Loading…

Whats The Hax?

Daily intelligence on threats, breaches, and defenders

What's New

Top 5 Across All Sources

  1. Name That Toon Contest

    darkreading · 1h ago

  3. EU grants Ukraine access to cybersecurity reserve for major attacks

    The Record from Recorded Future News · 1h ago
Latest
darkreadingName That Toon ContestLatest newsEvery way your phone tracks your location - and how to stop itThe Record from Recorded Future NewsEU grants Ukraine access to cybersecurity reserve for major attacksThe Hacker NewsJunior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went OfflineCisco Security AdvisoryCisco Identity Services Engine Remote Code Execution and Information Disclosure VulnerabilitiesCisco Security AdvisoryCisco Crosswork Network Controller Server-Side Template Injection VulnerabilityCisco Security AdvisoryCisco Webex App Open Redirect VulnerabilityCisco Security AdvisoryCisco Umbrella Virtual Appliance Privilege Escalation VulnerabilityLatest newsBest early Prime Day Apple deals I found for MacBooks, iPads, AirPods, and moreJohn HammondContinuumCon 2026 Redux!Help Net SecurityLow-skilled attacker used Claude, Codex to breach 14 companiesLatest newsFirefox for Android just got 3 useful browsing features - including an ad block trackerLatest newsI was jealous of these 4 iOS 27 features - then I realized my Android phone already has themLatest newsBest early Amazon Prime Day deals under $25: Top deals on cheap gadgets I've testedLatest news5 best Prime Day Anker deals: Chargers, power stations, and more we recommend to avoid low batteryLatest newsBest early Amazon Prime Day tablet deals: Up to $300 off Samsung, Apple, and MicrosoftBleepingComputerFortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.Latest newsReMarkable Paper Pure vs. Amazon Kindle Scribe (2026): I tested the budget models - here's my pickLatest newsHow I'm using this cheap smart plug to automate tasks around the house - and it's nearly 50% offHelp Net SecurityAnother healthcare firm attacked days after Novo Nordisk breachdarkreadingName That Toon ContestLatest newsEvery way your phone tracks your location - and how to stop itThe Record from Recorded Future NewsEU grants Ukraine access to cybersecurity reserve for major attacksThe Hacker NewsJunior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went OfflineCisco Security AdvisoryCisco Identity Services Engine Remote Code Execution and Information Disclosure VulnerabilitiesCisco Security AdvisoryCisco Crosswork Network Controller Server-Side Template Injection VulnerabilityCisco Security AdvisoryCisco Webex App Open Redirect VulnerabilityCisco Security AdvisoryCisco Umbrella Virtual Appliance Privilege Escalation VulnerabilityLatest newsBest early Prime Day Apple deals I found for MacBooks, iPads, AirPods, and moreJohn HammondContinuumCon 2026 Redux!Help Net SecurityLow-skilled attacker used Claude, Codex to breach 14 companiesLatest newsFirefox for Android just got 3 useful browsing features - including an ad block trackerLatest newsI was jealous of these 4 iOS 27 features - then I realized my Android phone already has themLatest newsBest early Amazon Prime Day deals under $25: Top deals on cheap gadgets I've testedLatest news5 best Prime Day Anker deals: Chargers, power stations, and more we recommend to avoid low batteryLatest newsBest early Amazon Prime Day tablet deals: Up to $300 off Samsung, Apple, and MicrosoftBleepingComputerFortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.Latest newsReMarkable Paper Pure vs. Amazon Kindle Scribe (2026): I tested the budget models - here's my pickLatest newsHow I'm using this cheap smart plug to automate tasks around the house - and it's nearly 50% offHelp Net SecurityAnother healthcare firm attacked days after Novo Nordisk breach

By Source

Feeds organized so you can skim by site.

Density Sort
DA
darkreading
1h ago · 84 items
Name That Toon Contest 1h ago ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed 4d ago Claude Fable 5 Doesn't Change the Mythos Security Story 5d ago Phishing Attack Volume Down 20%, But Risk Still Rising 5d ago Max-Severity Ivanti Flaw Exploited 24 Hours After Disclosure 5d ago Segmentation Works for OT If Operators Are Paying Attention 6d ago Chinese, N. Korean Threat Groups Build on Asia-Pacific Success 6d ago CISA Rewrites Federal Patching Requirements for AI Threat Era 6d ago Bug Bounty Research Triggers ServiceNow Security Alert 6d ago AI Risk Worries Insurers & Businesses Alike 6d ago
84 loaded
LN
Latest news
1h ago · 20 items
Every way your phone tracks your location - and how to stop it 1h ago Your smartphone could be broadcasting your location without you knowing it. Find out how this happens and how to keep your location hidden. Best early Prime Day Apple deals I found for MacBooks, iPads, AirPods, and more 1h ago Save on top Apple devices with these early Prime Day deals, hand-selected by our reviewers. Firefox for Android just got 3 useful browsing features - including an ad block tracker 1h ago You can now arrange your tabs into organized groups, manage your settings more easily, and see which trackers Firefox has blocked. I was jealous of these 4 iOS 27 features - then I realized my Android phone already has them 1h ago If you're a believer in 'Android had it first,' wait until you see iOS 27. Best early Amazon Prime Day deals under $25: Top deals on cheap gadgets I've tested 1h ago Amazon Prime Day is coming soon, and we've rounded up all the best cheap deals on gadgets and devices. 5 best Prime Day Anker deals: Chargers, power stations, and more we recommend to avoid low battery 1h ago Prime Day 2026 is next week, but you can save up to 45% right now on our editors' favorite Anker portable power banks, multi-device chargers, and USB-C cables. Best early Amazon Prime Day tablet deals: Up to $300 off Samsung, Apple, and Microsoft 1h ago We found the best early deals on iPads, Samsung tablets, and more, ahead of Amazon's Prime Day sale later this month. ReMarkable Paper Pure vs. Amazon Kindle Scribe (2026): I tested the budget models - here's my pick 2h ago Amazon's new Kindle Scribe foregoes the front light for a more affordable $429: pitting it against the ReMarkable Paper Pure. How I'm using this cheap smart plug to automate tasks around the house - and it's nearly 50% off 2h ago Imagine turning your holiday lights, lamps, and fans on or off from anywhere in the house or outdoors for cheap. This plug - now on sale - makes it happen. This HP Omen deal knocks $700 off a serious gaming laptop before Prime Day 2h ago HP's Omen gaming laptop has dropped to $1,599, making it a great early deal for gamers on a budget.
