Even fitness equipment is vulnerable to mischief makers these days PWNED Welcome back to Pwned, the column where we share war stories from IT soldiers who shot themselves – or watched someone else...
The time is maybe Quantum computing exists in a sort of superposition with regard to cryptography – it's both a pending threat and a technology of no immediate consequence for decryption.…
Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025...
Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. [...]
Bitcoin Depot, which operates one of the largest Bitcoin ATM networks, says attackers stole $3.665 million worth of Bitcoin from its crypto wallets after breaching its systems last month. [...]
Microsoft has suspended developer accounts used to maintain multiple high-profile open-source projects without proper notification and no way to quickly reinstate them, effectively blocking them...
I posted the following article this morning over on PogoWasRight.org, but I have had so many people sending me links to stories about this news that I guess I should have posted it here, too, as a...
From HHS OCR: This video presentation is intended to raise awareness and provide practical education to HIPAA covered entities and business associates of the HIPAA Security Rule’s Risk Management...
I decided to spend some research time diving in depth into Identity and Access Management (IAM) within Microsoft Azure. I am going to show you within this blog how IAM permissions can be abused...
Recorded Future sees its inclusion in the 2026 Forrester Wave™ for Cybersecurity Risk Ratings Platforms as a reflection of a broader truth: the era of ratings-only vendor risk management is over.
A supply chain campaign attributed to a DPRK-linked threat actor, PolinRider, has resulted in the compromise of over 1,900 GitHub repositories through malicious npm packages, VS Code artifacts,...
Cybersecurity researchers have flagged a new variant ofmalware called Chaosthat'scapable of hitting misconfigured cloud deployments, marking an expansion of the botnet's targeting infrastructure....
Unit 42 reveals "Agent God Mode" in Amazon Bedrock AgentCore. Broad IAM permissions lead to privilege escalation and data exfiltration risks. The post Cracks in the Bedrock: Agent God Mode...
Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, the botnet has been advertised via Telegram...
If they don't know what they're doing, you might never get your data back interview It's the biggest threat today, but it took her a while to appreciate it. After spending two decades at the FBI...
SonicWall security advisory (AV26-332)
Palo Alto Networks security advisory (AV26-331)
The company said the networks used fake accounts to post and amplify political content aimed at Hungarian users, including material critical of opposition leader Péter Magyar and his Tisza Party...
Apache ActiveMQ security advisory (AV26-330)
The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented...
In Lebanon, nearly 1 in 5 people has been displaced by Israeli attacks, leaving the government to manage a modern crisis without modern digital infrastructure.
A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. [...]
OpenSSL security advisory (AV26-329)
A threat actor tracked as UNC6783 is compromising business process outsourcing (BPO) providers to gain access to high-value companies across multiple sectors. [...]
Mitel security advisory (AV26-328)
CyberAv3ngers claimed that an operative "has access to America's electrical infrastructure and telecommunications sites, May God bless the American people."
The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of...
Access Now, Lookout and SMEX joined research forces to find a campaign involving suspected Indian government-connected group Bitter, ProSpy spyware and more. The post Hack-for-hire spyware...
GitLab security advisory (AV26-327)
Lorenzo Franceschi-Bicchierai reports: Cybercriminals have allegedly stolen a large amount of sensitive internal documents from the Los Angeles Police Department and leaked the data online. The...