Whats The Hax?

CY

cybersecurity

1h ago · 20 items

Will AI Replace Cybersecurity Jobs? 1h ago What's best certification choice after OSWE 1h ago Facebook Page Call Slipping through Sleep mode 1h ago ssh-keysign-pwn: Linux LPE allows unprivileged users to read root-owned files. PoC with SSH server privkey 1h ago A fix for the previous Linux kernel critical exploit has seemingly introduced another critical local privilege escalation exploit, a third in two weeks. 1h ago Your experience as IT Admin on Alerts 1h ago Slow-drip responses as a bot defense: streaming fake credentials 3 bytes at a time 2h ago Maximum Severity Cisco SD-WAN Bug Exploited in the Wild 2h ago ANTS Hack: 19 million records exposed in French ID agency breach 4h ago AI coding tools are shipping code faster than security can review it. What's your team doing about it 5h ago Interview for AI security engineer position at a fortune 500 company 6h ago Has anyone read "The Art of Deception"? How does it hold up to now? 6h ago Zero trust in hybrid environments - what's actually worked for you 8h ago Have you encountered issues with CSAF advisories in practice? 8h ago Zero trust in hybrid environments - what's actually working for you 8h ago OpenAI confirms security breach in TanStack supply chain attack 10h ago Another day, another supply chain 14h ago Level Effect AMA! Former NSA Operators turned EDR developers and trainers in 2020. We’ve seen a lot of trends over the years and want to start being active in r/cybersecurity giving back. Ask us anything! 20h ago Struggling to Stay Up to Date With Vulnerabilities 20h ago How to Transfer files Safely from a Compromised (work) Device 21h ago

20 loaded Show 10 more

MS

MSRC Security Update Guide

1h ago · 20 items

CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net 1h ago CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification) 1h ago CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1 1h ago CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS 1h ago CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1 1h ago CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection 1h ago CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command 1h ago CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling 1h ago CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username 1h ago CVE-2026-4890 CVE-2026-4890 1h ago CVE-2026-4892 CVE-2026-4892 1h ago CVE-2026-5172 CVE-2026-5172 1h ago CVE-2026-2291 CVE-2026-2291 1h ago CVE-2026-4893 CVE-2026-4893 1h ago CVE-2026-4891 CVE-2026-4891 1h ago CVE-2026-8295 Integer overflow in simdjson 1h ago CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains 1h ago CVE-2026-32177 .NET Elevation of Privilege Vulnerability 19h ago CVE-2026-35433 .NET Elevation of Privilege Vulnerability 19h ago CVE-2026-41615 Microsoft Authenticator Information Disclosure Vulnerability 19h ago

20 loaded Show 10 more

HS

hacking: security in practice

1h ago · 20 items

TinyLoad v4 — added opaque predicates, anti-debug, and section obfuscation to my PE packer 1h ago has anyone used tail os here? 4h ago Run this washer/dryer sans coin? 7h ago I built an open-source Burp alternative 8h ago HighBoy 10h ago Reading Siemens CT raw data 14h ago How I use Hermes agent to turn Patch Tuesday into Windows exploit research 14h ago Russian Hacks of Polish Water Utilities Shows How Hybrid Warfare Uses Fear as Weapon 15h ago Tips for a beginner noob that wants to learn 15h ago Strix — first public beta of the spiritual successor to cSploit/dSploit 20h ago Whatsapp 21h ago Face ID bypass with avatar 22h ago Hunting the Behavior Behind npm Supply Chain Attacks 1d ago Proxmark5 Day 3 Update - $357K+ funded (715% of goal) 1d ago trying to learn patching 1d ago Anyone here familiar with the Internet Computer Protocol (ICP) and why TeamPCP would choose to use it? 3d ago Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation 3d ago Reading old s4 memory with xgecu t48 3d ago Autonomous Vulnerability Hunting with MCP 4d ago Is it true that the professionals have the worst setups? 4d ago

20 loaded Show 10 more

SE

SecurityWeek

1h ago · 10 items

Chrome 148 Update Patches Critical Vulnerabilities 1h ago Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 2h ago Enhancing Data Center Security Without Sacrificing Performance 19h ago New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation 19h ago Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere 20h ago Akamai to Acquire AI and Browser Security Firm LayerX for $205 Million 20h ago Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns 20h ago G7 Countries Release AI SBOM Guidance 21h ago F5 Patches Over 50 Vulnerabilities 22h ago Hackers Targeted PraisonAI Vulnerability Hours After Disclosure 23h ago

HN

Help Net Security

1h ago · 10 items

Keycard helps developers secure autonomous AI agents with scoped access 1h ago Keycard for Multi-Agent Apps secures autonomous AI agents with scoped access, delegated sessions, and attribution. Deepfake detection is losing ground to generative models 3h ago Deepfake detection has been built around a single question for close to a decade. Given a video or audio clip, is it real or synthetic? Commercial Zombie linkages are keeping expired domains trusted for years 4h ago Expired domains can create security risks by leaving HTTPS certificates, Maven namespaces, and ENS records active. The AI oversight paradox: Is the investment worth the cost of watching it? 4h ago The impact of AI on the business grows in 2026 as companies increase oversight and compete for specialized talent. New infosec products of the week: May 15, 2026 5h ago The featured infosec products for this week in May 2026 are from Alation, Apricorn, Versa Networks, and TrustCloud. Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300) 18h ago Researchers have found and disclosed yet another LPE vulnerability in the Linux kernel: CVE-2026-46300, aka "Fragnesia". HYCU aiR detects insider risk and AI activity from backups 19h ago HYCU launches aiR, an AI-native platform that turns backup data into actionable insights for security and compliance teams. Cofense adds AI-powered campaign detection to stop phishing attacks 20h ago Cofense launches new advancements to its AI-driven Phishing Defense Platform to help customers defend against advanced phishing attacks. Microsoft’s WinUI agent plugin trims token use by over 70% during development 22h ago Microsoft's WinUI agent plugin brings AI-driven scaffolding, testing, and packaging for native Windows apps to Copilot and Claude Code. Microsoft turns Copilot Studio into an AI agent control center 23h ago Microsoft expands Copilot Studio with stronger agent governance, AI-powered workflows, app integrations, and Work IQ updates.

RE

Reverse Engineering

2h ago · 20 items

GitHub - jetnoir/metis: Automated binary vulnerability triage for macOS, Linux, and Windows targets 2h ago GitHub - jetnoir/poppy: Dynamic XPC Observability & Fault Injection for macOS 2h ago Trafexia V2 - Mobile Traffic Interceptor Toolkit 3h ago HyperVenom: Using Hyper-V for Ring -1 Control from Usermode 15h ago VELVET CHOLLIMA Infostealer Campaign Using Trading App as Lure 19h ago Ghidra 12.1 has been released! 23h ago Reverse Engineering Slither.io’s Network Protocol 1d ago I Reverse-engineering Need for Speed Underground 2 Server 1d ago I made a video explaining CPU registers for people learning binary exploitation — x86 vs x64 differences included 1d ago [Claude Code] Android Reverse engineering Skill being updated with tracker/AD neutralization features 1d ago LAN-LOK: Living as a sysadmin at an isolated Antarctic research station in the early 90s [DOS game -- would like to collab to reverse engineer] 2d ago r2garlic - The world's fastest Android/DEX decompiler meets radare2! 2d ago GitHub - iss4cf0ng/OpenBootloader: A Proof-of-Concept of simple bootloader, written in Assembly (NASM) and C language. 2d ago Lockbit Black Loader and Shellcode Analysis - Full Thought process, Technical Writeup and Blue Team perspective 3d ago Reverse Engineering Fisher-Price Pixter 3d ago /r/ReverseEngineering's Weekly Questions Thread 4d ago Check out my matplotlib of BLE live wire data for Oura ring! 4d ago Positron: DLL injection based runtime JS injection toolkit for Electron(v8) apps on Windows 4d ago Building a Wasm-in-Wasm Virtualizer (with JIT decrypted paged memory) 4d ago PE Entropy Visualizer with per-block RVA/VA mapping, locate packed payloads and encrypted blobs, then jump straight to them in IDA/Ghidra 4d ago

