 on WordPress. Affected is the function checkWithoutToken of the component Plugin Installation Handler . The manipulation leads to authorization bypass. This vulnerabilit...

Read Full Article →

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.18.8 . This impacts the function mptcp_pm_nl_flush_addrs_doit . Executing a manipulation can lead to denial of service. This vulnerability is tracked as CVE-2026-23169 . The attack is only possible within the loca...

Read Full Article →

A vulnerability was found in Linux Kernel up to 6.18.7 . It has been rated as critical . This affects the function ath12k_mac_op_flush of the component wifi . Performing a manipulation results in race condition. This vulnerability is identified as CVE-2026-23130 . The attack can only be performed...

Read Full Article →

A vulnerability was found in Linux Kernel up to 6.18.9 . It has been declared as critical . The impacted element is an unknown function of the component ASoC . Such manipulation leads to memory leak. This vulnerability is referenced as CVE-2026-23190 . The attack needs to be initiated within the ...

Read Full Article →

A vulnerability was found in Linux Kernel up to 6.18.9 . It has been classified as critical . The affected element is an unknown function of the component rust_binder . This manipulation causes out-of-bounds read. The identification of this vulnerability is CVE-2026-23194 . The attack needs to be...

Read Full Article →

A vulnerability was found in Linux Kernel up to 6.18.9 and classified as critical . Impacted is the function page_counter_uncharge . The manipulation results in use after free. This vulnerability was named CVE-2026-23195 . The attack needs to be approached within the local network. There is no av...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability has been found in Linux Kernel up to 6.6.121/6.12.67/6.18.7 and classified as critical . This issue affects the function debugfs_create_str . The manipulation leads to uninitialized pointer. This vulnerability is uniquely identified as CVE-2026-23123 . The attack can only be initi...

Read Full Article →

A vulnerability, which was classified as critical , was found in Linux Kernel up to 6.18.7 . This vulnerability affects the function perf_mmap_rb in the library lib/refcount.c . Executing a manipulation can lead to use after free. This vulnerability is handled as CVE-2026-23127 . The attack can o...

Read Full Article →

A vulnerability, which was classified as critical , has been found in Linux Kernel up to 6.18.7 . This affects the function mISDN_read/mISDN_poll of the component mISDN . Performing a manipulation results in race condition. This vulnerability is known as CVE-2026-23121 . Access to the local netwo...

Read Full Article →

A vulnerability classified as critical was found in Linux Kernel up to 6.18.7 . Affected by this issue is the function l2tp_tunnel_del_work of the component l2tp . Such manipulation leads to race condition. This vulnerability is traded as CVE-2026-23120 . Access to the local network is required f...

Read Full Article →

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.68/6.18.7 . Affected by this vulnerability is the function ktime_get_seconds of the component rxrpc . This manipulation causes insufficient verification of data authenticity. This vulnerability appears as CVE-2026-23...

Read Full Article →

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.161/6.6.121/6.12.67/6.18.7 . Affected is the function imx8mq_vpu_power_notifier of the component pmdomain . The manipulation results in privilege escalation. This vulnerability is reported as CVE-2026-23116 . The ...

Read Full Article →

A vulnerability marked as critical has been reported in Linux Kernel up to 6.18.8 . This impacts an unknown function of the component tve . The manipulation leads to memory leak. This vulnerability is documented as CVE-2026-23170 . The attack requires being on the local network. There is not any ...

Read Full Article →

A vulnerability labeled as critical has been found in Linux Kernel up to 6.12.68/6.18.8 . This affects the function ice_vsi_set_napi_queues of the component ice . Executing a manipulation can lead to null pointer dereference. This vulnerability is registered as CVE-2026-23166 . The attack require...

Read Full Article →

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.162/6.6.123/6.12.69/6.18.9 . The impacted element is the function smb2_open_file . Performing a manipulation results in memory leak. This vulnerability is cataloged as CVE-2026-23205 . The attack must originate fro...

