The Information Technology Industry Council (ITIC) warns that the U.S. is entering a decisive phase in its pursuit... The post ITI warns US must move from quantum strategy to execution as...
New data from GuidePoint Security highlights a ransomware landscape that is no longer spiking but settling into a... The post Ransomware reaches elevated ‘new normal’ as attack volumes hold steady...
Cisco has released security updates to patch four critical vulnerabilities, including a fixed improper certificate validation flaw in the company's cloud-based Webex Services platform that...
Your cybersecurity is only as good as the physical security of the servers PWNED Welcome back to Pwned, the column where we immortalize the worst vulns that organizations opened up for themselves....
The ShinyHunters extortion group has leaked data from 13.5 million McGraw Hill user accounts, stolen after breaching the company's Salesforce environment earlier this month. [...]
Two Ransomware Groups Tore Each Other Apart — Here’s What We Found Inside On April 13, 2026, a threat actor calling itself 0APT published the complete database of the Krybit ransomware operation —...
Two separate PlayCrypt intrusions against different organizations, both following the same textbook playbook: SonicWall VPN or RDP initial access, WinRAR staging with identical flags (-ep1 -scul...
Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country,...
In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited...
Browser fingerprinting is everywhere Google markets its Chrome browser by citing its superior safety features, but according to privacy consultant Alexander Hanff, Chrome does not protect against...
A deep dive into business impersonation fraud — from fake companies cashing stolen checks to AI-powered shopping scams — and why the same vulnerability enables both.
Play Roll for Initiative. Hack the Planet.Dungeons & Daemons is a cybersecurity RPG that drops you into the boots of a Red Team operator on a live engagement. Your mission: infiltrate a corporate...
Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads...
Like the majority of the companies participating, it remains a mystery Last week, Anthropic surprised the world by declaring that its latest model, Mythos, is so good at finding vulns that it...
The National Vulnerability Database will now only analyze vulnerabilities in critical software, systems used in the federal government and those under active exploitation. The post NIST narrows...
Google Chrome security advisory (AV26-358)
A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. [...]
A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is...
A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases. Topping the list is an SQL injection...
A new malware family named 'AgingFly' has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger. [...]
No reports of active exploitation (yet) Watch out for more Fortinet vulns! Two critical bugs in Fortinet's sandbox could allow unauthenticated attackers to bypass authentication or execute...
Cisco security advisory (AV26-357)
Early hacker culture is usually remembered for pranks, exploits and legal gray zones. But in a recent Cyber Focus conversation, journalist and author Joe Menn argued that its deeper legacy may be...
Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and...
Splunk security advisory (AV26-356)
More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them. [...]
AMD security advisory (AV26-355)
Some customer orgs tell staff to block inbound email from the provider Autovista confirms that it called in outside support to help clean up a ransomware infection currently affecting systems in...
Senior research associate Emile Dirks spoke with Domino Theory about Xi Jinping’s view on national security. The post From Stuxnet to Operation Epic Fury: The China-Iran Intelligence Nexus...