20 loaded
TH
The Hacker News
1h ago · 20 items
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline 1h ago Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats 3h ago Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization 5h ago The Top 10 Attack Surface Exposures in 2026 6h ago 144 Mastra npm Packages Compromised via Hijacked Contributor Account 9h ago CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution 11h ago Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting 22h ago ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures 23h ago New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds 1d ago Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive 1d ago
20 loaded
CS
Cisco Security Advisory
1h ago · 20 items
Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities 1h ago Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow a remote attacker to achieve remote code execution or conduct information disclosure attacks on an affected devi... Cisco Crosswork Network Controller Server-Side Template Injection Vulnerability 1h ago A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input v... Cisco Webex App Open Redirect Vulnerability 1h ago A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer ... Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability 1h ago A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands.... Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability 23h ago A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an un... Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability 23h ago May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability was disclosed in February 2026. This ... Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability 1d ago A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists... Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator Authenticated Privilege Escalation Vulnerability 4d ago A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local ... Cisco Webex Meetings Cross-Site Scripting Vulnerability 14d ago A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in the Webex Meetings serv... Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability 14d ago A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery...
20 loaded
JH
John Hammond
1h ago · 15 items
ContinuumCon 2026 Redux! 1h ago ContinuumCon 2026 - Day 3 2d ago ContinuumCon 2026 - Day 2 3d ago ContinuumCon 2026 - Day 1 4d ago Payload Podcast 008 - Ryan Hausknecht 5d ago JHT Course Launch! Windows Maldev 6 11d ago BIG SHOW TODAY & AI vibes 13d ago Are ANY hacking scenes actually good? 14d ago A Hacker's Way of Thinking (with Ted Harrington) 15d ago A Linux Backdoor is For Sale on the Dark Web 16d ago
15 loaded
HN
Help Net Security
1h ago · 10 items
Low-skilled attacker used Claude, Codex to breach 14 companies 1h ago Researchers have long warned that AI agents could lower the skill floor for offensive cyber operations, and a recent report bears that out. Another healthcare firm attacked days after Novo Nordisk breach 2h ago iRhythm disclosed a data breach after hackers accessed third-party-hosted applications and stole patient health information. WitnessAI Agentic Control secures AI agents, tools, and MCP server access 3h ago WitnessAI Agentic Control gives enterprises visibility and governance to monitor and restrict AI agents at runtime. Tigera introduces unified control plane for Kubernetes-based AI agent security 3h ago Tigera Lynx gives enterprises unified control, security, and visibility for Kubernetes-native AI agents at scale. Rokarolla Android trojan targets banking and crypto users, enables device takeover 3h ago Rokarolla, a newly discovered Android banking trojan, uses phishing overlays and SMS theft to target financial apps. Flip expands platform with digital identity, no-code apps, and AI automation 4h ago Flip announced Frontline Identity and Flip Fusion to help organizations securely connect frontline employees to enterprise systems. Corelight enhances Open NDR to detect AI-driven threats and unknown assets 4h ago Corelight Open NDR expansion adds asset visibility and performance monitoring to help detect and respond to AI-driven threats. ArmorCode helps product manufacturers prepare for EU Cyber Resilience Act requirements 4h ago ArmorCode adds CRA compliance capabilities to help organizations manage vulnerabilities, reporting deadlines, and audits. Legit Security brings agentic AI to AppSec remediation and risk reduction 4h ago Legit Security launches AI remediation agents that prioritize risks, generate fixes, validate results, and open pull requests. Tenable One adds continuous security control validation to improve exposure prioritization 5h ago Tenable One adds continuous security control validation to identify exploitable exposures and improve risk prioritization.
BL
BleepingComputer
1h ago · 15 items
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices. 1h ago A newly discovered data leak dubbed Why Account Takeovers Are Rising and How to Stop Them 3h ago Account takeovers are rising as attackers bypass traditional defenses through phishing, session hijacking, and MFA fatigue. Specops Software explores how device trust and continuous verification help reduce account takeover risk. India's Telegram ban hit the UAE too. Here's how to get around it 3h ago India has banned Telegram until June 22 after the app was used to circulate leaked exam papers. CEO Pavel Durov accuses telecom Reliance of BGP hijacking that disrupted the app as far away as the UAE. Here's what happened, and how to get ar... Microsoft confirms Office apps launch issues after June updates 5h ago Microsoft is investigating a new issue preventing third-party applications from launching Microsoft Office applications or opening documents on up-to-date Windows systems. CISA orders feds to patch max severity Joomla plugin flaw by Friday 6h ago The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in the wild. Microsoft working on Defender patch for RoguePlanet zero-day 8h ago Microsoft confirmed that it's working on a security patch for a Defender zero-day vulnerability named Kodak confirms data breach claimed by ShinyHunters extortion gang 9h ago Kodak has confirmed that it's working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company's data. Malicious JetBrains Marketplace plugins steal AI API keys from developers 19h ago At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. New Rokarolla Android malware targets 217 banking, crypto apps 21h ago A new Android banking trojan named Rokarolla is targeting 217 banking and cryptocurrency applications using an extensive set of 137 commands. Steam Workshop abused to spread malware via Wallpaper Engine app 22h ago Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages.
