A recent article in the New York Times has far-reaching and ominous implications for the United States. It reports on findings from researchers at the University of Texas that Russian satellites...
Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656...
Russian forces are trying to counter Ukrainian “mid-strike” drone attacks by camouflaging cargoes and installing powerful jamming systems to disrupt Elon Musk’s Starlink satellite internet system,...
NIST is advancing nine new post-quantum signature algorithms as potential candidates for future standardization. We take a closer look at all of them, and argue that while they are in the works...
Companies will once again be allowed to scan citizens’ personal texts, emails, and social media messages via the “chat control” bill to find child abuse material online.
American companies have a new AI addiction: cheaper Chinese models. But as the race for artificial-intelligence supremacy heats up, Beijing is considering tightening its grip on homegrown...
The LevelBlue Managed Threat Research team investigated a security alert in a customer environment involving a malicious ZIP file containing a Windows shortcut (.lnk) used for initial execution....
China and India ran separate espionage operations against the same Pakistani police force, each drawn by different stakes in Pakistan's internal security.
Meta has announced that its new artificial intelligence (AI) model Muse Image lets people use public Instagram posts and reels to generate AI content, and it's enabled by default. "You can also...
SQL Injection vulnerability (CVE-2026-50644) has been found in SOPlanning software.
Last week, national security agencies from the Five Eyes—that’s the rich, English-language-speaking countries club—jointly released a statement warning of the increasing cyber risks of AI models:...
Ask an AI coding agent to scan open-source code for security holes, and it might run the attacker's code on your own machine instead. That is the finding in a proof-of-concept published Wednesday...
Third iteration of ransomware from Hyadina developers who first launched the Monster ransomware in 2022.
An MSG database tracked and categorized hundreds of celebs, famous Knicks superfans, and even some of Taylor Swift’s wedding guests. Labels included “LGBTQIA,” “DO NOT HOST,” and low to high “risk.”
Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one...
Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure...
CERT Polska has received a report about 2 vulnerabilities (CVE-2026-56288 and CVE-2026-56289) found in GNU patch software.
If people think you are doing a legitimate job, you can get away with anything
Recorded Future CEO Colin Mahony and Mastercard’s Aditi Sawhney discuss the convergence of cyber and financial crime. Explore how Payment Fraud helps teams move from reactive fraud models to...
A malicious version of the @injectivelabs/sdk-ts npm package (version 1.20.21) was briefly published to the official Injective Labs npm namespace after a contributor account was compromised. The...
Proofpoint researcher tells The Reg: 'We estimate the total volume of targets would be a few dozen'
Sophos looked at a week of its own endpoint data and found that AI coding agents such as Claude Code, Cursor, and OpenAI Codex are setting off detection rules written to catch human intruders. The...
More fun with AI jailbreaks, this time at the workflow level
AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist. New research, which...
Progress security advisory (AV26-678)
Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation...
Drupal security advisory (AV26-676)
GitLab security advisory (AV26-677)
Artificial intelligence is accelerating cyber conflict, but former CIA technology leader Chris Jones says the most important lesson for defenders may be an old one: technology only matters when...
A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This “ghost phishing” technique keeps the malicious page hidden until it...