In April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users. The data included user-created prompts and links to the resulting AI-generated...
Explore an in-depth analysis of Venezuela’s political landscape following the January 2026 US operation to capture Nicolás Maduro. This executive summary examines Acting President Delcy...
Hasn't released it to the public, because it would break the internet - in a bad way For years, the infosec community’s biggest existential worry has been quantum computers blowing away all...
Forest Blizzard, a threat group attributed to Russia’s GRU, hijacked network traffic to steal credentials and tokens for Microsoft accounts and other services. The post Feds quash widespread...
Your PLCs aren't internet-connected, right? Right?! Iranian-affiliated actors have escalated intrusions targeting critical US water and energy facilities, in some cases disrupting operations, the...
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn...
Unit 42 uncovers critical vulnerabilities in Amazon Bedrock AgentCore's sandbox, demonstrating DNS tunneling and credential exposure. The post Cracks in the Bedrock: Escaping the AWS AgentCore...
Recent advances in quantum hardware and software have accelerated the timeline on which quantum attack might happen. Cloudflare is responding by moving our target for full post-quantum security to 2029.
A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability,...
Mozilla security advisory (AV26-323)
[Control systems] CISA ICS security advisories (AV26–324)
Dell security advisory (AV26-322)
Who needs MFA when you've got EvilTokens? Hundreds of organizations have been compromised daily by a Microsoft device-code phishing campaign that uses AI and automation at nearly every stage of...
Hitachi security advisory (AV26-321)
As Trump threatens Iranian infrastructure, the US government warns that Iran has carried out its own digital attacks against US critical infrastructure.
Erlang security advisory (AV26-320)
VMware security advisory (AV26-319)
Red Hat security advisory (AV26-318)
Ubuntu security advisory (AV26-317)
From: CISA Date: April 7, 2026 Alert Code: AA26-097A Executive Summary: Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity targeting internet-facing...
IBM security advisory (AV26-316)
The AI lab's Project Glasswing will bring together Apple, Google, and more than 45 other organizations. They'll use the new Claude Mythos Preview model to test advancing AI cybersecurity capabilities.
AL26-007 - Vulnerability impacting Fortinet FortiClientEMS - CVE-2026-35616
An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A...
Bots are now firmly in the toolbox, helping crooks scale old scams Crims are taking advantage of AI to sharpen old scams. The FBI reported Monday that cybercrime losses hit a record $20.87 billion...
Iranian government hackers are launching disruptive cyberattacks on American energy and water infrastructure, U.S. government agencies “urgently” warned Tuesday. The hackers are taking aim at...
In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing....
AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it...
200 orgs and 5,000 devices compromised so far in Vlad's latest intelligence grab, Microsoft reckons The UK's National Cyber Security Centre (NCSC) has issued a fresh warning about Russia's ongoing...
When talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the average cost of a breach at $4.4...