Loading…

Whats The Hax?

Daily intelligence on threats, breaches, and defenders

What's New

Top 5 Across All Sources

  1. House passes kids’ online safety bill, but Senate approval unlikely

    The Record from Recorded Future News · 1h ago

  2. Beyond CTF Labs

    John Hammond · 1h ago

  3. ​​What’s new in Microsoft Security: June 2026

    Microsoft Security Blog · 1h ago
Latest
The Record from Recorded Future NewsHouse passes kids’ online safety bill, but Senate approval unlikelyJohn HammondBeyond CTF LabsMicrosoft Security Blog​​What’s new in Microsoft Security: June 2026Microsoft Security BlogSecuring AI agents: When AI tools move from reading to actingBleepingComputerFake Perplexity extension on Chrome Web Store tracked searchesThe Hacker NewsSilent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet AddressesLatest newsWhy I switched to wireless security cameras after years of testing wired modelsThe Hacker NewsGuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection RisksLatest newsNetflix vs. Peacock: Which one deserves your money in 2026?Help Net SecurityAikido Security acquires Root to expand backported fixes for open source vulnerabilitiesBleepingComputerLessons from the Underground: How to Combat Business Email CompromiseMSRC Security Update GuideCVE-2026-42910 Windows Hotpatch Monitoring Service Elevation of Privilege VulnerabilityHelp Net SecurityOracle E-Business Suite Payments flaw under attack (CVE-2026-46817)Help Net SecurityCequence Platform 9.0 uses AI to simplify API security and complianceSecurityWeekBlueHammer Vulnerability Exploited in Ransomware AttacksThe Record from Recorded Future NewsAn intelligence budget 'super user' job is now in the hands of Russ VoughtThe Hacker News282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic StudyHelp Net SecurityJamf enables AI Governance and shadow AI detection on MacLatest newsApple rushed to squash 29 bugs because AI is supercharging hackers - update ASAPHelp Net SecurityDigi International’s DANI automates network diagnostics and device managementThe Record from Recorded Future NewsHouse passes kids’ online safety bill, but Senate approval unlikelyJohn HammondBeyond CTF LabsMicrosoft Security Blog​​What’s new in Microsoft Security: June 2026Microsoft Security BlogSecuring AI agents: When AI tools move from reading to actingBleepingComputerFake Perplexity extension on Chrome Web Store tracked searchesThe Hacker NewsSilent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet AddressesLatest newsWhy I switched to wireless security cameras after years of testing wired modelsThe Hacker NewsGuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection RisksLatest newsNetflix vs. Peacock: Which one deserves your money in 2026?Help Net SecurityAikido Security acquires Root to expand backported fixes for open source vulnerabilitiesBleepingComputerLessons from the Underground: How to Combat Business Email CompromiseMSRC Security Update GuideCVE-2026-42910 Windows Hotpatch Monitoring Service Elevation of Privilege VulnerabilityHelp Net SecurityOracle E-Business Suite Payments flaw under attack (CVE-2026-46817)Help Net SecurityCequence Platform 9.0 uses AI to simplify API security and complianceSecurityWeekBlueHammer Vulnerability Exploited in Ransomware AttacksThe Record from Recorded Future NewsAn intelligence budget 'super user' job is now in the hands of Russ VoughtThe Hacker News282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic StudyHelp Net SecurityJamf enables AI Governance and shadow AI detection on MacLatest newsApple rushed to squash 29 bugs because AI is supercharging hackers - update ASAPHelp Net SecurityDigi International’s DANI automates network diagnostics and device management

By Source

Feeds organized so you can skim by site.

Density Sort
JH
John Hammond
1h ago · 15 items
Beyond CTF Labs 1h ago ConsentFix Exposed 1d ago Facebook Phishing Fails 4d ago Disable SmartScreen Fast 5d ago Github got Hacked by CATS 6d ago This Dark Web Linux Backdoor Erases Its Own Footprints 6d ago ContinuumCon 2026 Redux! 10d ago ContinuumCon 2026 - Day 3 15d ago ContinuumCon 2026 - Day 2 16d ago ContinuumCon 2026 - Day 1 17d ago
15 loaded
MS
Microsoft Security Blog
1h ago · 10 items
​​What’s new in Microsoft Security: June 2026 1h ago This month’s updates help security and IT teams strengthen identity and multicloud foundations, protect data wherever it lives, and secure the developer workflows powering AI innovation. Securing AI agents: When AI tools move from reading to acting 1h ago MCP tool poisoning turns trusted AI agents into a control plane for data loss. Learn how threat actors manipulate tool descriptions to trigger unauthorized actions, and how to detect, contain, and prevent it. Chromium extension uses AI‑related branding to redirect browser search 1d ago A malicious Chromium-based extension that spoofs the AI-powered answer engine Perplexity AI redirects browser search traffic using MV3 APIs and intermediary infrastructure. Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access 4d ago Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in Europe and Asia. The campaign uses photo-themed ZIP archives and fake image shortcut files to deliver a persistent Node... Microsoft a Leader in The Forrester Wave™ for Endpoint Management Platforms 5d ago Microsoft named a Leader in the Forrester Wave™: Endpoint Management Platforms, Q2 2026, with the highest scores in the current offering and strategy categories. CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms 5d ago Discover how Microsoft aligns with the next phase of CNAPP—helping organizations correlate signals, prioritize risk, and reduce cloud exposure across modern application environments. StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them 6d ago On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that formed the backbone of the StealC and Amadey infrastructure. This blog is a technical breakdown of StealC and Amadey. Guarding AI memory 7d ago What happens when threat actors target what AI remembers? Microsoft breaks down the risks and the defenses. One intrusion, two cyberattackers: Uncovering parallel threat activity 8d ago Microsoft DART uncovers dual threat actors in a single intrusion, revealing how blended tactics conceal attacks and complicate detection. Learn more. AutoJack: How a single page can RCE the host running your AI agent 11d ago AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in localhost, missing authentication, and unsafe parameter hand...
