The Federal Bureau of Investigation (FBI) is providing this Public Service Announcement (PSA) to warn of potential future impacts related to a cyber-attack that affected an online Learning...
Google Threat Intelligence Group (GTIG) has continued to track an expansive extortion campaign by UNC6671, a threat actor operating under the "BlackFile" brand, that targets organizations via...
In Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks...
OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production...
A vulnerability has been discovered in Microsoft Exchange Server that could allow for arbitrary code execution. Microsoft Exchange Server is an enterprise-level email and collaboration platform...
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. [...]
How to protect productivity without slowing down innovation
AL26-012 - Critical vulnerability affecting Cisco Catalyst SD-WAN - CVE-2026-20182
The threat group behind the attacks is also linked to a series of recently disclosed vulnerabilities in the vendor’s firewalls and SD-WAN systems. The post Cisco zero-day under ongoing attack by...
Written by: Austin Larsen, Tyler McLellan, Genevieve Stark, Dan Ebreo Introduction Google Threat Intelligence Group (GTIG) has continued to track an expansive extortion campaign by UNC6671, a...
Microsoft security advisory (AV26-473)
During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11,...
Dear readers, President Trump and Chinese premier Xi Jinping sat down for talks this week as the PRC continues pouring resources into the AI race while simultaneously expanding both its kinetic...
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. [...]
La Fondation pour la formation des adultes à Genève (IFAGE) a été victime en avril d'une cyberattaque. Aucun système pédagogique ni aucune donnée d'étudiants n'ont été affectés mais celles des...
Learn how adversaries weaponize CI/CD pipelines and how continuous behavioral monitoring helps protect against software supply chain attacks.
Police dismantle dark web markets, threat actors weaponize AI for zero-day exploits, and ShinyHunters extorts an edutech giant via XSS flaws.
FortiGuard Labs has analyzed a steganography-based malware campaign that uses PawsRunner to deliver the PureLogs infostealer, highlighting evolving delivery methods and detection strategies.
CERT Polska has received a report about 3 vulnerabilities (CVE-2026-7182, CVE-2026-41552 and CVE-2026-41553) found in DHTMLX software.
The U.S. National Institute of Standards and Technology advanced nine digital signature algorithms to the third round of... The post NIST advances nine post-quantum signature algorithms as race to...
Researchers at Darktrace disclosed a China-linked cyberespionage campaign targeting organizations primarily across the Asia-Pacific and Japan region using... The post Twill Typhoon used legitimate...
Researchers from Carnegie Mellon University warned that the rapid expansion of AI infrastructure, electrification, and grid modernization is... The post CMU’s Electrotech Moneyball paper warns...
Pellera Technologies announced Thursday its official listing on the Cyber AB Marketplace as a Cybersecurity Maturity Model Certification... The post Pellera joins Cyber AB Marketplace as CMMC...
General Dynamics Information Technology (GDIT), a business unit of General Dynamics, and NightDragon, a SecureTech investment and advisory... The post GDIT and NightDragon partner to boost...
Operational Technology (OT), which has widespread deployment across sectors, is increasingly coming under attack as the trend of... The post NCC Group warns ransomware attacks on OT-heavy...
Attackers stole a limited amount of internal credential material after malware hidden in poisoned packages reached two staff machines
Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the...
Unrestricted Upload of File with Dangerous Type vulnerability (CVE-2026-44088) has been found in SzafirHost software.
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as...
Some AI-based video age-verification checks can be fooled with a fake mustache.