Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear "Noisy," "Too much data." But ask the teams running NDR that includes agentic AI capabilities and you'll...
Senior research associate Kate Robertson discusses the risks Bill C-22 poses for future data-sharing agreements with foreign law enforcement agencies. The post Trump Wants to Tap Your Phone....
A ‘geeks first, PR people second’ mentality, A-list reporters, and the forces shaping the cyber media landscape today
Improper Certificate Verification vulnerability (CVE-2026-9058) has been found in Szafir SDK software.
Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and...
cPanel security advisory (AV26-508)
Red Hat security advisory (AV26-507)
[Control systems] CISA ICS security advisories (AV26–506)
Dell security advisory (AV26-504)
Ubuntu security advisory (AV26-505)
Researcher Isiah Jones published a broader ‘Security Methodology’ initiative that consolidates projects such as ICSOTPentest, AIpentest 3.1, AI-driven... The post AI-powered penetration testing...
Roundcube security advisory (AV26-503)
Written by: Jamie Collier While Russian-speaking threat actors have historically dominated the phishing-as-a-service (PhaaS) landscape, a rival ecosystem is rapidly growing within the...
Written by: Takahiro Sugiyama, Peter Revelant, Mathew Potaczek Introduction In late 2025, Mandiant responded to a security incident involving a compromised web server running KnowledgeDeliver....
Bulletin de sécurité IBM (AV26-502)
IBM security advisory (AV26-502)
Anthropic appears to be preparing for the public rollout of the Mythos model, which was announced in April as a restricted model that poses major security risks to private and public software. [...]
Path Traversal vulnerability (CVE-2026-7766) has been found in Kenik cameras software.
The National Institute of Standards and Technology (NIST) released initial public draft of Special Publication 1800-41, a new... The post NIST publishes SP 1800-41 draft to focus on ransomware...
Authorization Bypass Through User-Controlled Key vulnerability (CVE-2026-40127) has been found in OutSystems Lifetime software.
A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans...
As attackers ramp up their AI exploit development, the search for software vulnerabilities is changing rapidly.
Ransomware attacks have evolved into one of the most disruptive cyber threats facing businesses today. From healthcare institutions and manufacturing units to government agencies and small...
AI flaw-finder still under lock and key for now while company figures out guardrails, but made available to more users including governments
The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and...
A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. [...]
With increasing levels of connectivity within industrial environments, traditional notion of trusted users, devices, and networks being fundamentally... The post Zero trust in OT moves beyond...
The University of Mississippi Medical Center may have violated federal privacy law following a ransomware attack that crippled its systems in February, according to a 3 On Your Side investigation....
In April 2026, 7-Eleven was the victim of a "pay or leak" extortion campaign by ShinyHunters, with the data later published that month. The incident exposed 185k unique email addresses, along with...
Researchers identified multiple coordinated software supply chain attacks targeting Composer/Packagist packages and upstream GitHub repositories. The activity involved malicious postinstall hooks,...