15 loaded
SE
SecurityWeek
3h ago · 10 items
Webinar Today: How Modern Breaches Bypass MFA and Evade Detection 3h ago 1Password Acquires Apono in Reported $250M-$300M Deal 4h ago Tenet Security Emerges From Stealth With $6 Million Seed Funding 5h ago Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software 5h ago Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack 6h ago Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day 7h ago Oracle’s Second Monthly Security Updates Deliver 245 Patches 8h ago Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities 8h ago Joomla, LiteSpeed Vulnerabilities Exploited in Attacks 9h ago 3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs 10h ago
MS
MSRC Security Update Guide
3h ago · 20 items
CVE-2026-47636 Microsoft SharePoint Server Spoofing Vulnerability 3h ago CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability 3h ago CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability 3h ago CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability 1d ago CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability 1d ago CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability 1d ago CVE-2026-42915 Microsoft Windows VMSwitch Denial of Service Vulnerability 1d ago CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages 1d ago CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext. 1d ago Chromium: CVE-2026-11700 Use after free in Tracing 1d ago
20 loaded
CD
Cyber Defense Magazine
4h ago · 10 items
Cyber Security Market Insights & Trends Driving The Next Wave Of Protection 4h ago AI is Not Solving Cybersecurity Burnout Yet, New ISSA and Omdia Research Warns 21h ago Crypto’s Biggest Unresolved Risk Is Not Theft Of Assets, It’s The Collapse Of Identity Certainty In Financial Transactions 1d ago Could GPU-Accelerated EDR Improve The Future Of Endpoint Detection? 2d ago CMMC Is Exposing A Major Gap In The Defense Supply Chain 3d ago Zero Trust For AI In Defense Networks 4d ago Why Most Cyber Resilience Programs Fail Before The First Incident 5d ago Breaking Free Of The Cyber Insurance Market’s Moment Of Frustration 6d ago What The Cybersecurity Industry Knows And Will Not Say 7d ago Rethinking Access Governance for AI Agents 8d ago
SA
Security - Ars Technica
5h ago · 20 items
Windows and Linux users: The deadline to update Secure Boot keys is near 5h ago Critical Copilot vulnerability allowed hackers to steal 2FA code from users 1d ago Users cry foul after AMD stripped memory crypto from its consumer CPUs 1d ago PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data 4d ago Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed 7d ago High-severity vulnerability in Linux caused by a single faulty character 8d ago For the 2nd time in weeks, Microsoft packages laced with credential stealer 8d ago How a USB-connected speaker can infect a PC without ever being touched 11d ago Dashlane explains how attackers managed to download encrypted password vaults 12d ago Can't make sense of Dashlane's vault theft notification? You're not alone. 13d ago
20 loaded
TI
Getting a CVE Without Shipping Slop 13h ago PrizeBuzz phishing network analysis 16h ago 27 Years in the Dark: OpenBSD Fixes Ancient Remote Kernel Auth Bypass 20h ago Empty-ciphertext panic in aws-encryption-provider (CVD with AWS) 1d ago SearchLeak: How We Turned M365 Copilot Into a One-Click Data Exfiltration Weapon 2d ago Researcher accidentally gained access to a threat actor-controlled phishing website 3d ago PromptSnatcher: AdBlocker stealing Ai Chats - 90k installs 3d ago MeshCentral: From XSS to RCE 3d ago Getting the PID from random numbers in PHP 4d ago The Axios npm compromise was visible in registry metadata before anyone ran npm install 4d ago
242 loaded
RF
Recorded Future
17h ago · 20 items
State Digital Surveillance Risk Landscape 17h ago Explore the state digital surveillance risk landscape. Learn how governments use spyware, AI, and network interception to monitor travelers and how to mitigate these risks. The Intelligence No One Else Has: Inside Recorded Future’s Proprietary Collection Engine 1d ago Learn how Recorded Future’s proprietary collection engine empowers organizations to move beyond reactive security. Discover the power of our four unique intelligence source types—technical, underground, community, and open-source—working to... Recorded Future Launches Impact and Metrics Dashboard 6d ago See the business value of your intelligence program in one live, continuously updated dashboard, built for the conversations that matter most with the executives who own budget and strategy. Cyber-Enabled Maritime Sanctions Evasion 6d ago Discover how Iranian and Russian shadow fleets use a vast network of fake maritime websites and fraudulent documents to evade international sanctions 2026 FIFA World Cup: What Public Safety Officials Need to Know 7d ago Prepare for the 2026 FIFA World Cup with expert analysis of the physical and cyber threat landscape. Discover key mitigation strategies for host city officials to ensure public safety China's Noncombatant Evacuation Operations: 2005–2025 7d ago Explore the Insikt Group study on 37 Chinese noncombatant evacuation operations (NEOs) from 2005–2025, revealing how China leverages SOEs and civilian resources for its overseas interests Russia’s Defense-Based Economy Risks Forcing Putin to Fight Wars 8d ago Western sanctions have tied Russia's elite patronage to the defense sector. Learn why this creates a domestic imperative for Putin to pursue perpetual war May 2026 CVE Landscape 9d ago In May 2026, Insikt Group® identified 41 high-impact vulnerabilities that should be prioritized for remediation, all of which had a Very Critical Recorded Future Risk Score. This represents a 11% increase from last month. Why Holistic Sourcing Wins: The Numbers Behind the Recorded Future Advantage 12d ago Future’s Intelligence Grap® uses holistic sourcing across 1M+ sources for complete threat intelligence and proactive defense. Threats to the 2026 FIFA World Cup 13d ago Threat assessment for the 2026 FIFA World Cup (US, Mexico, Canada) covering organized crime, AI-powered cyber fraud, state espionage, and political influence operations.
20 loaded
TM
Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign 17h ago Governing Claude Enterprise in Environments Where Inline Controls Can't Go 5d ago GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026 7d ago Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open 9d ago Pwn2Own Berlin 2026: On the Ground With TrendAI™ ZDI's Biggest AI Showdown Yet 16d ago Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet 22d ago Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware 26d ago Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud 29d ago Agentic Governance: Why It Matters Now 30d ago AI agents now act inside the trust boundary with real credentials, and agentic governance is what keeps them from quietly breaking things at machine speed. Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft 35d ago
20 loaded
HA
Hak5
17h ago · 15 items
Shark Jacked my LAN 🦈 17h ago Developers React to the 105-Second Github Chain Reaction | Threat Wire 5d ago 🔴 [PAYLOAD] Shark Jack Display 🦈 6d ago Introducing Shark Jack Display 🦈 9d ago The GitHub Leak Situation Just Got Worse | Threat Wire 20d ago The JavaScript Ecosystem is Falling Apart | Threat Wire 26d ago A TL;DR on Dirty Frag #cybersecurity #threatwire @endingwithali 26d ago Google’s Silent AI Install: What They’re Hiding in Your Files #cybersecurity @endi 26d ago 🔴 [PAYLOAD REVIEW] WiFi Pineapple Pager 📟🍍 31d ago 🔴 [LIVE] Payload Review & 1M Subs! 34d ago
15 loaded
SL
Security Latest
20h ago · 20 items
