Russia-linked hackers are increasingly targeting Ukrainian media organizations, local officials warned, as news outlets continue to face pressure not only from cyber operations but also Russia’s...
Written by: Shebin Mathew Introduction The "Golden SAML" technique, first described by CyberArk researchers in 2017, and further detailed by Mandiant researchers in 2021, remains one of the most...
Since early 2026, Check Point Research (CPR) has tracked a new modular command-and-control framework used by Cavern Manticore, an Iran-nexus APT group primarily targeting Israeli organizations,...
Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the...
Unit 42 says attackers are posing as helpdesk staff and persuading employees to hand over remote control before dropping EtherRAT trojan
A phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing...
The latest generation of botnets, architected into large-scale multi-tiered proxy networks, is making traditional indicator-based defenses obsolete, empowering nation-state and cybercrime threat...
The Department of Justice (DOJ) and Department of Homeland Security (DHS) issued an interim final rule codifying how state, local, tribal, and territorial law enforcement and correctional agencies...
The Cheyenne Board of Public Utilities has identified Goat Systems LLC, a contractor working on Meta’s in-progress data center campus in the High Plains Business Park, as the source of a discharge...
The pledge is a voluntary framework inviting organizations to commit to foundational cyber security governance, board-level accountability, and supply chain rigor. For over a decade, Cloudflare...
China-aligned attackers broke into the networks of U.S. and Canadian universities to steal sensitive data and establish persistent access via webshells and backdoors, Proofpoint threat researchers...
The White House will host a summit with industry on Tuesday dedicated to innovation in quantum information sciences and technologies, featuring remarks from tech policy and agency leadership...
The U.S. cyber defense agency CISA is using Anthropic’s AI model Mythos to audit government software, three people familiar with the matter said on Monday, another sign of government enthusiasm...
Palencia man suspected of links to CARR, Z-Pentest, and NoName057(16), plus helping a Ukrainian hacker flee to Russia
Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the...
Whitehall's latest attempt to boost corporate cyber hygiene has already produced a curious roll call
Impunity is real, but not absolute. This report maps how Russia, Ukraine, and the West punish, tolerate, or manage post-Soviet cybercriminals.
BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow...
Not sure this will have any effect, but I support the effort: According to Google’s legal filing, Outsider Enterprise operates through Telegram. The group offers phishing-as-a-service to...
Speaking at the NATO Summit Defense Industry Forum in Ankara today (July 7), NATO Secretary General Mark Rutte launched a new multinational High Visibility Project on defense critical raw...
This report contains industrial threat statistics for Q1 2026, including industrial threat distribution by type, source, region and industry.
Talos’ latest findings on UAT-7810 indicate that the threat actor continues to develop their custom-made malware.
Proofpoint researchers said attackers targeted physics and engineering departments, and warn that the campaign is likely ongoing. The post Suspected Chinese espionage group used a Roundcube...
Table of Contents Introduction Infection Chain Technical Analysis Conclusion Seqrite Coverage Indicators of Compromise (IOCs) MITRE ATT&CK Mapping Introduction The Seqrite Threat Research Team...
An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern...
A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed 'Januscape' and tracked as...
Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS...
Campaigners demand investigation and long-delayed action on PEGA Committee recommendations
Qualcomm security advisory – July 2026 monthly rollup (AV26-661)
A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces...