Loading…

Whats The Hax?

Daily intelligence on threats, breaches, and defenders

What's New

Top 5 Across All Sources

  1. Name That Toon Contest

    darkreading · 1h ago
Latest
darkreadingName That Toon ContestLatest newsClaude Fable 5 secretly throttled AI researchers, and the internet went wildBleepingComputerOver 400 Arch Linux packages compromised to push rootkit, infostealerSecurityWeekIn Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang FineLatest news40% of enterprises will scrap AI agents - 3 ways to ensure yours don't failThe Record from Recorded Future NewsSouth Korea hits Coupang with record $409 million fine over data breachLatest newsYour iPhone is getting enhanced Bluetooth tracking with iOS 27 - but there's a catchLatest newsHow I customized my Android Auto in 7 ways to make it more useful when I'm drivingHeimdal Security BlogYour Next Insider Threat May Be an AI CoworkerLatest newsAre Facebook and Instagram down? What to know about the Meta outageLatest newsI use Blink cameras at home, and this 65% off 5-camera bundle is hard to ignoreJohn HammondContinuumCon 2026 - Day 1Latest newsThis single router antenna adjustment improved my internet speed more than I expectedBleepingComputerEarly Warning Signs of Supply-Chain Attacks Live in the Dark WebLatest newsI'd recommend this TCL Mini LED TV that's $1,000 off over premium Samsung and LG modelsCyber Defense MagazineWhy Most Cyber Resilience Programs Fail Before The First IncidentHelp Net SecurityGoogle sues China-based scammers over Gemini AI abuseSecurityWeekIndustry Reactions to Claude Fable 5: Feedback FridayHeimdal Security BlogThe OSI Model and Its Two Missing LayersHelp Net SecurityResearchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751)darkreadingName That Toon ContestLatest newsClaude Fable 5 secretly throttled AI researchers, and the internet went wildBleepingComputerOver 400 Arch Linux packages compromised to push rootkit, infostealerSecurityWeekIn Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang FineLatest news40% of enterprises will scrap AI agents - 3 ways to ensure yours don't failThe Record from Recorded Future NewsSouth Korea hits Coupang with record $409 million fine over data breachLatest newsYour iPhone is getting enhanced Bluetooth tracking with iOS 27 - but there's a catchLatest newsHow I customized my Android Auto in 7 ways to make it more useful when I'm drivingHeimdal Security BlogYour Next Insider Threat May Be an AI CoworkerLatest newsAre Facebook and Instagram down? What to know about the Meta outageLatest newsI use Blink cameras at home, and this 65% off 5-camera bundle is hard to ignoreJohn HammondContinuumCon 2026 - Day 1Latest newsThis single router antenna adjustment improved my internet speed more than I expectedBleepingComputerEarly Warning Signs of Supply-Chain Attacks Live in the Dark WebLatest newsI'd recommend this TCL Mini LED TV that's $1,000 off over premium Samsung and LG modelsCyber Defense MagazineWhy Most Cyber Resilience Programs Fail Before The First IncidentHelp Net SecurityGoogle sues China-based scammers over Gemini AI abuseSecurityWeekIndustry Reactions to Claude Fable 5: Feedback FridayHeimdal Security BlogThe OSI Model and Its Two Missing LayersHelp Net SecurityResearchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751)

By Source

Feeds organized so you can skim by site.

Density Sort
DA
darkreading
1h ago · 65 items
Name That Toon Contest 1h ago [An RX Global Event] Infosecurity Europe 10d ago Name That Toon: Mark of (Cybersecurity) Progress 13d ago Asia's Cyber Insurance Market Shows Signs of Life 14d ago With Complex Cloud Integrations, Small Errors Lead to Major Compromises 14d ago 'The Com' Cyberattacks Support Violence & Sexploitation 14d ago As Global Powers Explore Humanoid Robots, Cyber-Risk Looms 14d ago Dutch Raid Fails to Dent Russian Bulletproof Host 14d ago Agentic AI Isn't Risky; the Way Orgs Deploy It Is 15d ago Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security 15d ago
65 loaded
LN
Latest news
1h ago · 20 items
Claude Fable 5 secretly throttled AI researchers, and the internet went wild 1h ago Claude Fable 5 gave users access to Mythos-class power, but its hidden safeguards turned a safety feature into a trust problem for Anthropic. 40% of enterprises will scrap AI agents - 3 ways to ensure yours don't fail 1h ago How do you create real ROI from autonomous AI? Three digital leaders share lessons they've learned in the field. Your iPhone is getting enhanced Bluetooth tracking with iOS 27 - but there's a catch 1h ago One less-discussed iOS 27 feature announced at Apple's WWDC is support for Channel Sounding. Look for it whenever you see Bluetooth 6.3 devices. How I customized my Android Auto in 7 ways to make it more useful when I'm driving 1h ago You can change Android Auto to make the platform unique to you. Here's how. Are Facebook and Instagram down? What to know about the Meta outage 2h ago Even Messenger and WhatsApp appear to be impacted on Friday morning. I use Blink cameras at home, and this 65% off 5-camera bundle is hard to ignore 2h ago Amazon Prime Day is coming up, and these five Blink Outdoor 4 security cameras are already on sale for $21 each - the lowest price we've ever seen. This single router antenna adjustment improved my internet speed more than I expected 2h ago Getting the best Wi-Fi performance requires strategic antenna positioning, proper router placement, and a bit of trial and error. Here's my advice. I'd recommend this TCL Mini LED TV that's $1,000 off over premium Samsung and LG models 3h ago The TCL QM8L offers gorgeous picture quality with rich audio to match, and you can save big on one right now. 6 Android Auto apps that are essential when I'm off-roading - and most are free 6h ago Android Auto isn't just for city streets anymore. Here are the apps that help me get more done on road trips. Dell vs. HP: I've tested dozens of laptops from both brands, and here's my buying advice 6h ago Dell and HP both make excellent laptops, but each excels in different areas. Here are the key differences.