Leak Exposes Members of Peter Thiel’s Secretive ‘Dialog’ Society 20h ago ‘Dangerous’ AI Models Are Coming No Matter What 23h ago Meta Tapped a Pentagon Supplier to Prototype Face Recognition for Its Glasses 2d ago The FCC Wants to Kill Burner Phones 4d ago Grok Is Still Hosting Sexualized Deepfakes of Famous Women 5d ago Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts 6d ago Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps 6d ago CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats 6d ago Trump Risks Key Surveillance Authority Over ‘Unqualified’ Spy-Chief Pick 6d ago Wrongful Arrest Exposes Failures in One of the Oldest Police Face-Recognition Tools in the US 7d ago
20 loaded
DB
David Bombal
21h ago · 15 items
Learn Linux in 180s - history command 21h ago What is an IDOR? Google and Uber got hacked this way. 1d ago Shadow AI: What every network engineer must know 3d ago What is SNORT? Free open source IDS 4d ago Why you never touch fiber optic cables (the tips) 5d ago Do YOU Need Antivirus in 2026? 8d ago Cisco's first Quantum Switch: What it means for you 8d ago WARNING: Copilot prompt injection 8d ago New CCNA Exam: Stop Memorizing and Start Labbing 10d ago Scan Your Home Network for Hidden Devices in 2026 12d ago
15 loaded
BH
Black Hat
1d ago · 15 items
Black Hat Europe 2025 | Insights From Phishing-Resistant Authentication 1d ago Black Hat Stories | Jessica Oppenheimer, Director, SOC Integrations, Splunk Security 7d ago Get One Step Ahead at Black Hat 🚀 10d ago Inside the Black Hat community 💻 12d ago Black Hat Europe 2025 | From Live Exploitation to Zero-Day Discovery: Investigating Attacks on Gogs 12d ago Black Hat Europe 2025 | Network Operations Center (NOC) Report 13d ago Black Hat Europe 2025 | Weaponizing Image Scaling Against Production AI Systems 13d ago Black Hat Europe 2025 | The Post-NVD Era: A Call for Global CVE Decentralization 13d ago Why leaders in cybersecurity keep coming back to Black Hat 13d ago Black Hat Europe 2025 | You Win Some, You CheckSum: A Kerberos Delegation Vulnerability 14d ago
15 loaded
TC
The Cyber Mentor
1d ago · 15 items
TCM Security Summer Sale is Here! 1d ago LIVE: 🕵️ CTF Prize Draw | Cybersecurity 6d ago Secrets to PNPT Debrief Success 8d ago TCM Security CTF Walkthrough 12d ago Top 5 Active Directory Pentesting Tools 14d ago Real Folks of Cyber | Dan Berger | Day in the Life 20d ago Soft Skills for the Job Market: Communication 26d ago LIVE: 🕵️ HTB Sherlocks! | Cybersecurity | Blue Team 34d ago A Quick Way to Prove Your Cybersecurity Skillset! 35d ago A Guide to LNK File Forensics 47d ago
15 loaded
CY
CyberScoop
1d ago · 85 items
A case for how to shape ‘ingredient lists’ for AI models 1d ago Google exposes China espionage group that’s been lurking in networks undetected since 2023 1d ago Cybersecurity experts don’t think Anthropic’s Fable 5 presents a unique threat 2d ago Anthropic disables new models after government calls them a national security concern 3d ago FBI takes down massive China-based cybercrime network that caused $1.9B in losses 4d ago US, France, and Italian authorities shut down massive deepfake porn site 4d ago Conti ransomware group member pleads guilty, faces up to 20 years in prison 4d ago ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw 5d ago CyberCorps is adapting to AI. The budget isn’t keeping up. 5d ago Russian national charged in connection with Void Blizzard espionage campaign 5d ago
85 loaded
NE
NetworkChuck
1d ago · 15 items
Certification Questions | LIVE AMA | Summer of CCNA | 06/18/2026 1d ago Should you use a VPN in 2026? 2d ago Certification Questions | LIVE AMA | Summer of CCNA 12d ago Hermes has a Home Assistant skill and it's unreal! 13d ago FREE coffee at Cisco Live (I'm giving it away) 14d ago Codex Lives In PowerShell Now 15d ago I'm Moderating My First Panel… Come see me at Cisco Live 15d ago Switching back to Windows?!? 15d ago Who actually owns the AI in your company? 18d ago Hermes wasn’t built to compete. It was built to WORK. 20d ago
15 loaded
AL
Alerts
1d ago · 20 items
CISA Adds One Known Exploited Vulnerability to Catalog 1d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 2d ago CISA Adds One Known Exploited Vulnerability to Catalog 5d ago CISA Adds One Known Exploited Vulnerability to Catalog 6d ago CISA Adds Three Known Exploited Vulnerabilities to Catalog 8d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 9d ago CISA Adds One Known Exploited Vulnerability to Catalog 12d ago CISA Adds One Known Exploited Vulnerability to Catalog 14d ago CISA has added one new vulnerability to its KEV Catalog, based on evidence of active exploitation. CISA Adds Two Known Exploited Vulnerabilities to Catalog 15d ago CISA has added two new vulnerabilities to its KEV Catalog, based on evidence of active exploitation. CISA Adds One Known Exploited Vulnerability to Catalog 16d ago CISA has added one new vulnerability to its KEV Catalog based on evidence of active exploitation.
20 loaded
AC
All CISA Advisories
1d ago · 20 items
Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP 1d ago Rockwell Automation RSLinx 1d ago Rockwell Automation FLEX I/O EtherNet/IP Adapters 1d ago Rockwell Automation FactoryTalk Analytics PavilionX 1d ago CISA Adds One Known Exploited Vulnerability to Catalog 1d ago Rockwell Automation CompactLogix 1d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 2d ago CISA Adds One Known Exploited Vulnerability to Catalog 5d ago Yarbo Android/iOS Mobile Application and Cloud Infrastructure 6d ago CISA Adds One Known Exploited Vulnerability to Catalog 6d ago
20 loaded
SE
Securelist
1d ago · 10 items
Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk 1d ago Since late 2025, malware has been spreading rapidly through the Steam Workshop. In most cases, we caught old, familiar threats such as DarkKomet, the Lumma and Vidar infostealers. Argamal: Malware hidden in hentai games 14d ago Kaspersky researchers analyze new Argamal RAT distributed via infected hentai games and allowing the attacker to control the target machine. Wardriving assessment across Mexico: Preparing for the 2026 World Cup 15d ago In the lead-up to the 2026 FIFA World Cup, Kaspersky GReAT experts conducted a wardriving assessment in Mexico City, Monterrey, and Guadalajara to evaluate Wi-Fi hotspot security configurations and potential exposure risks. Containers on fire: from container escapes to supply chain attacks 16d ago We break down the primary attack vectors in containerized environments: exposed secrets, privilege misconfigurations, API compromise, and supply chain attacks. What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant 19d ago What are the main risks for container environments: vulnerabilities, supply chain attacks, configuration errors; how to improve container security and how Kaspersky Container Security with the KIRA AI assistant can help. Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years 20d ago Our experts continue to track attacks targeting consumers of pirated content, both books and movies. 2026 saw the discovery of new target sites with tens of millions of visitors, while the miner based on SilentCryptoMiner gained a RAT modul... Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload 26d ago The experienced Cloud Atlas group remains active, continuing to target government sectors and diplomatic entities in Russia and Belarus, employing both new and established techniques. How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102) 28d ago We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102). IT threat evolution in Q1 2026. Mobile statistics 30d ago This report contains mobile threat statistics for Q1 2026, along with noteworthy discoveries and quarterly trends: new versions of SparkCat and Triada. IT threat evolution in Q1 2026. Non-mobile statistics 30d ago The report presents key trends and statistics on malware that targeted personal computers running Windows and macOS, as well as Internet of Things (IoT) devices, during Q1 2026.
