Novo Nordisk, said on Thursday it has identified a security incident in which certain information, including patient data from some clinical trials, was copied externally without authorization...
Mandiant and Google Threat Intelligence Group (GTIG) have identified an active compromise and extortion campaign attributed to UNC6240 (ShinyHunters) targeting Oracle PeopleSoft application...
The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities...
Researchers have disclosed a software supply chain attack, dubbed "Atomic Arch," targeting orphaned packages in the Arch User Repository (AUR). Using newly created AUR accounts, an attacker...
Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data...
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft...
A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while...
Your guide to operationalizing AI-powered code analysis with Wiz to stay ahead of AI driven development and adversaries
University of Nottingham is first of many, Shiny tells The Reg
Another day, another Windows exploit code
A WIRED investigation found dozens of “nudified” deepfake images and videos on Grok's website, including nonconsensual depictions of celebrities and at least one prominent US politician.
CISA issued BOD 26-04, which replaces BOD 22-01 with a four-variable vulnerability prioritization model requiring federal agencies to patch the most dangerous vulnerabilities in as few as three...
Iran hackers claimed that they breached California water systems today in retaliation for alleged U.S. strikes that damaged civilian water infrastructure in southern Iran. Iran state broadcaster...
An international law enforcement operation has dismantled one of the cryptocurrency laundering services most trusted by ransomware gangs and cybercriminal networks, cutting off a key financial...
Most good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories. The reason...
It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack kit in a public repo, a...
Ubiquiti security advisory (AV26-589)
Check Point security advisory (AV26-590)
No disclosure via official channels, no offer of identity theft monitoring, no problem
In this week’s newsletter, Amy reminisces on the tech toys of their childhood, inspired by a hilarious lesson about why your digital privacy shouldn't be left on an open channel.
Denis Obrezko accused of orchestrating cyberattacks that compromised at least 11 U.S. companies as part of the Kremlin-linked group's sprawling espionage operation.\ The post Russian national...
For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was...
A joint congressional report describes a spam operation that turned tens of thousands of fake podcasts into search-engine bait for illegal pharmacy and scam sites.
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The...
A vulnerability has been discovered in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools that could allow an attacker with network access via HTTP to completely...
GitLab security advisory (AV26-588)
Oracle security advisory (AV26-587)
he Pentagon announced the “Cyber Mastery Incentive Pay” (C-MIP) program on Wednesday, an initiative defense officials described as an effort to attract and develop talented cyber operators through...
Introduction Mandiant and Google Threat Intelligence Group (GTIG) have identified an active compromise and extortion campaign attributed to UNC6240 (ShinyHunters) targeting Oracle PeopleSoft...
Researchers at cyber-physical systems security firm Claroty have uncovered multiple vulnerabilities in two widely deployed HVAC and UPS products used in data centers, demonstrating how attackers...