20 loaded
BL
BleepingComputer
1h ago · 15 items
Over 400 Arch Linux packages compromised to push rootkit, infostealer 1h ago More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. Early Warning Signs of Supply-Chain Attacks Live in the Dark Web 3h ago GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to software supply-chain risk. Microsoft fixes Windows update failures linked to WUSA installer 5h ago Microsoft has fixed a known issue that caused Windows updates released since May 2025 to fail when installed via the Windows Update Standalone Installer (WUSA) from a network share. Pharma giant Novo Nordisk discloses breach of clinical trials data 6h ago Danish pharmaceutical giant Novo Nordisk, the world's largest producer of insulin, disclosed a data breach affecting patient information from some clinical trials. CISA orders feds to patch actively exploited Ivanti flaw by Sunday 8h ago The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04. Over 73,000 French govt employees affected in Tchap messenger breach 9h ago The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector. Japanese energy firm loses drive with data of 10.9 million clients 17h ago Kyushu Electric Power Co., Inc. has disclosed a physical security incident that affects private data of more than 10 million customers. Maine breach portal abused to publish fake data breach disclosures 18h ago In an unusual misinformation campaign, fraudulent data breach disclosures were submitted to Maine's official breach portal and publicly posted before their legitimacy could be verified, prompting companies to deny the claims. Oracle mitigates PeopleSoft zero-day exploited in data theft attacks 21h ago Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. Authorities dismantle 'AudiA6' ransomware crypto-laundering service 1d ago Law enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million.
15 loaded
SE
SecurityWeek
1h ago · 10 items
In Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang Fine 1h ago Industry Reactions to Claude Fable 5: Feedback Friday 4h ago Iranian Cyber Group Handala Claims Cal Water Hack 5h ago Ivanti Sentry Exploitation Attempts Hitting Honeypots 7h ago Chrome 149 Update Patches 28 Vulnerabilities 7h ago Anthropic Disputes Fable 5 AI Jailbreak 8h ago Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters 10h ago Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks 1d ago Alert Fatigue Is Becoming a Security Threat of Its Own 1d ago CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk 1d ago
HS
Heimdal Security Blog
1h ago · 15 items
Your Next Insider Threat May Be an AI Coworker 1h ago Heimdal sysadmin Alex Panait spent weeks testing Claude Cowork inside the company. His verdict was blunt. It felt like onboarding a junior employee with no manager, no scoped access, and no clear accountability when something goes wrong. Ex... The OSI Model and Its Two Missing Layers 4h ago Two missing layers of the OSI Model can blow up your cyber defense strategy anytime. Jayal Yadal explain what they are. Heimdal® Marks Six Years of Consecutive ISAE 3000 SOC 2 Type II Certification 4d ago Heimdal has achieved ISAE 3000 SOC 2 Type II certification for the sixth consecutive year, reflecting the company's continued focus on operational security, accountability, and data protection. AI Will Absorb 99.98% of SOC Triage Within a Year, as 79% of IT teams brace for AI-driven workload shift 31d ago Morten Kjaersgaard expects fewer than 500 of three million monthly alerts to need a human analyst in the year ahead. The role is being rebuilt around cases that warrant judgement. Top 10 Cybersecurity Companies in Europe 37d ago Over the last 10-15 years, the cybersecurity scene has gotten increasingly complex, as organizations adopt new technology and hackers evolve more innovative ways to target them. At the same time, data protection and compliance have become m... Heimdal Expands AI Strategy with AI Wingman and Third-Party AI Containment 52d ago Heimdal today unveiled the next phase of its AI strategy, expanding AI Wingman with three new layers - Assist, Triage and SOC - alongside the introduction of Third-Party AI Containment. You Only Know What You’ve Got When Its Gone 77d ago Prepare for the expected. Rehearse an action plan in case of technology failure or cyberattacks. We all know they can happen. Nordic MSPs Can Now Access Heimdal’s Unified Security and Compliance Platform Through Elovade 86d ago Heimdal has appointed Elovade as its official distributor in the Nordic region. The move gives MSPs and resellers across Sweden, Norway, Denmark, Iceland, and Finland direct access to Heimdal's consolidated cybersecurity platform through a ... OpenClaw Incidents Show Why AI Adoption Pressure Puts Companies at Risk 99d ago The OpenClaw security failures show how hasty AI adoption can expose businesses and supply chains to major cyber risk. Heimdal Claims Industry First With a Cyber Essentials Control Mapping for PEDM to Help Organisations Prove Least Privilege 123d ago Heimdal is the first vendor to publish a dedicated Cyber Essentials control mapping for PEDM, setting out how privilege management supports Cyber Essentials requirements and what evidence can be produced to support assessment and assurance.
