Mitel security advisory (AV26-611)
F5 security advisory (AV26-612)
Cisco security advisory (AV26-613)
Splunk security advisory (AV26-614)
AL26-014 – FortiBleed leak of thousands of compromised credentials impacting Fortinet devices
Drupal security advisory (AV26-615)
[Control systems] Mitsubishi Electric security advisory (AV26-616)
VP Eric Brandwine explains people aren't all that great, actually
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS...
Plus: Gay bars in San Francisco using face scanners, France quits Palantir, Apple plans to change its private email and more.
In June 2026, retailer JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from JCPenney through the exploitation of a critical...
We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors' devices. The post Threat Brief: Mitigating Large-Scale...
Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips. That code is...
The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that it hands out to affiliates for impairing...
Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets. Another news article. As usual, you can also use this squid post to talk about the security...
Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent to load an attacker's web...
Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with SocGholish and cleaned up nearly 15,000...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at...
An update on FortiBleed — what’s happening with victim orgsTwo days ago I wrote something about FortiBleed:FortiBleed — 75k Fortinet firewalls have admin passwords crackedFortinet told media orgs...
Owners of affected iPhones can stop checking for patches now: the fix for this SecureROM bug comes in a new handset
Introduction The average enterprise security team has 40 or more security tools, giving a lot of visibility into internal telemetry and asset data. But often, these tools are working in siloes,...
The first wave of enterprise AI concern was straightforward. It was simply employees pasting sensitive data into public AI tools. Security teams responded with usage policies, domain blocks, and...
The U.S. Federal Communications Commission (FCC) is seeking public comment on an information collection review tied to its... The post FCC to review telecom supply chain security reporting...
Meta’s WhatsApp said it will ask a US court to hold NSO Group in contempt for using WhatsApp to lure targets into downloading the surveillance spyware. The post WhatsApp Accuses NSO of Fresh...
Hunting and fishing license incident catches 3M residents
Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11,...
John Edwards says his position had become 'untenable' following investigation into conduct including inappropriate attempts at humor
Campaigners say tech is unable to reliably distinguish between kids and adults at the boundary where use is planned
FBI dismantles extensive PhaaS, DragonForce ransomware abuses MS Teams relays, and PRC-based spies breach REDCap servers to steal research data.
Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. The vulnerability, tracked as...