Loading…

Whats The Hax?

Daily intelligence on threats, breaches, and defenders

What's New

Top 5 Across All Sources

  1. Name That Toon Contest

    darkreading · 1h ago

  4. Cybersecurity Outsourcing. Beyond Cost

    Cyber Defense Magazine · 1h ago
Latest
darkreadingName That Toon ContestLatest newsAnthropic rolls out Claude Tag, your new agentic AI coworker in SlackLatest newsJune Prime Day live blog 2026: We're tracking Amazon deals on SSDs, TVs, laptops and moreCyber Defense MagazineCybersecurity Outsourcing. Beyond CostLatest newsThe Apple Watch Series 11 is our pick for the best model you can buy - and it's 30% off for Prime DayLatest newsIs Prime Day a scam? We tracked the most popular products that are actually good dealsLatest newsBest Buy gaming deals might be better than Amazon's Prime Day saleLatest newsMy favorite Prime Day deal is a Walmart+ membership for just $49 (with free Paramount+ and Peacock)Latest newsI found an Android app that makes using my phone one-handed so much easier - and it's freeKrebs on SecurityScattered Spider Hackers Plead Guilty on Day 1 of TrialLatest newsThe popular Samsung 990 Pro 2TB SSD just dropped to 42% off for Prime Day - and I'd recommend itLatest newsThe 10-step phone security tune-up you should run every year - and whyLatest news11 cheap car gadgets that upgrade your daily commute instantlyLatest newsAmazon just cut the price of the Oura Ring to 48% off, the lowest ever - and I recommend itLatest newsThe best Prime Day streaming deals: HBO Max, Apple TV, Fire TV sticks, and moreSecurityWeekData Exposure Flaws Threaten Dify AI Platform Used by 1 Million AppsBleepingComputerScattered Spider members plead guilty to hacking Transport for LondonLatest newsMeta AI Glasses vs. Meta Ray-Ban: I compared the latest models to decide if it's time to switchLatest newsThe best Prime Day robot vacuum deals I'd buy (after testing dozens of them)The Record from Recorded Future NewsCompromise kids online safety bill unveiled by House leaders, with key omissiondarkreadingName That Toon ContestLatest newsAnthropic rolls out Claude Tag, your new agentic AI coworker in SlackLatest newsJune Prime Day live blog 2026: We're tracking Amazon deals on SSDs, TVs, laptops and moreCyber Defense MagazineCybersecurity Outsourcing. Beyond CostLatest newsThe Apple Watch Series 11 is our pick for the best model you can buy - and it's 30% off for Prime DayLatest newsIs Prime Day a scam? We tracked the most popular products that are actually good dealsLatest newsBest Buy gaming deals might be better than Amazon's Prime Day saleLatest newsMy favorite Prime Day deal is a Walmart+ membership for just $49 (with free Paramount+ and Peacock)Latest newsI found an Android app that makes using my phone one-handed so much easier - and it's freeKrebs on SecurityScattered Spider Hackers Plead Guilty on Day 1 of TrialLatest newsThe popular Samsung 990 Pro 2TB SSD just dropped to 42% off for Prime Day - and I'd recommend itLatest newsThe 10-step phone security tune-up you should run every year - and whyLatest news11 cheap car gadgets that upgrade your daily commute instantlyLatest newsAmazon just cut the price of the Oura Ring to 48% off, the lowest ever - and I recommend itLatest newsThe best Prime Day streaming deals: HBO Max, Apple TV, Fire TV sticks, and moreSecurityWeekData Exposure Flaws Threaten Dify AI Platform Used by 1 Million AppsBleepingComputerScattered Spider members plead guilty to hacking Transport for LondonLatest newsMeta AI Glasses vs. Meta Ray-Ban: I compared the latest models to decide if it's time to switchLatest newsThe best Prime Day robot vacuum deals I'd buy (after testing dozens of them)The Record from Recorded Future NewsCompromise kids online safety bill unveiled by House leaders, with key omission

By Source

Feeds organized so you can skim by site.

Density Sort
DA
darkreading
1h ago · 84 items
Name That Toon Contest 1h ago ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed 10d ago Claude Fable 5 Doesn't Change the Mythos Security Story 11d ago Phishing Attack Volume Down 20%, But Risk Still Rising 11d ago Max-Severity Ivanti Flaw Exploited 24 Hours After Disclosure 11d ago Segmentation Works for OT If Operators Are Paying Attention 12d ago Chinese, N. Korean Threat Groups Build on Asia-Pacific Success 12d ago CISA Rewrites Federal Patching Requirements for AI Threat Era 12d ago Bug Bounty Research Triggers ServiceNow Security Alert 12d ago AI Risk Worries Insurers & Businesses Alike 12d ago
84 loaded
LN
Latest news
1h ago · 20 items
Anthropic rolls out Claude Tag, your new agentic AI coworker in Slack 1h ago Claude Tag could turn your Slack channels into shared spaces where an agentic coworker reads the room, joins threads, remembers context, and moves team tasks forward. Is your workplace ready? June Prime Day live blog 2026: We're tracking Amazon deals on SSDs, TVs, laptops and more 1h ago LIVE: Prime Day 2026 deals are here. Follow our live blog for real-time tracking on the lowest prices for 4K TVs, M5 MacBooks, Samsung devices, SSDs, and more tech. The Apple Watch Series 11 is our pick for the best model you can buy - and it's 30% off for Prime Day 1h ago The Apple Watch Series 11 arrived last year with a full suite of health-tracking features and an extended battery life - and it's now 30% off for the first time. Is Prime Day a scam? We tracked the most popular products that are actually good deals 1h ago We compared the price histories of the products that ZDNET experts recommend to help you find the best deals while shopping during Amazon Prime Day. Best Buy gaming deals might be better than Amazon's Prime Day sale 1h ago Disappointed in Amazon's selection of gaming deals ahead of the Prime Day 2026 sale? Best Buy has you covered. My favorite Prime Day deal is a Walmart+ membership for just $49 (with free Paramount+ and Peacock) 1h ago The best Prime Day deal is from Walmart: Save 50% on a Walmart+ membership, which includes perks like free delivery and free shipping, and your choice of included Paramount+ or Peacock. I found an Android app that makes using my phone one-handed so much easier - and it's free 1h ago Looking for the ideal accessibility app? Quick Cursor simplifies one-handed control of your Android device. Here's how it works. The popular Samsung 990 Pro 2TB SSD just dropped to 42% off for Prime Day - and I'd recommend it 1h ago Samsung's flagship 990 Pro SSD just got slashed to a near-record low price for Prime Day. Here's what to know. The 10-step phone security tune-up you should run every year - and why 1h ago Don't let the most essential device in your life become a liability. Our one-hour wellness check will keep your phone secure for another year. 11 cheap car gadgets that upgrade your daily commute instantly 1h ago Make your car feel high tech without breaking the bank. Shop our favorite Bluetooth adapters, chargers, and more.