Read Full Article →

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.18.9 . The affected element is the function tegra_qspi_isr_thread of the component IRQ Handler . Such manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2026-23207 . The attack mus...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability was found in Linux Kernel up to 6.6.123/6.12.69/6.18.9 . It has been declared as critical . This issue affects the function skb_header_pointer_careful of the component cls_u32 . The manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2026-23204 . Th...

Read Full Article →

A vulnerability was found in Linux Kernel up to 5.15.199/6.1.162/6.6.123/6.12.69/6.18.9 . It has been classified as critical . This vulnerability affects the function kcalloc of the component dpaa2-switch . The manipulation leads to improper initialization. This vulnerability is referenced as CVE...

Read Full Article →

A vulnerability was found in Linux Kernel up to 5.15.199/6.1.162/6.6.123/6.12.69/6.18.9 and classified as critical . This affects the function tegra_qspi_combined_seq_xfer of the component IRQ Handler . Executing a manipulation of the argument curr_xfer can lead to null pointer dereference. The i...

Read Full Article →

A vulnerability has been found in Linux Kernel up to 6.12.69/6.18.9 and classified as critical . Affected by this issue is the function kfree of the component ceph . Performing a manipulation results in denial of service. This vulnerability was named CVE-2026-23201 . The attack needs to be approa...

Read Full Article →

A vulnerability, which was classified as critical , was found in Linux Kernel up to 6.12.69/6.18.9 . Affected by this vulnerability is the function __kernel_read of the component procfs . Such manipulation leads to improper update of reference count. This vulnerability is uniquely identified as C...

Read Full Article →

A vulnerability, which was classified as critical , has been found in Linux Kernel up to 6.12.69/6.18.9 . Affected is the function ceph_mds_auth_match of the component FS File Parser . This manipulation causes null pointer dereference. This vulnerability is handled as CVE-2026-23189 . The attack ...

Read Full Article →

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.69/6.18.9 . This affects the function mutex_lock of the component r8152 . The manipulation leads to deadlock. This vulnerability is traded as CVE-2026-23188 . Access to the local network is required for this attack t...

Read Full Article →

A vulnerability described as critical has been identified in Linux Kernel up to 6.18.9 . The impacted element is the function i2c_imx_master_isr of the component i2c . Executing a manipulation can lead to buffer overflow. This vulnerability appears as CVE-2026-23197 . The attacker needs to be pre...

Read Full Article →

A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.162/6.6.123/6.12.69/6.18.9 . The affected element is the function imx8m_blk_ctrl_remove of the component pmdomain . Performing a manipulation results in range error. This vulnerability is reported as CVE-2026-23187 . T...

Read Full Article →

itv reports: Guernsey’s Data Protection Authority (ODPA) has sanctioned First Contact Health after it failed to implement sufficient security measures to prevent a phishing attack. The cybersecurity breach saw fraudsters successfully target an employee’s email account, gaining access to confident...

Read Full Article →

Abby Sourwine reports: Ransomware attacks against schools and universities held relatively steady in 2025, but the scale of data exposure rose sharply, driven in part by third-party software vulnerabilities and a handful of outsized higher education breaches. According to U.K.-based technology re...

Read Full Article →

Zack Whittaker reports: Dutch phone company Odido has confirmed a data breach affected millions of its customers. The company said in a statement Thursday that unidentified hackers gained access to its customer contact system and covertly downloaded reams of customer information. A spokesperson f...

Read Full Article →

Their headline was, “Attor­ney Gen­er­al Ken Pax­ton Demands Infor­ma­tion from Blue Cross Blue Shield of Texas and Con­duent as Part of Inves­ti­ga­tion into Largest Data Breach in U.S. History,” but that seemed terribly wrong. Is Texas Attorney General Ken Paxton using AI as for his research? “...

Read Full Article →

Heekyong Yang and Hyunjoo Jin report: South Korean officials blamed a massive data leak last year at Coupang on management failure, rather than a sophisticated cyberattack, and urged the e-commerce giant to fix vulnerabilities in its security systems. Announcing the first findings of a government...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 13, 2026 –Read the full Oreate AI story A blog post about Cybercrime Magazine was written by Oreate AI, who calls itself “your all-in-one assistant, helping you write essays, build presentations, and human...