20 loaded Show 10 more

TI

Technical Information Security Content & Discussion

2h ago · 20 items

Instrumenting QT6 desktop apps with Frida - Part 1 2h ago From Vercel Typosquatting to an Obfuscated macOS Malware Loader 2h ago HyperVenom: Using Hyper-V for Ring -1 Control from Usermode 15h ago Detecting Exploitation of CrushFTP Vulnerability (CVE-2025-31161) With PacketSmith Yara Detection Module - Using track_state and flow_state 17h ago VELVET CHOLLIMA Infostealer Campaign Using Trading App as Lure 19h ago CVE-2026-42945 : NGINX Heap Buffer Overflow in rewrite module - Writeup and PoC 22h ago WaSteal: 126 Chrome extensions, 148K installs, one Brazilian operator silently sending WhatsApp user data and ad cookies to its servers 1d ago Apple Maildrop lets you rewrite the filename, size, and icon on any icloud.com attachment link — no signature, no validation — reported July 2023, still live 1d ago /sbin/ping -G sweepmax has no bounds check on macOS: deterministic BSS out-of-bounds write, confirmed by Apple 1d ago A stealth approach to Process Injection - EntryPoint Hijacking 1d ago Dead.Letter (CVE-2026-45185) How XBOW found an unauthenticated RCE on Exim 2d ago Curl lead developer Daniel Stenberg provides insightful feedbacks from Mythos analysis results 2d ago New ipTIME Pre-Auth RCE in CWMP 3d ago Postmortem: TanStack npm supply-chain compromise 3d ago GhostLock: SMB Deny-Share Handles as a Zero-Privilege Availability Weapon 3d ago MyAudi app:Security issues in Audi Connected Vehicle experience 4d ago Giving Claude Code Full Control of a Hardware Fault Injection Setup to Bypass Secure Boot 4d ago Autonomous Vulnerability Hunting with MCP 4d ago ShinyHunters / AT&T ransom payment traced on-chain — paper draft, seeking arXiv cs.CR endorsement 4d ago Data in Use Protection: How MPC Keeps Inputs Hidden from the Cloud - Stoffel - MPC Made Simple 4d ago

20 loaded Show 10 more

TH

The Hacker News

2h ago · 20 items

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email 2h ago CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits 3h ago Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access 15h ago Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets 15h ago ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories 16h ago Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike 19h ago PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure 21h ago How AI Hallucinations Are Creating Real Security Risks 21h ago Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation 23h ago New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption 1d ago 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE 1d ago Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday 1d ago Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation 1d ago [Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud 1d ago Most Remediation Programs Never Confirm the Fix Actually Worked 1d ago Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws 1d ago GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data 2d ago Android Adds Intrusion Logging for Sophisticated Spyware Forensics 2d ago New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution 2d ago RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded 2d ago

20 loaded Show 10 more

LN

Latest news

6h ago · 20 items

Can anything replace my laptop? I tested 5 remote work setups to find the best alternative 6h ago From XR glasses to headsets to tablets, here's how various work systems fared over 30 days. Cable, cords, and adapters I never throw away - and why these accessories are worth saving 7h ago Don't let your spring cleaning or desire for Feng Shui enlightenment make you toss the important stuff. This gear will come in handy one day. Home Depot and Lowe's have power tool deals for up to $400 off ahead of Memorial Day 7h ago Save big on everything you need for DIY projects and home repairs with these Memorial Day deals on tools from DeWalt, Milwaukee, and more. Samsung Galaxy Z Fold 7 vs. Pixel 10 Pro Fold vs. Motorola Razr Fold - this model wins for me 7h ago The Motorola Razr Fold faces tough competition from the Samsung Galaxy Z Fold 7 and Google Pixel 10 Pro Fold, but still manages to stand out. Are you following the 60-60 rule with headphone listening? Your future self will thank you 7h ago Wearing headphones every day has a greater effect on your ears than you might think. But your devices likely have features to help. 10 Google Maps settings I always change to greatly improve its usability - and you should, too 7h ago Google Maps is great right after install, but I like to tighten my privacy and enable a few features to make it better. I tested Motorola's $1,900 Razr Fold, and it gives Samsung and Google serious competition 8h ago The new Razr Fold is one of my favorite phones I've used in 2026, thanks to its stunning displays, stellar cameras, and top-tier hardware. This 4TB WD Black SSD is almost $1,200 off at Best Buy - and I don't expect it to last 12h ago The cost of SSDs, RAM, and other PC components has skyrocketed, but Best Buy is offering an impressive 53% discount on the 4TB WD Black SN850X. You can buy Meta smart glasses for up to 20% off right now - Ray-Bans included 13h ago The second-gen smart glasses are 15% off, while the Oakley Meta HSTN glasses are 20% off - perfect gifts for dad. Anthropic's Mythos is evolving faster than expected, reports AI safety agency 15h ago Only a month after its initial release, Anthropic's storied Mythos model is breaking new testing boundaries. I'm no Copilot fan, but these 6 new AI skills turned Edge into my favorite mobile browser 16h ago Kindle Scribe vs. ReMarkable Paper Pure: Why I'm not writing off Amazon's E Ink tablet just yet 17h ago I found the best early Memorial Day Apple deals: Save hundreds on iPad, Apple Watch, and more 17h ago 6 ways I use Fedora 44 beyond the basics - and why it's ready for anything 19h ago The third major Linux kernel flaw in two weeks has been found - thanks to AI 20h ago The best microSD cards of 2026: Expert tested and reviewed 22h ago This 8TB SanDisk SSD is selling for 62% off at Best buy - and I highly recommend it 22h ago The best secure browsers for privacy in 2026: Expert tested 23h ago The best VPN routers of 2026: Expert tested and reviewed 1d ago You may qualify for Amazon Prime at 50% off without even knowing - here's how 1d ago

20 loaded Show 10 more

FB

For [Blue|Purple] Teams in Cyber Defence

7h ago · 20 items

WAF Evasion Engine 7h ago Thus Spoke…The Gentlemen 11h ago KQLab - open-source query manager for SOC teams 14h ago How TeamPCP's Python Toolkit Survives a C2 Takedown 15h ago Microsoft AntiSSRF 16h ago VELVET CHOLLIMA Infostealer Campaign Using Trading App as Lure 19h ago How fast is autonomous AI cyber capability advancing? 20h ago YellowKey: YellowKey Bitlocker Bypass Vulnerability 1d ago Tinker Tailor Soldier: Paper Werewolf’s latest toolkit 1d ago 126 Chrome extensions, all secretly the same product, taking 148K users' WhatsApp data and ad cookies 1d ago Gamaredon's infection chain: Spoofed emails, GammaDrop and GammaLoad 1d ago Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise 1d ago Android Intrusion Logging as a new source of data for consensual forensic analysis 1d ago Shai-Hulud: Another Wave and Going Open Source 1d ago A stealth approach to Process Injection - EntryPoint Hijacking 1d ago Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign 2d ago Owning a service principal equals owning its permissions. 2d ago Claude Code RCE: Exploiting Deeplink Handlers via Settings Injection 2d ago CPU OP Cache Corruption - AMD has identified a vulnerability in the CPU operation (op/µop) cache on Zen 2‑based products that can cause incorrect instructions to be executed at a higher privilege level. 2d ago Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware 2d ago

20 loaded Show 10 more

MA

Malware Analysis & Reports

8h ago · 20 items

Inspecting a DLL file trying to figure out if it really is malware 8h ago npm supply chain compromise on a Next.js app — XMRig miner bundled into webpack output 12h ago VELVET CHOLLIMA Infostealer Campaign Using Trading App as Lure 19h ago clens.io - new public threat & data intel service 1d ago [Tool] IOCX – deterministic IOC extraction engine (static‑only, PE‑aware, plugin‑extensible) 1d ago OS scanner that checks repos for traces of the Shai Hulud worm 2d ago Mini Shai-Hulud Supply-Chain Worm Compromises npm and PyPI Packages, Including TanStack, Mistral, Lightning, and Guardrails AI 2d ago Steam spear phishing 3d ago Fake linked in sponsored google search 3d ago Mass npm Supply Chain Attack Hits TanStack, Mistral AI, and 170+ Packages 3d ago New Shai-Hulud npm worm variant 3d ago looking for "evil" Websites 3d ago Deterministic PE Structural Validation in IOCX v0.7.3 3d ago sl1nk link 4d ago Wtf OPEN Ai 5d ago JDownloader's official website delivered Python RAT 6d ago Discord bot C2 infrastructure 9d ago IOCX v0.7.1 — robustness update focused on malformed PEs, hostile strings, and static‑analysis hardening 9d ago Supply chain attack: DAEMON Tools Lite now contains a backdoor. 9d ago Built a PE Malware Analysis Pipeline to Learn Why Most Detection Tools Suck at Correlation 10d ago

20 loaded Show 10 more

BL

BleepingComputer

10h ago · 15 items

TeamPCP hackers advertise Mistral AI code repos for sale 10h ago The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin 11h ago Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks 12h ago Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks that allowed attackers to gain administrative privileges on compromised devices. OpenAI confirms security breach in TanStack supply chain attack 13h ago OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for its applications as a precaution. Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026 14h ago On the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique zero-days. 18-year-old NGINX vulnerability allows DoS, potential RCE 17h ago An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution. Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight 17h ago Cargo theft now starts with phishing emails and stolen credentials, not hijackings, to reroute and steal freight from supply chains. NMFTA outlines how cyber-enabled cargo crime is changing transportation security. KongTuke hackers now use Microsoft Teams for corporate breaches 20h ago Initial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks. Dell confirms its SupportAssist software causes Windows BSOD crashes 23h ago Dell confirmed that its SupportAssist software is causing blue-screen crashes on some Windows systems following a wave of user reports about random reboots affecting Dell devices since Friday. US charges suspected Dream Market admin arrested in Germany 1d ago The alleged main administrator of Dream Market Incognito Market, one of the largest dark web marketplaces before its shutdown, has been indicted in the United States on money laundering charges. New Fragnesia Linux flaw lets attackers gain root privileges 1d ago West Pharmaceutical says hackers stole data, encrypted systems 1d ago Iranian hackers targeted major South Korean electronics maker 1d ago New critical Exim mailer flaw allows remote code execution 1d ago Windows BitLocker zero-day gives access to protected drives, PoC released 1d ago

