Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to bypass isolation restrictions and get access to the host system. [...]
WhiteMage is currently #1 on Immunefi for earnings in 2025. Somebody asked about how people pick bug bounty targets. This was his response to it. First, pick any topic; not target, topic. This can...
Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details...
OpenAI is preparing the GPT-5.1 family for public rollout. This includes GPT-5.1 (base), GPT-5.1 Reasoning, and GPT-5.1 Pro for those who pay a $200 monthly subscription. [...]
The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with three new VSCode extensions that have already been downloaded over...
Esra'a Al Shafei spoke with The Reg about the spy tech 'global trade' interview Digital rights activist Esra'a Al Shafei found FinFisher spyware on her device more than a decade ago. Now she's...
With the first Patch Tuesday following Windows 10's end of support approaching next week, users who continue to run the operating system should enroll in the Extended Security Updates (ESU)...
In late October 2025, data breached from the Hungarian political party TISZA was published online before being extensively redistributed. Stemming from a compromise of the TISZA Világ service...
The Superior Court of San Joaquin said that it experienced a cybersecurity incident last year during which personal information was leaked. Officials said an unauthorized person accessed court...
A25-year-old Russian national pleaded guilty to multiple charges stemming from their participation in ransomware attacks and faces a maximum penalty up to 53 years in prison. Aleksei Olegovich...
The Nitrogen group is a sophisticated and financially motivated threat group that was first observed as a malware developer and operator in 2023. Since discovery, Nitrogen has transformed itself...
Cybersecurity researchers at Unit 42 have uncovered a sophisticated Android spyware campaign that exploited a previously unknown zero-day vulnerability in Samsung Galaxy devices. The malware,...
A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a "commercial-grade" Android spyware dubbed LANDFALL in targeted attacks in the Middle East....
Many critical systems are still being maintained, and the cloud provides some security cover. But experts say that any lapses in protections like patching and monitoring could expose government systems.
The second season of the Netflix reality competition show Squid Game: The Challenge has dropped. (Too many links to pick a few—search for it.) As usual, you can also use this squid post to talk...
'Precision espionage campaign' began months before the flaw was fixed A previously unknown Android spyware family called LANDFALL exploited a zero-day in Samsung Galaxy devices for nearly a year,...
A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at...
A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems. According to...
Researchers spotted a 9-month-long campaign involving previously undiscovered spyware they call LANDFALL, which leveraged a zero-day bug in Samsung Galaxy phones.
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these...
Imagine this: Sarah from accounting gets what looks like a routine password reset email from your organization’s cloud provider. She clicks the link, types in her credentials, and goes back to her...
Several malicious packages on NuGet have sabotage payloads scheduled to activate in 2027 and 2028, targeting database implementations and Siemens S7 industrial control devices. [...]
In 2024, I published Feline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack), which explored the notorious Meow attack campaign that had plagued unsecured databases since 2020....
In 2024, I published Feline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack), which explored the notorious Meow attack campaign that had plagued unsecured databases since 2020....
Multi-year wait for destruction comes to an end for mystery attackers Security experts have helped remove malicious NuGet packages planted in 2023 that were designed to destroy systems years in...
Three state attorneys general announced Thursday that the educational technology company Illuminate Education will pay a $5.1 million fine and agree to make changes to its business to settle...
Senators on both sides of the aisle on Thursday signed onto a call to keep advanced artificial intelligence chips from being sold to China. Sen. Chris Coons, D-Del., unveiled an as-yet unnumbered...
The U.S. Department of Defense’s implementation of a new cybersecurity framework, the Cybersecurity Maturity Model Certification 2.0 or CMMC, will require more than 300,000 military contracting...
Microsoft is testing a faster version of Quick Machine Recovery (QMR) and updated Smart App Control (SAC), allowing users to toggle it without requiring a Windows clean install. [...]
Google on Thursday said it's rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts made by threat actors who post inauthentic bad reviews on the...