BL
BleepingComputer
1h ago · 15 items
Fake Perplexity extension on Chrome Web Store tracked searches 1h ago A malicious extension in the Chrome Web Store is masquerading as the Perplexity AI answer engine, intercepting search traffic and collecting browsing information. Lessons from the Underground: How to Combat Business Email Compromise 3h ago Business Email Compromise is more than an email scam. It's a coordinated operation involving compromised accounts, financial research, and cash-out networks. Flare explores how underground forums reveal how BEC attacks are planned and execu... Insurance giant Aflac discloses data breach after subsidiary hack 5h ago American insurance giant Aflac has disclosed a new data breach after attackers breached its Japan subsidiary's systems and stole personal and bank account information. Microsoft adds smarter bot protection to Teams meetings 6h ago Microsoft has introduced a new Teams admin policy that allows organizers to prevent third-party bots from joining meetings without approval. Kali Linux 2026.2 released with 9 new tools, NetHunter updates 7h ago Kali Linux 2026.2, the second release of the year, is now available for download, featuring 9 new tools and numerous Kali NetHunter improvements. Blackfield ransomware asks Nidec Corporation for $2 million ransom 7h ago The Blackfield ransomware gang is asking for a $2 million ransom from Nidec Corporation, a large Japanese manufacturer of electronic components for automotive and computing applications. CISA: Windows BlueHammer flaw now exploited by ransomware gangs 8h ago CISA confirmed on Monday that ransomware gangs are now exploiting a Microsoft Defender privilege escalation vulnerability, dubbed BlueHammer, that has previously been abused in zero-day attacks. Nissan discloses employee data breach linked to Oracle zero-day attacks 20h ago Nissan is warning that it suffered a data breach affecting current and former employees after threat actors exploited an Oracle PeopleSoft vulnerability in data theft attacks previously linked to the ShinyHunters extortion group. NAIC says public data stolen in ShinyHunters' PeopleSoft breach 20h ago The National Association of Insurance Commissioners (NAIC) says the ShinyHunters extortion group stole only publicly available data, outdated logs, and configuration files after breaching its systems by exploiting a zero-day vulnerability i... WhatsApp rolls out usernames to help users hide their phone number 23h ago WhatsApp is finally allowing users to reserve usernames, a privacy feature that lets them hide their phone numbers from people not in their contact list.
15 loaded
TH
The Hacker News
1h ago · 20 items
Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses 1h ago GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks 2h ago 282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study 3h ago What the Numbers Say About FIFA 2026 Cyber Risk 5h ago Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer 5h ago AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks 7h ago New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials 8h ago Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth 9h ago Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild 12h ago WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private 1d ago
20 loaded
LN
Latest news
2h ago · 20 items
Why I switched to wireless security cameras after years of testing wired models 2h ago After using multiple security cameras over the years, I've found the best arrangement for my home - but that doesn't make it right for everyone. Netflix vs. Peacock: Which one deserves your money in 2026? 3h ago Netflix has award-winning originals and a smart algorithm, but Peacock counters with live sports and a lower price. Apple rushed to squash 29 bugs because AI is supercharging hackers - update ASAP 3h ago Software updates are rolling out now for iPhone, iPad, and Mac, bringing fixes that weren't supposed to arrive so soon. Here's why. 61% of US adults use AI for health information now - up from 2% in 2024 4h ago Patients are also three times more likely to trust AI in their doctor's secure portal than a public chatbot. Why 'countdown mode' is the task manager feature I can't live without 6h ago This setting meshes perfectly with how my brain works, and I don't miss deadlines anymore. Too many junk files on your Windows PC? This free tool can remove them in one click 7h ago A utility called Fluent Cleaner will analyze your Windows environment to find and remove junk files, temp files, unused Registry entries, and other clutter - for free. Here's how to use it. I tried the 'Plus Five' rule to fix my iPhone's slow wireless charging - here's what happened 8h ago Wireless charging is a helpful feature, but you may not be getting the optimal speed with your accessories. AI agents are your new colleagues - how to get the best results 8h ago The future of work is likely to require a careful blend of human skills and AI agents. Here's how to work successfully with your agentic counterparts. I always keep these 3 devices plugged into my power station - here's why 21h ago Here's how to leverage your power station's capabilities when it's not during an emergency. I replaced my iPhone battery at the Apple store for the first time ever - and learned a valuable lesson 22h ago A few weeks ago, I replaced my iPhone 14 Pro battery at the Apple store - and was pleasantly surprised by the results.
20 loaded
HN
Help Net Security
3h ago · 10 items
Aikido Security acquires Root to expand backported fixes for open source vulnerabilities 3h ago Aikido Security completes Root acquisition, expanding backported security fixes for open source projects and software supply chains. Oracle E-Business Suite Payments flaw under attack (CVE-2026-46817) 3h ago Exploitation attempts targeting a vulnerability (CVE-2026-46817) in Oracle's E-Business Suite's Oracle Payments module have been spotted. Cequence Platform 9.0 uses AI to simplify API security and compliance 3h ago Cequence Platform 9.0 delivers AI-native API security with an AI assistant, automated compliance and enterprise-scale API risk management. Jamf enables AI Governance and shadow AI detection on Mac 3h ago Jamf adds AI Governance for Mac, giving IT teams visibility into AI tools, endpoint controls and compliance-ready AI usage reporting. Digi International’s DANI automates network diagnostics and device management 3h ago Digi International unveils DANI, an AI-powered network operations agent in DRM for faster diagnostics and proactive device management. OpenMatter Network brings verifiable trust to AI governance 3h ago OpenMatter Network launches a cryptographically verifiable platform for secure collaboration, AI governance and trusted enterprise computing. SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558) 6h ago Attackers are exploiting CVE-2026-48558, an authentication bypass in SimpleHelp RMM, to drop the Djinn Stealer malware on victim computers. Kali Linux 2026.2 trims VM boot times, refreshes its desktops 8h ago Kali Linux 2026.2 cuts VM boot times, bumps GNOME 50 and KDE Plasma 6.6, switches APT to a new sources format, and adds nine tools. OpenClaw for iOS: The viral open-source AI agent comes to iPhone and iPad 9h ago The OpenClaw iOS app brings private AI to iPhone with chat, real-time voice, approvals, device integration, and automations. AirDrop and Quick Share vulnerabilities affect protocols on five billion devices as fixes begin 10h ago Six AirDrop Quick Share vulnerabilities span iOS, macOS, Android, and Windows, affecting protocols on over five billion devices.
