The Department of Homeland Security said the Russian cybercrime collective received at least $370 million in ransom payments, based on current cryptocurrency valuations. The post BlackSuit, Royal...
Can AI really write safer code? Martin dusts off his software engineer skills to put it it to the test. Find out what AI code failed at, and what it was surprisingly good at. Also, we discuss new...
Two malicious NPM packages posing as WhatsApp development tools have been discovered deploying destructive data-wiping code that recursively deletes files on a developer's computers. [...]
CISA has issued an emergency directive ordering all Federal Civilian Executive Branch (FCEB) agencies to mitigate a critical Microsoft Exchange hybrid vulnerability tracked as CVE-2025-53786 by...
Who’s to blame when the AI tool managing a company’s compliance status gets it wrong?
The public disclosure and advisories came late Wednesday during Black Hat, but Microsoft said the timing was coordinated. The post CISA, Microsoft warn organizations of high-severity Microsoft...
After a long wait, GPT-5 is finally rolling out. It's available for free, Plus, Pro and Team users today. This means everyone gets to try GPT-5 today, but paid users get higher limits. [...]
A strategic guide to layered Defense in Depth in a Zero Trust world
Success in cybersecurity is when nothing happens, plus other standout themes from two of the event’s keynotes
A new Endpoint Detection and Response (EDR) killer that is considered to be the evolution of 'EDRKillShifter,' developed by RansomHub, has been observed in attacks by eight different ransomware...
Wiz Sensor Workload Scanner brings runtime visibility and context to hybrid environments—cloud, on-prem, and edge—all in a single platform.
Bouygues Telecom warns it suffered a data breach after the personal information of 6.4 million customers was exposed in a cyberattack. [...]
Organizations with on-premises Microsoft Exchange servers are being urged to take steps to reduce exposure to a vulnerability recently reported by a researcher.
Incorrect Authorization vulnerability (CVE-2025-8533) has been found in Flexibits Fantastical software.
SonicWall says that recent Akira ransomware attacks exploiting Gen 7 firewalls with SSLVPN enabled are exploiting an older vulnerability rather than a zero-day flaw. [...]
A malicious campaign dubbed 'GreedyBear' has snuck onto the Mozilla add-ons store, targeting Firefox users with 150 malicious extensions and stealing an estimated $1,000,000 from unsuspecting...
The founders of the Samourai Wallet (Samourai) cryptocurrency mixer have pleaded guilty to laundering over $200 million for criminals. [...]
The Alliance for Creativity and Entertainment (ACE) announced the shutdown of Rare Breed TV, a major illegal IPTV service provider, after reaching a financial settlement with its operators. [...]
Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers. [...]
Prosecutors accuse Chukwuemeka Victor Amachukwu, who was arrested in France, of multiple fraud schemes, including tax refund fraud and identity theft. The post Nigerian accused of hacking tax...
Microsoft has warned customers to mitigate a high-severity vulnerability in Exchange Server hybrid deployments that could allow attackers to escalate their privileges in Exchange Online cloud...
OpenAI is hosting a live stream at 10AM PT to announce GPT-5, but Microsoft has already confirmed the details. [...]
The multi-year partnership strengthens ABB's ability to securely deliver ABB Care’s services remotely with Dispel’s purpose-built OT SRA technology.
The platform augments comprehensive suite of services and solutions expressly designed to support all phases of paper production.
IEI Technology USA Corp. announced the IASO-W08PLED-N6210, an 8-inch medical panel PC.
It’s a “pivotal” moment for Sean Cairncross, fresh off his Senate confirmation in a changing federal cyber landscape. The post New National Cyber Director Cairncross faces challenges on policy,...
Akira ransomware is abusing a legitimate Intel CPU tuning driver to turn off Microsoft Defender in attacks from security tools and EDRs running on target machines. [...]
A look under the hood at a tool designed to disable protections
A new post-exploitation command-and-control (C2) evasion method called 'Ghost Calls' abuses TURN servers used by conferencing apps like Zoom and Microsoft Teams to tunnel traffic through trusted...
Stop chasing CVEs with new UVM and Sensor Workload Scanner capabilities. Remove silos to effectively prioritize and reduce exposures across cloud, code, and on-prem.