An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites. When a site...
Executive Summary: Bypassing Boundaries in Enterprise AI Infrastructure The massive global adoption of artificial intelligence (AI) and large language models (LLMs) has fundamentally rewritten the...
Google Threat Intelligence Group (GTIG) has identified a sophisticated campaign attributed to UNC6508, a People's Republic of China (PRC)-nexus threat actor, targeting institutions in the North...
Red Hat security advisory (AV26-601)
[Control systems] CISA ICS security advisories (AV26–600)
According to the deputy prosecutor general, the ship’s officers have now been charged with “having damaged two subsea telecommunications cables and of having attempted to damage a total of eight...
Ubuntu security advisory (AV26-599)
Dell security advisory (AV26-598)
IBM security advisory (AV26-597)
Remote Code Execution via Unrestricted File Upload vulnerability (CVE-2026-5482) has been found in Responsive FileManager software.
According to the company, the directive cited national security authorities. It appears to be the first time such authorities have been used to curtail the export of AI models rather than chips or...
Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating...
Deserialization of Untrusted Data vulnerability (CVE-2026-11860) has been found in Quick.CMS software.
Palo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect...
A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person. The FCC plans to do this by legally forcing the country’s telecoms to store a wealth of...
Introduction As organizations continue to expand their digital footprint, cyber threats are no longer confined to internal networks and endpoints. Today’s threat landscape extends far beyond...
Rank One, whose board includes a former CIA deputy director and a former FBI science chief, supplied face recognition to Meta for internal development of its smart glasses app.
A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing passwords or creating fake login pages
The St. George Fire Protection District is suing a Baton Rouge cybersecurity firm after hackers were found to have gained access to the fire district’s network— and were lying in wait for a future...
In March 2026, the commercial real estate finance company Berkadia was the target of a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data they alleged was taken...
IntroductionThis blog is a focused update on the latest updates to the Ransomware Tool Matrix (RTM) and the Ransomware Vulnerability Matrix (RVM) covering three groups that I have published...
In March 2026, the student information system Infinite Campus was targeted in a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data they alleged was taken from...
This is a current list of where and when I am scheduled to speak: I’m giving a keynote at Cybernation 2026 in Berlin, Germany, on June 24, 2026. I’m speaking at the Potsdam Conference on National...
From Java tests to Shai-Hulud, bots keep proving they'll swallow anything you feed them
Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The...
In a recent ransomware attack, a threat actor accessed the victim’s hypervisor and created a new virtual machine (VM) as a staging location from which they launched the Akira ransomware A forensic...
Anthropic said on Friday it will "abruptly disable" its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it to...
Plus: AI bug hunting fuels Microsoft’s biggest-ever Patch Tuesday, ShinyHunters ransomware gang exploits an Oracle zero-day, and more.
Murray County officials say a ransomware attack on the county’s computer network has been resolved and that most systems are now operational as the county works to securely restore service. Murray...
AI agents can't be trusted, so don't give them dangerous powers