15 loaded Show 5 more

CD

Cyber Defense Magazine

11h ago · 10 items

Innovator Spotlight: Klever Compliance 11h ago Innovator Spotlight: Radware 12h ago Innovator Spotlight: JScrambler 15h ago Innovators Spotlight: OPSWAT 1d ago The Board Is Asking The Wrong Security Question 1d ago Synthetic Identity Fraud Requires An Equal Focus On Biometrics And Document Verification 2d ago Innovator Spotlight: Iru 3d ago Innovator Spotlight: Axonius 3d ago Security In The AI Era: Why Compliance, Infrastructure, And Platform Security Must Converge 3d ago The SMB Cybersecurity Gap: Why Small Businesses Are The Fastest-Growing Attack Surface 3d ago

TR

The Record from Recorded Future News

12h ago · 5 items

OpenAI asks macOS users to update after TanStack npm supply chain attack 12h ago ODNI taps officials to coordinate response to foreign election threats 14h ago Alleged Dream Market admin arrested in Germany after US indictment 1d ago European Commission head pushes creation of new law delaying teens’ social media access 1d ago UK moves to shield security researchers in cybercrime law overhaul 1d ago

BH

Black Hat

14h ago · 15 items

Black Hat Stories Episode 3 |  Patrick Ventuzelo, CEO & Founder of FuzzingLabs 14h ago Bridging Research & Reality | Why Academics Attend Black Hat 2d ago Black Hat Stories | Patrick Ventuzelo, CEO and Founder of FuzzingLabs 2d ago SecTor 2025 | Detecting Forbidden White Labeled and Counterfeit Devices 10d ago SecTor 2025 | Not-So-Secret Agents: Deploying AI to Optimize Security Operations 15d ago Why Black Hat is Essential for Academics | Black Hat Stories 16d ago What Makes Black Hat Truly Shine | Black Hat Stories 17d ago SecTor 2025 | AI, Deepfakes, and the Next Evolution of Digital Identity Verification 17d ago SecTor 2025 | Security and Safety Testing for Agentic AI 17d ago SecTor 2025 | Quantifying Cyber Risk as a National Defense Imperative 18d ago SecTor 2025 | Foreign Information Manipulation and Interference (FIMI) (Disinformation 2.0) 18d ago SecTor 2025 | Ghost SIM Attack: Hacking Mobile Network Authentication Policies 19d ago SecTor 2025 | CAN Bus for Car Nerds and Security People Who Should Know Better 19d ago SecTor 2025 | Hacking Policy for the Public Good 20d ago SecTor 2025 | Behind Closed Doors - Bypassing RFID Readers & Physical Access Controls 20d ago

15 loaded Show 5 more

SA

Security - Ars Technica

14h ago · 20 items

Zero-day exploit completely defeats default Windows 11 BitLocker protections 14h ago Linux bitten by second severe vulnerability in as many weeks 3d ago Chaos erupts as cyberattack disrupts learning platform Canvas amid finals 6d ago Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives" 7d ago Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack 9d ago Ubuntu infrastructure has been down for more than a day 13d ago GPT-5.5 matches heavily hyped Mythos Preview in new cybersecurity tests 13d ago The most severe Linux threat to surface in years catches the world flat-footed 14d ago Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden 15d ago Open source package with 1 million monthly downloads stole user credentials 17d ago Why are top university websites serving porn? It comes down to shoddy housekeeping. 20d ago In a first, a ransomware family is confirmed to be quantum-safe 21d ago Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage 22d ago Microsoft issues emergency update for macOS and Linux ASP.NET threat 22d ago Mozilla: Anthropic's Mythos found 271 security vulnerabilities in Firefox 150 23d ago Contrary to popular superstition, AES 128 is just fine in a post-quantum world 23d ago US-sanctioned currency exchange says $15 million heist done by "unfriendly states" 27d ago Recent advances push Big Tech closer to the Q-Day danger zone 27d ago "TotalRecall Reloaded" tool finds a side entrance to Windows 11's Recall database 29d ago UK gov's Mythos AI tests help separate cybersecurity threat from hype 30d ago

20 loaded Show 10 more

MS

Microsoft Security Blog

17h ago · 10 items

Defense in depth for autonomous AI agents 17h ago As AI agents gain autonomy, defense in depth must evolve, with application-layer design, identity, and human oversight at the center. Kazuar: Anatomy of a nation-state botnet 18h ago Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused operations. Over time, Kazuar has expanded f... When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps 18h ago Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by threat actors. Learn how exploitable misconfigurations lead to RCE and data leaks. Accelerating detection engineering using AI-assisted synthetic attack logs generation 2d ago What if you could generate realistic attack telemetry on demand? Explore research methods that translate attacker behaviors (TTPs) into synthetic logs that can trigger detections at scale and without sensitive data. Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark 2d ago Today Microsoft is announcing a major step forward in AI-powered cyber defense: a new multi-model agentic scanning harness (codenamed MDASH). Defending consumer web properties against modern DDoS attacks 2d ago Learn how to protect consumer websites and defend against modern DDoS attacks with layered security, resilient architecture, and graceful service degradation. Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise 2d ago Microsoft Incident Response investigated an attack operated through legitimate and trusted administrative mechanisms to blend seamlessly into routine operations and remain undetected demonstrating that intrusions have increasingly avoided u... Active attack: Dirty Frag Linux vulnerability expands post-compromise risk 6d ago Dirty Frag is a newly disclosed Linux local privilege escalation vulnerability affecting kernel networking and memory-fragment handling components including esp4, esp6, and rxrpc. The vulnerability enables reliable escalation from an unpriv... When prompts become shells: RCE vulnerabilities in AI agent frameworks 7d ago New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these vulnerabilities work, what’s impacted, and how to secure your agents. World Passkey Day: Advancing passwordless authentication 7d ago This World Passkey Day, read how Microsoft is advancing passkey adoption to replace passwords, cut phishing risk, and deliver simpler, more secure sign-ins.

CS

Cisco Security Advisory

17h ago · 20 items

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability 17h ago May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability was disclosed in February 2026. This ... Cisco Catalyst SD-WAN Manager Vulnerabilities 17h ago Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow a remote attacker to gain access to sensitive information, elevate privileges, or gain unauthorized access to the application. For more informat... Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory 17h ago Following the initial publication of the Security Advisory about a denial of service (DoS) condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator (NSO), additional information has been made available to the ... Cisco Unity Connection Remote Code Execution and Server-Side Request Forgery Vulnerabilities 8d ago Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to execute arbitrary code on or conduct server-side request forgery (SSRF) attacks through an affected device. For more information about these vulnerabilities... Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability 8d ago A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a... Cisco Identity Services Engine Authentication Bypass Vulnerabilities 8d ago Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow a remote attacker to bypass authorization mechanisms or examine error messages to gain access to sensitive information on an affected device. For more information ... Cisco Prime Infrastructure Information Disclosure Vulnerability 8d ago A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization chec... Cisco Slido Insecure Direct Object Reference Vulnerability 8d ago A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and ... Cisco IoT Field Network Director Vulnerabilities 8d ago Multiple vulnerabilities in the web-based management interface of Cisco IoT Field Network Director Software could allow an authenticated, remote attacker to access files, execute commands, and cause denial of service (DoS) conditions on man... Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vulnerability 8d ago A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow an authenticated, remote attacker to caus... Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities 9d ago Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense 14d ago Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities 16d ago Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability 20d ago Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities 22d ago Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities 22d ago Cisco Catalyst SD-WAN Vulnerabilities 22d ago Cisco Webex Services Certificate Validation Vulnerability 28d ago Cisco Secure Web Appliance Authentication Bypass Vulnerability 28d ago Cisco Identity Services Engine Remote Code Execution Vulnerabilities 29d ago

20 loaded Show 10 more

BF

Blog – Forter

19h ago · 10 items

Japan’s 3DS Mandate: One Year In 19h ago One-Click Refunds Are Not as Hard as You Think 9d ago Toys“R”Us Japan Implements Forter’s Fraud Management and Payment Optimization Solutions 16d ago More of What Matters: Forter’s April Product Release 17d ago If AI Agents Can’t Find You, Do You Even Exist? 17d ago Return Policy Abuse Is Theft. It’s Time to Treat It That Way. 29d ago What Is Return Abuse and Why Is It Getting Harder to Stop? 30d ago Return Abuse Prevention Starts with the Person, Not the Policy 30d ago Shoptalk 2026: Retail in the Age of AI 38d ago Visa’s Updated VAMP Program: What Merchants Need to Know 50d ago