Read Full Article →

Researchers have uncovered 30 Chrome extensions stealing user data. Here’s how to check your browser and remove any malicious extensions step by step.

Read Full Article →

Olympic merchandise is already being used as bait. We’ve identified nearly 20 fake shop sites targeting fans globally.

Read Full Article →

Unstructured text to interactive knowledge graph via LLM & SPO triplet extraction

Read Full Article →

In this week’s newsletter, Amy examines the rise of Shannon, an autonomous AI penetration testing tool, and what it means for security teams and risk management.

Read Full Article →

Overview A path traversal vulnerability leading to arbitrary file write exist in PyMuPDF version 1.26.5, within the ‘embedded_get’ function in ‘ main .py’. This vulnerability is caused by improper handling of untrusted embedded file metadata, which is used directly as an output path, enabling att...

Read Full Article →

Managed Detection and Response (MDR) acts as the foundation of a unified security program, connecting visibility, intelligence, and response across your entire environment. A modern MDR solution goes beyond alerts by delivering real‑time detection, expert‑led response, and actionable threat intel...

Read Full Article →

The once popular Outlook add-in AgreeTo was turned into a powerful phishing kit after the developer abandoned the project.

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 12, 2026 –Read the full story in The Motley Fool Australia Tristan Harrison, one of the longest-serving writers at The Motley Fool Australia, highlights a cybersecurity growth theme for potential investors...

Read Full Article →

Introduction In the final quarter of 2025, Google Threat Intelligence Group (GTIG) observed threat actors increasingly integrating artificial intelligence (AI) to accelerate the attack lifecycle, achieving productivity gains in reconnaissance, social engineering, and malware development. This rep...

Read Full Article →

“Tenable’s asset and attack surface coverage, its application of AI and its reputation for vulnerability assessment makes it the front-runner in AI-powered exposure assessment,” Gartner writes in “AI Vendor Race: Tenable Is the Company to Beat for AI-Powered Exposure Assessment.” Key takeaways fr...

Read Full Article →

Over 135,000 OpenClaw AI agents are exposed online, raising remote code execution and enterprise security risks worldwide.

Read Full Article →

Apple issued security updates for all devices which include a patch for an actively exploited zero-day—tracked as CVE-2026-20700.

Read Full Article →

A 29-year-old Polish man has been charged in connection with a data breach that exposed the personal details of around 2.5 million customers of the popular Polish e-commerce website Morele.net. Read more in my article on the Hot for Security blog.

Read Full Article → *(Covered by: Bitdefender Hot For Security, Graham Cluley)*

AI-assisted website builders are making it far easier for scammers to impersonate well-known and trusted brands, including Malwarebytes.

Read Full Article →

In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didn’t exist. I described one of the ways I was able to bypass the feature before it was released. In total I found 9 bypasses during my research that...

Read Full Article →

Key Takeaways Introduction Active Directory (AD) remains the backbone of identity and access management for most enterprises, controlling authentication, authorization, and access across users, endpoints, servers, and applications. Because of this central role, Active Directory is also one of the...

Read Full Article →

[This is a Guest Diary by Johnathan Husch, an ISC intern as part of the SANS.edu BACS program]

Read Full Article →

Download Recorded Future's 2026 State of Security report which provides comprehensive threat intelligence on geopolitical fragmentation, state-sponsored operations, ransomware evolution, and emerging technology risk.

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 11, 2026 –Read the full story in ZDNet ZDNet recently published “10 ways AI can inflict unprecedented damage in 2026,” that deserve every business leader’s attention: 1. AI-enabled malware will unleash The...

Read Full Article →

Microsoft’s February Patch Tuesday fixes 59 flaws—including six zero-days already under active attack. How bad are they?

Read Full Article →

Malwarebytes is not only one of PCMag's Best Tech Brands for 2026, it also scored 100% on the MRG Effitas consumer security product test.