15 loaded
JH
John Hammond
2h ago · 15 items
ContinuumCon 2026 - Day 1 2h ago Payload Podcast 008 - Ryan Hausknecht 12h ago JHT Course Launch! Windows Maldev 6 6d ago BIG SHOW TODAY & AI vibes 8d ago Are ANY hacking scenes actually good? 9d ago A Hacker's Way of Thinking (with Ted Harrington) 10d ago A Linux Backdoor is For Sale on the Dark Web 11d ago ContinuumCon Teaser: solst/ice, Zack Korman, & Spencer Alessi!! 13d ago Payload Podcast 007 with Andy Piazza (klrgrz) 14d ago Google served me Malware 16d ago
15 loaded
CD
Cyber Defense Magazine
4h ago · 48 items
Why Most Cyber Resilience Programs Fail Before The First Incident 4h ago Breaking Free Of The Cyber Insurance Market’s Moment Of Frustration 1d ago What The Cybersecurity Industry Knows And Will Not Say 2d ago Rethinking Access Governance for AI Agents 3d ago How CIAM Helps Boost Business 4d ago World Cloud Security Day 4d ago CMMC Is Here, But AI Changes The Compliance Conversation 5d ago Cybersecurity Improved Detection But Exposed a New Problem 6d ago Innovator Spotlight: Airrived 6d ago Cloud Security In Practice 7d ago
48 loaded
HN
Help Net Security
4h ago · 10 items
Google sues China-based scammers over Gemini AI abuse 4h ago Google sued a China-based cybercrime network linked to phishing kits, 9,000 fake websites, and 1 million fraudulent URLs. Researchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751) 4h ago WatchTowr researchers have disclosed a technical analysis and PoC exploit for an actively exploited Check Point VPN flaw (CVE-2026-50751). Cybercriminals are moving away from mass phishing campaigns 6h ago New phishing and initial access trends include AI-generated phishing sites, MFA bypass techniques, and reconnaissance activity. Authorities dismantle crypto laundering service that moved €336 million for cybercriminals 9h ago A cryptocurrency laundering service used by cybercriminals has been dismantled in an international law enforcement operation. Comcast Business SecurityEdge Preferred strengthens security for small businesses 11h ago Comcast Business SecurityEdge Preferred monitors incoming and outgoing traffic in real time, blocking malware and ransomware. How to use NIST and ISO frameworks to govern AI agents 11h ago Security leaders don’t need to build a new model to secure AI agents, established standards already provide the blueprint. ZeroFox releases AI Analytics to bring answers directly to security teams 11h ago ZeroFox AI Analytics gives security teams the ability to move beyond static reports and query their data in real time. The assembly line behind 1.5 million malicious domains 11h ago Attackers registered 1.5 million malicious domains in 5 months. New data shows malicious domain registration concentrates at a few providers. AI sovereignty makes data centers strategic targets for cyber operations 12h ago AI sovereignty turns frontier data centers into targets, and cyber operations are the low-cost lever adversaries reach for first. Product showcase: Avast One turns scam screenshots into actionable security advice 12h ago Avast One Free brings scam detection, malicious website blocking, Wi-Fi security checks, and breach monitoring to iOS.
TH
The Hacker News
5h ago · 20 items
Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code 5h ago Rethinking MDR as Attackers and Defenders Embrace AI 6h ago LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution 7h ago INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator 8h ago Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs 10h ago ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities 20h ago New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets 23h ago New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files 23h ago The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm 1d ago Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories 1d ago
20 loaded
HA
Hak5
5h ago · 15 items
Developers React to the 105-Second Github Chain Reaction | Threat Wire 5h ago 🔴 [PAYLOAD] Shark Jack Display 🦈 1d ago Introducing Shark Jack Display 🦈 4d ago The GitHub Leak Situation Just Got Worse | Threat Wire 15d ago The JavaScript Ecosystem is Falling Apart | Threat Wire 21d ago A TL;DR on Dirty Frag #cybersecurity #threatwire @endingwithali 21d ago Google’s Silent AI Install: What They’re Hiding in Your Files #cybersecurity @endi 21d ago 🔴 [PAYLOAD REVIEW] WiFi Pineapple Pager 📟🍍 26d ago 🔴 [LIVE] Payload Review & 1M Subs! 29d ago 🔴 [LIVE] Hak5 Hits 1 MILLION SUBSCRIBERS 30d ago
15 loaded
MS
MSRC Security Update Guide
9h ago · 20 items
CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service 9h ago CVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet option 9h ago CVE-2026-46643 Snappy: Binary path is never shell-escaped due to an inverted is_executable check 9h ago CVE-2026-8829 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities 1d ago CVE-2026-5419 Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal 1d ago CVE-2026-11332 Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution 1d ago CVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans 1d ago CVE-2026-5260 Gnutls: gnutls: information disclosure via heap overread in rsa key exchange 1d ago CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling 1d ago CVE-2026-42013 Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name 1d ago
20 loaded
SL
Security Latest
21h ago · 20 items
Grok Is Still Hosting Sexualized Deepfakes of Famous Women 21h ago Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts 1d ago Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps 1d ago CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats 1d ago Trump Risks Key Surveillance Authority Over ‘Unqualified’ Spy-Chief Pick 1d ago Wrongful Arrest Exposes Failures in One of the Oldest Police Face-Recognition Tools in the US 2d ago Mapping Every Flock License Plate Reader Near US World Cup Stadiums 2d ago Soccer Fans, You’re Being Watched 2d ago Amnesty International Warns That World Cup Fans Face Potential Human Rights Violations 2d ago Anthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of You 3d ago
20 loaded
CS
Cisco Security Advisory
21h ago · 20 items
Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator Authenticated Privilege Escalation Vulnerability 21h ago A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local ... Cisco Webex Meetings Cross-Site Scripting Vulnerability 9d ago A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in the Webex Meetings serv... Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability 9d ago A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery... Cisco Finesse Remote File Inclusion Vulnerability 9d ago A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability ... Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability 15d ago May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability was disclosed in February 2026. This ... Cisco Nexus 3000 and 9000 Series Switches Border Gateway Protocol Denial of Service Vulnerability 23d ago A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP p... Cisco Secure Workload Unauthorized API Access Vulnerability 23d ago A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insuff... Cisco ThousandEyes Virtual Appliance Authenticated Remote Code Execution Vulnerability 23d ago A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This vulnerability is due to insu... Cisco ThousandEyes Enterprise Agent BrowserBot Command Injection Vulnerability 23d ago A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Ci... Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense 23d ago On April 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an update to V1: Emergency Directive (ED) 25-03: Identify and Mitigate Potential Compromise of Cisco Devices related to Cisco Secure Firewall Adaptiv...