HA

Hak5

20h ago · 15 items

🔴 [LIVE] Payload Review & 1M Subs! 20h ago 🔴 [LIVE] Payload Review & 1M Subs! 1d ago 🔴 [LIVE] Hak5 Hits 1 MILLION SUBSCRIBERS 1d ago Google’s Silent AI Install: What They’re Hiding in Your Files | Threat Wire 1d ago The Fatal 4-Byte Error That Just Broke Linux | Threat Wire 6d ago The Worst-Case Scenario for Password Managers | THREAT WIRE 14d ago NIST Is Scaling Back CVEs — And That’s a Problem | THREAT WIRE 20d ago there are too many stories to cover #cybersecurity #news @endingwithali 28d ago Use After Free Bugs Are Out of Control @endingwithali #threatwire #cybersecurity 28d ago Are you thinking about software supply chain attacks? #hacker @endingwithali #cybersecurity 28d ago Age Restricted Internet Is On It’s Way #threatwire @endingwithali #hackernews 28d ago Age Restricted Internet Is On It’s Way - Threat Wire 29d ago Use After Free Bugs Are Out of Control! - Threat Wire 35d ago 🔴 [PAYLOAD REVIEW] WiFi Pineapple Pager 📟🍍 37d ago 🍍📟 Firmware 1.0.8 - WiFi Pineapple Pager 38d ago

15 loaded Show 5 more

AL

Alerts

21h ago · 20 items

CISA Adds One Known Exploited Vulnerability to Catalog 21h ago CISA Adds One Known Exploited Vulnerability to Catalog 6d ago CISA Adds One Known Exploited Vulnerability to Catalog 7d ago CISA Adds One Known Exploited Vulnerability to Catalog 8d ago CISA Adds One Known Exploited Vulnerability to Catalog 13d ago CISA Adds One Known Exploited Vulnerability to Catalog 14d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 16d ago CISA Adds Four Known Exploited Vulnerabilities to Catalog 20d ago CISA Adds One Known Exploited Vulnerability to Catalog 21d ago CISA Adds One Known Exploited Vulnerability to Catalog 22d ago ​​Supply Chain Compromise Impacts Axios Node Package Manager​ 24d ago CISA Adds Eight Known Exploited Vulnerabilities to Catalog 24d ago CISA Adds One Known Exploited Vulnerability to Catalog 28d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 30d ago CISA Adds Seven Known Exploited Vulnerabilities to Catalog 31d ago CISA Adds One Known Exploited Vulnerability to Catalog 36d ago CISA Adds One Known Exploited Vulnerability to Catalog 38d ago CISA Adds One Known Exploited Vulnerability to Catalog 42d ago CISA Adds One Known Exploited Vulnerability to Catalog 43d ago CISA Adds One Known Exploited Vulnerability to Catalog 45d ago

20 loaded Show 10 more

AC

All CISA Advisories

21h ago · 20 items

Siemens Siemens ROS# 21h ago Siemens gWAP 21h ago Siemens SIMATIC 21h ago Siemens Ruggedcom Rox 21h ago Siemens Ruggedcom Rox 21h ago Siemens Simcenter Femap 21h ago Universal Robots Polyscope 5 21h ago Siemens Ruggedcom Rox 21h ago Siemens Teamcenter 21h ago Siemens Solid Edge 21h ago Siemens SENTRON 7KT PAC1261 Data Manager 21h ago Siemens Opcenter RDnL 21h ago Siemens Ruggedcom Rox 21h ago Siemens SIMATIC S7 PLC Web Server 21h ago CISA Adds One Known Exploited Vulnerability to Catalog 21h ago Siemens SIMATIC 21h ago Siemens SIPROTEC 5 21h ago Siemens Industrial Devices 21h ago Software Bill of Materials for AI - Minimum Elements 2d ago ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities 2d ago

20 loaded Show 10 more

SE

Securelist

22h ago · 10 items

Kimsuky targets organizations with PebbleDash-based tools 22h ago Kaspersky researchers analyze a range of new PebbleDash-based tools used in recent Kimsuky campaigns and reveal their connection to the AppleSeed malware cluster. State of ransomware in 2026 3d ago Kaspersky researchers are sharing insights into the main ransomware trends for 2026: EDR killers on the rise, switching from data encryption to data leaks, and more. CVE-2025-68670: discovering an RCE vulnerability in xrdp 7d ago During a security assessment of Kaspersky USB Redirector, we discovered CVE-2025-68670: a pre-auth RCE in the xrdp server component. Project maintainers promptly patched the vulnerability. Exploits and vulnerabilities in Q1 2026 7d ago This report provides statistical data on published vulnerabilities and exploits we researched during Q1 2026. It also includes summary data on the use of C2 frameworks in APT attacks. OceanLotus suspected of using PyPI to deliver ZiChatBot malware 8d ago Kaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT. Websites with an undefined trust level: avoiding the trap 8d ago We explain what suspicious websites are and how to distinguish a safe site from a fraudulent one. A new category in Kaspersky solutions: we’re sharing global statistics on untrusted site detection. “Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security 10d ago Kaspersky expert breaks down a new phishing scheme that uses the Amazon SES cloud email service. Let’s look at some examples to see how you can tell a phishing email from a real one. Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India 15d ago The Silver Fox group is targeting companies in Russia and India by impersonating tax authorities to distribute ValleyRAT and the new ABCDoor backdoor. PhantomRPC: A new privilege escalation technique in Windows RPC 21d ago Kaspersky researcher discovered a vulnerability in RPC architecture that enables an attacker to create a fake RPC server and escalate their privileges. FakeWallet crypto stealer spreading through iOS apps in the App Store 24d ago In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets.

SL

Security Latest

23h ago · 20 items

Your iPhone Gets Stolen. Then the Hacking Begins 23h ago DHS Plans Experiment Running ‘Reconnaissance’ Drones Along the US-Canada Border 1d ago WhatsApp Adds Meta AI Chats That Are Built to Be Fully Private 1d ago Foxconn Ransomware Attack Shows Nothing Is Safe Forever 2d ago Iran Is Using Tiny ‘Mosquito’ Boats to Shut Down the Strait of Hormuz 2d ago Hackable Robot Lawn Mower Unlocks a New Nightmare 5d ago Meet Rassvet, Russia’s Answer to Starlink 7d ago The Canvas Hack Is a New Kind of Ransomware Debacle 7d ago How to Disable Google's Gemini in Chrome 7d ago Thousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open Web 7d ago A Kid With a Fake Mustache Tricked an Online Age-Verification Tool 8d ago Hackers Hate AI Slop Even More Than You Do 8d ago DHS Demanded Google Surrender Data on Canadian’s Activity, Location Over Anti-ICE Posts 10d ago Disneyland Now Uses Face Recognition on Visitors 12d ago Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers 13d ago OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts 14d ago 90,000 Screenshots of One Celebrity's Phone Were Exposed Online 14d ago Why Sharing a Screenshot Can Get You Jailed in the UAE 16d ago The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards 16d ago Cole Allen Charged With Attempting to Assassinate Trump 17d ago

20 loaded Show 10 more

WE

WeLiveSecurity

1d ago · 20 items

FrostyNeighbor: Fresh mischief and digital shenanigans 1d ago Eyes wide open: How to mitigate the security and privacy risks of smart glasses 4d ago Fake call logs, real payments: How CallPhantom tricks Android users 8d ago Fixing the password problem is as easy as 123456 8d ago A rigged game: ScarCruft compromises gaming platform in a supply-chain attack 10d ago This month in security with Tony Anscombe – April 2026 edition 15d ago The calm before the ransom: What you see is not all there is 21d ago GopherWhisper: A burrow full of malware 22d ago New NGate variant hides in a trojanized NFC payment app 24d ago What the ransom note won’t say 25d ago That data breach alert might be a trap 28d ago Supply chain dependencies: Have you checked your blind spot? 28d ago Recovery scammers hit you when you’re down: Here’s how to avoid a second strike 35d ago As breakout time accelerates, prevention-first cybersecurity takes center stage 38d ago Digital assets after death: Managing risks to your loved one’s digital estate 44d ago This month in security with Tony Anscombe – March 2026 edition 45d ago RSAC 2026 wrap-up – Week in security with Tony Anscombe 48d ago A cunning predator: How Silver Fox preys on Japanese firms this tax season 49d ago Virtual machines, virtually everywhere – and with real security gaps 50d ago Cloud workload security: Mind the gaps 51d ago

20 loaded Show 10 more

TC

The Cyber Mentor

1d ago · 15 items

LIVE: 🕵️ HTB Sherlocks! | Cybersecurity | Blue Team 1d ago A Quick Way to Prove Your Cybersecurity Skillset! 2d ago A Guide to LNK File Forensics 13d ago Josh Mason | Real Folks of Cyber | DITL 15d ago Use BLUR-IT to Increase Your OPSEC 23d ago How to Investigate with Windows Prefetch Files 27d ago Cybersecurity Books to Read: DFIR Investigative Mindset 30d ago Bye Bye Bellini! | Andrew Bellini's Farewell Stream | Cybersecurity | AMA 36d ago Getting Started With The Windows Registry 41d ago How Digital Forensics Caught the BTK Killer 44d ago Welcoming Megan to TCM! | Cybersecurity | AMA 50d ago 3 Reasons IoT Security Will Explode in 2026 51d ago Blue Team CTF Walkthrough: DFIR 55d ago The Importance of Forensic Soundness 58d ago 5 Cybersecurity Books That Made Me a Better Investigator 62d ago

15 loaded Show 5 more

RF

Recorded Future

1d ago · 20 items

NIST NVD Enrichment Policy Change: Prioritizing Vulnerabilities with Attacker Behavior Signals 1d ago NVD enrichment now covers only 15–20% of CVEs. Learn how Recorded Future Vulnerability Intelligence prioritizes risk using real attacker behavior signals. Beyond Acceleration and Automation: How AI + Intelligence Changes Cyber Defense 1d ago The real question in modern cyber defense isn't who has more technology. It's who uses their resources more efficiently. Here's how AI fused with threat intelligence tips that balance. Working in London at the World’s Largest Intelligence Company 7d ago See what it is like to work at the Recorded Future London office. Quantum Risk Explained 8d ago Learn how the "Harvest Now, Decrypt Later" (HNDL) risk exposes long-lived sensitive data today, regardless of when Cryptographically Relevant Quantum Computers (CRQCs) arrive. Recorded Future Named a Leader in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies. And there’s more. 9d ago Recorded Future shares exciting developments since being named a leader. Threat Activity Enablers: The Backbone of Today’s Threat Landscape 9d ago Behind every ransomware demand, botnet, or threat activity group is a server sitting in a data center. Hacking Embodied AI 10d ago Embodied AI, intelligent systems in physical forms such as humanoid and quadruped robots, is moving from spectacle to staffing plans. The Iran War: What You Need to Know 14d ago Insikt Group tracks the cyber, physical, and geopolitical components of the US-Israeli strikes on Iran — with continuously updated threat analysis and scenarios. Risk Scenarios for the US’s Strategic Pivot 15d ago The United States (US) is shifting toward a more force-driven security strategy primarily relying on military operations and economic pressure to counter transnational criminal organizations and limit Chinese, Russian, and Iranian influence... Building with AI: Here's What No Briefing Will Tell You 15d ago What building with AI for three months revealed about four leadership blind spots executives can't afford to ignore: the comprehension gap, eroding competitive moats, deployment complexity, and what "senior" really means now. The Money Mule Solution: What Every Scam Has in Common 17d ago Lazarus Doesn't Need AGI 17d ago From Overwhelmed to Autonomous: Rethinking Threat Intelligence in 2026 21d ago Critical minerals and cyber operations 22d ago Today, trust is the superpower that makes innovation possible 22d ago Evolution of Chinese-Language Guarantee Telegram Marketplaces 23d ago AI Hype vs. Reality: Is AI Really Rewriting the Vulnerability Equation? 23d ago Emerging Enterprise Security Risks of AI 24d ago 4 Essential Integration Workflows for Operationalizing Threat Intelligence Recorded Future 28d ago From Bazooka to Fake Nikes 29d ago

20 loaded Show 10 more

JH

John Hammond

1d ago · 15 items

Hack a Drug Lord's Smart Toilet! 1d ago The Payload Podcast 006 1d ago Hackers are Using AI (much scary, very wow) 2d ago JHT Course Launch: Web App Junior Analyst! 13d ago FAKE Zoom Taxes MALWARE 17d ago the WORST phishing email i've ever seen 20d ago Hackers Stole Your Account (for free) 21d ago The Dawn of AI Warfare (with Katrina Manson) 23d ago The Payload Podcast #005 - Casey Smith 23d ago JHT Livestream: mitmproxy & OpenWRT to read HTTPS traffic! 27d ago HUGE AI-powered Microsoft Account phishing campaign 35d ago robots take over the world or something i guess idk 36d ago How Teenage Hackers Hijack the Internet (with Joe Tidy!) 36d ago Hackers make FAKE notifications 37d ago AI Cyber Defense Ops Course Launch! 41d ago

15 loaded Show 5 more

CY

CyberScoop

1d ago · 18 items

Daybreak is OpenAI’s answer to the AI arms race in cybersecurity 1d ago ‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack 2d ago Major world economies spell out key elements of AI ‘ingredients list’ 2d ago Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical 2d ago Google and Amnesty International teamed up to make it harder for spyware vendors to hide 2d ago AI is separating the companies built to scale from the ones built to sell 2d ago Instructure claims hackers returned stolen Canvas data after an extortion standoff 3d ago Google spotted an AI-developed zero-day before attackers could use it 3d ago Researchers found artifacts in the code that proved AI was heavily involved. A prominent cybercrime group planned to exploit the zero-day en masse for financial gain. The missing cybersecurity leader in small business 3d ago Sen. Schumer seeks DHS plan on AI cyber coordination with state, local governments 6d ago ShinyHunters claims nearly 9,000 schools affected by Canvas data breach 6d ago Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI 6d ago Ivanti customers confront yet another actively exploited zero-day 7d ago Trump officials are steering a cybersecurity scholarship program toward AI 7d ago American duo sentenced for hosting laptop farms for North Korean IT workers 7d ago One House Democrat is pressing Commerce on the government’s spyware use 7d ago A DOD contractor’s API flaw exposed military course data and service member records 8d ago A critical Palo Alto PAN-OS zero-day is being exploited in the wild 8d ago

18 loaded Show 8 more

TM

Trend Micro Research, News, Perspectives

2d ago · 20 items

Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft 2d ago Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America 4d ago Supporting the National Cyber Strategy: How TrendAI™ Helps 9d ago InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise 10d ago Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities 11d ago Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia 15d ago Kuse Web App Abused to Host Phishing Document 16d ago Bad actors took advantage of the legitimate name and services of Kuse, a popular AI-based app designed for workplaces. The attackers exploited the users’ trust in Kuse to carry out a phishing attack. Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories 24d ago The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables 25d ago Identity Protection in the AI Era 32d ago Learn about a proactive, identity-first security approach that integrates visibility, threat detection and response, zero trust enforcement, AI protection, and threat intelligence into a unified model. U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026 36d ago Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do 38d ago Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads 42d ago TrendAI Insight: New U.S. National Cyber Strategy 44d ago The Real Risk of Vibecoding 45d ago Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads 45d ago TrendAI™ Research at RSAC 2026: Advancing Defense Across AI‑Driven and Cyber‑Physical Threats 45d ago TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM 46d ago Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise 50d ago Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities 50d ago

20 loaded Show 10 more

PN

Proofpoint News Feed

2d ago · 10 items

Proofpoint Launches Dedicated MSP Business Unit and Introduces 365 Total Protection for North America 2d ago New MSP Platform business unit, AI-powered all-in-one Microsoft 365 protection, and Marketplace partnership with Pax8 strengthen Proofpoint’s commitment to channel and small and mid-size Proofpoint Establishes Innovation Precedent for Source-Agnostic Modern Enterprise Investigations 9d ago Proofpoint Prism Investigator positioned as first fully autonomous Agentic AI solution to significantly streamline investigations for highly regulated and highly AI and the New Threat Landscape | Sumit Dhawan with NightDragon | RSAC 2026 9d ago The Most Powerful Women Of The Channel 2026: Power 100 10d ago The Power 100 is culled from the ranks of CRN’s 2026 Women of the Channel and spotlights the female executives at vendors and distributors whose insight and influence help drive channel success. AI Security Gaps Create New MSSP Opportunity: Proofpoint 14d ago Claude Mythos Fears Startle Japan's Financial Services Sector 15d ago AI-Era Threats Spread Beyond Email Into SaaS, Collaboration Apps, and AI Assistants 16d ago Proofpoint Research Reveals Half of Global Organizations Experienced AI Incidents Despite Having AI Security Controls in Place 17d ago Inaugural global study finds more than half of organizations are not fully confident their AI security controls would detect compromised AI Clear market trend for software providers to help with AI: Proofpoint CEO 21d ago Sumit Dhawan, Proofpoint CEO, joins 'Closing Bell' to discuss ServiceNow's quarterly earnings results, if Anthropic's Mythos makes incumbent players more important and much more. Proofpoint CEO on AI Security Innovations | Nasdaq at RSAC 2026 22d ago

KO

Krebs on Security

2d ago · 10 items

Patch Tuesday, May 2026 Edition 2d ago Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this m... Canvas Breach Disrupts Schools & Colleges Nationwide 7d ago An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the servi... Anti-DDoS Firm Heaped Attacks on Brazilian ISPs 14d ago A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazi... ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty 23d ago A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phish... Patch Tuesday, April 2026 Edition 30d ago Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dub... Russia Hacked Routers to Steal Microsoft Office Tokens 37d ago Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backe... Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab 39d ago An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gang... ‘CanisterWorm’ Springs Wiper Attack Targeting Iran 52d ago A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or ha... Feds Disrupt IoT Botnets Behind Huge DDoS Attacks 56d ago The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT) devices, such as ro... Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker 64d ago A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub out...