20 loaded
CD
Cyber Defense Magazine
1h ago · 10 items
Cybersecurity Outsourcing. Beyond Cost 1h ago Inside The Rising Cyber Risk To Insurers: Why Insurance Companies Are Now Prime Targets 4h ago Supply Chain Compromise: Nintendo Vendor Breach Exposes Internal Data 5h ago Data Breach with Eastman Kodak Company 20h ago The World Cup Is Here… And So Are The Cyber Risks 1d ago Cloud Managed Services For Modern Cybersecurity To Secure Cloud 1d ago Exploring The 2025 Cyber Threat Landscape: Analysis From The IT And Food And Agriculture Sectors 2d ago The Shadow AI Paradox: Governing Innovation At Machine Speed 3d ago Innovator Spotlight: Ensemble 3d ago Innovator Spotlight: Centrii 3d ago
KO
Krebs on Security
1h ago · 10 items
Scattered Spider Hackers Plead Guilty on Day 1 of Trial 1h ago Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The ... ‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm 4d ago For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers ... Who Runs the Ransomware Group ‘The Gentlemen?’ 13d ago A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of... A Record-Breaking Patch Tuesday for June 2026 13d ago Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bug... Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts 21d ago The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how ... Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks 29d ago Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the Euro... Lawmakers Demand Answers as CISA Tries to Contain Data Leak 32d ago Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a v... Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada 32d ago Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed deni... CISA Admin Leaked AWS GovCloud Keys on Github 35d ago Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of inte... Patch Tuesday, May 2026 Edition 41d ago Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this m...
SE
SecurityWeek
1h ago · 10 items
Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps 1h ago Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks 4h ago CISO Conversations: Carl Froggett – Combining CISO and CIO at Deep Instinct 4h ago Algerian Man Extradited to US for Running Cybercrime Marketplaces 5h ago FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances 5h ago OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery 6h ago Russian Initial Access Broker Behind FortiBleed Campaign 6h ago Canadian Electricity Provider London Hydro Discloses Data Breach 7h ago Trump Signs Executive Order Accelerating Post-Quantum Cryptography Migration 8h ago Xsolis Data Breach Affects 1.4 Million Individuals 10h ago
BL
BleepingComputer
1h ago · 15 items
Scattered Spider members plead guilty to hacking Transport for London 1h ago Two members of the 'Scattered Spider' cybercrime group pleaded guilty to hacking the Transport for London (TfL) systems in 2024. The Exploit Doesn't Exist. You Can Still Prove It Works Against You 3h ago Attackers can now weaponize newly disclosed vulnerabilities far faster than most organizations can patch them. Picus Security explains how security teams can validate exploitability before a public exploit even exists. LastPass confirms data breach in Klue supply chain attack 3h ago LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in the Klue supply chain attack earlier this month. Webinar: Why email security teams are drowning in alerts 4h ago Phishing, BEC, and account takeover attacks continue to overwhelm security teams with alerts and investigations. This webinar explores how behavioral AI can help automate detection and response workflows, reducing alert fatigue and improvin... WhatsApp phishing attack uses fake business docs to hack PCs 18h ago An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access. JaredFromSubway MEV bot hacked in $15 million crypto theft 19h ago The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-detection logic by creating fake cryptocurrency trading opportunities. FFmpeg fixes PixelSmash flaw in widely used video decoder 20h ago A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under certain conditions, and can also trigger a denial-of-service condition in applications like Kodi, Emby, Nextcloud, Phot... FortiBleed campaign used custom FortiGate sniffer to steal credentials 21h ago Security firm SOCRadar says the large-scale FortiBleed campaign targeting Fortinet FortiGate devices used custom sniffers to harvest authentication secrets from compromised firewalls and steal credentials. Microsoft says Windows 11 26H2 is coming soon, details upgrade process 23h ago Microsoft has confirmed that Windows 11 version 26H2 will be the next feature update and that devices running Windows 11 24H2 and 25H2 will be able to upgrade using a small enablement package. Microsoft fixes AutoGen Studio flaw that enabled code execution 23h ago A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers manipulate an agent into executing arbitrary commands on its host system simply by visiting a malicious webpage.
15 loaded
TH
The Hacker News
1h ago · 20 items
Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents 1h ago Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration 1h ago GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns 2h ago Agentic AI: The Weapon That No Longer Needs a Warrior 5h ago Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT 8h ago WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool 11h ago OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws 13h ago ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack 23h ago 29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests 1d ago Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants 1d ago
20 loaded
HN
Help Net Security
2h ago · 10 items
What the Fortibleed campaign means for organizations running FortiGate firewalls 2h ago Analysts have pieced together the full attack chain from the FortiBleed leak, revealing a sophisticated, highly automated pipeline. New N-able feature gives IT teams visibility into AI usage across endpoints and networks 3h ago N-able launches Shadow AI Visibility, giving IT and security teams insight into AI tool usage across managed environments. Dragos unveils OT-native AI to help critical infrastructure teams prioritize threats faster 3h ago Dragos launched EmberAI, an OT-native AI that delivers OT threat intelligence and context to help analysts respond faster. Using Reddit to manipulate AI search results is surprisingly easy 3h ago Reddit comments containing as few as 13 words can influence AI research agents, highlighting growing concerns about AI search poisoning. GTA 6 early access offers are taking gamers’ crypto 6h ago GTA 6 early access offers asking for crypto are scams that deliver no game. Learn how the trick works and where to buy GTA 6 safely. Two Scattered Spider hackers plead guilty over Transport for London cyberattack 7h ago Two Scattered Spider members pleaded guilty to charges linked to the 2024 cyberattack on Transport for London. Omada Identity Sovereign targets Europe’s growing digital sovereignty demands 7h ago Omada introduced Identity Sovereign to help regulated organizations keep identity governance under European control. Hack The Box adds crisis simulations and SOC training to strengthen cyber readiness 7h ago Hack The Box expands its cyber readiness platform with SOC training, simulations, and workforce intelligence. Mavenir turns NOC knowledge into automation for autonomous networks 8h ago Mavenir launched its Agentic Service Assurance Framework to automate network operations with AI and speed autonomy. OpenAI wants AI to fix vulnerabilities, not just find them 8h ago OpenAI expanded Daybreak with Codex Security, GPT-5.5-Cyber, and Patch the Planet to help find and fix vulnerabilities.