WE
WeLiveSecurity
1d ago · 20 items
FishMonger’s arsenal upgraded: SprySOCKS for Windows 1d ago EvilTokens: A phishing attack that doesn’t steal your password 2d ago OceanLotus: From external espionage to domestic targeting 6d ago Unpacking SMB cyber-readiness – and what makes or breaks it 7d ago Cybercriminals: the 'auditors' you never hired 8d ago Lessons for life: Why children’s data is a long-term identity risk 14d ago This month in security with Tony Anscombe – May 2026 edition 19d ago ESET APT Activity Report Q4 2025–Q1 2026 20d ago What to consider before asking an AI chatbot for health advice 21d ago BTMOB: A stealthy RAT burrowing deep into Android devices 22d ago
20 loaded
HS
Heimdal Security Blog
1d ago · 15 items
The State of AI Risk Management in 2026 1d ago There is no excerpt because this is a protected post. Your Next Insider Threat May Be an AI Coworker 5d ago Heimdal sysadmin Alex Panait spent weeks testing Claude Cowork inside the company. His verdict was blunt. It felt like onboarding a junior employee with no manager, no scoped access, and no clear accountability when something goes wrong. Ex... The OSI Model and Its Two Missing Layers 5d ago Two missing layers of the OSI Model can blow up your cyber defense strategy anytime. Jayal Yadal explain what they are. Heimdal® Marks Six Years of Consecutive ISAE 3000 SOC 2 Type II Certification 9d ago Heimdal has achieved ISAE 3000 SOC 2 Type II certification for the sixth consecutive year, reflecting the company's continued focus on operational security, accountability, and data protection. AI Will Absorb 99.98% of SOC Triage Within a Year, as 79% of IT teams brace for AI-driven workload shift 36d ago Morten Kjaersgaard expects fewer than 500 of three million monthly alerts to need a human analyst in the year ahead. The role is being rebuilt around cases that warrant judgement. Top 10 Cybersecurity Companies in Europe 42d ago Over the last 10-15 years, the cybersecurity scene has gotten increasingly complex, as organizations adopt new technology and hackers evolve more innovative ways to target them. At the same time, data protection and compliance have become m... Heimdal Expands AI Strategy with AI Wingman and Third-Party AI Containment 57d ago Heimdal today unveiled the next phase of its AI strategy, expanding AI Wingman with three new layers - Assist, Triage and SOC - alongside the introduction of Third-Party AI Containment. You Only Know What You’ve Got When Its Gone 82d ago Prepare for the expected. Rehearse an action plan in case of technology failure or cyberattacks. We all know they can happen. Nordic MSPs Can Now Access Heimdal’s Unified Security and Compliance Platform Through Elovade 91d ago Heimdal has appointed Elovade as its official distributor in the Nordic region. The move gives MSPs and resellers across Sweden, Norway, Denmark, Iceland, and Finland direct access to Heimdal's consolidated cybersecurity platform through a ... OpenClaw Incidents Show Why AI Adoption Pressure Puts Companies at Risk 104d ago The OpenClaw security failures show how hasty AI adoption can expose businesses and supply chains to major cyber risk.
15 loaded
MS
Microsoft Security Blog
2d ago · 10 items
Microsoft Defender email security benchmarking: Key insights from one year of data 2d ago See how Microsoft Defender performed in one year of real-world email security benchmarking against SEG and ICES vendors. Turn specs into evals for any agent with ASSERT 7d ago Reconstructing AI activity in investigations 7d ago Learn how to investigate AI activity in Microsoft 365 Copilot and Azure AI services using a structured, telemetry-driven approach. This playbook helps security teams reconstruct events, assess data exposure, and detect potential threats fas... AI brands as bait: How threat actors are using the AI hype in social engineering 9d ago As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure. Securing CI/CD in an agentic world: Claude Code Github action case 12d ago Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific conditions. This research examines the attack chain, responsible disclosure process, Ant... Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us 12d ago A surge in real-world attacks against agentic AI systems is reshaping how we think about risk. Based on 12 months of red teaming, this update introduces seven new failure modes, from supply chain compromise to goal hijacking, and the practi... Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign 14d ago A large-scale npm supply chain attack compromised over 90 versions of @redhat-cloud-services packages, silently infecting CI/CD environments and developer systems. The malicious code steals credentials from GitHub, cloud platforms, and loca... Microsoft Build 2026: Securing code, agents, and models across the development lifecycle 14d ago Discover how Microsoft enables fast, secure AI development with MDASH and new security capabilities. Malicious npm packages abuse dependency confusion to profile developer environments 18d ago A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and detection opportunities to help organiz... Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection 19d ago Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection.
NA
NahamSec
2d ago · 15 items
How I Made $30,000 Hacking Broken Access Control 2d ago $30K from one bug class: broken access control. Here's how 3 "lows" chain into account takeover 2d ago Content creations was both a blessing and a curse. #bugbounty 9d ago This Hacker Made $7,000 Hacking AI With One Email 9d ago How I Found My First $3,000 AI Vulnerability 16d ago This GitHub README Hijacks Your AI and Spreads Like a Virus 30d ago New video: hacking AI coding assistants and IDEs. #bugbounty #ai 30d ago The Bug Bounty Roadmap I'd Follow If I Started Over (With AI) 37d ago Is the AI hype helping or killing your bug bounty dreams? #hacking #bugbounty 37d ago Stop Using AI Connectors Until You Watch This 44d ago
15 loaded
IP
IppSec
4d ago · 15 items
HackTheBox - VariaType 4d ago HackTheBox - Facts 11d ago HackTheBox - Interpreter 18d ago HackTheBox - MonitorsFour 25d ago HackTheBox - Pterodactyl 32d ago HackTheBox - Overwatch 39d ago HackTheBox - Sorcery 53d ago HackTheBox - AirTouch 60d ago HackThebox - Eighteen 67d ago HackTheBox - DarkZero 74d ago
15 loaded
CY
cybersecurity
5d ago · 1867 items
Any solutions we can use? 5d ago Possible targeted attack 6d ago RoguePlanet: Windows Zero-Day That Weaponizes Defender's Own Quarantine Pipeline 6d ago Facebook messenger to text 6d ago Managing Solution Agents 6d ago Nottingham University data breach affects over 450,000 students 6d ago SWGs that support 3rd party external DNS resolver 6d ago Sub:jugation - Hijacking Cloud Identities by Recycling Namespaces in Global OIDC Issuers 6d ago Chrome extensions with 10M+ installations are actively vulnerable to UXSS & UXSG 6d ago Cybersecurity researchers aren't happy about the guardrails on Anthropic's Fable | TechCrunch 6d ago
1867 loaded
HS
hacking: security in practice
6d ago · 241 items
DIY pwnagotchi-like device on esp32 6d ago Flipper Blackhat + Bjorn 6d ago Do you think AI is making hacking easier or harder 6d ago What can i do left? PSN 6d ago Proxmark5 campaign ending in less than 18 hours. 6d ago How to bypass speed queen coin slot for washer and dryer 6d ago Self-hosting stuff for when things get ugly 6d ago Malware Includes Taboo In Text To Prevent LLM Analysis 6d ago added Mac support for my corporate hacking game, demo on Steam 6d ago Catfished 7d ago