Read Full Article →

Cisco Talos recently discovered a new threat actor, UAT-9221, leveraging VoidLink in campaigns. Their activities may go as far back as 2019, even without VoidLink.

Read Full Article →

glibc 2.38 - Buffer Overflow

Read Full Article → *(Covered by: CXSecurity Exploit Database, ExploitDB)*

Microsoft has released its monthly security update for February 2026, which includes 55 vulnerabilities affecting a range of products, including one (CVE-2025-59498) that Microsoft marked as “Critical”.

Read Full Article →

Microsoft’s February 2026 Patch Tuesday focuses on closing security gaps that attackers could exploit, reinforcing the importance of timely patching in enterprise environments. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for February 2026 This month’s release addres...

Read Full Article →

2 Critical 51 Important 1 Moderate 0 Low Microsoft addresses 54 CVEs in the February 2026 Patch Tuesday released, including six zero-day vulnerabilities that were exploited in the wild and three publicly disclosed CVEs. Microsoft patched 54 CVEs in its February 2026 Patch Tuesday release, with tw...

Read Full Article →

The conversation around AI security is full of anxiety. Every week, new headlines warn of jailbreaks, prompt injection, agents gone rogue, and the rise of LLM-enabled cybercrime. It’s easy to come away with the impression that AI is fundamentally uncontrollable and dangerous, and therefore someth...

Read Full Article →

Overview A prototype pollution vulnerability present in CASL Ability versions 2.4.0 through 6.7.4 is triggered through the rulesToFields() function in the extra module. The program’s library contains a method called setByPath() that does not properly sanitize property names, allowing attackers to...

Read Full Article →

Ransomware attack groups have ramped up their efforts, launching attacks on the education sector with recent incidents striking a range of targets from an Australian institution of higher learning to a school district in North Carolina.

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 10, 2026 –Read the full story in GoBankingRates “The World In 2030,” a Bank of America research paper, cites Cybersecurity Ventures, whose analysis showed that cybercrime — such as hacking, fake videos, Th...

Read Full Article →

Introduction In modern warfare, the front lines are no longer confined to the battlefield; they extend directly into the servers and supply chains of the industry that safeguards the nation. Today, the defense sector faces a relentless barrage of cyber operations conducted by state-sponsored acto...

Read Full Article →

Our research found that mainstream platforms often protect children well—until curiosity or the wrong settings get in the way.

Read Full Article →

Hacked Snapchat accounts and secret filming with smart glasses, this week served two reminders of how women’s privacy is still being violated.

Read Full Article →

In February 2026, the online gaming community Toy Battles suffered a data breach. The incident exposed 1k unique email addresses alongside usernames, IP addresses and chat logs. Following the breach, Toy Battles self-submitted the data to Have I Been Pwned.

Read Full Article →

In January 2026, a data breach impacting the French non-profit Association Nationale des Premiers Secours (ANPS) was posted to a hacking forum . The breach exposed 5.6k unique email addresses along with names, dates of birth and places of birth. ANPS self-submitted the data to HIBP and advised th...

Read Full Article →

AI can find vulnerabilities with unprecedented speed, but discovery alone doesn’t reduce cyber risk. We need exposure prioritization, contextual risk analysis, and AI-driven remediation to transform findings into security outcomes. Key takeaways AI is dramatically accelerating vulnerability disco...

Read Full Article →

I went undercover on Moltbook, the AI-only social network, masquerading as a bot. Instead of deep bot-to-bot conversations, I found spam, scams, and serious security risks. Key Takeaways Moltbook, the AI-only social network, is currently a high-risk environment dominated by spam and scams. Connec...

Read Full Article →

A security researcher found an exposed database belonging to the Chat & Ask AI app, once again traced back to a Firebase misconfiguration.

Read Full Article →

Written by: Ross Inman, Adrian Hernandez Introduction North Korean threat actors continue to evolve their tradecraft to target the cryptocurrency and decentralized finance (DeFi) verticals. Mandiant recently investigated an intrusion targeting a FinTech entity within this sector, attributed to UN...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 9, 2026 –Watch the YouTube video “Scam Interceptors is kind of a unique show in that we basically blend ethical hacking with investigative journalism, and we use those two separate skill sets The post TV S...

