Cyber is no longer a supporting capability. It now shapes how defense organizations plan, assess, and act.
No customer info stolen, no impact to operations, and no blackmail payment
Microsoft has finally brought back the resizable taskbar and Start menu to Windows 11 in the latest preview version rolling out to Insiders in the Experimental channel. [...]
The BFSI (Banking, Financial Services, and Insurance) sector has always been a prime target for cybercriminals. But today, the threat landscape has evolved beyond isolated attacks into a...
pewag, Inc. writes to inform you of a recent event that may impact some of your personal information. While we are not aware of any actual or attempted misuse of your information to perpetrate...
On July 10, 2025, we discovered that we were the target of a cybersecurity incident and that files were encrypted in our virtual back-office environment that supports the shared back-office...
On January 7, 2026, Hank’s Furniture detected unauthorized activity on certain systems within our network. We promptly took steps to contain the activity and launched an investigation, with the...
On February 13, 2025, Terra Holdings learned of suspicious activity on certain systems in its environment. Upon learning this, Terra Holdings immediately launched an investigation with the...
Murray County’s government network has been hit by a cyberattack, forcing several county offices to limit services and close some departments until systems are restored. County officials say first...
Ask a plant manager what keeps them up at night, and you’ll hear the usual answers: machine downtime, supply chain delays, quality issues, and labor gaps. But in 2026, endpoint protection for...
In recent weeks, we pointed Mythos and other security-focused LLMs at live code across critical parts of our infrastructure. We share what we observed, the models’ strengths and weaknesses, and...
Microsoft has confirmed that the May 2026 Windows 11 security update (KB5089549) fails to install on some systems and triggers 0x800f0922 errors. [...]
A recently patched local privilege escalation vulnerability in the Linux kernel's rxgk module now has a proof-of-concept exploit that allows attackers to gain root access on some Linux systems. [...]
Multiple researchers using the same tools to find the same bugs are creating ‘unnecessary pain and pointless work’
The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws. [...]
Researchers identified a broad TeamPCP-linked supply chain campaign involving malicious NPM packages, compromised GitHub Actions, a trojanized VSCode extension, and malicious PyPI packages...
A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed "MiniPlasma" that lets attackers gain SYSTEM privileges on fully patched...
A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability,...
Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment and download its codebase. "Our investigation has...
Ransomware groups are increasingly being used as proxy weapons in geopolitical cyber warfare, enabling nation-states to exert pressure... The post State-backed ransomware activity raises new...
The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. [...]
A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout...
A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft disputes the claim, telling...
New analysis confirms the targeted applications and reveals fast16 was tailored to corrupt uranium-compression simulations central to nuclear weapon design.
Plus: Instructure’s Canvas ransomware debacle comes to a close, an alleged dark net market kingpin gets arrested, OpenAI workers fall victim to a supply chain attack, and more.
The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence, stealth, and data collection. [...]
Article about the bigfin squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's engineered for stealth and persistent access to...
THORChain officials said the investigation into the incident is ongoing but explained that one of their six vaults was compromised, leading to a loss of about $10.7 million.
FreePBX security advisory (AV26–474)