The ShinyHunters extortion gang stole the personal information of over 183,000 people after hacking the systems of convenience store chain giant 7-Eleven in April, according to data breach...
Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies...
Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the...
Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear "Noisy," "Too much data." But ask the teams running NDR that includes agentic AI capabilities and you'll...
Senior research associate Kate Robertson discusses the risks Bill C-22 poses for future data-sharing agreements with foreign law enforcement agencies. The post Trump Wants to Tap Your Phone....
A ‘geeks first, PR people second’ mentality, A-list reporters, and the forces shaping the cyber media landscape today
Improper Certificate Verification vulnerability (CVE-2026-9058) has been found in Szafir SDK software.
Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and...
cPanel security advisory (AV26-508)
Red Hat security advisory (AV26-507)
[Control systems] CISA ICS security advisories (AV26–506)
Dell security advisory (AV26-504)
Ubuntu security advisory (AV26-505)
Researcher Isiah Jones published a broader ‘Security Methodology’ initiative that consolidates projects such as ICSOTPentest, AIpentest 3.1, AI-driven... The post AI-powered penetration testing...
Roundcube security advisory (AV26-503)
Written by: Jamie Collier While Russian-speaking threat actors have historically dominated the phishing-as-a-service (PhaaS) landscape, a rival ecosystem is rapidly growing within the...
Written by: Takahiro Sugiyama, Peter Revelant, Mathew Potaczek Introduction In late 2025, Mandiant responded to a security incident involving a compromised web server running KnowledgeDeliver....
Bulletin de sécurité IBM (AV26-502)
IBM security advisory (AV26-502)
Anthropic appears to be preparing for the public rollout of the Mythos model, which was announced in April as a restricted model that poses major security risks to private and public software. [...]
Path Traversal vulnerability (CVE-2026-7766) has been found in Kenik cameras software.
The National Institute of Standards and Technology (NIST) released initial public draft of Special Publication 1800-41, a new... The post NIST publishes SP 1800-41 draft to focus on ransomware...
Authorization Bypass Through User-Controlled Key vulnerability (CVE-2026-40127) has been found in OutSystems Lifetime software.
A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans...
As attackers ramp up their AI exploit development, the search for software vulnerabilities is changing rapidly.
Ransomware attacks have evolved into one of the most disruptive cyber threats facing businesses today. From healthcare institutions and manufacturing units to government agencies and small...
AI flaw-finder still under lock and key for now while company figures out guardrails, but made available to more users including governments
The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and...
A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. [...]
With increasing levels of connectivity within industrial environments, traditional notion of trusted users, devices, and networks being fundamentally... The post Zero trust in OT moves beyond...