20 loaded
DB
David Bombal
23h ago · 15 items
Why you never touch fiber optic cables (the tips) 23h ago Do YOU Need Antivirus in 2026? 3d ago Cisco's first Quantum Switch: What it means for you 3d ago WARNING: Copilot prompt injection 3d ago New CCNA Exam: Stop Memorizing and Start Labbing 5d ago Scan Your Home Network for Hidden Devices in 2026 7d ago Fix your WiFi speeds (find devices interfering) 8d ago How Cisco Is Using AI to Fix Networks 8d ago CCNA 2.0 REVEALED for 2027 8d ago Top 3 cyber attacks in 2026: What you need to know 9d ago
15 loaded
CY
cybersecurity
23h ago · 1867 items
Any solutions we can use? 23h ago Possible targeted attack 1d ago RoguePlanet: Windows Zero-Day That Weaponizes Defender's Own Quarantine Pipeline 1d ago Facebook messenger to text 1d ago Managing Solution Agents 1d ago Nottingham University data breach affects over 450,000 students 1d ago SWGs that support 3rd party external DNS resolver 1d ago Sub:jugation - Hijacking Cloud Identities by Recycling Namespaces in Global OIDC Issuers 1d ago Chrome extensions with 10M+ installations are actively vulnerable to UXSS & UXSG 1d ago Cybersecurity researchers aren't happy about the guardrails on Anthropic's Fable | TechCrunch 1d ago
1867 loaded
HS
hacking: security in practice
1d ago · 241 items
DIY pwnagotchi-like device on esp32 1d ago Flipper Blackhat + Bjorn 1d ago Do you think AI is making hacking easier or harder 1d ago What can i do left? PSN 1d ago Proxmark5 campaign ending in less than 18 hours. 1d ago How to bypass speed queen coin slot for washer and dryer 1d ago Self-hosting stuff for when things get ugly 1d ago Malware Includes Taboo In Text To Prevent LLM Analysis 1d ago added Mac support for my corporate hacking game, demo on Steam 1d ago Catfished 2d ago
241 loaded
RE
Reverse Engineering
1d ago · 181 items
Reverse engineered BLE protocol of a $7 generic Chinese smart ring from Temu, and built an iOS app around it 1d ago [Reverse-Engineering] Skeet CS:GO source code (Gamesense) 1d ago [Reverse-Engineering] Skeet CS:GO source code (Gamesense) 1d ago Giulio Zausa's MMO-CHIP Makes Reverse Engineering Old Silicon Chips a Multiplayer Game 1d ago I built 99 adversarially malformed PE files to test tool robustness - here’s what happened 1d ago Drive Firmware Security - Phison S11 1d ago IDA 9.4 Beta | Hex-Rays Docs 1d ago Trane Tracer HVAC cybersecurity issues 2d ago 🚀 Release PyMemoryEditor v2.0 — read, write and scan the memory of any running process, in pure Python (Windows, Linux & macOS) 2d ago I reverse engineered Lofree Hypace mouse firmware flashing protocol to bypass their official web based configuration on MacOS. 2d ago
181 loaded
TI
Claude Fable 5: mid-tier results on coding tasks 1d ago Fable 5 and the analyst-AI threat model: what a Mythos-class model changes for security work 1d ago Hacking Google with A.I. for $500,000 1d ago Prompt injection: attacking the analyst's AI 1d ago Pre-auth XXE → HTTP SSRF on ArubaOS 8.13.2 closed as "theoretical / no valid PoC" despite TCP pcap, sshd localhost log, and internal port scan — documenting for community review 1d ago We post-trained a model for offensive security instead of teaching it to refuse 2d ago How Fraudsters Bypass Facial Recognition and Stay Hidden in 2026 2d ago FedRAMP Penetration Testing: How to Pass Your ATO Review and Get Cloud Authorized Faster 2d ago certSIGN: Inconsistent revocation status (CRL "revoked" vs OCSP "good") for intermediate CA "certSIGN Web CA" 2d ago BlackSun - Defender for Endpoint on macOS 2d ago
226 loaded
FB
US charges suspected Russian hacker with facilitating cyber campaign 1d ago Hawkish GOP lawmaker Don Bacon says he was hacked by Russia 1d ago Oops, I Weaponized the Database: Abusing AI Features in SQL Server 2025 1d ago GreatXML: GreatXML bitlocker bypass vulnerability 1d ago GreatXML a bitlocker that seems to only work if you ever had Defender Offline Scan 1d ago I found 23 Chrome extensions hijacking 758,000 users' searches for affiliate revenue 1d ago [Op Report] From SSA Phish to AdaptixC2: A Multi-RAT Intrusion 1d ago GhostTrace – CLI forensic scanner for Windows: 22 modules, MITRE ATT&CK mapped, read-only by default 1d ago Miasma-style supply chain attacks 1d ago On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet 1d ago
603 loaded
AL
Alerts
1d ago · 20 items
CISA Adds One Known Exploited Vulnerability to Catalog 1d ago CISA Adds Three Known Exploited Vulnerabilities to Catalog 3d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 4d ago CISA Adds One Known Exploited Vulnerability to Catalog 7d ago CISA Adds One Known Exploited Vulnerability to Catalog 9d ago CISA has added one new vulnerability to its KEV Catalog, based on evidence of active exploitation. CISA Adds Two Known Exploited Vulnerabilities to Catalog 10d ago CISA has added two new vulnerabilities to its KEV Catalog, based on evidence of active exploitation. CISA Adds One Known Exploited Vulnerability to Catalog 11d ago CISA has added one new vulnerability to its KEV Catalog based on evidence of active exploitation. CISA Adds One Known Exploited Vulnerability to Catalog 14d ago Supply Chain Compromises Impact Nx Console and GitHub Repositories 15d ago CISA urges organizations to implement these recommendations to detect and remediate a potential compromise: CISA Adds Three Known Exploited Vulnerabilities to Catalog 16d ago
20 loaded
AC
All CISA Advisories
1d ago · 20 items
Yarbo Android/iOS Mobile Application and Cloud Infrastructure 1d ago Naxclow IoT Platform 1d ago Brickcom Cameras 1d ago CISA Adds One Known Exploited Vulnerability to Catalog 1d ago CISA Adds Three Known Exploited Vulnerabilities to Catalog 3d ago Siemens KACO Blueplanet Inverters 3d ago Schneider Electric EcoStruxure Panel Server 3d ago Schneider Electric Modicon Network Managed Switches 3d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 4d ago CISA Adds One Known Exploited Vulnerability to Catalog 7d ago
20 loaded
MA
Malware Analysis & Reports
1d ago · 115 items
I built 99 adversarially malformed PE files to test tool robustness - here’s what happened 1d ago ClickFix attack in the wild — fake Cloudflare CAPTCHA delivering obfuscated PowerShell dropper 2d ago WordPress malware in official WooCommerce theme (Kiosko): hidden admin users and corrupted sitemap 2d ago Inside the DPRK-Linked Backdoor Loitering in the VS Code Marketplace 2d ago Fake Interview deploys stealthy cross platform (macOS/Windows) through npm package install in take home assessment 3d ago 73 Microsoft GitHub repositories impacted by Miasma malware 4d ago Unauthorized Onlyfans Payment 4d ago Building A Malware Lab From Scratch Part 2! 6d ago Detecting npm Native Addon Malware: node-gyp Abuse 6d ago Microsoft Warns of GPU Cryptojacking Campaign Spread Through AI Chatbot Links 7d ago
115 loaded
WE
WeLiveSecurity
1d ago · 20 items