241 loaded
RE
Reverse Engineering
6d ago · 181 items
Reverse engineered BLE protocol of a $7 generic Chinese smart ring from Temu, and built an iOS app around it 6d ago [Reverse-Engineering] Skeet CS:GO source code (Gamesense) 6d ago [Reverse-Engineering] Skeet CS:GO source code (Gamesense) 6d ago Giulio Zausa's MMO-CHIP Makes Reverse Engineering Old Silicon Chips a Multiplayer Game 6d ago I built 99 adversarially malformed PE files to test tool robustness - here’s what happened 6d ago Drive Firmware Security - Phison S11 6d ago IDA 9.4 Beta | Hex-Rays Docs 6d ago Trane Tracer HVAC cybersecurity issues 7d ago 🚀 Release PyMemoryEditor v2.0 — read, write and scan the memory of any running process, in pure Python (Windows, Linux & macOS) 7d ago I reverse engineered Lofree Hypace mouse firmware flashing protocol to bypass their official web based configuration on MacOS. 7d ago
181 loaded
FB
US charges suspected Russian hacker with facilitating cyber campaign 6d ago Hawkish GOP lawmaker Don Bacon says he was hacked by Russia 6d ago Oops, I Weaponized the Database: Abusing AI Features in SQL Server 2025 6d ago GreatXML: GreatXML bitlocker bypass vulnerability 6d ago GreatXML a bitlocker that seems to only work if you ever had Defender Offline Scan 6d ago I found 23 Chrome extensions hijacking 758,000 users' searches for affiliate revenue 6d ago [Op Report] From SSA Phish to AdaptixC2: A Multi-RAT Intrusion 6d ago GhostTrace – CLI forensic scanner for Windows: 22 modules, MITRE ATT&CK mapped, read-only by default 6d ago Miasma-style supply chain attacks 6d ago On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet 6d ago
603 loaded
MA
Malware Analysis & Reports
6d ago · 115 items
I built 99 adversarially malformed PE files to test tool robustness - here’s what happened 6d ago ClickFix attack in the wild — fake Cloudflare CAPTCHA delivering obfuscated PowerShell dropper 7d ago WordPress malware in official WooCommerce theme (Kiosko): hidden admin users and corrupted sitemap 7d ago Inside the DPRK-Linked Backdoor Loitering in the VS Code Marketplace 7d ago Fake Interview deploys stealthy cross platform (macOS/Windows) through npm package install in take home assessment 8d ago 73 Microsoft GitHub repositories impacted by Miasma malware 9d ago Unauthorized Onlyfans Payment 9d ago Building A Malware Lab From Scratch Part 2! 11d ago Detecting npm Native Addon Malware: node-gyp Abuse 11d ago Microsoft Warns of GPU Cryptojacking Campaign Spread Through AI Chatbot Links 12d ago
115 loaded
WE
WeLiveSecurity
6d ago · 36 items
OceanLotus: From external espionage to domestic targeting 6d ago Unpacking SMB cyber-readiness – and what makes or breaks it 7d ago Cybercriminals: the 'auditors' you never hired 8d ago Lessons for life: Why children’s data is a long-term identity risk 14d ago This month in security with Tony Anscombe – May 2026 edition 19d ago ESET APT Activity Report Q4 2025–Q1 2026 20d ago What to consider before asking an AI chatbot for health advice 21d ago BTMOB: A stealthy RAT burrowing deep into Android devices 22d ago Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise 26d ago Webworm: New burrowing techniques 28d ago
36 loaded
TL
The Last Watchdog
6d ago · 21 items
News alert: Cloud security report finds fragmented tools widening the cloud complexity gap 6d ago News alert: Halo Security recognized for helping MSPs manage customers’ external attack surfaces 14d ago FIRESIDE CHAT: Deepfakes exploit human emotion, making employee reflex training essential 15d ago News alert: TVC Analyst Group names 12 vendors to watch ahead of Gartner’s security summit 19d ago GUEST ESSAY: AI pipelines are shattering network security — most companies haven’t even noticed yet 21d ago GUEST ESSAY: AI can speed up communication, but it can also weaken human connection 28d ago The first warning sign came on stage. Related: Carol Sturka declares her agency I had turned to ChatGPT to help organize research notes for an upcoming keynote. I was pressed for time and wanted help spotting patterns I might have missed. T... News alert: Orchid Security study finds invisible identities now outnumber managed accounts 28d ago NEW YORK, May 19, 2026, CyberNewswireŌĆöOrchid Security, the company solving identity at its core, today released its Identity Gap: 2026 Snapshot report, revealing that the majority of enterprise identity now exists outside the view of iden... MY TAKE: AI agents force a rethink of enterprise service lines as vendors move up the tech stack 30d ago ORLANDO — Companies are pulling AI agents into their daily operations through a dozen side doors. Related: SaaS and AI agents converge One of them was in focus at KB4-CON, KnowBe4’s annual customer conference at the Marriott World Cente... LW ROUNDTABLE: Microsoft Edge normalizes credential exposure — security pros push back 35d ago By design. Two words that have done an awful lot of heavy lifting in the cybersecurity industry over the years. They tend to surface whenever a vendor wants to wave off a serious finding without fixing it. Related: The unending password pro... FIRESIDE CHAT: Cyber insurers deepen SMB security role as supply chain attacks spread 36d ago The cyber insurance industry set out to manage financial risk. Along the way, it has quietly became the security operations provider for a significant share of American small businesses. An $11 billion acquisition agreement announced earlie...
21 loaded
BF
Blog – Forter
7d ago · 10 items
IMPACT Roadshow Recap: Getting Ready for Agentic Commerce 7d ago Agent-Ready: How to Prepare Your Site for AI-Driven Commerce 13d ago Japan’s 3DS Mandate: One Year In 33d ago One-Click Refunds Are Not as Hard as You Think 42d ago Toys“R”Us Japan Implements Forter’s Fraud Management and Payment Optimization Solutions 49d ago More of What Matters: Forter’s April Product Release 50d ago If AI Agents Can’t Find You, Do You Even Exist? 50d ago Return Policy Abuse Is Theft. It’s Time to Treat It That Way. 63d ago What Is Return Abuse and Why Is It Getting Harder to Stop? 63d ago Return Abuse Prevention Starts with the Person, Not the Policy 63d ago
KO
Krebs on Security
7d ago · 10 items
Who Runs the Ransomware Group ‘The Gentlemen?’ 7d ago A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of... A Record-Breaking Patch Tuesday for June 2026 7d ago Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bug... Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts 15d ago The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how ... Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks 23d ago Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the Euro... Lawmakers Demand Answers as CISA Tries to Contain Data Leak 26d ago Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a v... Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada 26d ago Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed deni... CISA Admin Leaked AWS GovCloud Keys on Github 29d ago Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of inte... Patch Tuesday, May 2026 Edition 35d ago Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this m... Canvas Breach Disrupts Schools & Colleges Nationwide 40d ago An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the servi... Anti-DDoS Firm Heaped Attacks on Brazilian ISPs 48d ago A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazi...
