Spring security advisory (AV26-259)

Last time: Beijing-backed snoops and ransomware crims. Who's next? Unknown baddies are abusing yet another critical Microsoft SharePoint bug to compromise victims' SharePoint servers, the US...

Chocolate Factory describes concession as an attempt to balance openess with safety It turns out you won't be limited to Google-verified apps an developers on Android after all. In the face of...

Cybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to conduct device takeover (DTO) and financial fraud....

While a garlic and wooden stakes keep the vampires at bay in movies, they won’t save your network once an attacker has been "invited in." Discover why identity is the new frontier of cyber horror...

This report expands LevelBlue’s ongoing investigation into a multi-stage fileless malware campaign in which a network of compromised legitimate websites redirects victims to fake CAPTCHA...

Navia Benefit Solutions, Inc. (Navia) is informing nearly 2.7 million individuals of a data breach that exposed their sensitive information to attackers. [...]

Security teams have spent years building identity and access controls for human users and service accounts. But a new category of actor has quietly entered most enterprise environments, and it...

A newly disclosed vulnerability dubbed 'PolyShell' affects all Magento Open Source and Adobe Commerce stable version 2 installations, allowing unauthenticated code execution and account takeover. [...]

Iran-linked attackers wiped employees' devices using Intune The US government has urged companies to better secure Microsoft Intune, an endpoint management tool that was abused in last week's...

The attackers behind a recent attack on Stryker did not use malware, instead breaking into a legitimate Microsoft device management system called Intune and wiping the company’s data that way.

A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, according to reports from Google Threat...

Ubiquiti security advisory (AV26-258)

Moxie Marlinspike says the technology powering his encrypted AI chatbot, Confer, will be integrated into Meta AI. The move could help protect the AI conversations of millions of people.

Apple is encouraging people to update their iPhones in light of new cybersecurity research that suggests that Russian intelligence, Chinese cybercriminals and other hackers have been using tools...

The National Quantum Initiative Act requires a strategic plan to help direct federal efforts in quantum information science, including quantum computing. An entity known as the Subcommittee on...

Recent years have brought heightened concern in Western intelligence circles that China could invade the self-governing island of Taiwan as early as next year. But the United States now says an...

The US government is warning businesses to secure their corporate accounts within a popular Microsoft Corp. management tool, following a cyberattack on Stryker Corp. last week. The Cybersecurity...

Iran broadened its strikes on major energy facilities in the Middle East, eliciting strong warnings Thursday from Gulf Arab states that called it a dangerous escalation that threatened to draw...

Artificial intelligence and robotics leaders warned U.S. lawmakers Tuesday that Chinese-developed robots combine data collection, network connectivity and real-world operation in ways that could...

Crypto-powered gift card store Bitrefill says that the attack it suffered at the beginning of the month was likely perpetrated by North Korean hackers of the Bluenoroff group. [...]

Russia has been expanding its intelligence sharing and military cooperation with Iran, providing satellite imagery and improved drone technology to aid Tehran’s targeting of U.S. forces in the...

The Energy Department’s Office of Cybersecurity, Energy Security, and Emergency Response plans to lay out its first strategic plan, following on the heels of the Trump administration’s new...

National Cyber Director Sean Cairncross said Tuesday that the Trump administration isn’t aspiring to enlist the private sector to conduct offensive cyber operations, but instead to help the...

The FBI has seized two websites used by the Handala hacktivist group after the threat actors conducted a destructive cyberattack on medical technology giant Stryker that wiped approximately 80,000...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and...

Amazon’s threat intelligence teams have uncovered a new cyber campaign linked to the Interlock ransomware group. The campaign centers around a flaw affecting Cisco Secure Firewall Management...

Apple has released a new security update to address a critical WebKit vulnerability tracked as CVE-2026-20643. The vulnerability was identified as a cross-origin issue within the Navigation API of...

Quick deployment, meaningful visibility and a foundation for long-term data security

Hackers part of APT28, a state-backed threat group linked to Russia's military intelligence service (GRU), are exploiting a Zimbra Collaboration Suite (ZCS) vulnerability in attacks targeting...