BH
Black Hat
3h ago · 15 items
Black Hat Europe 2025 | China's Nexus APT Exploiting Ivanti Endpoint Manager Mobile 3h ago Black Hat Europe 2025 | RMPocalypse: A Catch-22 Breaking AMDs Confidential Computing 22h ago Black Hat Intercepted | James Holland, Palo Alto Networks 1d ago Black Hat Europe 2025 | Taking Over Your Amazon Account With A Kindle 1d ago Black Hat Europe 2025 | Ghosts in the Stream: Exposing Lives and Devices Behind Encrypted Doors 1d ago Black Hat Europe 2025 | Offensive Testing Of HarmonyOS NEXT Applications With Harm0nyz3r & DVHA 2d ago Black Hat Europe 2025 | Pickle Exploitation Techniques And Their Detection Using SaferPickle 2d ago Black Hat Europe 2025 | Habemus Securitas - Exploring Apple's Hidden Territories 3d ago Black Hat Europe 2025 | Low-Cost Memory Interposer Attacks On Confidential Computing 3d ago Black Hat Europe 2025 | The Fragile Lock: Novel Bypasses For SAML Authentication 4d ago
15 loaded
MS
MSRC Security Update Guide
3h ago · 20 items
CVE-2026-33840 Win32k Elevation of Privilege Vulnerability 3h ago CVE-2026-42915 Microsoft Windows VMSwitch Denial of Service Vulnerability 3h ago CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response 3d ago CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption 3d ago CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing 3d ago CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion 3d ago CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption 3d ago CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption 3d ago CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes 3d ago CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption 3d ago
20 loaded
BF
Blog – Forter
3h ago · 10 items
Can AI Agents Find, Trust, and Choose Your Brand? 3h ago IMPACT Roadshow Recap: Getting Ready for Agentic Commerce 13d ago Agent-Ready: How to Prepare Your Site for AI-Driven Commerce 19d ago Japan’s 3DS Mandate: One Year In 39d ago One-Click Refunds Are Not as Hard as You Think 48d ago Toys“R”Us Japan Implements Forter’s Fraud Management and Payment Optimization Solutions 55d ago More of What Matters: Forter’s April Product Release 56d ago If AI Agents Can’t Find You, Do You Even Exist? 56d ago Return Policy Abuse Is Theft. It’s Time to Treat It That Way. 69d ago What Is Return Abuse and Why Is It Getting Harder to Stop? 69d ago
DB
David Bombal
21h ago · 15 items
They Created a Supercomputer in a Rack? 21h ago Run WiFi Access Points in your laptop 🤯 2d ago Broken access control demo 2d ago Will this replace PoE (Power over Ethernet)? 4d ago Never look into a fiber cable! 4d ago What is Clam AV (free & open source )? 5d ago Learn Linux in 180s - history command 6d ago What is an IDOR? Google and Uber got hacked this way. 7d ago Shadow AI: What every network engineer must know 9d ago What is SNORT? Free open source IDS 10d ago
15 loaded
SA
Security - Ars Technica
21h ago · 20 items
Following user outcry, AMD reinstates memory encryption in consumer CPUs 21h ago Microsoft discovers new lightweight backdoor that steals cryptocurrency 4d ago Apple patches high-severity eavesdropping vulnerability in Beats Studio Buds 4d ago Massive breach spills credentials for thousands of sensitive networks 5d ago "Dangerous" AI models are coming no matter what 5d ago Windows and Linux users: The deadline to update Secure Boot keys is near 6d ago Critical Copilot vulnerability allowed hackers to steal 2FA code from users 7d ago Users cry foul after AMD stripped memory crypto from its consumer CPUs 7d ago PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data 10d ago Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed 13d ago
20 loaded
MS
Microsoft Security Blog
22h ago · 10 items
Guarding AI memory 22h ago What happens when threat actors target what AI remembers? Microsoft breaks down the risks and the defenses. One intrusion, two cyberattackers: Uncovering parallel threat activity 1d ago Microsoft DART uncovers dual threat actors in a single intrusion, revealing how blended tactics conceal attacks and complicate detection. Learn more. AutoJack: How a single page can RCE the host running your AI agent 4d ago AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in localhost, missing authentication, and unsafe parameter hand... New Forrester study shows customers who unified with Microsoft Security benefited from 124% ROI 4d ago New Forrester Total Economic Impact™ report shows Microsoft Security consolidation delivers ROI, lowers risk, and prepares organizations to secure AI. From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet 5d ago A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend against supply chain attacks using Microsoft Defender and actionable threat intelligence. Crypto Clipper uses Tor and worm-like propagation for persistence and control 5d ago Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, Tor-based communications, and worm-like propagation. Beyond stealing cryptocurrency transactions, the malware establ... Beyond the benchmark: Advancing security at AI speed 5d ago Read how Microsoft Security has advanced its agentic vulnerability detection system, codename MDASH, integrating into real-world workflows across Windows, Azure, and identity systems. ​​Forrester names Microsoft a Leader in the 2026 Extended Detection and Response Platforms Wave™ report 5d ago Microsoft has been named a leader for the third consecutive time in The Forrester Wave™: Extended Detection and Response Platforms, Q2 2026. AI is accelerating cyberattacks—here’s how to stay ahead 6d ago See how Microsoft unifies identity and security signals to help teams prevent, detect, and respond to AI-accelerated attacks faster. Microsoft Defender email security benchmarking: Key insights from one year of data 8d ago See how Microsoft Defender performed in one year of real-world email security benchmarking against SEG and ICES vendors.
SL
Security Latest
1d ago · 20 items
OpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s Mythos 1d ago World Cup Scams Are Getting Harder to Spot 1d ago A Critical Deadline Is Approaching for Windows and Linux Security 2d ago Hackers Claim to Leak Stolen Madison Square Garden Data 3d ago How the Peter Thiel-Linked Dialog Club Secretly Ranks Its Members 4d ago How to Watch the Knicks Parade on NYC Traffic Surveillance Cameras 5d ago The UK Will Scan Asylum-Seekers’ Faces for Age Checks—Despite Knowing the Tech Is Flawed 5d ago Leak Exposes Members of Peter Thiel’s Secretive ‘Dialog’ Society 6d ago ‘Dangerous’ AI Models Are Coming No Matter What 6d ago Meta Tapped a Pentagon Supplier to Prototype Face Recognition for Its Glasses 8d ago
20 loaded
CS
Cisco Security Advisory
1d ago · 20 items
Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities 1d ago Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a c... Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities 4d ago Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow a remote attacker to achieve remote code execution or conduct information disclosure attacks on an affected devi... Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability 6d ago A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands.... Cisco Crosswork Network Controller Server-Side Template Injection Vulnerability 6d ago A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input v... Cisco Webex App Open Redirect Vulnerability 6d ago A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer ... Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability 6d ago A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an un... Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability 6d ago May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability was disclosed in February 2026. This ... Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability 7d ago A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists... Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator Authenticated Privilege Escalation Vulnerability 10d ago A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local ... Cisco Webex Meetings Cross-Site Scripting Vulnerability 20d ago A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in the Webex Meetings serv...
