China and India ran separate espionage operations against the same Pakistani police force, each drawn by different stakes in Pakistan's internal security.
Meta has announced that its new artificial intelligence (AI) model Muse Image lets people use public Instagram posts and reels to generate AI content, and it's enabled by default. "You can also...
SQL Injection vulnerability (CVE-2026-50644) has been found in SOPlanning software.
Last week, national security agencies from the Five Eyes—that’s the rich, English-language-speaking countries club—jointly released a statement warning of the increasing cyber risks of AI models:...
Ask an AI coding agent to scan open-source code for security holes, and it might run the attacker's code on your own machine instead. That is the finding in a proof-of-concept published Wednesday...
Third iteration of ransomware from Hyadina developers who first launched the Monster ransomware in 2022.
An MSG database tracked and categorized hundreds of celebs, famous Knicks superfans, and even some of Taylor Swift’s wedding guests. Labels included “LGBTQIA,” “DO NOT HOST,” and low to high “risk.”
Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one...
Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure...
CERT Polska has received a report about 2 vulnerabilities (CVE-2026-56288 and CVE-2026-56289) found in GNU patch software.
If people think you are doing a legitimate job, you can get away with anything
Recorded Future CEO Colin Mahony and Mastercard’s Aditi Sawhney discuss the convergence of cyber and financial crime. Explore how Payment Fraud helps teams move from reactive fraud models to...
A malicious version of the @injectivelabs/sdk-ts npm package (version 1.20.21) was briefly published to the official Injective Labs npm namespace after a contributor account was compromised. The...
Proofpoint researcher tells The Reg: 'We estimate the total volume of targets would be a few dozen'
Sophos looked at a week of its own endpoint data and found that AI coding agents such as Claude Code, Cursor, and OpenAI Codex are setting off detection rules written to catch human intruders. The...
More fun with AI jailbreaks, this time at the workflow level
AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist. New research, which...
Progress security advisory (AV26-678)
Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation...
Drupal security advisory (AV26-676)
GitLab security advisory (AV26-677)
Artificial intelligence is accelerating cyber conflict, but former CIA technology leader Chris Jones says the most important lesson for defenders may be an old one: technology only matters when...
A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This “ghost phishing” technique keeps the malicious page hidden until it...
A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures. The activity cluster, tracked by Elastic...
Juniper Networks security advisory (AV26-675)
Palo Alto Networks security advisory (AV26-674)
New research shows that a signed Git commit's hash is not the one-of-a-kind name that much of the software world assumes it to be. Given any signed commit, someone without the signing key can mint...
For years, account takeover (ATO) followed a predictable script. Attackers bought stolen credentials in bulk, ran them through automated tools, and waited for matches. Credential stuffing was...
An AI coding assistant that refuses to answer a dangerous request in its chat box can answer it anyway if the same request is broken into small, ordinary-looking steps inside a code editor. That...
Learn how to secure HPC AI infrastructure against runtime and supply chain threats via continuous behavioral monitoring.