Datadog Security Labs identified multiple coordinated campaigns abusing the GitHub API to systematically enumerate organizations, repositories, users, and software development activity at scale....
Along with other telemetry, Windows GDID makes online activity more traceable
Along with other telemetry, Windows GDID makes online activity more traceable
A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service. It lets even low-skill criminals take over a victim's phone, steal their banking...
A critical flaw in Google's Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project....
A cybercrime campaign combined a loader-as-a-service framework and DLL sideloading via a Go-compiled fake MpClient.dll, a novel evasion layer combination. The post Vidar Stealer Unmasked: Code...
Authorities didn’t name the man or file formal charges, but accuse him of participating in attacks linked to Cyber Army of Russia Reborn and NoName. The post Spain arrests suspected hacker linked...
Per usual, there's no fix - or even any documentation - for GitLost
A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per...
Google Chrome security advisory (AV26-669)
HPE security advisory (AV26-668)
A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization's private repositories, researchers at Noma Security have shown. The attacker needs only to open a...
Dog-eat-dog world for credential-stealing attackers
U.S. prosecutors linked an alleged Scattered Spider hacker to a break-in at a luxury jewelry retailer using a persistent Windows device ID, according to a newly unsealed federal complaint....
Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer, an enterprise generative artificial intelligence (AI) platform, that could...
How targeted isolation prevents contagion in an interconnected world
Greek lawsuit comes as rights campaigners lobby the EU to take firmer stance on spyware abuses
Software supply chain security was hard enough. Then AI joined the build pipeline. For five years, "software supply chain security" meant one question: what's in your code? Which open-source...
Zimbra security advisory (AV26-667)
Samsung mobile security advisory (AV26-665)
Django security advisory (AV26-666)
Android security advisory – July 2026 monthly rollup (AV26-662)
Broadcom VMware security advisory (AV26-663)
[Control systems] ABB security advisory (AV26-664)
Majority report AI-related security incidents or vulnerabilities
When a ransomware gang picks its next target, it looks for a poorly secured organization holding valuable data, providing a vital service or doing both. Few organizations fit that description as...
Multiple U.S. Army internet subdomains were defaced in a 404 hijacking campaign, CyberScoop has confirmed. As of Monday morning, error pages on two U.S. Army websites – oil.army.mil and...
A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part...
The new OMB logging directive raises the bar on log collection and explicitly ties every maturity milestone to how well agencies know what’s on their networks. Learn why asset visibility is the...
The American companies building artificial intelligence systems are loudly complaining that their Chinese competitors are unfairly copying their technology, and they are pleading with officials to...