20 loaded
HS
Heimdal Security Blog
1d ago · 15 items
How attackers built a RAT on a Windows machine using its own .NET compiler 1d ago In May 2026 an attacker compromised a UK medical practice endpoint without delivering a single malicious file. They used PowerShell and the .NET compiler built into Windows to build a Remcos remote access trojan on the machine itself, so si... Attacker enables RDP, creates admin, erases evidence in ten seconds 1d ago At 06:34am on 2 June 2026, an attacker logged on to a customer’s network. In a single automated burst, they switched on remote desktop and created a rogue administrator account. And deleted the evidence behind them. The intrusion reached 34... The State of AI Risk Management in 2026 7d ago There is no excerpt because this is a protected post. Heimdal Survey: Executives Four Times More Confident About AI Risk Than the Teams Managing It 8d ago New Heimdal research shows AI adoption is moving faster than security controls, exposing a confidence gap between executives and IT teams. Your Next Insider Threat May Be an AI Coworker 11d ago Heimdal sysadmin Alex Panait spent weeks testing Claude Cowork inside the company. His verdict was blunt. It felt like onboarding a junior employee with no manager, no scoped access, and no clear accountability when something goes wrong. Ex... The OSI Model and Its Two Missing Layers 11d ago Two missing layers of the OSI Model can blow up your cyber defense strategy anytime. Jayal Yadal explain what they are. Heimdal® Marks Six Years of Consecutive ISAE 3000 SOC 2 Type II Certification 15d ago Heimdal has achieved ISAE 3000 SOC 2 Type II certification for the sixth consecutive year, reflecting the company's continued focus on operational security, accountability, and data protection. AI Will Absorb 99.98% of SOC Triage Within a Year, as 79% of IT teams brace for AI-driven workload shift 42d ago Morten Kjaersgaard expects fewer than 500 of three million monthly alerts to need a human analyst in the year ahead. The role is being rebuilt around cases that warrant judgement. Top 10 Cybersecurity Companies in Europe 48d ago Over the last 10-15 years, the cybersecurity scene has gotten increasingly complex, as organizations adopt new technology and hackers evolve more innovative ways to target them. At the same time, data protection and compliance have become m... Heimdal Expands AI Strategy with AI Wingman and Third-Party AI Containment 63d ago Heimdal today unveiled the next phase of its AI strategy, expanding AI Wingman with three new layers - Assist, Triage and SOC - alongside the introduction of Third-Party AI Containment.
15 loaded
HA
Hak5
1d ago · 15 items
Miasma Worm Source Code Leaked + What NPM v12 Means for Developers | Threat Wire 1d ago 🔴 [PAYLOAD] Shark Jack Display 🦈 1d ago 🔴 [PAYLOAD] Shark Jack Display 🦈 1d ago 🔴 [PAYLOAD] Shark Jack Display 🦈 5d ago Shark Jacked my LAN 🦈 6d ago Developers React to the 105-Second Github Chain Reaction | Threat Wire 11d ago 🔴 [PAYLOAD] Shark Jack Display 🦈 12d ago Introducing Shark Jack Display 🦈 15d ago The GitHub Leak Situation Just Got Worse | Threat Wire 26d ago The Worm That Deletes Your Entire Computer | Threat Wire 32d ago
15 loaded
NA
NahamSec
1d ago · 15 items
This Hacker Got Paid $50,000+ to Break Frontier AI Models 1d ago This hacker made $500,000+ hacking google in just a few months. #hacking #bugbounty #cybersecurity 5d ago How I Made $30,000 Hacking Broken Access Control 8d ago $30K from one bug class: broken access control. Here's how 3 "lows" chain into account takeover 8d ago Content creations was both a blessing and a curse. #bugbounty 15d ago This Hacker Made $7,000 Hacking AI With One Email 15d ago How I Found My First $3,000 AI Vulnerability 22d ago This GitHub README Hijacks Your AI and Spreads Like a Virus 36d ago New video: hacking AI coding assistants and IDEs. #bugbounty #ai 36d ago The Bug Bounty Roadmap I'd Follow If I Started Over (With AI) 43d ago
15 loaded
PN
Proofpoint News Feed
1d ago · 10 items
Proofpoint Joins the OpenAI Daybreak Cyber Partner Program to Advance Responsible AI-Powered Cyber Defense 1d ago Proofpoint has been selected to participate in OpenAI Daybreak, which helps trusted cybersecurity companies integrate AI into defensive security operations. Through the OpenAI Daybreak Cyber Suspected North Korean actors use fake ‘coding assignments’ to steal crypto 14d ago China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa 19d ago Proofpoint Introduces Active Exploits Protection to Help Organizations Prioritize Vulnerability Patching for Real-World Attacks in the AI Era 27d ago New solution reduces exposure to actively exploited vulnerabilities in minutes by turning intelligence into immediate protection across primary attack paths Disrupts AI-powered exploit- Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks 32d ago Proofpoint Integrates with the Claude Compliance API to Extend Data Security and Governance to Claude 33d ago New product integrations bring data protection, insider risk detection, and governance into Claude Enterprise and Claude Platform activity Organizations gain unified visibility across Proofpoint Launches Dedicated MSP Business Unit and Introduces 365 Total Protection for North America 41d ago New MSP Platform business unit, AI-powered all-in-one Microsoft 365 protection, and Marketplace partnership with Pax8 strengthen Proofpoint’s commitment to channel and small and mid-size The spy who logged me in. 45d ago ⁠Mark Kelly⁠, Staff Threat Researcher at ⁠Proofpoint⁠, is discussing their work on "I’d come running back to EU again: TA416 resumes European government espionage campaigns." China-linked threat group TA416 has resumed large-scale phishing ... Proofpoint Establishes Innovation Precedent for Source-Agnostic Modern Enterprise Investigations 48d ago Proofpoint Prism Investigator positioned as first fully autonomous Agentic AI solution to significantly streamline investigations for highly regulated and highly AI and the New Threat Landscape | Sumit Dhawan with NightDragon | RSAC 2026 49d ago
SE
Securelist
1d ago · 10 items
A VBScript campaign distributed through WhatsApp deploying RMM software 1d ago A Kaspersky researcher analyzes a global malicious campaign that distributes VBS scripts via WhatsApp delivering a UEMS RMM agent through a multi-stage infection chain. Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk 7d ago Since late 2025, malware has been spreading rapidly through the Steam Workshop. In most cases, we caught old, familiar threats such as DarkKomet, the Lumma and Vidar infostealers. Argamal: Malware hidden in hentai games 20d ago Kaspersky researchers analyze new Argamal RAT distributed via infected hentai games and allowing the attacker to control the target machine. Wardriving assessment across Mexico: Preparing for the 2026 World Cup 21d ago In the lead-up to the 2026 FIFA World Cup, Kaspersky GReAT experts conducted a wardriving assessment in Mexico City, Monterrey, and Guadalajara to evaluate Wi-Fi hotspot security configurations and potential exposure risks. Containers on fire: from container escapes to supply chain attacks 22d ago We break down the primary attack vectors in containerized environments: exposed secrets, privilege misconfigurations, API compromise, and supply chain attacks. What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant 25d ago What are the main risks for container environments: vulnerabilities, supply chain attacks, configuration errors; how to improve container security and how Kaspersky Container Security with the KIRA AI assistant can help. Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years 26d ago Our experts continue to track attacks targeting consumers of pirated content, both books and movies. 2026 saw the discovery of new target sites with tens of millions of visitors, while the miner based on SilentCryptoMiner gained a RAT modul... Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload 32d ago The experienced Cloud Atlas group remains active, continuing to target government sectors and diplomatic entities in Russia and Belarus, employing both new and established techniques. How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102) 34d ago We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102). IT threat evolution in Q1 2026. Mobile statistics 36d ago This report contains mobile threat statistics for Q1 2026, along with noteworthy discoveries and quarterly trends: new versions of SparkCat and Triada.
