Explore how Iran utilized AI to enhance its asymmetric playbook during the 2026 conflict. Learn how AI acts as a force multiplier for Iranian cyber operations, influence campaigns, and domestic...
A large-scale credential theft campaign exploiting CVE-2025-54068, a critical unauthenticated remote code execution vulnerability in Laravel Livewire v3. Attackers used PHP deserialization to...
A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase. On an infected...
Since WIRED reported on Meta’s NameTag face recognition system, company executives have made confusing and conflicting remarks about its very existence.
The Gold Eagle program will allowe industry, critical infrastructure operators and the government to use artificial intelligence to rapidly detect, prioritize and patch cybersecurity...
Cisco security advisory (AV26-706)
Researchers said the vulnerabilities, which attackers are chaining together, were first exploited three weeks before the vendor disclosed and patched the defects. The post SonicWall customers...
Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published. The vulnerabilities are listed below - CVE-2026-15718, an invalid...
AL26-017 - Critical vulnerabilities impacting Microsoft SharePoint Server – CVE-2026-56164, CVE-2026-55040 and CVE-2026-58644
Three bugs are under active attack, and two more critical holes could add to the pain
For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now...
Tenable security advisory (AV26-705)
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse) has released a new proof-of-concept (PoC) exploit called LegacyHive. It has been described as a Windows User Profile Service arbitrary...
A single approved marketing tag can quietly load fourth-party code your security team has never seen, granting full access to your forms, customer data, and checkout pages. This on-demand webinar...
The public will be urged to take “small but important steps” to prepare for food or water shortages in the event of a cyber attack or severe weather, the UK government has said as it updated...
Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to...
The pace of cybersecurity threats is overwhelming healthcare organizations and leaving them especially vulnerable to supply-chain compromises, the security firm Fortified Health Security said in a...
The Space Force is the smallest military service, with about 15,400 total personnel in fiscal year 2025. The Space Force largely inherited its workforce from other services and has completed some...
Ransomware group World Leaks has posted on the dark web a huge cache of files related to India’s largest nuclear plant, including purported blueprints of parts of its facilities and supplier...
The United Arab Emirates has gained expanded access from the U.S. to coveted artificial-intelligence chips after aiding America in recent months by carrying out dozens of airstrikes against Iran,...
F5 security advisory (AV26-704)
Mega hardware vendor reports problems - but Windows maker isn't yet naming affected models
The Trump administration has launched a new artificial intelligence cybersecurity clearinghouse that officials say will help federal agencies, critical infrastructure owners and operators, and AI...
Notepad++ security advisory (AV26-703)
Citrix security advisory (AV26-702)
Google Chrome security advisory (AV26-701)
HPE security advisory (AV26-700)
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these...
Experts say it’s a useful post-compromise tool, for those with the brain cells required to put it together
Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity. The...