A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial...
The US Justice Department disclosures give fresh clues about how tech companies handle government inquiries about your data.
Jai Vijayan reports: In 2025, cybercriminals needed less time to move from break-in to lateral movement across a network than it takes to watch a typical sitcom. An analysis by CrowdStrike of...
Discovery is getting cheaper. Validation and patching aren’t What good is finding a hole if you can't fix it? Anthropic last week talked up Claude Code's improved ability to find software...
SolarWinds security advisory (AV26-165)
HPE security advisory (AV26-164)
[Control systems] ABB security advisory (AV26-163)
SolarWinds + file transfer software = what attackers' dreams are made of If you run SolarWinds’ Serv-U, you should patch promptly. Four critical vulnerabilities in the file transfer software can...
A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft,...
VMware security advisory (AV26-162)
New ransomware of choice, same critical targets North Korea’s Lazarus Group appears to have added another tool to its kit. It has begun using Medusa ransomware in extortion attacks targeting at...
“Do not do any of these things. Especially do not cover your face and destroy the many, and largely unprotected, power stations and cell towers. Electricity is a ghost, but one you can catch and...
Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being...
The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new...
Bring Wiz cloud security insights into your Notion workspace with Custom Agents — enabling automated reporting, investigation, and security workflows where teams already work.
SonicWall security advisory (AV26-161)
Mozilla security advisory (AV26-160)
When a one-line fix triggers thousands of PRs, something's off A Go library maintainer has urged developers to turn off GitHub's Dependabot, arguing that false positives from the...
Tenable Research investigated a malicious npm package with around 50,000 downloads in the public registry. We observed various detection-evasion techniques and saw it deploy multiple powerful...
Greater Pittsburgh Orthopaedic Associates (GPOA) recently began notifying patients of a breach that occurred on or about August 10, 2025. Although their notification letter to patients does not...
Use of Hard-coded Credentials vulnerability (CVE-2025-13776) has been found in Finka-FK, Finka-KPR, Finka-Płace, Finka-Faktura, Finka-Magazyn, Finka-STW applications.
"Reddit was using children’s data unlawfully, potentially exposing them to inappropriate and harmful content,” British regulators said in announcing a fine against the platform.
The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi...
If you have worked in enterprise IT for long enough, you have lived through the same movie more than once. A new capability arrives, it spreads faster than policy, and the first formal governance...
Spanish authorities have arrested four alleged members of a hacktivist group believed to have carried out cyberattacks targeting government ministries, political parties and various public...
Anna Ribeiro reports: A joint investigation by the Symantec and Carbon Black Threat Hunter teams details evidence that operators linked to the Lazarus hacker group are deploying Medusa ransomware...
The main airline serving the West African nation of Côte d’Ivoire was hit with a cyberattack earlier this month that forced it to institute business continuity plans. Air Côte d’Ivoire did not...
In the current digital environment, supply chains are essential to national security, vital infrastructure and international trade. They have, however, also emerged as one of the most often used...
Google Chrome security advisory (AV26-159)
Unit 42 research reveals most OT attacks begin in IT. Learn how edge-driven defense stops threats early and turns dwell time into advantage. The post Bring the Fight to the Edge: Turning Time Into...