OceanLotus: From external espionage to domestic targeting 1d ago What makes or breaks cyber-readiness for SMBs 2d ago Cybercriminals: the 'auditors' you never hired 3d ago Lessons for life: Why children’s data is a long-term identity risk 9d ago This month in security with Tony Anscombe – May 2026 edition 14d ago ESET APT Activity Report Q4 2025–Q1 2026 15d ago What to consider before asking an AI chatbot for health advice 16d ago BTMOB: A stealthy RAT burrowing deep into Android devices 17d ago Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise 21d ago Webworm: New burrowing techniques 23d ago
20 loaded
TC
The Cyber Mentor
1d ago · 15 items
LIVE: 🕵️ CTF Prize Draw | Cybersecurity 1d ago Secrets to PNPT Debrief Success 3d ago TCM Security CTF Walkthrough 7d ago Top 5 Active Directory Pentesting Tools 9d ago Real Folks of Cyber | Dan Berger | Day in the Life 15d ago Soft Skills for the Job Market: Communication 21d ago LIVE: 🕵️ HTB Sherlocks! | Cybersecurity | Blue Team 29d ago A Quick Way to Prove Your Cybersecurity Skillset! 30d ago A Guide to LNK File Forensics 42d ago Josh Mason | Real Folks of Cyber | DITL 43d ago
15 loaded
RF
Recorded Future
1d ago · 20 items
Recorded Future Launches Impact and Metrics Dashboard 1d ago See the business value of your intelligence program in one live, continuously updated dashboard, built for the conversations that matter most with the executives who own budget and strategy. Cyber-Enabled Maritime Sanctions Evasion 1d ago Discover how Iranian and Russian shadow fleets use a vast network of fake maritime websites and fraudulent documents to evade international sanctions 2026 FIFA World Cup: What Public Safety Officials Need to Know 2d ago Prepare for the 2026 FIFA World Cup with expert analysis of the physical and cyber threat landscape. Discover key mitigation strategies for host city officials to ensure public safety China's Noncombatant Evacuation Operations: 2005–2025 2d ago Explore the Insikt Group study on 37 Chinese noncombatant evacuation operations (NEOs) from 2005–2025, revealing how China leverages SOEs and civilian resources for its overseas interests Russia’s Defense-Based Economy Risks Forcing Putin to Fight Wars 3d ago Western sanctions have tied Russia's elite patronage to the defense sector. Learn why this creates a domestic imperative for Putin to pursue perpetual war May 2026 CVE Landscape 4d ago In May 2026, Insikt Group® identified 41 high-impact vulnerabilities that should be prioritized for remediation, all of which had a Very Critical Recorded Future Risk Score. This represents a 11% increase from last month. Why Holistic Sourcing Wins: The Numbers Behind the Recorded Future Advantage 7d ago Future’s Intelligence Grap® uses holistic sourcing across 1M+ sources for complete threat intelligence and proactive defense. Threats to the 2026 FIFA World Cup 8d ago Threat assessment for the 2026 FIFA World Cup (US, Mexico, Canada) covering organized crime, AI-powered cyber fraud, state espionage, and political influence operations. Remembering Sir Alex Younger 8d ago A personal tribute to Sir Alex Younger, former head of MI6, on the friendship, lessons, and clarity he brought to Recorded Future and to those who knew him. Iran Expands Handala Brand to Physical Threats 10d ago Iran's MOIS expands its Handala brand to hybrid cyber and physical threat operations, recruiting proxies to conduct attacks, espionage, and sabotage against US and Israeli interests
20 loaded
BF
Blog – Forter
2d ago · 10 items
IMPACT Roadshow Recap: Getting Ready for Agentic Commerce 2d ago Agent-Ready: How to Prepare Your Site for AI-Driven Commerce 8d ago Japan’s 3DS Mandate: One Year In 28d ago One-Click Refunds Are Not as Hard as You Think 37d ago Toys“R”Us Japan Implements Forter’s Fraud Management and Payment Optimization Solutions 44d ago More of What Matters: Forter’s April Product Release 45d ago If AI Agents Can’t Find You, Do You Even Exist? 45d ago Return Policy Abuse Is Theft. It’s Time to Treat It That Way. 58d ago What Is Return Abuse and Why Is It Getting Harder to Stop? 58d ago Return Abuse Prevention Starts with the Person, Not the Policy 58d ago
CY
CyberScoop
2d ago · 74 items
CISA directive orders agencies to prioritize vulnerability patching in a new way 2d ago Microsoft breaks Patch Tuesday record with 206 vulnerabilities 2d ago Anthropic’s new model is Mythos on a leash 3d ago CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector 3d ago Cisco customers encounter another SD-WAN zero-day under attack 3d ago Meta accuses NSO Group of defying spyware injunction, files contempt of court complaint 3d ago The AI security race needs accountability, not overregulation 4d ago Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away 7d ago Hill Dems hammer GOP for $250M CISA budget cut 7d ago Your AI agent could become your biggest insider threat 7d ago
74 loaded
MS
Microsoft Security Blog
2d ago · 10 items
Turn specs into evals for any agent with ASSERT 2d ago Reconstructing AI activity in investigations 2d ago Learn how to investigate AI activity in Microsoft 365 Copilot and Azure AI services using a structured, telemetry-driven approach. This playbook helps security teams reconstruct events, assess data exposure, and detect potential threats fas... AI brands as bait: How threat actors are using the AI hype in social engineering 4d ago As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure. Securing CI/CD in an agentic world: Claude Code Github action case 7d ago Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific conditions. This research examines the attack chain, responsible disclosure process, Ant... Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us 7d ago A surge in real-world attacks against agentic AI systems is reshaping how we think about risk. Based on 12 months of red teaming, this update introduces seven new failure modes, from supply chain compromise to goal hijacking, and the practi... Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign 9d ago A large-scale npm supply chain attack compromised over 90 versions of @redhat-cloud-services packages, silently infecting CI/CD environments and developer systems. The malicious code steals credentials from GitHub, cloud platforms, and loca... Microsoft Build 2026: Securing code, agents, and models across the development lifecycle 9d ago Discover how Microsoft enables fast, secure AI development with MDASH and new security capabilities. Malicious npm packages abuse dependency confusion to profile developer environments 13d ago A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and detection opportunities to help organiz... Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection 14d ago Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Typosquatted npm packages used to steal cloud and CI/CD secrets 14d ago The Mini Shai-Hulud campaign used malicious npm packages to target cloud and CI/CD credentials across developer environments. This report details the attack chain, detection opportunities, and mitigation guidance to help organizations ident...