MS
MSRC Security Update Guide
3h ago · 20 items
CVE-2026-42910 Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability 3h ago CVE-2026-11979 Stack-Based Buffer Overflow in libxml2 9h ago CVE-2026-53325 agp/amd64: Fix broken error propagation in agp_amd64_probe() 9h ago CVE-2026-41992 Global Buffer Overflow in GNU gzip 9h ago CVE-2026-41991 Predictable Temporary File in GNU gzip 9h ago CVE-2026-54371 attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr 9h ago CVE-2026-54369 acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions 9h ago CVE-2026-58058 Nmap - Integer Underflow in IPv6 Extension Header Parsing 1d ago CVE-2026-58055 nghttp2 nghttpx - HTTP Request/Response Smuggling via Upgrade Request with Content-Length 1d ago CVE-2026-58051 libssh2 - Free of Uninitialized Pointer in publickey List Cleanup 1d ago
20 loaded
SE
SecurityWeek
3h ago · 10 items
BlueHammer Vulnerability Exploited in Ransomware Attacks 3h ago Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks 4h ago Aflac Japan Data Breach Impacts 4.38 Million 4h ago Hacker Conversations: Chris Thompson, Former Head of IBM X-Force Red, Co-Founder of RemoteThreat 5h ago Supreme Court Rules Constitutional Privacy Protections Apply to Cellphone Users’ Location History 5h ago Exploitation of Recent Oracle E-Business Suite Vulnerability Begins 5h ago The AI Token Costs That Can Break Cybersecurity 7h ago Nissan Employee Data Breached in Oracle PeopleSoft Hack 7h ago Critical SimpleHelp Vulnerability Exploited for Malware Delivery 8h ago Quantifind Raises $200 Million for AI-Native Risk Intelligence 10h ago
SE
Securelist
7h ago · 10 items
ToddyCat: your hidden email assistant. Part 2 7h ago An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications in Gmail. The attack targeted OAuth authorization tokens, allowing threat actors to gain access to Google services. The Gentlemen are knocking: сustom backdoors and evolving tactics 1d ago Kaspersky researchers analyze incidents related to The Gentlemen RaaS group, disclose their tools and TTPs, and find a new ransomware variant. Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools 5d ago Kaspersky researchers analyze the threat landscape for SMBs in 2026: the rise of attacks involving fake AI tools, phishing schemes, and data sold on the dark web. StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader 6d ago Kaspersky researchers analyze a new global campaign dubbed StrikeShark that delivers Cobalt Strike Beacon via custom SharkLoader malware. A VBScript campaign distributed through WhatsApp deploying RMM software 8d ago A Kaspersky researcher analyzes a global malicious campaign that distributes VBS scripts via WhatsApp delivering a UEMS RMM agent through a multi-stage infection chain. Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk 14d ago Since late 2025, malware has been spreading rapidly through the Steam Workshop. In most cases, we caught old, familiar threats such as DarkKomet, the Lumma and Vidar infostealers. Argamal: Malware hidden in hentai games 27d ago Kaspersky researchers analyze new Argamal RAT distributed via infected hentai games and allowing the attacker to control the target machine. Wardriving assessment across Mexico: Preparing for the 2026 World Cup 28d ago In the lead-up to the 2026 FIFA World Cup, Kaspersky GReAT experts conducted a wardriving assessment in Mexico City, Monterrey, and Guadalajara to evaluate Wi-Fi hotspot security configurations and potential exposure risks. Containers on fire: from container escapes to supply chain attacks 29d ago We break down the primary attack vectors in containerized environments: exposed secrets, privilege misconfigurations, API compromise, and supply chain attacks. What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant 32d ago What are the main risks for container environments: vulnerabilities, supply chain attacks, configuration errors; how to improve container security and how Kaspersky Container Security with the KIRA AI assistant can help.
SA
Security - Ars Technica
19h ago · 20 items
US offers $10 million for info on group behind Signal and WhatsApp hacking spree 19h ago One-two punch delivered in global operation disrupts cybercrime "assembly line" 5d ago White House drastically shortens deadline for dropping quantum-vulnerable crypto 6d ago Following user outcry, AMD reinstates memory encryption in consumer CPUs 7d ago Microsoft discovers new lightweight backdoor that steals cryptocurrency 11d ago Apple patches high-severity eavesdropping vulnerability in Beats Studio Buds 11d ago Massive breach spills credentials for thousands of sensitive networks 12d ago "Dangerous" AI models are coming no matter what 12d ago Windows and Linux users: The deadline to update Secure Boot keys is near 13d ago Critical Copilot vulnerability allowed hackers to steal 2FA code from users 14d ago
20 loaded
SL
Security Latest
19h ago · 20 items
Meta Contractors Posed as Teens to Prompt Rival Chatbots About Suicide, Sex, and Drugs 19h ago Top Google Security Staff Warn Search Data Could Be Hacked if EU Rules Change 1d ago Security News This Week: LastPass Users Had Their Data Stolen—Again 3d ago The Pentagon Is Looking Into the Dialog Data Exposure for Unmasking National Security Officials 4d ago British Police Built a Sprawling Crime-Prediction Machine. Some Results Couldn’t Be Trusted 5d ago Dialog Claims It Was Hacked. A Misconfigured Website Left Its Members Exposed 6d ago OpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s Mythos 8d ago World Cup Scams Are Getting Harder to Spot 8d ago A Critical Deadline Is Approaching for Windows and Linux Security 9d ago Hackers Claim to Leak Stolen Madison Square Garden Data 10d ago
20 loaded
CD
Cyber Defense Magazine
1d ago · 80 items
CISA Warns Attackers Are Targeting Critical Internal Business Platforms 1d ago Return On Risk: The New Measure Of Cyber Resilience 2d ago Path to StateRAMP 2d ago Rethinking Identity Security In The Age Of AI Driven Fraud 3d ago New Age Insider Risk 3d ago Openclaw And The Agentic AI Inflection Point: From “Cool Demo” To Governed Infrastructure 4d ago Reasonable Reliance: The Test Duty-Holders Are Quietly Being Held To 4d ago The Moment Of Reliance: The Question Safety Governance Cannot Currently Answer 5d ago The New Face Of Fraud: Why AI Is Making Older Adults The Primary Target 5d ago NSA Urges Cyberthreat Timeline Has Compressed From Years to Months 5d ago
80 loaded
WE
WeLiveSecurity
1d ago · 20 items
Inside the inbox: Why cybercriminals want to break into your email account 1d ago SMB cyber readiness: the road to resilience starts here 4d ago Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances 5d ago ESET takes part in Operation Endgame to disrupt Amadey and Stealc 6d ago Killing me gently: Inside Gentlemen’s EDR killer framework 12d ago Protecting legacy OT systems against modern cyberthreats 13d ago FishMonger’s arsenal upgraded: SprySOCKS for Windows 14d ago EvilTokens: A phishing attack that doesn’t steal your password 15d ago OceanLotus: From external espionage to domestic targeting 19d ago Unpacking SMB cyber-readiness – and what makes or breaks it 20d ago
20 loaded
TM
TONResolver RAT Abuses TON Blockchain to Target Japan's Hotel Industry 1d ago From Langflow to Monero: Inside CVE-2026-33017 Cryptominer 7d ago PeopleSoft PeopleTools Pre-Authentication RCE: A PSIGW SSRF Chain That Executes Inside the JVM 12d ago Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign 13d ago Governing Claude Enterprise in Environments Where Inline Controls Can't Go 18d ago GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026 20d ago Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open 22d ago Pwn2Own Berlin 2026: On the Ground With TrendAI™ ZDI's Biggest AI Showdown Yet 29d ago Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet 35d ago Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware 39d ago
20 loaded
BH
Black Hat
1d ago · 15 items