PN
Proofpoint News Feed
8d ago · 10 items
Suspected North Korean actors use fake ‘coding assignments’ to steal crypto 8d ago China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa 13d ago Proofpoint Introduces Active Exploits Protection to Help Organizations Prioritize Vulnerability Patching for Real-World Attacks in the AI Era 21d ago New solution reduces exposure to actively exploited vulnerabilities in minutes by turning intelligence into immediate protection across primary attack paths Disrupts AI-powered exploit- Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks 26d ago Proofpoint Integrates with the Claude Compliance API to Extend Data Security and Governance to Claude 27d ago New product integrations bring data protection, insider risk detection, and governance into Claude Enterprise and Claude Platform activity Organizations gain unified visibility across Proofpoint Launches Dedicated MSP Business Unit and Introduces 365 Total Protection for North America 35d ago New MSP Platform business unit, AI-powered all-in-one Microsoft 365 protection, and Marketplace partnership with Pax8 strengthen Proofpoint’s commitment to channel and small and mid-size The spy who logged me in. 39d ago ⁠Mark Kelly⁠, Staff Threat Researcher at ⁠Proofpoint⁠, is discussing their work on "I’d come running back to EU again: TA416 resumes European government espionage campaigns." China-linked threat group TA416 has resumed large-scale phishing ... Proofpoint Establishes Innovation Precedent for Source-Agnostic Modern Enterprise Investigations 42d ago Proofpoint Prism Investigator positioned as first fully autonomous Agentic AI solution to significantly streamline investigations for highly regulated and highly AI and the New Threat Landscape | Sumit Dhawan with NightDragon | RSAC 2026 43d ago The Most Powerful Women Of The Channel 2026: Power 100 44d ago The Power 100 is culled from the ranks of CRN’s 2026 Women of the Channel and spotlights the female executives at vendors and distributors whose insight and influence help drive channel success.
M3
Microsoft 365 Blog
14d ago · 10 items
Introducing Microsoft Scout: Your always-on personal agent 14d ago Microsoft introduces a new, always-on personal agent, Microsoft Scout, integrated across the Microsoft 365 apps you use every day. Announcing the new Work IQ APIs 15d ago Build enterprise agents with Work IQ APIs for Microsoft 365—bringing business context, tools, and secure, scalable intelligence into every workflow. Introducing Microsoft 365 Business with Copilot: The new standard for small business 19d ago Meet Microsoft 365 Business with Copilot—the AI-powered solution transforming how small businesses work, collaborate, and compete. Introducing a new design for Microsoft 365 Copilot 20d ago Copilot’s redesigned experience delivers faster performance, adaptive tools, and clearer AI-powered workflows to help you easily move from intention to outcome. New and improved: Computer-using agents, a new workflows experience, and real-time voice experiences 22d ago Explore what's new in Copilot Studio, May 2026: computer-using agents are now available, plus redesigned workflows and Work IQ extensibility. New and improved: Agent governance, intelligent workflows, and connected app experiences 36d ago See what's new in Copilot Studio, April 2026: updates to workflows, more control over agent operations, and an expanded agent usage estimator. Copilot Cowork: From conversation to action across skills, integrations, and devices 43d ago Today, we’re announcing additional capabilities in Cowork to expand on what it can make possible for you. Microsoft 365 Copilot, human agency, and the opportunity for every organization 43d ago Empower your organization with Microsoft 365 Copilot—AI that bridges human potential and business outcomes for the future of work. Microsoft Agent 365, now generally available, expands capabilities and integrations 47d ago ​We’re announcing the general availability of Agent 365, plus previews of new capabilities to discover and manage shadow AI agents. Learn more. Copilot’s agentic capabilities in Word, Excel, and PowerPoint are generally available 55d ago Copilot's newest features are now generally available as the default experience across all Microsoft 365 subscriptions.
SM
Microsoft Build 2026: Building agentic apps with Microsoft Fabric and Microsoft Databases 15d ago Microsoft Build 2026 highlights advancements in app development with Microsoft Fabric and Microsoft Databases, emphasizing a unified data and AI platform. Azure IaaS: Defense in depth built on secure-by-design principles 44d ago Explore how Azure IaaS uses defense in depth and secure-by-design principles to deliver layered, scalable cloud security across compute, network, and data. Enforcing trust and transparency: Open-sourcing the Azure Integrated HSM 47d ago Learn how Microsoft Azure Integrated HSM delivers hardware‑enforced key protection in the cloud, combining FIPS Level 3 assurances with transparency and open‑source collaboration. Azure IaaS: Keep critical applications running with built-in resiliency at scale 77d ago Learn how Azure IaaS helps organizations start from a resilient platform foundation with availability, continuity, and recovery capabilities. Azure IaaS: Explore new resources for building a stronger, more efficient infrastructure 105d ago Learn how Azure IaaS helps you modernize infrastructure, improve performance and resilience, optimize costs, and prepare for AI workloads. Read more. Azure reliability, resiliency, and recoverability: Build continuity by design 120d ago Learn how Azure reliability, resiliency, and recovery capabilities work together to improve cloud continuity. Read more.