KO
Krebs on Security
2d ago · 10 items
Who Runs the Ransomware Group ‘The Gentlemen?’ 2d ago A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of... A Record-Breaking Patch Tuesday for June 2026 2d ago Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bug... Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts 10d ago The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how ... Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks 18d ago Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the Euro... Lawmakers Demand Answers as CISA Tries to Contain Data Leak 21d ago Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a v... Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada 21d ago Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed deni... CISA Admin Leaked AWS GovCloud Keys on Github 24d ago Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of inte... Patch Tuesday, May 2026 Edition 30d ago Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this m... Canvas Breach Disrupts Schools & Colleges Nationwide 35d ago An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the servi... Anti-DDoS Firm Heaped Attacks on Brazilian ISPs 43d ago A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazi...
TM
GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026 2d ago Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open 4d ago Pwn2Own Berlin 2026: On the Ground With TrendAI™ ZDI's Biggest AI Showdown Yet 11d ago Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet 17d ago Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware 21d ago Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud 24d ago Agentic Governance: Why It Matters Now 25d ago AI agents now act inside the trust boundary with real credentials, and agentic governance is what keeps them from quietly breaking things at machine speed. Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft 30d ago Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America 32d ago What Is the Instructure Canvas Breach? Impact, Risks, and What Institutions Should Do 33d ago
20 loaded
SA
Security - Ars Technica
2d ago · 20 items
Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed 2d ago High-severity vulnerability in Linux caused by a single faulty character 3d ago For the 2nd time in weeks, Microsoft packages laced with credential stealer 3d ago How a USB-connected speaker can infect a PC without ever being touched 6d ago Dashlane explains how attackers managed to download encrypted password vaults 7d ago Can't make sense of Dashlane's vault theft notification? You're not alone. 8d ago Hackers duped Meta AI support chatbot to steal celebrity Instagram accounts 10d ago Dozens of Red Hat packages backdoored through its official NPM channel 10d ago Botnet of more than 17 million devices dismantled 13d ago Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code 14d ago
20 loaded
BH
Black Hat
2d ago · 15 items
Black Hat Stories | Jessica Oppenheimer, Director, SOC Integrations, Splunk Security 2d ago Get One Step Ahead at Black Hat 🚀 5d ago Inside the Black Hat community 💻 7d ago Black Hat Europe 2025 | From Live Exploitation to Zero-Day Discovery: Investigating Attacks on Gogs 7d ago Black Hat Europe 2025 | Network Operations Center (NOC) Report 8d ago Black Hat Europe 2025 | Weaponizing Image Scaling Against Production AI Systems 8d ago Black Hat Europe 2025 | The Post-NVD Era: A Call for Global CVE Decentralization 8d ago Why leaders in cybersecurity keep coming back to Black Hat 8d ago Black Hat Europe 2025 | You Win Some, You CheckSum: A Kerberos Delegation Vulnerability 9d ago Black Hat Europe 2025 | Flaw And Order: Finding The Needle In The Haystack Of CodeQL Using LLMs 13d ago
15 loaded
NA
NahamSec
4d ago · 15 items
Content creations was both a blessing and a curse. #bugbounty 4d ago This Hacker Made $7,000 Hacking AI With One Email 4d ago How I Found My First $3,000 AI Vulnerability 11d ago This GitHub README Hijacks Your AI and Spreads Like a Virus 25d ago New video: hacking AI coding assistants and IDEs. #bugbounty #ai 25d ago The Bug Bounty Roadmap I'd Follow If I Started Over (With AI) 32d ago Is the AI hype helping or killing your bug bounty dreams? #hacking #bugbounty 32d ago Stop Using AI Connectors Until You Watch This 39d ago One ChatGPT connector. One email. Full AI agent hijack. #BugBounty #PromptInjection #ai #hacking 39d ago This hacker made $40,000 using Claude #ai #hacking #bugbounty 46d ago
15 loaded
IP
IppSec
6d ago · 15 items
HackTheBox - Facts 6d ago HackTheBox - Interpreter 13d ago HackTheBox - MonitorsFour 20d ago HackTheBox - Pterodactyl 27d ago HackTheBox - Overwatch 34d ago HackTheBox - Sorcery 48d ago HackTheBox - AirTouch 55d ago HackThebox - Eighteen 62d ago HackTheBox - DarkZero 69d ago HackTheBox - Browsed 76d ago
15 loaded
NE
NetworkChuck
7d ago · 15 items
Certification Questions | LIVE AMA | Summer of CCNA 7d ago Hermes has a Home Assistant skill and it's unreal! 8d ago FREE coffee at Cisco Live (I'm giving it away) 9d ago Codex Lives In PowerShell Now 10d ago I'm Moderating My First Panel… Come see me at Cisco Live 10d ago Switching back to Windows?!? 10d ago Who actually owns the AI in your company? 13d ago Hermes wasn’t built to compete. It was built to WORK. 15d ago Summer of CCNA - 90 Minute - Session 2 21d ago you need to use Hermes RIGHT NOW!! (goodbye OpenClaw!!) 23d ago
15 loaded
SE
Securelist
9d ago · 10 items
