A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a...
The escalated threat posed by the defect showcases how quickly a seemingly mild vulnerability can turn into an urgent warning. The post Attackers are exploiting Palo Alto Networks defect that...
Hacking voting machines is so 2017. Phishing, impersonation pose the real election risks
NIST’s National Vulnerability Database (NVD) backlog mushroomed from 13,000 unprocessed security vulnerabilities in February 2024 to more than 27,000 by the end of 2025, “undermining the NVD’s...
Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some "patched-ish" thing already getting chewed on in the wild, and then the usual bonus round:...
Citizen Lab senior research fellow Jon Penney and co-author Bruce Schneier wrote an op-ed in The Conversation about chilling effects. The post Chilling effects of Trump’s war on free speech extend...
Qualcomm security advisory – June 2026 monthly rollup (AV26-535)
Broadcom VMware security advisory (AV26-536)
A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. [...]
Oracle security advisory – July 2024 quarterly rollup (AV24-401) - Update 1
More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware,...
The Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity Institute...
A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent. According to...
Three years ago, the practical question for an MSP building a cybersecurity practice was which "vCISO platform" to buy. The term was good shorthand for the work at the time: assessments, advisory,...
New article: “Responsible Disclosure in the Age of AI: A Call for Urgent Action,” by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally reshaping the balance between...
A database containing 64,000 user records was published to GitHub after an attacker claimed to have compromised all Atlas systems
Xage Security announced support for new and enhanced NVIDIA DOCA security capabilities and NVIDIA Vera BlueField-4 STX, also... The post Xage integrates with NVIDIA DOCA security to deliver...
Industrial cybersecurity firm Dragos announced on Monday that it has acquired Phosphorus, extending the Dragos Platform to protect... The post Dragos acquires Phosphorus to expand cybersecurity...
Plesk security advisory (AV26-534)
Wiz API SPM is now GA, enabling customers to discover APIs, assess APIs for exploitability, and prioritize remediation to mitigate the risk of an API-related breach.
Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named...
Ivanti security advisory (AV26-533)
A House subcommittee will hold an open hearing next week on how frontier artificial intelligence models are shaping the cybersecurity landscape, for good and for ill. The June 4 hearing will be...
Developing capabilities for operations in cislunar space, including offensive space control, is among the top new science and technology (S&T) priorities for U.S. Space Command (SPACECOM),...
Multiple Dashlane users have been locked out of their accounts following brute-force attacks that attempted logins from distant locations and unknown devices. [...]
Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market, to create malicious...
Rapid7: Attackers exploit authentication bypass flaw in the wild, meaning more emergency patching for PAN-OS users
If you ask Google what Al Jazeera is, the answer you receive draws heavily on Wikipedia. The same is true if you ask ChatGPT, Perplexity or many other large language models. Wikipedia has become...
Iran-linked hackers have launched a destructive cyber campaign that wipes IT, backup, and recovery systems at multiple organizations in the Middle East and beyond, severely undermining victims’...
Chatter in Brussels about an ominous “China shock 2.0” is increasing. In late May, five EU member states circulated a joint “non-paper” calling for stricter protection against “unfair trade...