Read Full Article →

In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as publica...

Read Full Article →

This Apple Pay phishing campaign is designed to funnel victims into fake Apple Support calls, where scammers steal payment details.

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 6, 2026 –Listen to the podcast On Jun. 25, 2012, 31-year-old Higinio O. Ochoa, III of Dallas, Texas, the self-proclaimed associate of computer hacker groups known as “Anonymous” and “CabinCr3w” pleaded gui...

Read Full Article →

SASE vs. SSE explained: Understand the key differences between Secure Access Service Edge (SASE) and Security Service Edge (SSE) , including when each model makes the most sense for modern, cloud-first organizations. How SSE can be your path to SASE: Learn why many enterprises start with SSE as a...

Read Full Article →

He promised "the best security there is" to hundreds of thousands of drug buyers, while quietly making the kind of mistake that guaranteed a 30-year sentence. And maybe training police on cryptocurrency while running a running a vast Tor-hidden drug bazaar wasn't such a good idea. Read more in my...

Read Full Article →

This week, Joe cautions the rush to adopt AI tools rife with truly awful security vulnerabilities.

Read Full Article →

When Rapid7 published its analysis of the Chrysalis backdoor linked to a compromise of Notepad++ update infrastructure, it raised understandable questions from customers and security teams. The investigation showed that attackers did not exploit a flaw in the application itself. Instead, they com...

Read Full Article →

From school districts to state agencies, 2025 cyber incidents were a wake-up call about asset visibility. Discover five actionable lessons SLG leaders can use to close the cyber exposure gap and move from reactive threat detection and response to proactive exposure management. Key takeaways Effec...

Read Full Article →

The DEAD#VAX campaign tricks users into installing AsyncRAT by disguising a virtual hard disk as a PDF attachment.

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 5, 2026 –Read the full story in CSO Lack of access to executives and the board is a red flag and a top reason why chief information security officers decide to leave The post CISO FAQ: Should I Stay Or Sho...

Read Full Article →

Cisco Talos uncovered “DKnife,” a fully featured gateway-monitoring and adversary-in-the-middle (AitM) framework comprising seven Linux-based implants.

Read Full Article →

In January 2026, the automated investment platform Betterment confirmed it had suffered a data breach attributed to a social engineering attack . As part of the incident, Betterment customers received fraudulent crypto-related messages promising high returns if funds were sent to an attacker-cont...

Read Full Article →

Key Takeaways The Question CISOs Cannot Answer Today The scan is done. Dashboards are full. Change windows are tight. And one critical question dominates every vulnerability review: “Is this exposure actually exploitable on our asset, in our production environment,with our controls, right now?” V...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 4, 2026 –Read the full story Cybersecurity Ventures publishes a chart at RansomwareCost.com containing our calculations of global ransomware damage cost predictions from 2015 to 2031. For this year, 2026, ...

Read Full Article →

Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance. Google moved swiftly to patch these issues. Organizations running Looker on-prem should verify they have upgraded to the patched versions. Key takeaways ...

Read Full Article →

FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution

Read Full Article → *(Covered by: CXSecurity Exploit Database, ExploitDB)*

Rublevka Team exemplifies the industrialization of crypto scams. Learn how traffer teams and wallet drainers enable high-volume theft.

Read Full Article →

Moltbot, the viral AI agent, offers immense power but is riddled with critical vulnerabilities, including remote code execution (RCE), exposed control interfaces, and malicious extensions. Read on to understand the vulnerabilities associated with Moltbot and the immediate security practices users...

Read Full Article →

The January 2026 edition of LevelBlue SpiderLabs ransomware tracker noted a sharp fall in the number of attacks launched compared to December 2025. Qilin remained the top attacker, but there was a reshuffling of the remaining top five attackers for the month.

