Cyber rights org retools for the days of AI and unrestrained government interview The Electronic Frontier Foundation (EFF) on Tuesday appointed Nicole Ozer to succeed Cindy Cohn as the cyber...
Crims 'creating a snowball effect' across open source projects RSAC 2026 Thousands of organizations' cloud environments have been infected with secret-stealing malware as a result of the Trivy...
Skyler Shepard reports: State investigators say Mirra Health jeopardized the safety of thousands of Floridians by sharing their sensitive health data with unauthorized companies overseas. Florida...
Apple security advisory (AV26-275)
Python interface for LLMs infected with malware via polluted CI/CD pipeline Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from...
PTC Inc. is warning of a critical vulnerability in Windchill and FlexPLM, widely used product lifecycle management (PLM) solutions, that could allow remote code execution. [...]
LiteLLM is the latest victim of TeamPCP’s open-source attack spree. Malicious versions 1.82.7 and 1.82.8 abuse Python’s .pth mechanism for stealthy persistence. The malware exfiltrates cloud...
The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of...
Attackers compromised the open-source security tool and published malicious versions of the software. Mandiant warns the fallout could impact up to 10,000 downstream victims. The post Experts warn...
Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as...
On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner...
The Federal Communications Commission has updated its Covered List to include all consumer routers made in foreign countries, banning the sale of new models in the U.S. [...]
[Control systems] Helmholz security advisory (AV26-274)
F5 security advisory (AV26-273)
VMware security advisory (AV26-272)
Mozilla security advisory (AV26-271)
Google Chrome security advisory (AV26-270)
In offensive security, the ability to blend seamlessly with legitimate traffic is vital to avoid detection. Establishing command-and-control (C2) communications can be challenging in environments...
Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice, many teams struggle with the same...
A top GOP member of the House Homeland Security Committee is calling for a federal watchdog to assess how malicious actors are using agentic and generative artificial intelligence technologies to...
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind...
The Federal Aviation Administration is collecting information about the evolving operational and infrastructure needs of airports given the increasing integration of unmanned aircraft systems. The...
In an era where national narratives are the primary instrument of national power, the United States Army’s Information Forces are structured for past conflicts and failing to keep pace. To regain...
Iranian cyber actors have been targeting the Defense Industrial Base for years, and with Operation Epic Fury underway, the question now isn’t whether they’re coming. It’s whether the security...
Iranian government hackers are using Telegram as a way to steal data from hacked dissidents, opposition groups, and journalists who oppose the regime around the world, according to an FBI alert...
A federal court in Indiana sentenced a Russian cybercriminal to 81 months in prison on charges related to his role as an initial access broker for ransomware groups. Aleksei Volkov, 26, of St....
The high-tech sector was the most targeted industry for cyber-attacks in 2025, dethroning financial services as the primary focus of threat actors, according to Mandiant’s latest incident response...
Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency...
Insider threats are coming back in a consequential way. According to the State of Human Risk Report from Mimecast, 42% of organizations have experienced an increase in malicious insider incidents...
Over half (56%) of IT and cybersecurity professionals have no idea how quickly they could shut down AI systems affected by a cyber-attack or security incident, new research by ISACA has found....