HPE security advisory (AV26-487)
F5 security advisory (AV26-485)
FreePBX security advisory (AV26-484)
GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the...
Good report: Executive Summary: Let’s say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, because benchmarks don’t...
There is a certain kind of conversation that doesn’t get written up in a post-mortem, doesn’t generate a ticket, and never makes it into an end-of-quarter report. It happens on the margins—at a...
Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries...
Sentinels League 2026 brings global threat hunters together to battle across AI, Endpoint, Cloud, and SIEM surfaces for $100K in prizes and more.
Sentinels League 2026 brings global threat hunters together to battle across AI, Endpoint, Cloud, and SIEM surfaces for $100K in prizes and more.
New data from Verizon 2026 Data Breach Investigations Report (DBIR) underscores growing cyber risk for critical infrastructure and... The post Verizon DBIR finds vulnerability exploitation...
Initial assessment says customer data spared while users wonder what else may have slipped out
The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. [...]
Threat actors are actively exploiting a critical authentication bypass flaw in Four-Faith F3x36 industrial cellular routers, with security... The post CrowdSec flags rising exploitation of...
Table of Contents: · Introduction: · Key Targets: · Infection Chain: · Initial Findings about Campaign: · Analysis of Decoys & Spear phishing Email: · Technical Analysis: · Stage1: Analysis of LNK...
Eight major U.S. communications providers, including AT&T, Charter Communications, Comcast, Cox Communications, Lumen Technologies, T-Mobile, Verizon and Zayo,... The post US telecom giants launch...
Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is...
A Freedom of Information Act request shows the extent of the surveillance
Identity checks alone can't stop attackers using stolen session tokens and compromised devices. Specops Software outlines why Zero Trust strategies increasingly depend on continuous device...
Unit 42 analyzes TamperedChef malware clusters that use trojanized productivity apps and malvertising to deliver stealthy payloads to targets. The post Tracking TamperedChef Clusters via...
Concurrent Technologies Corporation partnered with Quantum Knight to support deployment of post-quantum cybersecurity protections across federal, defense, and... The post CTC and Quantum Knight...
Team Cymru, vendor of external threat intelligence and internet visibility, announced its role as a private-sector partner in... The post Team Cymru supports Interpol’s Operation Ramz targeting...
Wasion Americas announced a partnership with Crytica Security to integrate Crytica’s Rapid Detection Alert and Isolation (RDAi) technology... The post Wasion Americas and Crytica bring endpoint...
GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal...
We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102).
A new study finds AI companies, defense firms, and dating apps are among 38 data collectors allegedly using manipulative design to confuse users while collecting their data.
As frontier AI models collapse the traditional exploit window, Tenable Hexa AI transforms the security operating model from manual triage to agentic orchestration. See how you can automate...
Drupal has announced a "core security release" scheduled for later today, warning that threat actors might develop exploits within hours of the update disclosure. [...]
ESET researchers describe new tools and techniques that the Webworm APT group recently added to its arsenal
On March 24, 2026, SCUHS became aware of unauthorized activity on our computer network. We promptly launched a response with assistance from outside cybersecurity specialists to secure the network...
On or around November 13, 2025, we identified suspicious activity occurring within our environment. In response, we quickly took some of our systems offline to stop the activity and followed our...