HS

Heimdal Security Blog

2d ago · 15 items

AI Will Absorb 99.98% of SOC Triage Within a Year, as 79% of IT teams brace for AI-driven workload shift 2d ago Morten Kjaersgaard expects fewer than 500 of three million monthly alerts to need a human analyst in the year ahead. The role is being rebuilt around cases that warrant judgement. Top 10 Cybersecurity Companies in Europe 9d ago Over the last 10-15 years, the cybersecurity scene has gotten increasingly complex, as organizations adopt new technology and hackers evolve more innovative ways to target them. At the same time, data protection and compliance have become m... Heimdal Expands AI Strategy with AI Wingman and Third-Party AI Containment 23d ago Heimdal today unveiled the next phase of its AI strategy, expanding AI Wingman with three new layers - Assist, Triage and SOC - alongside the introduction of Third-Party AI Containment. You Only Know What You’ve Got When Its Gone 48d ago Prepare for the expected. Rehearse an action plan in case of technology failure or cyberattacks. We all know they can happen. Nordic MSPs Can Now Access Heimdal’s Unified Security and Compliance Platform Through Elovade 58d ago Heimdal has appointed Elovade as its official distributor in the Nordic region. The move gives MSPs and resellers across Sweden, Norway, Denmark, Iceland, and Finland direct access to Heimdal's consolidated cybersecurity platform through a ... OpenClaw Incidents Show Why AI Adoption Pressure Puts Companies at Risk 70d ago The OpenClaw security failures show how hasty AI adoption can expose businesses and supply chains to major cyber risk. Heimdal Claims Industry First With a Cyber Essentials Control Mapping for PEDM to Help Organisations Prove Least Privilege 95d ago Heimdal is the first vendor to publish a dedicated Cyber Essentials control mapping for PEDM, setting out how privilege management supports Cyber Essentials requirements and what evidence can be produced to support assessment and assurance. Five Predictions for Cyber Security Trends in 2026 99d ago Morten Kjaersgaard, Heimdal’s Founder, and Adam Pilton, a former cybercrime investigator, predict five cyber security trends for 2026. Heimdal Achieves OPSWAT Gold Certification for Anti-Malware 120d ago Heimdal today announced that its Next-Gen Antivirus (NGAV) with Extended Threat Protection (XTP) has achieved OPSWAT Gold Certification for Anti-Malware, validating its compatibility and effectiveness within OPSWAT’s industry-leading Access... How to Avoid Holiday Shopping Scams (From a Former Cyber Detective) 154d ago Worried about holiday scams? Ex-cybercrime detective Adam Pilton breaks down the biggest threats and how to shop safely this festive season. ITDR Best Practices: How to Detect, Prevent, and Contain Critical Identity Threats 168d ago When Buyers Discount MSPs With One Big Customer 168d ago You’re Not Technical? That Excuse Just Expired! 168d ago Tool Sprawl Taxes Your Business More Than You Think 170d ago Heimdal 5.1.0 RC Dashboard: Smarter Automation, Stronger Compliance, and Smoother Control 174d ago

15 loaded Show 5 more

M3

Microsoft 365 Blog

3d ago · 10 items

New and improved: Agent governance, intelligent workflows, and connected app experiences 3d ago See what's new in Copilot Studio, April 2026: updates to workflows, more control over agent operations, and an expanded agent usage estimator. Copilot Cowork: From conversation to action across skills, integrations, and devices 9d ago Today, we’re announcing additional capabilities in Cowork to expand on what it can make possible for you. Microsoft 365 Copilot, human agency, and the opportunity for every organization 9d ago Empower your organization with Microsoft 365 Copilot—AI that bridges human potential and business outcomes for the future of work. Microsoft Agent 365, now generally available, expands capabilities and integrations 13d ago ​We’re announcing the general availability of Agent 365, plus previews of new capabilities to discover and manage shadow AI agents. Learn more. Copilot’s agentic capabilities in Word, Excel, and PowerPoint are generally available 22d ago Copilot's newest features are now generally available as the default experience across all Microsoft 365 subscriptions. Bring your everyday business apps into the flow of work with agents in Microsoft 365 Copilot 31d ago Discover how apps integrate with AI agents to power Copilot experiences, streamline workflows, and turn business context into action. New and improved: Multi-agent orchestration, connected experiences, and faster prompt iteration 43d ago Explore what's new in Copilot Studio: Multi-agent systems now generally available, plus updates to the Prompt Editor and governance controls. Copilot Cowork: Now available in Frontier 45d ago Today, Copilot Cowork—designed for long-running, multi-step work in Microsoft 365—is available via the Frontier program. Copilot Cowork: A new way of getting work done 66d ago Copilot Cowork turns intent into action across Microsoft 365—automating tasks, coordinating workflows, and keeping you in control. See how. Powering Frontier Transformation with Copilot and agents 66d ago Wave 3 of Microsoft 365 Copilot introduces Copilot Cowork, multi‑model intelligence, and enterprise‑ready AI—built to get real work done.

NA

NahamSec

3d ago · 15 items

The Bug Bounty Roadmap I'd Follow If I Started Over (With AI) 3d ago Is the AI hype helping or killing your bug bounty dreams? #hacking #bugbounty 3d ago Stop Using AI Connectors Until You Watch This 10d ago One ChatGPT connector. One email. Full AI agent hijack. #BugBounty #PromptInjection #ai #hacking 10d ago This hacker made $40,000 using Claude #ai #hacking #bugbounty 17d ago My Friend Made $40,000 Using Claude Code (Here's How) 17d ago I Learned How to Jailbreak AI Chatbots 24d ago Here’s everything I have learned from making $2M in bounties. #bugbounty 28d ago Is AI Killing Bug Bounty? 31d ago An AI Hacker Showed Me How to Exfil Data in Zero Clicks 38d ago I Earned $2M Hacking. Here's Everything I Know 45d ago BECOMING AN AI HACKER (Episode 01) 59d ago Was This Vulnerability Worth $15,000? 66d ago I Hacked My First AI Chatbot 80d ago Can I Replace AI With My Recon Methodology? 87d ago

15 loaded Show 5 more

DB

David Bombal

4d ago · 15 items

Is this laptop any good? (Real World Use cases) 4d ago 3 risks of using clear DNS 6d ago May the force help you troubleshoot ... 10d ago Dual Boot Windows and Ubuntu Linux in 10 Minutes (2026) 11d ago They got hacked and now you will get attacked ☹️ 16d ago Stop Reflashing USBs: Build a Ventoy Toolkit 18d ago Stop using these browsers in 2026! 20d ago How long before your encryption is broken? (Quantum Switch is here) 21d ago I want this WiFi gadget! (Speed Testing and more) 23d ago How to track dark ships using OSINT (with demos) 25d ago How your ISP tracks you (even with encrypted DNS) 27d ago Hackers are using AI to win. 3 ways to STOP them in 2026. 32d ago Hacking Windows Active Directory in 10 minutes 34d ago Learn Linux in 180s: head and tail commands 35d ago Warning: Vibe Hacking is here 36d ago

15 loaded Show 5 more

IP

IppSec

5d ago · 15 items

HackTheBox - Overwatch 5d ago HackTheBox - Sorcery 19d ago HackTheBox - AirTouch 26d ago HackThebox - Eighteen 33d ago HackTheBox - DarkZero 40d ago HackTheBox - Browsed 47d ago HackTheBox - Conversor 54d ago HackTheBox - Gavel 61d ago HackTheBox - Principal 62d ago HackTheBox - ExpressWay 68d ago HackTheBox - Guardian 75d ago HackTheBox - GiveBack 82d ago HackTheBox - Soulmate 89d ago HackTheBox - Signed 96d ago HackTheBox - CodePartTwo 103d ago

15 loaded Show 5 more

NE

NetworkChuck

8d ago · 15 items

Compliance can be frustrating. But....CALMpliance........that's a whole different thing. 8d ago Summer of CCNA LIVE Launch Party 10d ago Learn networking with REAL labs 👉 Join the Summer of CCNA 17d ago Most AI coding tools don’t sandbox on Windows (except one) 20d ago I built a network with gachapon machines 31d ago i didn't want to like this.... 35d ago Milla Jovovich made an AI memory tool…..it’s pretty good 37d ago Gemma 4 on the iPhone (local AI, no internet required) 39d ago Anthropic says NO MORE OpenClaw!! 41d ago the WORST hack of 2026 44d ago OpenClaw......RIGHT NOW??? (it's not what you think) 45d ago I almost quit YouTube.... 64d ago YouTube BROKE but the ads kept working... 66d ago the prompting trick nobody teaches you 69d ago hackers now steal your data in 72 minutes 71d ago

