A flaw in the Linux kernel's traffic-control subsystem can let a local unprivileged user gain root on affected systems. CVE-2026-46331, nicknamed "pedit COW," is an out-of-bounds write in the...
A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer's cloud credentials. The path was short: a developer opens the repo, trusts the workspace,...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product...
Researchers warn many AI coding assistants now execute commands from project configurations
DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public...
AI agents are moving through enterprise environments, inheriting permissions, traversing systems, and executing decisions at machine speed with minimal oversight. The identity infrastructure built...
We know that ICE wants to deploy eyeglasses with facial recognition that can identify people in real time. Turns out Meta is prototyping the feature with a Pentagon supplier. (Alternate news story.)
Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm...
Exposed records from the private group included the personal information of a senior White House intelligence official and an active-duty special operations officer.
Dear readers, In a rare joint call to action, the leaders of the Five Eyes cybersecurity agencies issued a stark warning this week that the timeline for frontier AI models “to exceed current...
An active phishing campaign has been targeting hotel and other hospitality organizations across Europe and Asia since April 2026, using photo-themed ZIP files to drop a Node.js implant and dig...
Four selected agencies—the Departments of State, Transportation, Veterans Affairs (VA), and the Small Business Administration —varied in their efforts to implement and ensure contractor compliance...
When the Iranian missiles and drones came for the nerve center of America’s naval operations in the Middle East, some of them hit their mark. The U.S. Navy base in Bahrain was repeatedly targeted...
Innocuous error reports, hypersonic targets, and a mystery with no fingerprints
Fake USB sticks used by the Japanese army spread a China-linked computer virus inside a secure network for nearly a year before they were found to contain malware, Japan’s Nikkei newspaper...
Russian authorities used Cellebrite's UFED forensic tools to break into the iPhone of detained opposition activist Andrey Pivovarov in June 2021, three months after Cellebrite said it would stop...
A specter is haunting Europe — the specter of ransomware. After a global lull in 2024 and 2025, the ransomware-as-a-service (RaaS) ecosystem appears to be back to form, at least in Europe....
Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers
A cyberattack has snarled logistics and accounting operations at a dairy producer in Russia’s republic of Bashkortostan, forcing the company to process shipments and paperwork manually, according...
The Federal Communications Commission approved new rules Thursday that boost cybersecurity regulations for the nation’s emergency alert systems and update security rules for the nation’s undersea...
The research infrastructure that underpins America’s prowess in defense technology is “deteriorating,” according to a Department of Defense report released Wednesday. One reason is that research...
CISA has been constrained by not having a Senate-confirmed director since January 2025, but is ready to rebound once the expected nominee is in place, Homeland Security Secretary Markwayne Mullin...
Apple removed VK's flagship social network VKontakte, often described as Russia's equivalent of Facebook, along with VK Music, VK Messenger, VK Video, Odnoklassniki and Mail.ru services, including...
China has been abandoning used launcher rocket stages in low Earth orbit (LEO) at an ever-increasing pace, putting both military and commercial satellites in that crowded orbital regime at greater...
Ukraine's SBU described a long-running Russian operation that used fake tech-support workers to persuade people to hand over credentials to their messaging apps.
Analysis of CVE-2024-2658 as found in Schneider Electric's Floating License Manager. Discover how this FlexNet Publisher vulnerability potentially allows attackers to escalate to NT...
Operation Endgame takes down Amadey and StealC servers, macOS.Gaslight floods AI triage with fake errors, and attackers exploit Cisco flaws for root access.
The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military...
In an unprecedented move, the FCC also said it plans to mandate that owners and operators of submarine line terminal equipment (SLTE) be licensed.
By automatically loading MCP servers from workspace files, Amazon Q enabled attackers to execute code and access sensitive cloud environments.