Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers...
Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after researchers found a hidden browsing-history collector...
“While ultimately it is up to parents to decide when children get their first smartphones, what we already have is a consensus that there needs to be a start date for the age children can join...
Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That's supposed to be the good news. The catch is that the attackers have the same tools, pointed...
Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single email can trick that agent into saving a false "fact"...
The U.S. Treasury Department announced sanctions against First VPN Service (1VPNS) and its Ukrainian administrator for aiding ransomware groups. Separately, a Belarusian man was sanctioned for...
A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM) tactics, antibot evasion, artificial intelligence...
Sweeping sanctions and condemnation follow op that could have left half a million without power in the depths of winter
Meta has filed a patent application for an AI that listens to your voice throughout the day, works out how it thinks you are feeling from the way you sound, and keeps a timestamped log of every...
A few days ago, I was sitting with the CISO of a Fortune 50 company, walking through how his security team was thinking about AI agents in the SOC. Smart team. Serious program. They had already...
Cybersecurity researchers have flagged an intrusion in which an unknown threat actor leveraged a vibe-coded PowerShell script for Active Directory (AD) enumeration. "The script looked for the...
The EU, its members and the U.K. took action against Russian government officials and others while attributing the winter cyberattacks against Poland’s energy grid to the FSB. The post Europe...
State-sponsored attackers are targeting critical infrastructure networks in defense, communications, energy, finance, government and health care. The post Officials once again warn defenders that...
Unauthenticated Remote Code Execution (CVE-2026-6847) has been found in 4real ThemisNETPanel software.
As federal pandemic relief and infrastructure funding winds down, cities across the U.S. are increasingly looking to new technologies, like artificial intelligence, to help stretch limited budgets...
Electricity used by datacenters in Ireland increased by 10 percent during 2025, despite an effective moratorium on most new datacenter grid connections in the Dublin area. The latest figures from...
France will summon the Russian ambassador to Paris in the coming days over an alleged cyberhacking campaign that Russia has carried out against European countries including France, French...
The United States and Iran appeared to be sliding back to war on Monday after Iran vowed revenge for the killing of its leader and appeared undeterred and hardly disabled by nearly a week of U.S....
A new State Council administrative regulation is the first in the People’s Republic of China (PRC) to govern outbound investment as a whole. It defines “resident individuals” as outbound investors...
Manufacturing organizations are facing a broader and more diverse threat landscape as nation-state espionage campaigns converge with financially motivated attacks, according to CYFIRMA’s latest...
As organizations turn to Anthropic and OpenAI-powered agents to automate vulnerability discovery and patch management, researchers have warned that the extensive access these tools require could...
Footie fans? Overreacting? There's a first time for everything
Following the successful launch of owLSM, our first open-source project with more than 250 GitHub stars as of writing, we are now launching a blog series to explore the project's practical...
In February, a ransomware attack against the University of Mississippi Medical Center disrupted operations for more than two weeks. In March, a cyberattack on German medical-billing provider...
A major credential leak spurred the Cybersecurity and Infrastructure Security Agency to strengthen protections for its sensitive materials, improve how researchers can report agency...
A suspected China-linked threat actor turned a Pakistani police complaint portal used by ordinary citizens into a malware delivery mechanism — one piece of a two-year parallel campaign in which...
The Dutch National Police (Politie) says it has found “strong indications” that Dutch hackers have been involved in a February breach at the telecommunications provider Odido. “This includes a...
Lidl is warning its customers of a cyberattack which may have affected some of their personal information stored with the company. In a data breach notification published on its Netherlands,...
Popular discourse often frames AI as a revolutionary force that will transform warfare, governance, and society. When discussing terrorism in particular, public debates frequently assume that AI...
Wildfires are increasingly threatening electric reliability across North America and the communities that depend on a resilient bulk power system. A new Wildfire Mitigation: Canadian Perspectives...
Ubuntu security advisory (AV26-686)
[Control systems] CISA ICS security advisories (AV26–687)
Red Hat security advisory (AV26-688)
Smartphone apps like Ukraine’s ePPO, which citizens use to report UAS activity, can fill gaps in traditional air defenses. Use of these apps can also be extended to non-state actors such as...
The White House plans to bring together utility companies and data center developers to make a voluntary pledge designed to ensure that rapid growth in electricity demand from artificial...
An attacker running a live Microsoft 365 phishing operation left a Python web server listening on a public port with directory listing switched on. The command that did it: python3 -m http.server...
Precursor, our new continuous behavioral validation engine for bot management, offers visibility into how humans and bots actually interact across the full user journey. By turning session-level...
IBM security advisory (AV26-684)
Dell security advisory (AV26-685)
Russia has been spying on NATO military bases through civilian cameras connected to the internet, Dutch intelligence services said. Kremlin-based hackers accessed the devices to monitor the...
Rethinking IaC coverage as a funnel that shows how much of your infrastructure is governed, traceable, and ready for remediation at speed
Vendor insists there's no evidence of unauthorized access, but it's asking customers to take one of the most drastic precautions available
CERT Polska has received a report about 4 vulnerabilities (from CVE-2026-40467 to CVE-2026-40469 and CVE-2026-40553) found in GNU gawk software.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa extensions for Joomla to its Known Exploited...
This essay was written with Nathan E. Sanders, and originally appeared in The Guardian. Opposition to AI data centers has emerged as a primary theme in US politics, one that—surprisingly—doesn’t...
MITRE ATT&CK Walkthrough: T1140 (Deobfuscate/Decode Files or Information), T1105 (Ingress Tool Transfer)
The SFPD’s exposure of hours of videos from drone platform Skydio reveals how broadly it’s watching the city from above—and how the results can spill online.
Beyond IT compliance, cloud security is now the backbone of civilian agency resilience, national defense, and warfighter safety, as cloud environments become increasingly complex.Key takeawaysFor...
Moving from tool approval to true governance is the only way for CISOs to keep pace with the accelerating velocity of software risk. The post AI-generated code has made security debt a governance...
SOC and CTI teams have spent the last two years integrating AI tools into real investigative work, and the results have been meaningful. Analysts move faster through reports, surface connections...