IP
IppSec
3d ago · 15 items
HackTheBox - Nanocorp 3d ago HackTheBox - VariaType 10d ago HackTheBox - Facts 17d ago HackTheBox - Interpreter 24d ago HackTheBox - MonitorsFour 31d ago HackTheBox - Pterodactyl 38d ago HackTheBox - Overwatch 45d ago HackTheBox - Sorcery 59d ago HackTheBox - AirTouch 66d ago HackThebox - Eighteen 73d ago
15 loaded
JH
John Hammond
3d ago · 15 items
ContinuumCon 2026 Redux! 3d ago ContinuumCon 2026 - Day 3 8d ago ContinuumCon 2026 - Day 2 9d ago ContinuumCon 2026 - Day 1 10d ago Payload Podcast 008 - Ryan Hausknecht 11d ago JHT Course Launch! Windows Maldev 6 17d ago BIG SHOW TODAY & AI vibes 19d ago Are ANY hacking scenes actually good? 20d ago A Hacker's Way of Thinking (with Ted Harrington) 21d ago A Linux Backdoor is For Sale on the Dark Web 22d ago
15 loaded
NE
NetworkChuck
3d ago · 15 items
shadow AI is terrifying 3d ago Certification Questions | LIVE AMA | Summer of CCNA | 06/18/2026 4d ago HTTPS Doesn't Hide This From Your ISP!! 4d ago Cisco Just Showed the Future of Networking 5d ago Certification Questions | LIVE AMA | Summer of CCNA | 06/18/2026 7d ago I was wrong about VPNs 8d ago Certification Questions | LIVE AMA | Summer of CCNA 18d ago Hermes has a Home Assistant skill and it's unreal! 19d ago FREE coffee at Cisco Live (I'm giving it away) 20d ago Codex Lives In PowerShell Now 21d ago
15 loaded
TC
The Cyber Mentor
4d ago · 15 items
Soft Skills for the Job Market: Resume Writing 4d ago TCM Security Summer Sale is Here! 7d ago LIVE: 🕵️ CTF Prize Draw | Cybersecurity 12d ago Secrets to PNPT Debrief Success 14d ago TCM Security CTF Walkthrough 18d ago Top 5 Active Directory Pentesting Tools 20d ago Real Folks of Cyber | Dan Berger | Day in the Life 26d ago Soft Skills for the Job Market: Communication 32d ago LIVE: 🕵️ HTB Sherlocks! | Cybersecurity | Blue Team 40d ago A Quick Way to Prove Your Cybersecurity Skillset! 41d ago
15 loaded
RF
Recorded Future
4d ago · 20 items
FortiBleed Campaign Exposing Credentials for 73,932 FortiGate Systems 4d ago A dataset containing valid administrative and VPN credentials for tens of thousands of Fortinet FortiGate firewalls, Recorded Future recommends organizations patch their systems immediately. State Digital Surveillance Risk Landscape 6d ago Explore the state digital surveillance risk landscape. Learn how governments use spyware, AI, and network interception to monitor travelers and how to mitigate these risks. The Intelligence No One Else Has: Inside Recorded Future’s Proprietary Collection Engine 7d ago Learn how Recorded Future’s proprietary collection engine empowers organizations to move beyond reactive security. Discover the power of our four unique intelligence source types—technical, underground, community, and open-source—working to... Recorded Future Launches Impact and Metrics Dashboard 12d ago See the business value of your intelligence program in one live, continuously updated dashboard, built for the conversations that matter most with the executives who own budget and strategy. Cyber-Enabled Maritime Sanctions Evasion 12d ago Discover how Iranian and Russian shadow fleets use a vast network of fake maritime websites and fraudulent documents to evade international sanctions 2026 FIFA World Cup: What Public Safety Officials Need to Know 13d ago Prepare for the 2026 FIFA World Cup with expert analysis of the physical and cyber threat landscape. Discover key mitigation strategies for host city officials to ensure public safety China's Noncombatant Evacuation Operations: 2005–2025 13d ago Explore the Insikt Group study on 37 Chinese noncombatant evacuation operations (NEOs) from 2005–2025, revealing how China leverages SOEs and civilian resources for its overseas interests Russia’s Defense-Based Economy Risks Forcing Putin to Fight Wars 14d ago Western sanctions have tied Russia's elite patronage to the defense sector. Learn why this creates a domestic imperative for Putin to pursue perpetual war May 2026 CVE Landscape 15d ago In May 2026, Insikt Group® identified 41 high-impact vulnerabilities that should be prioritized for remediation, all of which had a Very Critical Recorded Future Risk Score. This represents a 11% increase from last month. Why Holistic Sourcing Wins: The Numbers Behind the Recorded Future Advantage 18d ago Future’s Intelligence Grap® uses holistic sourcing across 1M+ sources for complete threat intelligence and proactive defense.
20 loaded
CY
CyberScoop
4d ago · 92 items
Authorities disrupt Evil Corp’s SocGholish botnet 4d ago Cybersecurity firms, researchers and officials took down 106 servers and remediated nearly 15,000 sites that were infected with the malware. Congress tees up No FAKES Act, aiming at AI-generated deepfakes 4d ago How software development’s speed obsession enabled TeamPCP’s chaos crusade 5d ago Accenture shells out $4.18B on three companies in big industrial cybersecurity push 5d ago Attackers hit pair of critical Fortinet vulnerabilities the vendor disclosed in April 6d ago Lawmakers leery about Trump administration’s Anthropic order 6d ago AI’s constant patching treadmill can be a security problem 6d ago A case for how to shape ‘ingredient lists’ for AI models 7d ago Google exposes China espionage group that’s been lurking in networks undetected since 2023 7d ago Cybersecurity experts don’t think Anthropic’s Fable 5 presents a unique threat 8d ago
92 loaded
AL
Alerts
5d ago · 44 items
CISA Adds One Known Exploited Vulnerability to Catalog 5d ago CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure 5d ago CISA Adds One Known Exploited Vulnerability to Catalog 7d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 8d ago CISA Adds One Known Exploited Vulnerability to Catalog 11d ago CISA Adds One Known Exploited Vulnerability to Catalog 12d ago CISA Adds Three Known Exploited Vulnerabilities to Catalog 14d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 15d ago CISA Adds One Known Exploited Vulnerability to Catalog 18d ago CISA Adds One Known Exploited Vulnerability to Catalog 20d ago CISA has added one new vulnerability to its KEV Catalog, based on evidence of active exploitation.