Argamal: Malware hidden in hentai games 9d ago Kaspersky researchers analyze new Argamal RAT distributed via infected hentai games and allowing the attacker to control the target machine. Wardriving assessment across Mexico: Preparing for the 2026 World Cup 10d ago In the lead-up to the 2026 FIFA World Cup, Kaspersky GReAT experts conducted a wardriving assessment in Mexico City, Monterrey, and Guadalajara to evaluate Wi-Fi hotspot security configurations and potential exposure risks. Containers on fire: from container escapes to supply chain attacks 11d ago We break down the primary attack vectors in containerized environments: exposed secrets, privilege misconfigurations, API compromise, and supply chain attacks. What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant 14d ago What are the main risks for container environments: vulnerabilities, supply chain attacks, configuration errors; how to improve container security and how Kaspersky Container Security with the KIRA AI assistant can help. Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years 15d ago Our experts continue to track attacks targeting consumers of pirated content, both books and movies. 2026 saw the discovery of new target sites with tens of millions of visitors, while the miner based on SilentCryptoMiner gained a RAT modul... Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload 21d ago The experienced Cloud Atlas group remains active, continuing to target government sectors and diplomatic entities in Russia and Belarus, employing both new and established techniques. How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102) 23d ago We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102). IT threat evolution in Q1 2026. Mobile statistics 25d ago This report contains mobile threat statistics for Q1 2026, along with noteworthy discoveries and quarterly trends: new versions of SparkCat and Triada. IT threat evolution in Q1 2026. Non-mobile statistics 25d ago The report presents key trends and statistics on malware that targeted personal computers running Windows and macOS, as well as Internet of Things (IoT) devices, during Q1 2026. Kimsuky targets organizations with PebbleDash-based tools 29d ago Kaspersky researchers analyze a range of new PebbleDash-based tools used in recent Kimsuky campaigns and reveal their connection to the AppleSeed malware cluster.
M3
Microsoft 365 Blog
9d ago · 10 items
Introducing Microsoft Scout: Your always-on personal agent 9d ago Microsoft introduces a new, always-on personal agent, Microsoft Scout, integrated across the Microsoft 365 apps you use every day. Announcing the new Work IQ APIs 10d ago Build enterprise agents with Work IQ APIs for Microsoft 365—bringing business context, tools, and secure, scalable intelligence into every workflow. Introducing Microsoft 365 Business with Copilot: The new standard for small business 14d ago Meet Microsoft 365 Business with Copilot—the AI-powered solution transforming how small businesses work, collaborate, and compete. Introducing a new design for Microsoft 365 Copilot 15d ago Copilot’s redesigned experience delivers faster performance, adaptive tools, and clearer AI-powered workflows to help you easily move from intention to outcome. New and improved: Computer-using agents, a new workflows experience, and real-time voice experiences 17d ago Explore what's new in Copilot Studio, May 2026: computer-using agents are now available, plus redesigned workflows and Work IQ extensibility. New and improved: Agent governance, intelligent workflows, and connected app experiences 31d ago See what's new in Copilot Studio, April 2026: updates to workflows, more control over agent operations, and an expanded agent usage estimator. Copilot Cowork: From conversation to action across skills, integrations, and devices 38d ago Today, we’re announcing additional capabilities in Cowork to expand on what it can make possible for you. Microsoft 365 Copilot, human agency, and the opportunity for every organization 38d ago Empower your organization with Microsoft 365 Copilot—AI that bridges human potential and business outcomes for the future of work. Microsoft Agent 365, now generally available, expands capabilities and integrations 42d ago ​We’re announcing the general availability of Agent 365, plus previews of new capabilities to discover and manage shadow AI agents. Learn more. Copilot’s agentic capabilities in Word, Excel, and PowerPoint are generally available 50d ago Copilot's newest features are now generally available as the default experience across all Microsoft 365 subscriptions.
SM
Microsoft Build 2026: Building agentic apps with Microsoft Fabric and Microsoft Databases 10d ago Microsoft Build 2026 highlights advancements in app development with Microsoft Fabric and Microsoft Databases, emphasizing a unified data and AI platform. Azure IaaS: Defense in depth built on secure-by-design principles 39d ago Explore how Azure IaaS uses defense in depth and secure-by-design principles to deliver layered, scalable cloud security across compute, network, and data. Enforcing trust and transparency: Open-sourcing the Azure Integrated HSM 42d ago Learn how Microsoft Azure Integrated HSM delivers hardware‑enforced key protection in the cloud, combining FIPS Level 3 assurances with transparency and open‑source collaboration. Azure IaaS: Keep critical applications running with built-in resiliency at scale 72d ago Learn how Azure IaaS helps organizations start from a resilient platform foundation with availability, continuity, and recovery capabilities. Azure IaaS: Explore new resources for building a stronger, more efficient infrastructure 100d ago Learn how Azure IaaS helps you modernize infrastructure, improve performance and resilience, optimize costs, and prepare for AI workloads. Read more. Azure reliability, resiliency, and recoverability: Build continuity by design 115d ago Learn how Azure reliability, resiliency, and recovery capabilities work together to improve cloud continuity. Read more.
