The UK and EU are demanding urgent action from critical infrastructure organizations after formally attributing the December 2025 cyberattack on Poland’s power grid to Russia’s Federal Security...
Flaws in iCagenda, Balbooa Forms extensions can impact open source CMS that powers a million sites worldwide
The Pentagon is suspending the ramp up of new Cybersecurity Maturity Model Certification third-party assessment requirements, while also launching a sweeping review of the CMMC program that once...
Gov. Kathy Hochul of New York is set to sign an executive order today placing a one-year pause on the construction of the largest data centers, putting the state at the forefront of the national...
A campaign of 148 npm packages disguised as student web proxies turned visitors' browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from...
Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform....
FIFA’s network was vulnerable to anyone with even minimal access.
Every day, defenders make high-consequence decisions with incomplete information. Learn how Cisco Talos Intelligence Integrations help reduce uncertainty by turning the latest threat intelligence...
Detect and mitigate malicious @asyncapi npm packages linked to the latest npm supply chain attack.
Contents Introduction Key Targets Industries Affected Geographical focus Infection Chain Initial Findings Looking into the Decoy Document Technical Analysis Stage 1 – Initial Infection through LNK...
This blog examines the full lifecycle of a Python package, from hosting on repositories such as PyPI or custom web servers, through source and wheel distribution formats, to the final installation...
ESET researchers discovered 11 vulnerable UEFI shim bootloaders signed by Microsoft that allow attackers to bypass UEFI Secure Boot by exploiting decade-old vulnerabilities
A government impersonation scam is targeting property owners with fake planning and zoning permit invoices, and authorized wire transfers are clearing behavioral controls. Here's how the scheme...
Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers...
Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after researchers found a hidden browsing-history collector...
“While ultimately it is up to parents to decide when children get their first smartphones, what we already have is a consensus that there needs to be a start date for the age children can join...
Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That's supposed to be the good news. The catch is that the attackers have the same tools, pointed...
Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single email can trick that agent into saving a false "fact"...
The U.S. Treasury Department announced sanctions against First VPN Service (1VPNS) and its Ukrainian administrator for aiding ransomware groups. Separately, a Belarusian man was sanctioned for...
A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM) tactics, antibot evasion, artificial intelligence...
Sweeping sanctions and condemnation follow op that could have left half a million without power in the depths of winter
Meta has filed a patent application for an AI that listens to your voice throughout the day, works out how it thinks you are feeling from the way you sound, and keeps a timestamped log of every...
Europol’s 2026 EU Terrorism Situation and Trend Report (EU TE-SAT), released today, reveals that violence has become a means of gaining identity, recognition and belonging, and that online...
A few days ago, I was sitting with the CISO of a Fortune 50 company, walking through how his security team was thinking about AI agents in the SOC. Smart team. Serious program. They had already...
Cybersecurity researchers have flagged an intrusion in which an unknown threat actor leveraged a vibe-coded PowerShell script for Active Directory (AD) enumeration. "The script looked for the...
The EU, its members and the U.K. took action against Russian government officials and others while attributing the winter cyberattacks against Poland’s energy grid to the FSB. The post Europe...
State-sponsored attackers are targeting critical infrastructure networks in defense, communications, energy, finance, government and health care. The post Officials once again warn defenders that...
Unauthenticated Remote Code Execution (CVE-2026-6847) has been found in 4real ThemisNETPanel software.
As federal pandemic relief and infrastructure funding winds down, cities across the U.S. are increasingly looking to new technologies, like artificial intelligence, to help stretch limited budgets...
Electricity used by datacenters in Ireland increased by 10 percent during 2025, despite an effective moratorium on most new datacenter grid connections in the Dublin area. The latest figures from...