44 loaded
AC
All CISA Advisories
5d ago · 125 items
Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT 5d ago CISA Adds One Known Exploited Vulnerability to Catalog 5d ago Schneider Electric EasyLogic T150 and Saitel DP 5d ago AVer PTC cameras 5d ago Rockwell Automation FactoryTalk Historian Site Edition 5d ago AzeoTech DAQFactory 5d ago Schneider Electric Easergy, EcoStruxture, PowerLogic, and Saitel Products 5d ago Mitsubishi Electric MELSEC iQ-F Series 5d ago Mitsubishi Electric Co.'s MELSEC iQ-F Series FX5-ENET/IP Ethernet Module 5d ago CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure 5d ago
125 loaded
WE
WeLiveSecurity
5d ago · 20 items
Killing me gently: Inside Gentlemen’s EDR killer framework 5d ago Protecting legacy OT systems against modern cyberthreats 6d ago FishMonger’s arsenal upgraded: SprySOCKS for Windows 7d ago EvilTokens: A phishing attack that doesn’t steal your password 8d ago OceanLotus: From external espionage to domestic targeting 12d ago Unpacking SMB cyber-readiness – and what makes or breaks it 13d ago Cybercriminals: the 'auditors' you never hired 14d ago Lessons for life: Why children’s data is a long-term identity risk 20d ago This month in security with Tony Anscombe – May 2026 edition 25d ago ESET APT Activity Report Q4 2025–Q1 2026 26d ago
20 loaded
TM
PeopleSoft PeopleTools Pre-Authentication RCE: A PSIGW SSRF Chain That Executes Inside the JVM 5d ago Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign 6d ago Governing Claude Enterprise in Environments Where Inline Controls Can't Go 11d ago GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026 13d ago Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open 15d ago Pwn2Own Berlin 2026: On the Ground With TrendAI™ ZDI's Biggest AI Showdown Yet 22d ago Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet 28d ago Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware 32d ago Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud 35d ago Agentic Governance: Why It Matters Now 36d ago AI agents now act inside the trust boundary with real credentials, and agentic governance is what keeps them from quietly breaking things at machine speed.
20 loaded
TL
The Last Watchdog
5d ago · 26 items
News alert: SpyCloud report finds phishing surge exposing employee data at Fortune 100 companies 5d ago AUSTIN, Tex., June 17, 2026, CyberNewswireŌĆōSpyCloud, the leader in identity threat protection, today released its 2026 Phishing Pulse Report, revealing that phishing attacks continue to increase in both volume and sophistication for enter... News alert: Heimdal study finds executives are more confident than frontline IT teams on AI risk 5d ago LONDON, June 17, 2026, CyberNewswire–Heimdal today published The State of AI Risk Management in 2026, a survey of 1,000 IT professionals across the United Kingdom and the United States. The report's headline finding is a divide inside the... News alert: Aembit secures Copilot Studio agents with identity-based access controls and audit trails 6d ago LAS VEGAS, June 16, 2026, CyberNewswire–Aembit on Tuesday announced support for Copilot Studio, extending its identity and access management capabilities to Microsoft's enterprise AI agent platform. The integration, unveiled at Identivers... News alert: GitGuardian adds endpoint protection as developer laptops become credential troves 6d ago NEW YORK, June 16, 2026, CyberNewswire–GitGuardian announced today that it is introducing Developer Endpoint Protection, extending its secrets and non-human identity (NHI) security platform coverage to developer workstations. After 12 mon... News alert: Varist announces AI-scale malware detection for healthcare and medical imaging 7d ago REYKJAVIK, Iceland, June 16, 2026 — Varist today introduced its DICOM Detection Engine™, a specialized system designed to safeguard electronic health records (EHR) and picture archiving and communication systems (PACS) from all known ma... News alert: Cloud security report finds fragmented tools widening the cloud complexity gap 12d ago News alert: Halo Security recognized for helping MSPs manage customers’ external attack surfaces 20d ago FIRESIDE CHAT: Deepfakes exploit human emotion, making employee reflex training essential 21d ago News alert: TVC Analyst Group names 12 vendors to watch ahead of Gartner’s security summit 25d ago GUEST ESSAY: AI pipelines are shattering network security — most companies haven’t even noticed yet 27d ago
26 loaded
TI
Getting a CVE Without Shipping Slop 6d ago PrizeBuzz phishing network analysis 6d ago 27 Years in the Dark: OpenBSD Fixes Ancient Remote Kernel Auth Bypass 6d ago Empty-ciphertext panic in aws-encryption-provider (CVD with AWS) 7d ago SearchLeak: How We Turned M365 Copilot Into a One-Click Data Exfiltration Weapon 8d ago Researcher accidentally gained access to a threat actor-controlled phishing website 9d ago PromptSnatcher: AdBlocker stealing Ai Chats - 90k installs 9d ago MeshCentral: From XSS to RCE 9d ago Getting the PID from random numbers in PHP 10d ago The Axios npm compromise was visible in registry metadata before anyone ran npm install 10d ago
242 loaded
M3
Microsoft 365 Blog
7d ago · 10 items
Copilot Cowork is now generally available 7d ago Copilot Cowork is now generally available worldwide, bringing secure, AI-powered automation for complex enterprise tasks in Microsoft 365. Introducing Microsoft Scout: Your always-on personal agent 20d ago Microsoft introduces a new, always-on personal agent, Microsoft Scout, integrated across the Microsoft 365 apps you use every day. Announcing the new Work IQ APIs 21d ago Build enterprise agents with Work IQ APIs for Microsoft 365—bringing business context, tools, and secure, scalable intelligence into every workflow. Introducing Microsoft 365 Business with Copilot: The new standard for small business 25d ago Meet Microsoft 365 Business with Copilot—the AI-powered solution transforming how small businesses work, collaborate, and compete. Introducing a new design for Microsoft 365 Copilot 26d ago Copilot’s redesigned experience delivers faster performance, adaptive tools, and clearer AI-powered workflows to help you easily move from intention to outcome. New and improved: Computer-using agents, a new workflows experience, and real-time voice experiences 28d ago Explore what's new in Copilot Studio, May 2026: computer-using agents are now available, plus redesigned workflows and Work IQ extensibility. New and improved: Agent governance, intelligent workflows, and connected app experiences 42d ago See what's new in Copilot Studio, April 2026: updates to workflows, more control over agent operations, and an expanded agent usage estimator. Copilot Cowork: From conversation to action across skills, integrations, and devices 49d ago Today, we’re announcing additional capabilities in Cowork to expand on what it can make possible for you. Microsoft 365 Copilot, human agency, and the opportunity for every organization 49d ago Empower your organization with Microsoft 365 Copilot—AI that bridges human potential and business outcomes for the future of work. Microsoft Agent 365, now generally available, expands capabilities and integrations 53d ago ​We’re announcing the general availability of Agent 365, plus previews of new capabilities to discover and manage shadow AI agents. Learn more.