SK
STÖK
24d ago · 15 items
☔️🌅 24d ago Life in the Nordics 🌲 | Foraging Blueberries, Mushrooms & Nosework Training with Our Dogs 297d ago Winter vanlife = good times 899d ago What an experience! Getting a Christmas tree from our own piece of land. #movingupnorth! 905d ago Had to much GLÖGG and lost my camera during - 13371122 - Intigriti + Visma 912d ago IS THIS THE END? 972d ago Escaping the grind and decompiling python 3.9 pyc files to find vulnerabilites 1126d ago How to turn bugs into a "passive" income stream! ft Detectify's Almroot 1367d ago HOW DID THIS HAPPEN!? (13370822 LHE VLOG) 1380d ago Q: How to write a BUG BOUNTY report that actually gets paid? 1497d ago
15 loaded
DE
DEFCONConference
49d ago · 15 items
DEF CON 34 - DEF CON Policy Announcement - Katie Noble, Heather West 49d ago DEF CON 33 - DisguiseDelimit: Exploiting Synology NAS with Delimiters and Novel Tricks - Ryan Emmon 118d ago DEF CON 33 - Browser Extension Clickjacking: One Click and Your Credit Card Is Stolen - Marek Tóth 118d ago DEF CON 33 - Can't Stop the ROP: Automating Universal ASLR Bypasses - Bramwell Brizendine 118d ago DEF CON 33 Recon Village - How to Become One of Them: Deep Cover Ops - Sean Jones, Kaloyan Ivanov 168d ago DEF CON 33 Recon Village - Inside the Shadows Tracking RaaS Groups, Cyber Threats - John Dilgen 168d ago DEF CON 33 Recon Village - Autonomous Video Hunter AI Agents for Real Time OSINT - Kevin Dela Rosa 168d ago DEF CON 33 Recon Village - A Playbook for Integration Servers - Ryan Bonner, Guðmundur Karlsson 168d ago DEF CON 33 Recon Village - Mapping the Shadow War From Estonia to Ukraine - Evgueni Erchov 168d ago DEF CON 33 Recon Village - Building Local Knowledge Graphs for OSINT - Donald Pellegrino 168d ago
15 loaded
CC
CISA Cybersecurity Advisories
57d ago · 10 items
Defending Against China-Nexus Covert Networks of Compromised Devices 57d ago Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure 72d ago U.S. organizations should review the TTPs and IOCs in this advisory for indications of current or historical activity on their networks, and apply the Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure 193d ago The authoring organizations encourage critical infrastructure organizations to implement the recommendations in this advisory to reduce the likelihood and CISA Shares Lessons Learned from an Incident Response Engagement 268d ago Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System 296d ago The authoring agencies strongly urge network defenders to hunt for malicious activity and to apply the mitigations in this CSA to reduce the threat of Chinese CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization 322d ago #StopRansomware: Interlock 331d ago Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider 370d ago CISA urges software vendors, downstream customers, and end users to immediately implement the Mitigations listed in this advisory based on confirmed compromise Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations 392d ago Russian GRU Targeting Western Logistics Entities and Technology Companies 401d ago Executives and network defenders should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and IOCs
BA
Business Fraud at Network Scale: What the $3.5B Medicare Hospice Crisis Reveals About Know Your Business 61d ago What is Customer Due Diligence (CDD) 85d ago Why Legacy Identity Verification Can’t Stop AI-Enabled Fraud 88d ago AML, KYC and Identity Verification in Australia 97d ago When Fraud Becomes Background Noise: The Industrialization of Digital Deception 163d ago The Efficiency Era of KYC: Reverification and Reusable Identity Take Center Stage 163d ago The End of Static KYB: Business Identity in Constant Motion 163d ago Know Your Agent: The Next Chapter in Digital Trust 163d ago When Rules Move Faster Than Readiness: Regulatory Adaptability as a Competitive Advantage 163d ago Digital Identity Trends 2026: AI Fraud, Compliance, and Orchestration 182d ago
13 loaded
FP
AI in Tax Season: Risks, Scams, and How to Protect Your Data 104d ago Tax Season Scams to Watch For This Year 111d ago Beware of Misleading Tax Advice on Social Media 279d ago Each year the IRS educates taxpayers on the most trending fraud schemes that could deceive individuals and businesses during tax season. In late 2024, The IRS took to warning the public against misleading “tips” or... Scammers Up Their Game With AI 280d ago Learn how to spot the threats and protect yourself from scammers using AI for phishing and deepfakes with smart security practices. The Essential Guide to Safeguarding Your Online Passwords 358d ago Protect your personal and business data with strong passwords, two-factor authentication, and smart cybersecurity practices. Beware: Tax Season is Scam Season 469d ago Tax season is also prime time for tax scams. To safeguard your personal information, consider these key points: Communication methods The IRS initiates contact primarily through mail, not email or phone calls. Be cautious of... Stop Scams: Fraud Prevention Starts with Your Employees 482d ago You can be as proactive and protective as possible when it comes to cyber security for your business, but there’s one vulnerability you cannot eliminate: human error. In fact, statistics estimate that as much as... ‘Tis the Season for Holiday Shopping Scams 555d ago The holidays are typically the time of year for gifting presents to friends and family or donations to charity. Unfortunately, not-so-jolly fraudsters take advantage of this generosity. Protect yourself by watching for these common scams:..... IRS Issues “Dirty Dozen” Fraud Warnings 740d ago Each year, the IRS releases a “Dirty Dozen” series to highlight the most common fraud schemes taxpayers should be aware of. IRS Identity Theft Season Begins Now 869d ago Each year thieves try to steal billions in federal withholdings by stealing your identity. As the IRS focuses more attention on this quickly growing problem, now is the time of year to be extra vigilant....
LI
LiveOverflow
104d ago · 15 items
Security-driven Rapid Release - Pwn2Own Documentary (Part 4) 104d ago Firefox JIT Bug - Pwn2Own Documentary (Part 3) 107d ago The First Exploit - Pwn2Own Documentary (Part 2) 111d ago The World's Hardest Hacking Competition - Pwn2Own Documentary (Part 1) 114d ago From Zero to Zero Day (and beyond) - Life of a Hacker: Jonathan Jacobi 434d ago The German Hacking Championship 460d ago Do you know this common Go vulnerability? 474d ago Google's Mobile VRP Behind the Scenes with Kristoffer Blasiak (Hextree Podcast Ep.1) 609d ago My theory on how the webp 0day was discovered #short 625d ago My theory on how the webp 0day was discovered (BLASTPASS) 626d ago
15 loaded
HA
HackerSploit
434d ago · 15 items
How FIN6 Exfiltrates Files Over FTP 434d ago Emulating FIN6 - Active Directory Enumeration Made EASY 485d ago The SECRET to Embedding Metasploit Payloads in VBA Macros 490d ago Offensive VBA 0x4 - Reverse Shell Macro with Powercat 498d ago Offensive VBA 0x3 - Developing PowerShell Droppers 504d ago Offensive VBA 0x2 - Program & Command Execution 509d ago Offensive VBA 0x1 - Your First Macro 511d ago Emulating FIN6 - Gaining Initial Access (Office Word Macro) 516d ago FIN6 Adversary Emulation Plan (TTPs & Tooling) 520d ago Developing An Adversary Emulation Plan 520d ago
15 loaded
TH
Threatpost
1386d ago · 10 items
Student Loan Breach Exposes 2.5M Records 1386d ago 2.5 million people were affected, in a breach that could spell more trouble down the line. Watering Hole Attacks Push ScanBox Keylogger 1387d ago Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms 1388d ago Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. Ransomware Attacks are on the Rise 1391d ago Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. Cybercriminals Are Selling Access to Chinese Surveillance Cameras 1391d ago Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. Twitter Whistleblower Complaint: The TL;DR Version 1393d ago Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. Firewall Bug Under Active Attack Triggers CISA Warning 1394d ago CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP. Fake Reservation Links Prey on Weary Travelers 1395d ago Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. iPhone Users Urged to Update to Patch 2 Zero-Days 1398d ago Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. Google Patches Chrome’s Fifth Zero-Day of the Year 1399d ago An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

No matching sources found.