A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This “ghost phishing” technique keeps the malicious page hidden until it...
A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures. The activity cluster, tracked by Elastic...
Juniper Networks security advisory (AV26-675)
Palo Alto Networks security advisory (AV26-674)
New research shows that a signed Git commit's hash is not the one-of-a-kind name that much of the software world assumes it to be. Given any signed commit, someone without the signing key can mint...
For years, account takeover (ATO) followed a predictable script. Attackers bought stolen credentials in bulk, ran them through automated tools, and waited for matches. Credential stuffing was...
An AI coding assistant that refuses to answer a dangerous request in its chat box can answer it anyway if the same request is broken into small, ordinary-looking steps inside a code editor. That...
Learn how to secure HPC AI infrastructure against runtime and supply chain threats via continuous behavioral monitoring.
Senior research fellow Jon Penney and co-author Bruce Schneier argue that widely deploying AI surveillance could be corrosive to democracy. The post AI Surveillance Is Being Supercharged–And It...
'GhostApproval' problem highlights human-in-the-loop fails
Tanium security advisory (AV26-673)
National vulnerability database claims monitoring mechanism can forward Chinese users' data to remote servers
n8n security advisory (AV26-672)
On December 25, 2024, Azerbaijan Airlines Flight 8243 was reportedly shot down by a Russian air defense system after experiencing GPS jamming – likely also originating from Russia. Thirty-eight...
Ubiquiti security advisory (AV26-671)
In the brief history of AI security, the prompt injection has quickly become the top threat. Large language models are inherently unable to distinguish between legitimate instructions provided by...
Fewer than 15 of Britain’s 350 largest listed companies signed up to the government’s flagship voluntary cybersecurity scheme at its launch on Tuesday, eight months after ministers wrote...
When mounted to a vehicle, the U.S. Army’s Volcano mine dispenser can blanket roughly 32 acres with up to 960 mines. Now, the service is testing a system that can do the same thing without a...
A Chinese threat actor tracked as UAT-7810 is actively refining its bespoke malware to expand its Operational Relay Box (ORB) network by breaking into internet-facing networking devices. According...
We're all petrified about missing a critical event or misclassifying an alert, but when we're talking about incident response (IR), there are often hundreds if not thousands of alerts to parse...
Uncovering a category-level blind spot in modern AI coding assistants, and why the Human-in-the-Loop safety model fails against this classic threat
Proofpoint researcher tells The Reg: 'We estimate the total volume of targets would be a few dozen'
Langflow security advisory (AV26-670)
Protect the modern attack surface with new auto-reconnaissance capabilities, deep internal context, and the Red Agent to find any risk, anywhere.
Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw that lets any logged-in user take full root control of a machine that has not been...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation....
Last week, national security agencies from the Five Eyes—that’s the rich, English-language-speaking countries club—jointly released a statement warning of the increasing cyber risks of AI models:...
Scammers are hijacking government websites to upload ads for “leaked” OnlyFans content. Thousands of copyright complaints from adult creators are helping people avoid malicious links.
Burst water mains. Evacuated hospitals. In a closed-door simulation, insurers played out their response to a mass disruption by China’s Volt Typhoon hackers—and found a nightmare scenario.
Artificial intelligence is increasingly integrated into everyday life, driving everything from social media algorithms and streaming recommendations to personalized smartphone assistants. While...