Black Hat Europe 2025 | How We Turned AI's 'Web Browsing' Into A Gateway For Targeting 1B+ Users 1d ago Black Hat Europe 2025 | The Forensic Trail On GitHub: Hunting For Supply Chain Activity 2d ago Black Hat Europe | LINE-Break: Cryptanalysis And Reverse Engineering Of Letter Sealing 2d ago Black Hat Europe 2025 | Hacking Smart Cities One Building At A Time - A City Of A Thousand Zero Days 3d ago Black Hat Europe 2025 | Silence On macOS: What 70K Binaries Reveal About The macOS Malware Ecosystem 3d ago Black Hat Intercepted Video Series | Lexie Thach 4d ago Black Hat Intercepted | Lexie Thach, Ex Machina Parlor + Naval Information Warfare Center Pacific 5d ago Black Hat Europe 2025 | Stress-Testing SAST And LLMs On Modern Web Backends 5d ago Black Hat Europe 2025 | Page Phantoms: Zero-IO, In-Memory Tampering Of The Linux Page Cache 5d ago Black Hat Europe 2025 | SCOMmand And Conquer - Attacking System Center Operations Manager 6d ago
15 loaded
DB
David Bombal
2d ago · 15 items
2026 home lab setup to test malicious links safely for FREE (step by step) 2d ago Which is Ethernet? What's the difference? 4d ago Europe’s 800 Exaflop SUPERCOMPUTERS 5d ago They Created a Supercomputer in a Rack? 7d ago Build a Complete Free CCNA Home Lab in 2026 With No Gear 9d ago Broken access control demo 9d ago Will this replace PoE (Power over Ethernet)? 11d ago Never look into a fiber cable! 11d ago What is Clam AV (free & open source )? 12d ago Learn Linux in 180s - history command 13d ago
15 loaded
IP
IppSec
3d ago · 15 items
HackTheBox - WingData 3d ago HackTheBox - Nanocorp 10d ago HackTheBox - VariaType 17d ago HackTheBox - Facts 24d ago HackTheBox - Interpreter 31d ago HackTheBox - MonitorsFour 38d ago HackTheBox - Pterodactyl 45d ago HackTheBox - Overwatch 52d ago HackTheBox - Sorcery 66d ago HackTheBox - AirTouch 73d ago
15 loaded
TC
The Cyber Mentor
4d ago · 15 items
Real Folks of Cyber | Pearce Barry | Day in the Life 4d ago Getting Started with the TCM Security Academy 4d ago Soft Skills for the Job Market: Resume Writing 11d ago TCM Security Summer Sale is Here! 14d ago LIVE: 🕵️ CTF Prize Draw | Cybersecurity 19d ago Secrets to PNPT Debrief Success 21d ago TCM Security CTF Walkthrough 25d ago Top 5 Active Directory Pentesting Tools 27d ago Real Folks of Cyber | Dan Berger | Day in the Life 33d ago Soft Skills for the Job Market: Communication 39d ago
15 loaded
HS
Heimdal Security Blog
4d ago · 15 items
How Dynamic Defense shuts an attacker out without shutting down the business 4d ago AI has handed hackers a resource advantage. Winning it back means spending your own resources far more precisely, and that’s the strategy we call Dynamic Defense. The principle is simple. Contain the threat just enough, for just long enough... Static security has run out of road. The case for Dynamic Defense 4d ago AI has flipped the economics of cybersecurity in the attacker’s favor. For most of the last decade, defenders held the cost advantage, buying down their risk with a stack of largely static controls. That advantage is gone, and winning it ba... Breaking the MSP Echo Chamber: The Power of Community 6d ago MSPs spend too much time talking to other MSPs and not enough time talking to the people they’re supposed to serve. That’s Paul Croker’s view of some of the channel’s biggest growth problems. While most industry events bring technology prof... How attackers built a RAT on a Windows machine using its own .NET compiler 8d ago In May 2026 an attacker compromised a UK medical practice endpoint without delivering a single malicious file. They used PowerShell and the .NET compiler built into Windows to build a Remcos remote access trojan on the machine itself, so si... Attacker enables RDP, creates admin, erases evidence in ten seconds 8d ago At 06:34am on 2 June 2026, an attacker logged on to a customer’s network. In a single automated burst, they switched on remote desktop and created a rogue administrator account. And deleted the evidence behind them. The intrusion reached 34... The State of AI Risk Management in 2026 14d ago There is no excerpt because this is a protected post. Heimdal Survey: Executives Four Times More Confident About AI Risk Than the Teams Managing It 15d ago New Heimdal research shows AI adoption is moving faster than security controls, exposing a confidence gap between executives and IT teams. Your Next Insider Threat May Be an AI Coworker 18d ago Heimdal sysadmin Alex Panait spent weeks testing Claude Cowork inside the company. His verdict was blunt. It felt like onboarding a junior employee with no manager, no scoped access, and no clear accountability when something goes wrong. Ex... The OSI Model and Its Two Missing Layers 18d ago Two missing layers of the OSI Model can blow up your cyber defense strategy anytime. Jayal Yadal explain what they are. Heimdal® Marks Six Years of Consecutive ISAE 3000 SOC 2 Type II Certification 22d ago Heimdal has achieved ISAE 3000 SOC 2 Type II certification for the sixth consecutive year, reflecting the company's continued focus on operational security, accountability, and data protection.
15 loaded
DA
darkreading
4d ago · 104 items
Name That Toon Contest 4d ago Europe Evolves Into Ransomware's Favorite Region 5d ago Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure 5d ago 2026 FIFA World Cup Faces Surge in Cyber Threats 5d ago Do CISOs Need a Code of Ethics? 5d ago More Malicious OpenClaw Skills Threaten AI Supply Chain 6d ago Apple's MacOS Gap Lets Users Disable Security Tools 6d ago Scope of Salesforce Attacks Expands as Icarus Leaks Data 6d ago 'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows 6d ago SocGholish Takedown Highlights Malicious TDS Threats 7d ago
104 loaded
CY
CyberScoop
4d ago · 105 items
FCC passes new cybersecurity rules for emergency systems, undersea cables 4d ago Federal court rules Trump election-focused executive order illegal 5d ago Russia uses Cellebrite to break into human rights activist’s phone, even after cancellation of contract 5d ago Minnesota man known as ‘Snoopy’ sentenced in DraftKings hack 5d ago Why patch directives only go so far 5d ago Malicious hackers exploit Cisco zero-day for highest access level at communications service provider 5d ago In a first, a court takedown goes after two cybercrime tools at once 6d ago Open-source security is posing challenges governments can’t easily solve 6d ago Justice Department seizes infrastructure used by cyber scam and criminal marketplace 6d ago Algerian man charged with running two cybercrime marketplaces 7d ago
105 loaded
CS
Cisco Security Advisory
5d ago · 20 items
Cisco Finesse Remote File Inclusion Vulnerability 5d ago A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability ... Cisco Advance Notification for Publication of July 1, 2026, Security Advisories 6d ago On July 1, 2026, the Cisco Product Security Incident Response Team (PSIRT) will publish advisories to disclose security vulnerability information along with fixed software releases for the following Cisco products: Catalyst Center Secure En... Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities 8d ago Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a c... Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities 11d ago Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow a remote attacker to achieve remote code execution or conduct information disclosure attacks on an affected devi... Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability 13d ago A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands.... Cisco Crosswork Network Controller Server-Side Template Injection Vulnerability 13d ago A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input v... Cisco Webex App Open Redirect Vulnerability 13d ago A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer ... Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability 13d ago A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an un... Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability 13d ago May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability was disclosed in February 2026. This ... Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability 14d ago A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists...