15 loaded Show 5 more

TL

The Last Watchdog

9d ago · 10 items

News alert: LuxSci launches HIPAA-compliant email platform for mid-size healthcare market 9d ago CAMBRIDGE, Mass., May 5, 2026, CyberNewswireŌĆöLuxSci, a leading provider of HIPAA compliant secure healthcare communications, today announced the launch of LuxSci Secure High Volume Email for mid-sized healthcare organizations, the industr... SHARED INTEL Q&A: PKI’s unfinished business—’digital passports’ for content, models and agents 14d ago As if keeping track of machine identities wasnŌĆÖt hard enough. AI agents are now arriving by the thousands ŌĆö and most enterprises are just handing them borrowed credentials and hoping for the best. Meanwhile, the cryptographic infrastruc... GUEST ESSAY: How augmented reality (AR) can turn building images into ad space with no control 16d ago Every major building in America has three things: a physical address, a legal owner, and an unmonitored attack surface. Related: Sam Altman's quest to usurp the browswer That surface extends from the ground up through every floor, every fac... FIRESIDE CHAT: Leaked secrets are now the go-to attack vector — and AI is accelerating exposures 17d ago A consequential shift is underway in how enterprise breaches begin. The leaked credential ‚Äî once treated as a hygiene problem ‚Äî has become the primary on-ramp. Related: No easy fixes for AI risk Last August‚Äôs Salesloft campaign was th... News alert: BreachLock’s integrated attack validation platform debuts in Gartner AEV category 22d ago NEW YORK, Apr. 21, 2026, CyberNewswire—BreachLock, a global leader in offensive security, today announced it has been named a representative vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation. This recognition mar... Fireside Chat: PKI has carried digital trust through every tech advance—now comes the hardest one 24d ago Public key infrastructure -- the authentication and encryption framework that has held digital commerce together through every chaotic leap forward in technology -- is facing a double whammy. Related: Achieveing AI security won't be easy Au... News Alert: NTT Research launches SaltGrain—advanced Attribute-Based Encryption security 29d ago SUNNYVALE, Calif., Apr. 15, 2026 ŌĆō NTT Research, Inc., a division of NTT (TYO:9432), today announced the launch of Scale Academy, a startup incubator responsible for bringing to market products and services based upon technologies studied... GUEST ESSAY: Google’s 2029 deadline exposes readiness gap as move to quantum-safe crypto lags 30d ago For years, quantum risk was easy for most institutions to treat as premature: real in theory, urgent someday, but not yet an operational problem. That is no longer tenable. Related: AI spawns semantic attacks Two developments this month bro... News alert: Mallory launches AI-native platform to cut through alert noise and surface real risk 35d ago AUSTIN, Texas, Apr. 9, 2026, CyberNewswire—Mallory is launching a AI-native threat intelligence platform, purpose-built to answer the questions CISOs and their teams are asking every day: •What are the real threat vectors for our organi... FIRESIDE CHAT: Geopolitical turmoil, rising AI risk add a new layer to enterprise cyber defense 37d ago As if securing the enterprise against a tidal wave of AI tools wasn't hard enough, it turns out the geopolitical instability of the moment is making things worse. That wasn't the headline at RSAC 2026 last week -- agentic AI dominated the a...

DA

darkreading

9d ago · 25 items

How the Story of a USB Penetration Test Went Viral 9d ago RMM Tools Fuel Stealthy Phishing Campaign 10d ago Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability 10d ago Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia 10d ago How Dark Reading Lifted Off the Launchpad in 2006 10d ago 76% of All Crypto Stolen in 2026 Is Now in North Korea 13d ago If AI's So Smart, Why Does It Keep Deleting Production Databases? 13d ago Name That Toon: Mark of (Security) Progress 13d ago 20 Years in Cyber: Dark Reading Marks Milestone With Month of Special Coverage 13d ago TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack 14d ago Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug 14d ago Anthropic's Mythos Has Landed: Here's What Comes Next for Cyber 14d ago Oracle Red Bull Racing Team Revs Up Automation to Boost Security 14d ago Claude Mythos Fears Startle Japan's Financial Services Sector 15d ago Reverse Engineering With AI Unearths High-Severity GitHub Bug 15d ago AI Finds 38 Security Flaws in Electronic Health Record Platform 15d ago Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error 15d ago Lotus Wiper Attack Targets Venezuelan Energy Firms, Utilities 15d ago BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures 16d ago NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later 16d ago Feuding Ransomware Groups Leak Each Other's Data 16d ago Vidar Rises to Top of Chaotic Infostealer Market 16d ago Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain 16d ago UNC6692 Combines Social Engineering, Malware, Cloud Abuse 17d ago Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation 17d ago

25 loaded Show 15 more

WE

WeLiveSecurity

10d ago · 20 items

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack 10d ago This month in security with Tony Anscombe – April 2026 edition 15d ago The calm before the ransom: What you see is not all there is 21d ago GopherWhisper: A burrow full of malware 22d ago New NGate variant hides in a trojanized NFC payment app 24d ago What the ransom note won’t say 25d ago That data breach alert might be a trap 28d ago Supply chain dependencies: Have you checked your blind spot? 28d ago Recovery scammers hit you when you’re down: Here’s how to avoid a second strike 35d ago As breakout time accelerates, prevention-first cybersecurity takes center stage 38d ago Digital assets after death: Managing risks to your loved one’s digital estate 44d ago This month in security with Tony Anscombe – March 2026 edition 45d ago RSAC 2026 wrap-up – Week in security with Tony Anscombe 48d ago A cunning predator: How Silver Fox preys on Japanese firms this tax season 49d ago Virtual machines, virtually everywhere – and with real security gaps 50d ago Cloud workload security: Mind the gaps 51d ago Move fast and save things: A quick guide to recovering a hacked account 55d ago EDR killers explained: Beyond the drivers 56d ago Face value: What it takes to fool facial recognition 62d ago Cyber fallout from the Iran war: What to have on your radar 63d ago

20 loaded Show 10 more

SM

Security | Microsoft Azure Blog | Microsoft Azure

10d ago · 10 items

Azure IaaS: Defense in depth built on secure-by-design principles 10d ago Explore how Azure IaaS uses defense in depth and secure-by-design principles to deliver layered, scalable cloud security across compute, network, and data. Enforcing trust and transparency: Open-sourcing the Azure Integrated HSM 14d ago Learn how Microsoft Azure Integrated HSM delivers hardware‑enforced key protection in the cloud, combining FIPS Level 3 assurances with transparency and open‑source collaboration. Azure IaaS: Keep critical applications running with built-in resiliency at scale 43d ago Learn how Azure IaaS helps organizations start from a resilient platform foundation with availability, continuity, and recovery capabilities. Azure IaaS: Explore new resources for building a stronger, more efficient infrastructure 71d ago Learn how Azure IaaS helps you modernize infrastructure, improve performance and resilience, optimize costs, and prepare for AI workloads. Read more. Azure reliability, resiliency, and recoverability: Build continuity by design 86d ago Learn how Azure reliability, resiliency, and recovery capabilities work together to improve cloud continuity. Read more. Microsoft strengthens sovereign cloud capabilities with new services 191d ago Discover new Microsoft digital sovereignty capabilities and upcoming features across AI, security, and productivity, to address sovereign cloud needs. Enhancing software supply chain security with Microsoft’s Signing Transparency 192d ago Microsoft Signing Transparency delivers verifiable code integrity and tamper-evident software releases for stronger supply chain security. Oracle Database@Azure offers new features, regions, and programs to unlock data and AI innovation 212d ago Migrate Oracle solutions to the cloud with a trusted, enterprise-ready platform from Microsoft and Oracle. Learn more. Building secure, scalable AI in the cloud with Microsoft Azure 317d ago Forrester Research shows how Azure helps enterprises scale generative AI securely, unlocking real business value. Learn more. Enhance AI security with Azure Prompt Shields and Azure AI Content Safety 343d ago Learn how Prompt Shields and Azure AI Content Safety can help guard against direct and indirect threats to your LLM-based solution.

