This blog posts delves into the results of an autonomous Solidity auditor called "V12". It has a UI and makes it easy to interact with via a website. According to them, it performs at or exceeds...

From our “No Need to Hack When It’s Leaking” files, a report involving Archer Health, an in-home healthcare provider. Website Planet recently reported a misconfigured bucket that was found by...

By inflating numbers and narrowing definitions, Heritage promotes a false link between transgender identity and violence in its push for the FBI to create a new terrorism category.

In May 2024, DataBreaches logged an incident on our worksheets that involved the Columbia University Irving Medical Center in New York. The incident had been reported to HHS as affecting 29,629...

How much money enticed these teens to do something that may have just wrecked their future? Did they see it as just quick and easy money and no big deal? Alexander Martin reports: Two teenagers...

REDCap, developed by Vanderbilt University, is a secure platform designed for data collection in research studies and operations.

REDCap, developed by Vanderbilt University, is a secure platform designed for data collection in research studies and operations.

On June 12, 2025, Qilin added ApolloMD to their darkweb leak site with a date of June 6. They claimed to have 238 GB of files. ApolloMD, headquartered in Georgia, is a business associate to...

Forta, the vendor behind the file-transfer service software, has yet to report exploitation or address evidence of compromise. Independent researchers say otherwise. The post Worries mount over...

A recently disclosed security research report has revealed a severe vulnerability chain in Salesforce AgentForce, dubbed ForcedLeak, which highlights a new class of AI-specific threats in...

Angus Loten reports: A deluge of data-breach lawsuits has a growing number of U.S. judges insisting victims show exactly how their leaked personal data caused “tangible harm,” a high bar that is...

A phishing campaign in Ukraine uses malicious SVG files to drop Amatera Stealer and PureMiner, enabling data theft and cryptomining. Learn more.

A closer look at LameHug, the Amazon Q Developer Extension compromise, s1ngularity, and PromptLock.

Action Fraud is out, and Report Fraud is in. U.K. authorities say the latest version of a national reporting center for financially motivated cybercrime and other fraud will go live later this year.

Unified cloud security without compromise, delivering commercial features to sensitive government systems

Great investigative journalism by Zack Whittaker on TechCrunch. First, he reports: A new app offering to record your phone calls and pay you for the audio so it can sell the data to AI companies...

How the notorious Packer-as-a-Service operation built itself into a hydra

Posted by Jann Horn, Google Project Zero IntroductionSome time in 2024, during a Project Zero team discussion, we were talking about how remote ASLR leaks would be helpful or necessary for...

CISA’s takeaways of an agency hack include a call for timely vulnerability patching. Plus, Cisco zero-day bugs are under attack — patch now. Meanwhile, the CSA issued a framework for SaaS...

You could be getting more than you bargained for when you download that cheat tool promising quick wins

Olymp Loader is a Malware-as-a-Service (MaaS) advertised on underground forums and Telegram since June 5, 2025. The seller, “OLYMPO”, presents Olymp Loader as fully written in assembly language...

When I think about why ISA matters to me, it’s simple: it’s where my world of automation and my world of community come together.

I have been so grateful for my experience with ISA over the past 45 years.

I started my automation career with a stubborn machine, a relay panel and a $350 PLC + HMI combo.

Cisco has reported exploitation in the wild of two 0-day vulnerabilities affecting Cisco Adaptive Security Appliance (ASA), CVE-2025-20333 and CVE-2025-20362, allowing RCE and local privilege...

Introduction Some time in 2024, during a Project Zero team discussion, we were talking about how remote ASLR leaks would be helpful or necessary for exploiting some types of memory corruption...

The agency, which issued an emergency directive to federal agencies Thursday, said it took months to determine the root cause and mitigate the activity. The post CISA says it observed nearly...

Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for remote code execution. Cisco is a leading technology company best known for its networking...

Cisco said it was investigating state-sponsored espionage attacks in May. CISA did not explain why it waited four months to issue an emergency directive. The post CISA alerts federal agencies of...

Premier US government cyber conference previews AI on offense, on defense, and as a target