20 loaded
RF
Recorded Future
5d ago · 20 items
Where Expertise Meets Algorithm: The Insikt Group® Intelligence Edge 5d ago Discover how Recorded Future’s Insikt Group combines human expertise with automated analysis to turn raw data into actionable, industry-leading threat intelligence. Evaluating Mexico’s New Cybersecurity Plan 5d ago Explore an analysis of Mexico’s 2025–2030 National Cybersecurity Plan. Discover how Mexico is addressing critical threats like ransomware, organized crime, and AI-driven attacks while preparing its digital infrastructure for the 2026 FIFA W... FortiBleed Campaign Exposing Credentials for 73,932 FortiGate Systems 6d ago A dataset containing valid administrative and VPN credentials for tens of thousands of Fortinet FortiGate firewalls, Recorded Future recommends organizations patch their systems immediately. The Purchase Scam Tactic Headed for the World Cup | Recorded Future 7d ago A purchase scam tactic hijacks organic search through compromised sites, and it’s built to scale into 2026 FIFA World Cup fraud. How it works and how to respond. State Digital Surveillance Risk Landscape 13d ago Explore the state digital surveillance risk landscape. Learn how governments use spyware, AI, and network interception to monitor travelers and how to mitigate these risks. The Intelligence No One Else Has: Inside Recorded Future’s Proprietary Collection Engine 14d ago Learn how Recorded Future’s proprietary collection engine empowers organizations to move beyond reactive security. Discover the power of our four unique intelligence source types—technical, underground, community, and open-source—working to... Recorded Future Launches Impact and Metrics Dashboard 19d ago See the business value of your intelligence program in one live, continuously updated dashboard, built for the conversations that matter most with the executives who own budget and strategy. Cyber-Enabled Maritime Sanctions Evasion 19d ago Discover how Iranian and Russian shadow fleets use a vast network of fake maritime websites and fraudulent documents to evade international sanctions 2026 FIFA World Cup: What Public Safety Officials Need to Know 20d ago Prepare for the 2026 FIFA World Cup with expert analysis of the physical and cyber threat landscape. Discover key mitigation strategies for host city officials to ensure public safety China's Noncombatant Evacuation Operations: 2005–2025 20d ago Explore the Insikt Group study on 37 Chinese noncombatant evacuation operations (NEOs) from 2005–2025, revealing how China leverages SOEs and civilian resources for its overseas interests
20 loaded
BF
Blog – Forter
6d ago · 10 items
New at Forter: AI Agents Built to Amplify Your Team 6d ago Can AI Agents Find, Trust, and Choose Your Brand? 7d ago IMPACT Roadshow Recap: Getting Ready for Agentic Commerce 20d ago Agent-Ready: How to Prepare Your Site for AI-Driven Commerce 26d ago Japan’s 3DS Mandate: One Year In 46d ago One-Click Refunds Are Not as Hard as You Think 55d ago Toys“R”Us Japan Implements Forter’s Fraud Management and Payment Optimization Solutions 62d ago More of What Matters: Forter’s April Product Release 63d ago If AI Agents Can’t Find You, Do You Even Exist? 63d ago Return Policy Abuse Is Theft. It’s Time to Treat It That Way. 76d ago
KO
Krebs on Security
7d ago · 10 items
Scattered Spider Hackers Plead Guilty on Day 1 of Trial 7d ago Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The ... ‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm 11d ago For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers ... Who Runs the Ransomware Group ‘The Gentlemen?’ 20d ago A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of... A Record-Breaking Patch Tuesday for June 2026 20d ago Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bug... Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts 28d ago The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how ... Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks 36d ago Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the Euro... Lawmakers Demand Answers as CISA Tries to Contain Data Leak 39d ago Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a v... Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada 39d ago Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed deni... CISA Admin Leaked AWS GovCloud Keys on Github 42d ago Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of inte... Patch Tuesday, May 2026 Edition 48d ago Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this m...
TI
Cloudflare patches Copy-Fail across every server in two days 7d ago New Cisco RCE was fixed 7d ago CVE-2026-25860 turn XSS to RCE 7d ago Exploiting Auth0 Defaults in XSS Attacks - elttam 8d ago Scanning malicious websites with 'infinite' number of VPN tunnels (Part 1) 9d ago Use-after-free in the QPACK encoder of nginx HTTP/3 - CVE-2026-42530 10d ago OpenBSD MPLS kernel stack leaks remotely (CVE-2026-56099) 11d ago Squidbleed (CVE-2026-47729) - Heartbleed-style vulnerability that leaks internal memory from every version of Squid Proxy, in its default configuration 11d ago CVE-2026-5667: Unauthenticated Remote Control of Mitsubishi MAC-577IF-2E WiFi Adapters via Probe Request Reconnaissance 11d ago Would you like some malware served at the very top of DuckDuckGo? 12d ago
255 loaded
HA
Hak5
8d ago · 15 items
Miasma Worm Source Code Leaked + What NPM v12 Means for Developers | Threat Wire 8d ago 🔴 [PAYLOAD] Shark Jack Display 🦈 8d ago 🔴 [PAYLOAD] Shark Jack Display 🦈 8d ago 🔴 [PAYLOAD] Shark Jack Display 🦈 12d ago Shark Jacked my LAN 🦈 13d ago Developers React to the 105-Second Github Chain Reaction | Threat Wire 18d ago 🔴 [PAYLOAD] Shark Jack Display 🦈 19d ago Introducing Shark Jack Display 🦈 22d ago The GitHub Leak Situation Just Got Worse | Threat Wire 33d ago The Worm That Deletes Your Entire Computer | Threat Wire 39d ago
15 loaded
NA
NahamSec
8d ago · 15 items
This Hacker Got Paid $50,000+ to Break Frontier AI Models 8d ago This hacker made $500,000+ hacking google in just a few months. #hacking #bugbounty #cybersecurity 12d ago How I Made $30,000 Hacking Broken Access Control 15d ago $30K from one bug class: broken access control. Here's how 3 "lows" chain into account takeover 15d ago Content creations was both a blessing and a curse. #bugbounty 22d ago This Hacker Made $7,000 Hacking AI With One Email 22d ago How I Found My First $3,000 AI Vulnerability 29d ago This GitHub README Hijacks Your AI and Spreads Like a Virus 43d ago New video: hacking AI coding assistants and IDEs. #bugbounty #ai 43d ago The Bug Bounty Roadmap I'd Follow If I Started Over (With AI) 50d ago
15 loaded
PN
Proofpoint News Feed
8d ago · 10 items