CY
cybersecurity
11d ago · 1867 items
Any solutions we can use? 11d ago Possible targeted attack 12d ago RoguePlanet: Windows Zero-Day That Weaponizes Defender's Own Quarantine Pipeline 12d ago Facebook messenger to text 12d ago Managing Solution Agents 12d ago Nottingham University data breach affects over 450,000 students 12d ago SWGs that support 3rd party external DNS resolver 12d ago Sub:jugation - Hijacking Cloud Identities by Recycling Namespaces in Global OIDC Issuers 12d ago Chrome extensions with 10M+ installations are actively vulnerable to UXSS & UXSG 12d ago Cybersecurity researchers aren't happy about the guardrails on Anthropic's Fable | TechCrunch 12d ago
1867 loaded
HS
hacking: security in practice
12d ago · 241 items
DIY pwnagotchi-like device on esp32 12d ago Flipper Blackhat + Bjorn 12d ago Do you think AI is making hacking easier or harder 12d ago What can i do left? PSN 12d ago Proxmark5 campaign ending in less than 18 hours. 12d ago How to bypass speed queen coin slot for washer and dryer 12d ago Self-hosting stuff for when things get ugly 12d ago Malware Includes Taboo In Text To Prevent LLM Analysis 12d ago added Mac support for my corporate hacking game, demo on Steam 12d ago Catfished 13d ago
241 loaded
RE
Reverse Engineering
12d ago · 181 items
Reverse engineered BLE protocol of a $7 generic Chinese smart ring from Temu, and built an iOS app around it 12d ago [Reverse-Engineering] Skeet CS:GO source code (Gamesense) 12d ago [Reverse-Engineering] Skeet CS:GO source code (Gamesense) 12d ago Giulio Zausa's MMO-CHIP Makes Reverse Engineering Old Silicon Chips a Multiplayer Game 12d ago I built 99 adversarially malformed PE files to test tool robustness - here’s what happened 12d ago Drive Firmware Security - Phison S11 12d ago IDA 9.4 Beta | Hex-Rays Docs 12d ago Trane Tracer HVAC cybersecurity issues 13d ago 🚀 Release PyMemoryEditor v2.0 — read, write and scan the memory of any running process, in pure Python (Windows, Linux & macOS) 13d ago I reverse engineered Lofree Hypace mouse firmware flashing protocol to bypass their official web based configuration on MacOS. 13d ago
181 loaded
FB
US charges suspected Russian hacker with facilitating cyber campaign 12d ago Hawkish GOP lawmaker Don Bacon says he was hacked by Russia 12d ago Oops, I Weaponized the Database: Abusing AI Features in SQL Server 2025 12d ago GreatXML: GreatXML bitlocker bypass vulnerability 12d ago GreatXML a bitlocker that seems to only work if you ever had Defender Offline Scan 12d ago I found 23 Chrome extensions hijacking 758,000 users' searches for affiliate revenue 12d ago [Op Report] From SSA Phish to AdaptixC2: A Multi-RAT Intrusion 12d ago GhostTrace – CLI forensic scanner for Windows: 22 modules, MITRE ATT&CK mapped, read-only by default 12d ago Miasma-style supply chain attacks 12d ago On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet 12d ago
603 loaded
MA
Malware Analysis & Reports
12d ago · 115 items
I built 99 adversarially malformed PE files to test tool robustness - here’s what happened 12d ago ClickFix attack in the wild — fake Cloudflare CAPTCHA delivering obfuscated PowerShell dropper 13d ago WordPress malware in official WooCommerce theme (Kiosko): hidden admin users and corrupted sitemap 13d ago Inside the DPRK-Linked Backdoor Loitering in the VS Code Marketplace 13d ago Fake Interview deploys stealthy cross platform (macOS/Windows) through npm package install in take home assessment 14d ago 73 Microsoft GitHub repositories impacted by Miasma malware 15d ago Unauthorized Onlyfans Payment 15d ago Building A Malware Lab From Scratch Part 2! 17d ago Detecting npm Native Addon Malware: node-gyp Abuse 17d ago Microsoft Warns of GPU Cryptojacking Campaign Spread Through AI Chatbot Links 18d ago
115 loaded
WE
WeLiveSecurity
12d ago · 36 items
OceanLotus: From external espionage to domestic targeting 12d ago Unpacking SMB cyber-readiness – and what makes or breaks it 13d ago Cybercriminals: the 'auditors' you never hired 14d ago Lessons for life: Why children’s data is a long-term identity risk 20d ago This month in security with Tony Anscombe – May 2026 edition 25d ago ESET APT Activity Report Q4 2025–Q1 2026 26d ago What to consider before asking an AI chatbot for health advice 27d ago BTMOB: A stealthy RAT burrowing deep into Android devices 28d ago Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise 32d ago Webworm: New burrowing techniques 34d ago
36 loaded
SM
Microsoft Build 2026: Building agentic apps with Microsoft Fabric and Microsoft Databases 21d ago Microsoft Build 2026 highlights advancements in app development with Microsoft Fabric and Microsoft Databases, emphasizing a unified data and AI platform. Azure IaaS: Defense in depth built on secure-by-design principles 50d ago Explore how Azure IaaS uses defense in depth and secure-by-design principles to deliver layered, scalable cloud security across compute, network, and data. Enforcing trust and transparency: Open-sourcing the Azure Integrated HSM 53d ago Learn how Microsoft Azure Integrated HSM delivers hardware‑enforced key protection in the cloud, combining FIPS Level 3 assurances with transparency and open‑source collaboration. Azure IaaS: Keep critical applications running with built-in resiliency at scale 83d ago Learn how Azure IaaS helps organizations start from a resilient platform foundation with availability, continuity, and recovery capabilities. Azure IaaS: Explore new resources for building a stronger, more efficient infrastructure 111d ago Learn how Azure IaaS helps you modernize infrastructure, improve performance and resilience, optimize costs, and prepare for AI workloads. Read more. Azure reliability, resiliency, and recoverability: Build continuity by design 126d ago Learn how Azure reliability, resiliency, and recovery capabilities work together to improve cloud continuity. Read more.