Read Full Article →

Threat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Change log Update February 4: This FAQ blog has been updated to note that CVE-2025-15556 was assigned for this security incident. Click here to re...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 3, 2026 –Read the full story from BreachLock Everything you always wanted to know about penetration testing but were afraid to ask can be found in a widely popular blog post from BreachLock, a The post Wha...

Read Full Article →

Introduction On January 26, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2018-14634 to its Known Exploited Vulnerabilities (KEV) catalog. The same vulnerability was discovered by the Qualys Threat Research Unit (TRU) in September 2018. We nicknamed it “Mutagen Astro...

Read Full Article →

Empower CISOs with actionable cybersecurity resources including maturity assessments, incident response playbooks, and vendor risk tools. Strengthen security programs using Security Colony , a self-service cybersecurity knowledge platform built by LevelBlue and SpiderLabs experts. Improve cyber r...

Read Full Article →

Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central Am...

Read Full Article →

Tenable Cloud Security continues to expand the technical depth of our Tenable One exposure management platform. Our latest enhancements include unified multi-cloud exploration, high-fidelity network validation, and expanded entitlement visibility across infrastructure and identity providers. Key ...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 2, 2026 –Read the full story in Moneywise Cybercrime will cost the world more than $12 trillion annually by 2031, according to Cybersecurity Ventures, and most of that money will never The post U.S. Secret...

Read Full Article →

RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)

Read Full Article → *(Covered by: CXSecurity Exploit Database, ExploitDB)*

D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)

Read Full Article → *(Covered by: CXSecurity Exploit Database, ExploitDB)*

This article explores how Recorded Future served as Customer Zero for Autonomous Threat Operations, testing the new solution within our own SOC to validate its real-world impact before releasing it to the public. The article reveals how the technology transformed inconsistent, analyst-dependent t...

Read Full Article →

The FBI has seized control of RAMP, a notorious cybercrime online forum that bragged to be the only place that allowed ransomware, and boasted over 14,000 active users. Now some of those users' details are likely to be in the hands of the police... Read more in my article on the Bitdefender blog.

Read Full Article →

In January 2026, Panera Bread suffered a data breach that exposed 14M records . After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses....

Read Full Article →

Two Critical vulnerabilities in Ivanti’s popular mobile device management solution have been exploited in the wild in limited attacks Key takeaways: Patch Ivanti EPMM immediately. Both CVE-2026-1281 and CVE-2026-1340 have been exploited in the wild, though impact has been limited so far. Apply th...

Read Full Article →

Key Takeaways: The Essentials of ROC vs. CTEM Modern enterprises face a constant flood of data from dozens of siloed security tools, creating a fragmented view of risk. Continuous threat exposure management (CTEM) offers a framework to bring exposures together from these tools, and a risk operati...

Read Full Article →

Introduction Mandiant has identified an expansion in threat activity that uses tactics, techniques, and procedures (TTPs) consistent with prior ShinyHunters-branded extortion operations. These operations primarily leverage sophisticated voice phishing (vishing) and victim-branded credential harve...

Read Full Article →

Introduction Mandiant is tracking a significant expansion and escalation in the operations of threat clusters associated with ShinyHunters-branded extortion. As detailed in our companion report, 'Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft' , these campaigns...

Read Full Article →

In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-54529) and a double-free vulnerability (CVE-2025-31235) in the coreaudiod system daemon through a process I call knowledge-driven fuzzing. W...

Read Full Article →

Hazel reflects on how to find balance while staying informed, then delivers practical updates and insights on the latest cybersecurity threats.

Read Full Article →

Key Takeaways Compliance Breaks When Proof Lags Infrastructure Cloud compliance has changed. It is no longer an audit milestone. It is a continuous expectation. Boards demand visibility into regulatory exposure. Regulators expect evidence, not intent. Enterprise customers want assurance in real t...

Read Full Article →

Microsoft has published three out-of-band (OOB) updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has been reportedly exploited in the wild.

Read Full Article →

Cisco Talos has identified a new, regionally targeted campaign by UAT-8099 that leverages advanced persistence techniques and custom BadIIS malware variants to compromise IIS servers, particularly in Thailand and Vietnam.