Proofpoint Joins the OpenAI Daybreak Cyber Partner Program to Advance Responsible AI-Powered Cyber Defense 8d ago Proofpoint has been selected to participate in OpenAI Daybreak, which helps trusted cybersecurity companies integrate AI into defensive security operations. Through the OpenAI Daybreak Cyber OpenAI Lets Cyber Vendors Embed GPT-5.5 in Defenses 8d ago Suspected North Korean actors use fake ‘coding assignments’ to steal crypto 21d ago China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa 26d ago Proofpoint Introduces Active Exploits Protection to Help Organizations Prioritize Vulnerability Patching for Real-World Attacks in the AI Era 34d ago New solution reduces exposure to actively exploited vulnerabilities in minutes by turning intelligence into immediate protection across primary attack paths Disrupts AI-powered exploit- Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks 39d ago Proofpoint Integrates with the Claude Compliance API to Extend Data Security and Governance to Claude 40d ago New product integrations bring data protection, insider risk detection, and governance into Claude Enterprise and Claude Platform activity Organizations gain unified visibility across Proofpoint Launches Dedicated MSP Business Unit and Introduces 365 Total Protection for North America 48d ago New MSP Platform business unit, AI-powered all-in-one Microsoft 365 protection, and Marketplace partnership with Pax8 strengthen Proofpoint’s commitment to channel and small and mid-size The spy who logged me in. 52d ago ⁠Mark Kelly⁠, Staff Threat Researcher at ⁠Proofpoint⁠, is discussing their work on "I’d come running back to EU again: TA416 resumes European government espionage campaigns." China-linked threat group TA416 has resumed large-scale phishing ... Proofpoint Establishes Innovation Precedent for Source-Agnostic Modern Enterprise Investigations 55d ago Proofpoint Prism Investigator positioned as first fully autonomous Agentic AI solution to significantly streamline investigations for highly regulated and highly
NE
NetworkChuck
10d ago · 15 items
shadow AI is terrifying 10d ago Certification Questions | LIVE AMA | Summer of CCNA | 06/18/2026 11d ago HTTPS Doesn't Hide This From Your ISP!! 11d ago Cisco Just Showed the Future of Networking 12d ago Certification Questions | LIVE AMA | Summer of CCNA | 06/18/2026 14d ago I was wrong about VPNs 15d ago Certification Questions | LIVE AMA | Summer of CCNA 25d ago Hermes has a Home Assistant skill and it's unreal! 26d ago FREE coffee at Cisco Live (I'm giving it away) 27d ago Codex Lives In PowerShell Now 28d ago
15 loaded
AL
Alerts
12d ago · 44 items
CISA Adds One Known Exploited Vulnerability to Catalog 12d ago CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure 12d ago CISA Adds One Known Exploited Vulnerability to Catalog 14d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 15d ago CISA Adds One Known Exploited Vulnerability to Catalog 18d ago CISA Adds One Known Exploited Vulnerability to Catalog 19d ago CISA Adds Three Known Exploited Vulnerabilities to Catalog 21d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 22d ago CISA Adds One Known Exploited Vulnerability to Catalog 25d ago CISA Adds One Known Exploited Vulnerability to Catalog 27d ago CISA has added one new vulnerability to its KEV Catalog, based on evidence of active exploitation.
44 loaded
AC
All CISA Advisories
12d ago · 125 items
Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT 12d ago CISA Adds One Known Exploited Vulnerability to Catalog 12d ago Schneider Electric EasyLogic T150 and Saitel DP 12d ago AVer PTC cameras 12d ago Rockwell Automation FactoryTalk Historian Site Edition 12d ago AzeoTech DAQFactory 12d ago Schneider Electric Easergy, EcoStruxture, PowerLogic, and Saitel Products 12d ago Mitsubishi Electric MELSEC iQ-F Series 12d ago Mitsubishi Electric Co.'s MELSEC iQ-F Series FX5-ENET/IP Ethernet Module 12d ago CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure 12d ago
125 loaded
TL
The Last Watchdog
12d ago · 26 items
News alert: SpyCloud report finds phishing surge exposing employee data at Fortune 100 companies 12d ago AUSTIN, Tex., June 17, 2026, CyberNewswireŌĆōSpyCloud, the leader in identity threat protection, today released its 2026 Phishing Pulse Report, revealing that phishing attacks continue to increase in both volume and sophistication for enter... News alert: Heimdal study finds executives are more confident than frontline IT teams on AI risk 12d ago LONDON, June 17, 2026, CyberNewswire–Heimdal today published The State of AI Risk Management in 2026, a survey of 1,000 IT professionals across the United Kingdom and the United States. The report's headline finding is a divide inside the... News alert: Aembit secures Copilot Studio agents with identity-based access controls and audit trails 13d ago LAS VEGAS, June 16, 2026, CyberNewswire–Aembit on Tuesday announced support for Copilot Studio, extending its identity and access management capabilities to Microsoft's enterprise AI agent platform. The integration, unveiled at Identivers... News alert: GitGuardian adds endpoint protection as developer laptops become credential troves 13d ago NEW YORK, June 16, 2026, CyberNewswire–GitGuardian announced today that it is introducing Developer Endpoint Protection, extending its secrets and non-human identity (NHI) security platform coverage to developer workstations. After 12 mon... News alert: Varist announces AI-scale malware detection for healthcare and medical imaging 14d ago REYKJAVIK, Iceland, June 16, 2026 — Varist today introduced its DICOM Detection Engine™, a specialized system designed to safeguard electronic health records (EHR) and picture archiving and communication systems (PACS) from all known ma... News alert: Cloud security report finds fragmented tools widening the cloud complexity gap 19d ago News alert: Halo Security recognized for helping MSPs manage customers’ external attack surfaces 27d ago FIRESIDE CHAT: Deepfakes exploit human emotion, making employee reflex training essential 28d ago News alert: TVC Analyst Group names 12 vendors to watch ahead of Gartner’s security summit 32d ago GUEST ESSAY: AI pipelines are shattering network security — most companies haven’t even noticed yet 34d ago
26 loaded
M3
Microsoft 365 Blog
14d ago · 10 items
Copilot Cowork is now generally available 14d ago Copilot Cowork is now generally available worldwide, bringing secure, AI-powered automation for complex enterprise tasks in Microsoft 365. Introducing Microsoft Scout: Your always-on personal agent 27d ago Microsoft introduces a new, always-on personal agent, Microsoft Scout, integrated across the Microsoft 365 apps you use every day. Announcing the new Work IQ APIs 28d ago Build enterprise agents with Work IQ APIs for Microsoft 365—bringing business context, tools, and secure, scalable intelligence into every workflow. Introducing Microsoft 365 Business with Copilot: The new standard for small business 32d ago Meet Microsoft 365 Business with Copilot—the AI-powered solution transforming how small businesses work, collaborate, and compete. Introducing a new design for Microsoft 365 Copilot 33d ago Copilot’s redesigned experience delivers faster performance, adaptive tools, and clearer AI-powered workflows to help you easily move from intention to outcome. New and improved: Computer-using agents, a new workflows experience, and real-time voice experiences 35d ago Explore what's new in Copilot Studio, May 2026: computer-using agents are now available, plus redesigned workflows and Work IQ extensibility. New and improved: Agent governance, intelligent workflows, and connected app experiences 49d ago See what's new in Copilot Studio, April 2026: updates to workflows, more control over agent operations, and an expanded agent usage estimator. Copilot Cowork: From conversation to action across skills, integrations, and devices 56d ago Today, we’re announcing additional capabilities in Cowork to expand on what it can make possible for you. Microsoft 365 Copilot, human agency, and the opportunity for every organization 56d ago Empower your organization with Microsoft 365 Copilot—AI that bridges human potential and business outcomes for the future of work. Microsoft Agent 365, now generally available, expands capabilities and integrations 60d ago ​We’re announcing the general availability of Agent 365, plus previews of new capabilities to discover and manage shadow AI agents. Learn more.