SK
STÖK
30d ago · 15 items
☔️🌅 30d ago Life in the Nordics 🌲 | Foraging Blueberries, Mushrooms & Nosework Training with Our Dogs 303d ago Winter vanlife = good times 905d ago What an experience! Getting a Christmas tree from our own piece of land. #movingupnorth! 911d ago Had to much GLÖGG and lost my camera during - 13371122 - Intigriti + Visma 918d ago IS THIS THE END? 978d ago Escaping the grind and decompiling python 3.9 pyc files to find vulnerabilites 1132d ago How to turn bugs into a "passive" income stream! ft Detectify's Almroot 1373d ago HOW DID THIS HAPPEN!? (13370822 LHE VLOG) 1386d ago Q: How to write a BUG BOUNTY report that actually gets paid? 1503d ago
15 loaded
DE
DEFCONConference
55d ago · 15 items
DEF CON 34 - DEF CON Policy Announcement - Katie Noble, Heather West 55d ago DEF CON 33 - DisguiseDelimit: Exploiting Synology NAS with Delimiters and Novel Tricks - Ryan Emmon 124d ago DEF CON 33 - Browser Extension Clickjacking: One Click and Your Credit Card Is Stolen - Marek Tóth 124d ago DEF CON 33 - Can't Stop the ROP: Automating Universal ASLR Bypasses - Bramwell Brizendine 124d ago DEF CON 33 Recon Village - How to Become One of Them: Deep Cover Ops - Sean Jones, Kaloyan Ivanov 174d ago DEF CON 33 Recon Village - Inside the Shadows Tracking RaaS Groups, Cyber Threats - John Dilgen 174d ago DEF CON 33 Recon Village - Autonomous Video Hunter AI Agents for Real Time OSINT - Kevin Dela Rosa 174d ago DEF CON 33 Recon Village - A Playbook for Integration Servers - Ryan Bonner, Guðmundur Karlsson 174d ago DEF CON 33 Recon Village - Mapping the Shadow War From Estonia to Ukraine - Evgueni Erchov 174d ago DEF CON 33 Recon Village - Building Local Knowledge Graphs for OSINT - Donald Pellegrino 174d ago
15 loaded
CC
CISA Cybersecurity Advisories
63d ago · 3 items
Defending Against China-Nexus Covert Networks of Compromised Devices 63d ago Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure 78d ago U.S. organizations should review the TTPs and IOCs in this advisory for indications of current or historical activity on their networks, and apply the Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure 199d ago The authoring organizations encourage critical infrastructure organizations to implement the recommendations in this advisory to reduce the likelihood and
BA
Business Fraud at Network Scale: What the $3.5B Medicare Hospice Crisis Reveals About Know Your Business 67d ago What is Customer Due Diligence (CDD) 91d ago Why Legacy Identity Verification Can’t Stop AI-Enabled Fraud 94d ago AML, KYC and Identity Verification in Australia 103d ago When Fraud Becomes Background Noise: The Industrialization of Digital Deception 169d ago The Efficiency Era of KYC: Reverification and Reusable Identity Take Center Stage 169d ago The End of Static KYB: Business Identity in Constant Motion 169d ago Know Your Agent: The Next Chapter in Digital Trust 169d ago When Rules Move Faster Than Readiness: Regulatory Adaptability as a Competitive Advantage 169d ago Digital Identity Trends 2026: AI Fraud, Compliance, and Orchestration 188d ago
13 loaded
FP
AI in Tax Season: Risks, Scams, and How to Protect Your Data 110d ago Tax Season Scams to Watch For This Year 117d ago Beware of Misleading Tax Advice on Social Media 285d ago Each year the IRS educates taxpayers on the most trending fraud schemes that could deceive individuals and businesses during tax season. In late 2024, The IRS took to warning the public against misleading “tips” or... Scammers Up Their Game With AI 286d ago Learn how to spot the threats and protect yourself from scammers using AI for phishing and deepfakes with smart security practices. The Essential Guide to Safeguarding Your Online Passwords 364d ago Protect your personal and business data with strong passwords, two-factor authentication, and smart cybersecurity practices. Beware: Tax Season is Scam Season 475d ago Tax season is also prime time for tax scams. To safeguard your personal information, consider these key points: Communication methods The IRS initiates contact primarily through mail, not email or phone calls. Be cautious of... Stop Scams: Fraud Prevention Starts with Your Employees 488d ago You can be as proactive and protective as possible when it comes to cyber security for your business, but there’s one vulnerability you cannot eliminate: human error. In fact, statistics estimate that as much as... ‘Tis the Season for Holiday Shopping Scams 561d ago The holidays are typically the time of year for gifting presents to friends and family or donations to charity. Unfortunately, not-so-jolly fraudsters take advantage of this generosity. Protect yourself by watching for these common scams:..... IRS Issues “Dirty Dozen” Fraud Warnings 746d ago Each year, the IRS releases a “Dirty Dozen” series to highlight the most common fraud schemes taxpayers should be aware of. IRS Identity Theft Season Begins Now 875d ago Each year thieves try to steal billions in federal withholdings by stealing your identity. As the IRS focuses more attention on this quickly growing problem, now is the time of year to be extra vigilant....
LI
LiveOverflow
110d ago · 15 items
Security-driven Rapid Release - Pwn2Own Documentary (Part 4) 110d ago Firefox JIT Bug - Pwn2Own Documentary (Part 3) 113d ago The First Exploit - Pwn2Own Documentary (Part 2) 117d ago The World's Hardest Hacking Competition - Pwn2Own Documentary (Part 1) 120d ago From Zero to Zero Day (and beyond) - Life of a Hacker: Jonathan Jacobi 440d ago The German Hacking Championship 466d ago Do you know this common Go vulnerability? 480d ago Google's Mobile VRP Behind the Scenes with Kristoffer Blasiak (Hextree Podcast Ep.1) 615d ago My theory on how the webp 0day was discovered #short 631d ago My theory on how the webp 0day was discovered (BLASTPASS) 632d ago
15 loaded
HA
HackerSploit
440d ago · 15 items
How FIN6 Exfiltrates Files Over FTP 440d ago Emulating FIN6 - Active Directory Enumeration Made EASY 491d ago The SECRET to Embedding Metasploit Payloads in VBA Macros 496d ago Offensive VBA 0x4 - Reverse Shell Macro with Powercat 504d ago Offensive VBA 0x3 - Developing PowerShell Droppers 510d ago Offensive VBA 0x2 - Program & Command Execution 515d ago Offensive VBA 0x1 - Your First Macro 517d ago Emulating FIN6 - Gaining Initial Access (Office Word Macro) 522d ago FIN6 Adversary Emulation Plan (TTPs & Tooling) 526d ago Developing An Adversary Emulation Plan 526d ago
15 loaded
TH
Threatpost
1392d ago · 10 items
Student Loan Breach Exposes 2.5M Records 1392d ago 2.5 million people were affected, in a breach that could spell more trouble down the line. Watering Hole Attacks Push ScanBox Keylogger 1393d ago Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms 1394d ago Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. Ransomware Attacks are on the Rise 1397d ago Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. Cybercriminals Are Selling Access to Chinese Surveillance Cameras 1397d ago Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. Twitter Whistleblower Complaint: The TL;DR Version 1399d ago Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. Firewall Bug Under Active Attack Triggers CISA Warning 1400d ago CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP. Fake Reservation Links Prey on Weary Travelers 1401d ago Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. iPhone Users Urged to Update to Patch 2 Zero-Days 1404d ago Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. Google Patches Chrome’s Fifth Zero-Day of the Year 1405d ago An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

No matching sources found.