ZU

ZDI: Upcoming Advisories

15d ago · 1 items

ZDI-CAN-30796: Docker 15d ago

DE

DEFCONConference

16d ago · 15 items

DEF CON 34 - DEF CON Policy Announcement - Katie Noble, Heather West 16d ago DEF CON 33 - DisguiseDelimit: Exploiting Synology NAS with Delimiters and Novel Tricks - Ryan Emmon 85d ago DEF CON 33 - Browser Extension Clickjacking: One Click and Your Credit Card Is Stolen - Marek Tóth 85d ago DEF CON 33 - Can't Stop the ROP: Automating Universal ASLR Bypasses - Bramwell Brizendine 85d ago DEF CON 33 Recon Village - How to Become One of Them: Deep Cover Ops - Sean Jones, Kaloyan Ivanov 134d ago DEF CON 33 Recon Village - Inside the Shadows Tracking RaaS Groups, Cyber Threats - John Dilgen 134d ago DEF CON 33 Recon Village - Autonomous Video Hunter AI Agents for Real Time OSINT - Kevin Dela Rosa 134d ago DEF CON 33 Recon Village - A Playbook for Integration Servers - Ryan Bonner, Guðmundur Karlsson 134d ago DEF CON 33 Recon Village - Mapping the Shadow War From Estonia to Ukraine - Evgueni Erchov 134d ago DEF CON 33 Recon Village - Building Local Knowledge Graphs for OSINT - Donald Pellegrino 134d ago DEF CON 33 Recon Village - OSINT & Modern Recon Uncover Global VPN Infrastructure - Vladimir Tokarev 134d ago DEF CON 33 Recon Village - Pretty Good Pivot - Simwindie 134d ago DEF CON 33 Recon Village - enumeraite: AI Assisted Web Attack Surface Enumeration - Özgün Kültekin 134d ago DEF CON 33 Recon Village - OSINT Signals Pop Quiz - Master Chen 134d ago DEF CON 33 Recon Village - Investigating Foreign Tech from Online Retailers - Michael Portera 134d ago

15 loaded Show 5 more

FP

Fraud Prevention – Riskified

21d ago · 1 items

Agentic commerce: harness it, don’t outsource it 21d ago External AI agents fly blind without your data. Learn why native AI, powered by identity intelligence, is the key to owning customer relationships in retail.

CC

CISA Cybersecurity Advisories

23d ago · 10 items

Defending Against China-Nexus Covert Networks of Compromised Devices 23d ago Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure 38d ago U.S. organizations should review the TTPs and IOCs in this advisory for indications of current or historical activity on their networks, and apply the Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure 160d ago The authoring organizations encourage critical infrastructure organizations to implement the recommendations in this advisory to reduce the likelihood and CISA Shares Lessons Learned from an Incident Response Engagement 234d ago Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System 262d ago The authoring agencies strongly urge network defenders to hunt for malicious activity and to apply the mitigations in this CSA to reduce the threat of Chinese CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization 289d ago #StopRansomware: Interlock 297d ago Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider 336d ago CISA urges software vendors, downstream customers, and end users to immediately implement the Mitigations listed in this advisory based on confirmed compromise Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations 359d ago Russian GRU Targeting Western Logistics Entities and Technology Companies 367d ago Executives and network defenders should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and IOCs

BA

Blog Articles - Identity Insights | Trulioo

28d ago · 13 items

Business Fraud at Network Scale: What the $3.5B Medicare Hospice Crisis Reveals About Know Your Business 28d ago What is Customer Due Diligence (CDD) 52d ago Why Legacy Identity Verification Can’t Stop AI-Enabled Fraud 55d ago AML, KYC and Identity Verification in Australia 64d ago When Fraud Becomes Background Noise: The Industrialization of Digital Deception 129d ago The Efficiency Era of KYC: Reverification and Reusable Identity Take Center Stage 129d ago The End of Static KYB: Business Identity in Constant Motion 129d ago Know Your Agent: The Next Chapter in Digital Trust 129d ago When Rules Move Faster Than Readiness: Regulatory Adaptability as a Competitive Advantage 129d ago Digital Identity Trends 2026: AI Fraud, Compliance, and Orchestration 148d ago The World’s Identity Platform 1200d ago KYC: 3 Steps to Achieving Know Your Customer Compliance 1471d ago AML Compliance Checklist: Best Practices for Anti-Money Laundering 1486d ago

13 loaded Show 3 more

II

InfoSec Insights

64d ago · 3 items

SSL/TLS Certificate Lifespans Are Decreasing to 200 Days 64d ago A Guide to PKI Authentication with 8 Examples 184d ago How to Open 443 Port and Check If It Is Enabled or Not 198d ago

FP

Fraud Prevention Archives - Alloy Silverstein

70d ago · 2 items

AI in Tax Season: Risks, Scams, and How to Protect Your Data 70d ago Tax Season Scams to Watch For This Year 77d ago

LI

LiveOverflow

71d ago · 15 items

Security-driven Rapid Release - Pwn2Own Documentary (Part 4) 71d ago Firefox JIT Bug - Pwn2Own Documentary (Part 3) 74d ago The First Exploit - Pwn2Own Documentary (Part 2) 78d ago The World's Hardest Hacking Competition - Pwn2Own Documentary (Part 1) 81d ago From Zero to Zero Day (and beyond) - Life of a Hacker: Jonathan Jacobi 401d ago The German Hacking Championship 426d ago Do you know this common Go vulnerability? 440d ago Google's Mobile VRP Behind the Scenes with Kristoffer Blasiak (Hextree Podcast Ep.1) 575d ago My theory on how the webp 0day was discovered #short 591d ago My theory on how the webp 0day was discovered (BLASTPASS) 592d ago Learn Android Hacking! - University Nevada, Las Vegas (2024) 619d ago My Trip to Las Vegas for DEFCON & Black Hat 632d ago Finding The .webp Vulnerability in 8s (Fuzzing with AFL++) 843d ago A Vulnerability to Hack The World - CVE-2023-4863 875d ago Reinventing Web Security 906d ago

15 loaded Show 5 more

SK

STÖK

263d ago · 15 items

Life in the Nordics 🌲 | Foraging Blueberries, Mushrooms & Nosework Training with Our Dogs 263d ago Winter vanlife = good times 865d ago What an experience! Getting a Christmas tree from our own piece of land. #movingupnorth! 872d ago Had to much GLÖGG and lost my camera during - 13371122 - Intigriti + Visma 878d ago IS THIS THE END? 938d ago Escaping the grind and decompiling python 3.9 pyc files to find vulnerabilites 1093d ago How to turn bugs into a "passive" income stream! ft Detectify's Almroot 1333d ago HOW DID THIS HAPPEN!? (13370822 LHE VLOG) 1347d ago Q: How to write a BUG BOUNTY report that actually gets paid? 1463d ago facts: Bug Bounty hunters has made ridiculous amounts of $$ from known DNS techniques.. 1477d ago Q: HOW do you find hidden stuff on websites? (this episode is all about CONTENT DISCOVERY!) 1491d ago Q: HOW do you get started in bug bounty?? How do you build your automation?! 1505d ago Q: PENTEST VS BUGBOUNTY? (Bounty Thursday's - ON AIR) 1519d ago BOUNTY THURSDAYS - LIVE #2 (NEWS/TOOLS and Community Questions with Jason Haddix) 1533d ago Livestream från STÖK 1547d ago

15 loaded Show 5 more

HA

HackerSploit

400d ago · 15 items

How FIN6 Exfiltrates Files Over FTP 400d ago Emulating FIN6 - Active Directory Enumeration Made EASY 451d ago The SECRET to Embedding Metasploit Payloads in VBA Macros 456d ago Offensive VBA 0x4 - Reverse Shell Macro with Powercat 465d ago Offensive VBA 0x3 - Developing PowerShell Droppers 471d ago Offensive VBA 0x2 - Program & Command Execution 475d ago Offensive VBA 0x1 - Your First Macro 477d ago Emulating FIN6 - Gaining Initial Access (Office Word Macro) 483d ago FIN6 Adversary Emulation Plan (TTPs & Tooling) 486d ago Developing An Adversary Emulation Plan 486d ago Introduction To Advanced Persistent Threats (APTs) 491d ago Introduction To Adversary Emulation 512d ago Mastering Persistence: Using an Apache2 Rootkit for Stealth and Defense Evasion 521d ago Planning Red Team Operations | Scope, ROE & Reporting 661d ago Mapping APT TTPs With MITRE ATT&CK Navigator 666d ago

15 loaded Show 5 more

TH

Threatpost

1352d ago · 10 items

Student Loan Breach Exposes 2.5M Records 1352d ago 2.5 million people were affected, in a breach that could spell more trouble down the line. Watering Hole Attacks Push ScanBox Keylogger 1353d ago Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms 1354d ago Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. Ransomware Attacks are on the Rise 1357d ago Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. Cybercriminals Are Selling Access to Chinese Surveillance Cameras 1358d ago Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. Twitter Whistleblower Complaint: The TL;DR Version 1359d ago Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. Firewall Bug Under Active Attack Triggers CISA Warning 1360d ago CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP. Fake Reservation Links Prey on Weary Travelers 1361d ago Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. iPhone Users Urged to Update to Patch 2 Zero-Days 1364d ago Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. Google Patches Chrome’s Fifth Zero-Day of the Year 1365d ago An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.