CY
cybersecurity
18d ago · 1867 items
Any solutions we can use? 18d ago Possible targeted attack 19d ago RoguePlanet: Windows Zero-Day That Weaponizes Defender's Own Quarantine Pipeline 19d ago Facebook messenger to text 19d ago Managing Solution Agents 19d ago Nottingham University data breach affects over 450,000 students 19d ago SWGs that support 3rd party external DNS resolver 19d ago Sub:jugation - Hijacking Cloud Identities by Recycling Namespaces in Global OIDC Issuers 19d ago Chrome extensions with 10M+ installations are actively vulnerable to UXSS & UXSG 19d ago Cybersecurity researchers aren't happy about the guardrails on Anthropic's Fable | TechCrunch 19d ago
1867 loaded
HS
hacking: security in practice
19d ago · 241 items
DIY pwnagotchi-like device on esp32 19d ago Flipper Blackhat + Bjorn 19d ago Do you think AI is making hacking easier or harder 19d ago What can i do left? PSN 19d ago Proxmark5 campaign ending in less than 18 hours. 19d ago How to bypass speed queen coin slot for washer and dryer 19d ago Self-hosting stuff for when things get ugly 19d ago Malware Includes Taboo In Text To Prevent LLM Analysis 19d ago added Mac support for my corporate hacking game, demo on Steam 19d ago Catfished 20d ago
241 loaded
RE
Reverse Engineering
19d ago · 181 items
Reverse engineered BLE protocol of a $7 generic Chinese smart ring from Temu, and built an iOS app around it 19d ago [Reverse-Engineering] Skeet CS:GO source code (Gamesense) 19d ago [Reverse-Engineering] Skeet CS:GO source code (Gamesense) 19d ago Giulio Zausa's MMO-CHIP Makes Reverse Engineering Old Silicon Chips a Multiplayer Game 19d ago I built 99 adversarially malformed PE files to test tool robustness - here’s what happened 19d ago Drive Firmware Security - Phison S11 19d ago IDA 9.4 Beta | Hex-Rays Docs 19d ago Trane Tracer HVAC cybersecurity issues 20d ago 🚀 Release PyMemoryEditor v2.0 — read, write and scan the memory of any running process, in pure Python (Windows, Linux & macOS) 20d ago I reverse engineered Lofree Hypace mouse firmware flashing protocol to bypass their official web based configuration on MacOS. 20d ago
181 loaded
FB
US charges suspected Russian hacker with facilitating cyber campaign 19d ago Hawkish GOP lawmaker Don Bacon says he was hacked by Russia 19d ago Oops, I Weaponized the Database: Abusing AI Features in SQL Server 2025 19d ago GreatXML: GreatXML bitlocker bypass vulnerability 19d ago GreatXML a bitlocker that seems to only work if you ever had Defender Offline Scan 19d ago I found 23 Chrome extensions hijacking 758,000 users' searches for affiliate revenue 19d ago [Op Report] From SSA Phish to AdaptixC2: A Multi-RAT Intrusion 19d ago GhostTrace – CLI forensic scanner for Windows: 22 modules, MITRE ATT&CK mapped, read-only by default 19d ago Miasma-style supply chain attacks 19d ago On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet 19d ago
603 loaded
MA
Malware Analysis & Reports
19d ago · 115 items
I built 99 adversarially malformed PE files to test tool robustness - here’s what happened 19d ago ClickFix attack in the wild — fake Cloudflare CAPTCHA delivering obfuscated PowerShell dropper 20d ago WordPress malware in official WooCommerce theme (Kiosko): hidden admin users and corrupted sitemap 20d ago Inside the DPRK-Linked Backdoor Loitering in the VS Code Marketplace 20d ago Fake Interview deploys stealthy cross platform (macOS/Windows) through npm package install in take home assessment 21d ago 73 Microsoft GitHub repositories impacted by Miasma malware 22d ago Unauthorized Onlyfans Payment 22d ago Building A Malware Lab From Scratch Part 2! 24d ago Detecting npm Native Addon Malware: node-gyp Abuse 24d ago Microsoft Warns of GPU Cryptojacking Campaign Spread Through AI Chatbot Links 25d ago
115 loaded
WE
WeLiveSecurity
19d ago · 36 items
OceanLotus: From external espionage to domestic targeting 19d ago Unpacking SMB cyber-readiness – and what makes or breaks it 20d ago Cybercriminals: the 'auditors' you never hired 21d ago Lessons for life: Why children’s data is a long-term identity risk 27d ago This month in security with Tony Anscombe – May 2026 edition 32d ago ESET APT Activity Report Q4 2025–Q1 2026 33d ago What to consider before asking an AI chatbot for health advice 34d ago BTMOB: A stealthy RAT burrowing deep into Android devices 35d ago Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise 39d ago Webworm: New burrowing techniques 41d ago
36 loaded
SM
Microsoft Build 2026: Building agentic apps with Microsoft Fabric and Microsoft Databases 28d ago Microsoft Build 2026 highlights advancements in app development with Microsoft Fabric and Microsoft Databases, emphasizing a unified data and AI platform. Azure IaaS: Defense in depth built on secure-by-design principles 57d ago Explore how Azure IaaS uses defense in depth and secure-by-design principles to deliver layered, scalable cloud security across compute, network, and data. Enforcing trust and transparency: Open-sourcing the Azure Integrated HSM 60d ago Learn how Microsoft Azure Integrated HSM delivers hardware‑enforced key protection in the cloud, combining FIPS Level 3 assurances with transparency and open‑source collaboration. Azure IaaS: Keep critical applications running with built-in resiliency at scale 90d ago Learn how Azure IaaS helps organizations start from a resilient platform foundation with availability, continuity, and recovery capabilities. Azure IaaS: Explore new resources for building a stronger, more efficient infrastructure 118d ago Learn how Azure IaaS helps you modernize infrastructure, improve performance and resilience, optimize costs, and prepare for AI workloads. Read more. Azure reliability, resiliency, and recoverability: Build continuity by design 133d ago Learn how Azure reliability, resiliency, and recovery capabilities work together to improve cloud continuity. Read more.
