In 2024, SolarWinds Web Help Desk made headlines after being exploited in the wild with an RCE via Java deserialization. The issue was pre-auth, and led to several others being discovered in that...
Officials said 30 perpetrators have been arrested in the past year, and global law enforcement cooperation is closing the gap. The post Project Compass is Europol’s new playbook for taking on The...
Google Cloud uses a single API key format for public identification and sensitive authentication. Google Maps, Firebase, and similar services were okay to embed directly on the page. This was...
The authors of this post had an interesting concern about LLMs: what about the security of targets that no one has ever looked at? There are TBs of binaries on machines that no one has ever looked...
The new open source project IronCurtain uses a unique method to secure and constrain AI assistant agents before they flip your digital life upside down.
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025. The...
Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the...
In this edition of the Threat Source newsletter, William draws parallels between Shakespeare’s Hotspur and the challenges of cybersecurity and AI, emphasizing the importance of risk-taking,...
Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall into place sooner rather than later. That, of course, applies...
A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish...
TriZetto Provider Solutions (“TPS”) recently experienced a cybersecurity incident that affected certain protected health information of certain of its healthcare provider customers’ patients. TPS...
Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the...
Report claims more vulnerabilities created than fixed as remediation gap widens Veracode has posted its annual State of Software Security report, based on data from 1.6 million applications tested...
SUNNYVALE, Calif., February 26, 2026 – Proofpoint, Inc., a leading cybersecurity and compliance company, today announced that Proofpoint Collaboration
The January 2026 seizure of RAMP disrupted a major ransomware coordination hub, but it did not dismantle the ecosystem behind it. Instead, it destabilized trust and accelerated fragmentation...
Daryna Antoniuk reports: A Moscow resident has been accused of trying to extort money from the notorious Conti ransomware group by posing as an officer of Russia’s Federal Security Service (FSB),...
Ransomware payments stagnated despite record attacks claimed. Total on-chain ransomware payments fell by approximately 8% to $820 million in 2025, even as claimed attacks rose 50%. Median ransom...
When the Iranian regime abruptly shut down the internet in January during a brutal crackdown on protesters, some state-sponsored hackers managed to stay online. The weeks-long internet blackout...
In the age of AI, the scarcest resource in headquarters is no longer time. It is, rather, the willingness to say no. Artificial intelligence is moving rapidly into military planning staffs because...
In December, China filed an application with the International Telecommunication Union for a total of 203,000 satellites for various constellations. Weeks later, SpaceX proposed a...
“Decimated.” “Amateur hour.” “Pretty much fallen apart.” “It’s really hard to find something positive to say right now.” It’s been a little more than one year into the second Trump administration,...
Google disrupted a Chinese-linked hacking group that breached at least 53 organizations across 42 countries, the company said Wednesday. The hacking group, tracked as UNC2814 and “Gallium,” has a...
The Treasury Department on Tuesday sanctioned Russian firm Operation Zero and several affiliated individuals for allegedly buying stolen cyber tools originally developed for the U.S. government...
A Chinese law enforcement official attempted to use ChatGPT to review its reports on cyber operations, subsequently revealing details of a worldwide online harassment and silencing campaign of...
Researchers have uncovered and taken down the infrastructure of a phishing operation run by Russian cybercriminals targeting freight companies in the U.S. and Europe. Over a five-month period, the...
The partial shutdown of the Department of Homeland Security is impacting the preparation of cities hosting the 2026 FIFA World Cup, according to stakeholder testimony Tuesday. Beginning Sunday,...
Reflected XSS vulnerability (CVE-2026-1434) has been found in Omega-PSIR software.
During Tuesday night’s State of the Union address, President Donald Trump announced a new initiative to ensure data center owners and operators absorb surges in electricity costs associated with...
Defense Secretary Pete Hegseth gave Anthropic CEO Dario Amodei until Friday evening to give the military unfettered access to its AI model or face harsh penalties. Hegseth told Amodei in a tense...
Telegram posts promise up to $1,000 per call as gang refines IT helpdesk ruse Prolific cybercrime crew Scattered Lapsus$ Hunters (SLSH) is reportedly recruiting women in the hope of improving its...