WASHINGTON — Federal cyber leaders warned Tuesday that artificial intelligence in the toolbox of bad actors requires urgent adaptation to meet the “scale and speed” of AI-propelled attacks and...
In a previous blog post, they discussed a vulnerability in an authentication flow that was broken through bad frame communication. One of the issues that made this possible is discussed in depth...
Web pages are intentionally isolated from one another. It would be insecure if another website could read the contents of your page. Or, use cookies to retrieve sensitive information. So, browsers...
The author of this post found several vulnerabilities purely using LLMs. In this post, they outline some takeaways from the hundreds of prompts they have used. To start with, they debunk an...
Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS)...
Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS)...
The end of knowledge work has been claimed to be here with AI tooling. Will this mean working fewer hours? Universal basic income? There are many questions about what the world will look like in 5...
Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade. [...]
Sell your soul to the orb Sam Altman has cooked up a plan to make his cryptocurrency/identity/eyeball-scanning-orb venture more useful by – you guessed it – adding agentic AI to the mix. Now the...
The Citizen Lab has submitted an input on digital transnational repression to the OHCHR report on ‘Protecting Human Rights Defenders in the Digital Age’. The post Submission to the OHCHR:...
The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method. The use of ClickFix, where users...
Spring security advisory (AV26-245)
GitHub security advisory (AV26-246)
An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent...
Iran's retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable's exposure data analysis across seven target countries reveals...
The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. [...]
A majority of security leaders are struggling to defend AI systems with tools and skills that are not fit for the challenge, according to the AI and Adversarial Testing Benchmark Report 2026 from...
A majority of security leaders are struggling to defend AI systems with tools and skills that are not fit for the challenge, according to the AI and Adversarial Testing Benchmark Report 2026 from...
State-sponsored attackers joined by Chinese snoops and hackers-for-hire in latest round of economic penalties The Council of the European Union sanctioned Emennet Pasargad on Monday, a company...
See how GitHub is investing in open source security funding maintainers, partnering with Alpha-Omega, and expanding access to help reduce burden and strengthen software supply chains. The post...
North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim's KakaoTalk desktop application to distribute malicious payloads to certain...
The European Union Council has announced sanctions against three entities and two individuals for their involvement in cyberattacks targeting critical infrastructure in the region. [...]
When hurricanes approach the coast or wildfires tear through dry terrain, the first maps that most people see are the ones that track the danger itself. They show a storm’s path, the current fire...
A combined heat and power (CHP) plant serving nearly half a million Poles was targeted in a cyberattack in December. The goal was to freeze people in their homes on one of the coldest weeks of the...
Talk about dodging the insider threat from hell. From August 15 to 25, 2025, the SpiderLabs threat intel team, through the integration of LevelBlue OTX threat intelligence with Cybereason XDR...
It may seem early to be drawing lessons from the U.S.-Israeli war against Iran, but one of the world’s most powerful militaries has already reached some conclusions. China’s People’s Liberation...
The Olympics are a global spectacle, uniting nations through the thrill of competition and the celebration of human achievement. During this year’s Winter Olympic and Paralympic Games we watched...
The recently released executive order targeting cybercrime, fraud, and predatory schemes uses language the federal government has often avoided. Now, for the first time, the Trump administration...
Encyclopedia Britannica and Merriam-Webster have filed a lawsuit against OpenAI, alleging in its complaint that the AI giant has committed “massive copyright infringement.” Britannica, which owns...
The Food and Ag-ISAC paints a stark picture of a sector facing sustained and increasingly sophisticated cyber pressure, with 72 active threat actors identified from a pool of more than 330...