SK
STÖK
37d ago · 15 items
☔️🌅 37d ago Life in the Nordics 🌲 | Foraging Blueberries, Mushrooms & Nosework Training with Our Dogs 310d ago Winter vanlife = good times 912d ago What an experience! Getting a Christmas tree from our own piece of land. #movingupnorth! 918d ago Had to much GLÖGG and lost my camera during - 13371122 - Intigriti + Visma 925d ago IS THIS THE END? 985d ago Escaping the grind and decompiling python 3.9 pyc files to find vulnerabilites 1139d ago How to turn bugs into a "passive" income stream! ft Detectify's Almroot 1380d ago HOW DID THIS HAPPEN!? (13370822 LHE VLOG) 1393d ago Q: How to write a BUG BOUNTY report that actually gets paid? 1510d ago
15 loaded
DE
DEFCONConference
62d ago · 15 items
DEF CON 34 - DEF CON Policy Announcement - Katie Noble, Heather West 62d ago DEF CON 33 - DisguiseDelimit: Exploiting Synology NAS with Delimiters and Novel Tricks - Ryan Emmon 131d ago DEF CON 33 - Browser Extension Clickjacking: One Click and Your Credit Card Is Stolen - Marek Tóth 131d ago DEF CON 33 - Can't Stop the ROP: Automating Universal ASLR Bypasses - Bramwell Brizendine 131d ago DEF CON 33 Recon Village - How to Become One of Them: Deep Cover Ops - Sean Jones, Kaloyan Ivanov 181d ago DEF CON 33 Recon Village - Inside the Shadows Tracking RaaS Groups, Cyber Threats - John Dilgen 181d ago DEF CON 33 Recon Village - Autonomous Video Hunter AI Agents for Real Time OSINT - Kevin Dela Rosa 181d ago DEF CON 33 Recon Village - A Playbook for Integration Servers - Ryan Bonner, Guðmundur Karlsson 181d ago DEF CON 33 Recon Village - Mapping the Shadow War From Estonia to Ukraine - Evgueni Erchov 181d ago DEF CON 33 Recon Village - Building Local Knowledge Graphs for OSINT - Donald Pellegrino 181d ago
15 loaded
CC
CISA Cybersecurity Advisories
70d ago · 3 items
Defending Against China-Nexus Covert Networks of Compromised Devices 70d ago Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure 85d ago U.S. organizations should review the TTPs and IOCs in this advisory for indications of current or historical activity on their networks, and apply the Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure 206d ago The authoring organizations encourage critical infrastructure organizations to implement the recommendations in this advisory to reduce the likelihood and
BA
Business Fraud at Network Scale: What the $3.5B Medicare Hospice Crisis Reveals About Know Your Business 74d ago What is Customer Due Diligence (CDD) 98d ago Why Legacy Identity Verification Can’t Stop AI-Enabled Fraud 101d ago AML, KYC and Identity Verification in Australia 110d ago When Fraud Becomes Background Noise: The Industrialization of Digital Deception 176d ago The Efficiency Era of KYC: Reverification and Reusable Identity Take Center Stage 176d ago The End of Static KYB: Business Identity in Constant Motion 176d ago Know Your Agent: The Next Chapter in Digital Trust 176d ago When Rules Move Faster Than Readiness: Regulatory Adaptability as a Competitive Advantage 176d ago Digital Identity Trends 2026: AI Fraud, Compliance, and Orchestration 195d ago
13 loaded
FP
AI in Tax Season: Risks, Scams, and How to Protect Your Data 117d ago Tax Season Scams to Watch For This Year 124d ago Beware of Misleading Tax Advice on Social Media 292d ago Each year the IRS educates taxpayers on the most trending fraud schemes that could deceive individuals and businesses during tax season. In late 2024, The IRS took to warning the public against misleading “tips” or... Scammers Up Their Game With AI 293d ago Learn how to spot the threats and protect yourself from scammers using AI for phishing and deepfakes with smart security practices. The Essential Guide to Safeguarding Your Online Passwords 371d ago Protect your personal and business data with strong passwords, two-factor authentication, and smart cybersecurity practices. Beware: Tax Season is Scam Season 482d ago Tax season is also prime time for tax scams. To safeguard your personal information, consider these key points: Communication methods The IRS initiates contact primarily through mail, not email or phone calls. Be cautious of... Stop Scams: Fraud Prevention Starts with Your Employees 495d ago You can be as proactive and protective as possible when it comes to cyber security for your business, but there’s one vulnerability you cannot eliminate: human error. In fact, statistics estimate that as much as... ‘Tis the Season for Holiday Shopping Scams 568d ago The holidays are typically the time of year for gifting presents to friends and family or donations to charity. Unfortunately, not-so-jolly fraudsters take advantage of this generosity. Protect yourself by watching for these common scams:..... IRS Issues “Dirty Dozen” Fraud Warnings 753d ago Each year, the IRS releases a “Dirty Dozen” series to highlight the most common fraud schemes taxpayers should be aware of. IRS Identity Theft Season Begins Now 882d ago Each year thieves try to steal billions in federal withholdings by stealing your identity. As the IRS focuses more attention on this quickly growing problem, now is the time of year to be extra vigilant....
LI
LiveOverflow
117d ago · 15 items
Security-driven Rapid Release - Pwn2Own Documentary (Part 4) 117d ago Firefox JIT Bug - Pwn2Own Documentary (Part 3) 120d ago The First Exploit - Pwn2Own Documentary (Part 2) 124d ago The World's Hardest Hacking Competition - Pwn2Own Documentary (Part 1) 127d ago From Zero to Zero Day (and beyond) - Life of a Hacker: Jonathan Jacobi 447d ago The German Hacking Championship 473d ago Do you know this common Go vulnerability? 487d ago Google's Mobile VRP Behind the Scenes with Kristoffer Blasiak (Hextree Podcast Ep.1) 622d ago My theory on how the webp 0day was discovered #short 638d ago My theory on how the webp 0day was discovered (BLASTPASS) 639d ago
15 loaded
HA
HackerSploit
447d ago · 15 items
How FIN6 Exfiltrates Files Over FTP 447d ago Emulating FIN6 - Active Directory Enumeration Made EASY 498d ago The SECRET to Embedding Metasploit Payloads in VBA Macros 503d ago Offensive VBA 0x4 - Reverse Shell Macro with Powercat 511d ago Offensive VBA 0x3 - Developing PowerShell Droppers 517d ago Offensive VBA 0x2 - Program & Command Execution 522d ago Offensive VBA 0x1 - Your First Macro 524d ago Emulating FIN6 - Gaining Initial Access (Office Word Macro) 529d ago FIN6 Adversary Emulation Plan (TTPs & Tooling) 533d ago Developing An Adversary Emulation Plan 533d ago
15 loaded
TH
Threatpost
1399d ago · 10 items
Student Loan Breach Exposes 2.5M Records 1399d ago 2.5 million people were affected, in a breach that could spell more trouble down the line. Watering Hole Attacks Push ScanBox Keylogger 1400d ago Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms 1401d ago Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. Ransomware Attacks are on the Rise 1404d ago Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. Cybercriminals Are Selling Access to Chinese Surveillance Cameras 1404d ago Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. Twitter Whistleblower Complaint: The TL;DR Version 1406d ago Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. Firewall Bug Under Active Attack Triggers CISA Warning 1407d ago CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP. Fake Reservation Links Prey on Weary Travelers 1408d ago Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. iPhone Users Urged to Update to Patch 2 Zero-Days 1411d ago Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. Google Patches Chrome’s Fifth Zero-Day of the Year 1412d ago An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

No matching sources found.