Read Full Article →

A drop in exploitation and ransomware, but a spike in phishing and credential abuse, show why timely patching and robust MFA matter more than ever.

Read Full Article →

In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with Pegasus spyware — exposing how a single, seemingly harmless text message can turn a smartphone into a round-the-clock surveillance device. Plus, we go looking for professional h...

Read Full Article →

Introduction This week Google and partners took action to disrupt what we believe is one of the largest residential proxy networks in the world, the IPIDEA proxy network. IPIDEA’s proxy infrastructure is a little-known component of the digital ecosystem leveraged by a wide array of bad actors. Th...

Read Full Article →

Introduction The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability CVE-2025-8088 in WinRAR, a popular file archiver tool for Windows, to establish initial access and deliver diverse payloads. Discovered and patched in July 2025, g...

Read Full Article →

A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control (UAC) with a more robust and importantly, securable system to allow a local user to access administrator privileges only when necessary....

Read Full Article →

In this week's newsletter, Bill hammers home the old adage, "Know your environment" — even throughout alert fatigue.

Read Full Article →

Key Takeaways The Risk Introduced by Implicit Trust in Public Container Images Public container registries have become foundational to modern software development. A single docker pull can accelerate application delivery, standardize environments, and reduce operational friction across teams. How...

Read Full Article →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS.

Read Full Article →

We’re proud to share that Qualys has been recognized as a Leader and Outperformer in the 2025 GigaOm Radar Report for Cloud-Native Application Protection Platforms (CNAPP). This year’s evaluation underscores an important reality of the CNAPP market: while 18 vendors were evaluated, only a small s...

Read Full Article →

In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom , alleging they had obtained access to 343GB of data. In January 2026, customer data from the incident was published publicly on a popular hacking forum , including 72M email addresses...

Read Full Article →

Overview An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif . A maliciously crafted HEIF image can trigger a denial-of-service condition by causing the libheif library to crash or exhibit other unexpected behavior due to an out-of-bounds memory ac...

Read Full Article →

Overview The binary-parser library for Node.js contains a code injection vulnerability that may allow arbitrary JavaScript code execution if untrusted input is used to construct parser definitions. Versions prior to 2.3.0 are affected. The issue has been resolved by the developer in a public upda...

Read Full Article →

Overview The Open5GS WebUI component contains default hardcoded secrets used for security-sensitive operations, including JSON Web Token (JWT) signing. If these defaults are not changed, an attacker can forge valid authentication tokens and gain administrative access to the WebUI. This can result...

Read Full Article →

Overview A stack-based buffer overflow vulnerability exists in GNU libtasn1, a low-level ASN.1 parsing library. The issue is caused by unsafe string concatenation in the asn1_expand_octet_string function located in decoding.c . Under worst-case conditions, this results in a one-byte stack overflo...

Read Full Article →

Key Takeaways The Signals Are Loud, the Dashboards Are Full, Yet Decisive Action Remains Elusive By the end of 2025, many security leaders reached a quiet conclusion. The challenge was no longer a lack of tools, telemetry, or frameworks. Most enterprises already had all three. What remained unres...

Read Full Article →

Overview Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64, versions 10.5.75.0 and 11.11.4.0, allows for an unprivileged user to abuse an IOCTL path and terminate protected system processes. Description Safetica is a Data Loss Prevention (DLP) and Insider Risk Management (I...

Read Full Article →

Overview A Server-Side Template Injection (SSTI) vulnerability exists in the Genshi template engine due to unsafe evaluation of template expressions. Genshi processes template expressions using Python’s 'eval()’ and ‘exec()’ functions while allowing fallback access to Python built-in objects. If ...

Read Full Article →

Overview dr_flac , an open-source FLAC audio decoder, part of the dr_libs audio decoder toolset, contains an integer overflow vulnerability allowing for denial of service (DoS) when provided a specific crafted file. An attacker can exploit this vulnerability through providing a tool that uses dr_...

Read Full Article →