PN
Proofpoint News Feed
16d ago · 10 items
Proofpoint Introduces Active Exploits Protection to Help Organizations Prioritize Vulnerability Patching for Real-World Attacks in the AI Era 16d ago New solution reduces exposure to actively exploited vulnerabilities in minutes by turning intelligence into immediate protection across primary attack paths Disrupts AI-powered exploit- Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks 21d ago Proofpoint Integrates with the Claude Compliance API to Extend Data Security and Governance to Claude 22d ago New product integrations bring data protection, insider risk detection, and governance into Claude Enterprise and Claude Platform activity Organizations gain unified visibility across Proofpoint Launches Dedicated MSP Business Unit and Introduces 365 Total Protection for North America 30d ago New MSP Platform business unit, AI-powered all-in-one Microsoft 365 protection, and Marketplace partnership with Pax8 strengthen Proofpoint’s commitment to channel and small and mid-size The spy who logged me in. 34d ago ⁠Mark Kelly⁠, Staff Threat Researcher at ⁠Proofpoint⁠, is discussing their work on "I’d come running back to EU again: TA416 resumes European government espionage campaigns." China-linked threat group TA416 has resumed large-scale phishing ... Proofpoint Establishes Innovation Precedent for Source-Agnostic Modern Enterprise Investigations 37d ago Proofpoint Prism Investigator positioned as first fully autonomous Agentic AI solution to significantly streamline investigations for highly regulated and highly AI and the New Threat Landscape | Sumit Dhawan with NightDragon | RSAC 2026 38d ago The Most Powerful Women Of The Channel 2026: Power 100 39d ago The Power 100 is culled from the ranks of CRN’s 2026 Women of the Channel and spotlights the female executives at vendors and distributors whose insight and influence help drive channel success. AI Security Gaps Create New MSSP Opportunity: Proofpoint 43d ago Claude Mythos Fears Startle Japan's Financial Services Sector 44d ago
SK
STÖK
19d ago · 15 items
☔️🌅 19d ago Life in the Nordics 🌲 | Foraging Blueberries, Mushrooms & Nosework Training with Our Dogs 292d ago Winter vanlife = good times 894d ago What an experience! Getting a Christmas tree from our own piece of land. #movingupnorth! 900d ago Had to much GLÖGG and lost my camera during - 13371122 - Intigriti + Visma 907d ago IS THIS THE END? 967d ago Escaping the grind and decompiling python 3.9 pyc files to find vulnerabilites 1121d ago How to turn bugs into a "passive" income stream! ft Detectify's Almroot 1362d ago HOW DID THIS HAPPEN!? (13370822 LHE VLOG) 1375d ago Q: How to write a BUG BOUNTY report that actually gets paid? 1492d ago
15 loaded
WE
WeLiveSecurity
21d ago · 28 items
Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise 21d ago Webworm: New burrowing techniques 23d ago The quest for greater tech independence 24d ago Why geopolitical turmoil is a gift for scammers, and how to stay safe 28d ago FrostyNeighbor: Fresh mischief and digital shenanigans 29d ago Eyes wide open: How to mitigate the security and privacy risks of smart glasses 32d ago Fake call logs, real payments: How CallPhantom tricks Android users 36d ago Fixing the password problem is as easy as 123456 36d ago A rigged game: ScarCruft compromises gaming platform in a supply-chain attack 38d ago This month in security with Tony Anscombe – April 2026 edition 43d ago
28 loaded
TL
The Last Watchdog
23d ago · 16 items
GUEST ESSAY: AI can speed up communication, but it can also weaken human connection 23d ago The first warning sign came on stage. Related: Carol Sturka declares her agency I had turned to ChatGPT to help organize research notes for an upcoming keynote. I was pressed for time and wanted help spotting patterns I might have missed. T... News alert: Orchid Security study finds invisible identities now outnumber managed accounts 23d ago NEW YORK, May 19, 2026, CyberNewswireŌĆöOrchid Security, the company solving identity at its core, today released its Identity Gap: 2026 Snapshot report, revealing that the majority of enterprise identity now exists outside the view of iden... MY TAKE: AI agents force a rethink of enterprise service lines as vendors move up the tech stack 25d ago ORLANDO — Companies are pulling AI agents into their daily operations through a dozen side doors. Related: SaaS and AI agents converge One of them was in focus at KB4-CON, KnowBe4’s annual customer conference at the Marriott World Cente... LW ROUNDTABLE: Microsoft Edge normalizes credential exposure — security pros push back 30d ago By design. Two words that have done an awful lot of heavy lifting in the cybersecurity industry over the years. They tend to surface whenever a vendor wants to wave off a serious finding without fixing it. Related: The unending password pro... FIRESIDE CHAT: Cyber insurers deepen SMB security role as supply chain attacks spread 31d ago The cyber insurance industry set out to manage financial risk. Along the way, it has quietly became the security operations provider for a significant share of American small businesses. An $11 billion acquisition agreement announced earlie... News Alert: Lyrie.ai joins Anthropic verification program, unveils protocol for securing AI agents 31d ago DUBAI, United Arab Emirates, May 11, 2026, CyberNewswire—Dubai-founded OTT Cybersecurity LLC today announced acceptance into Anthropic’s Cyber Verification Program and unveiled the Agent Trust Protocol (ATP), an open cryptographic stand... News alert: LuxSci launches HIPAA-compliant email platform for mid-size healthcare market 37d ago CAMBRIDGE, Mass., May 5, 2026, CyberNewswireŌĆöLuxSci, a leading provider of HIPAA compliant secure healthcare communications, today announced the launch of LuxSci Secure High Volume Email for mid-sized healthcare organizations, the industr... SHARED INTEL Q&A: PKI’s unfinished business—’digital passports’ for content, models and agents 43d ago As if keeping track of machine identities wasnŌĆÖt hard enough. AI agents are now arriving by the thousands ŌĆö and most enterprises are just handing them borrowed credentials and hoping for the best. Meanwhile, the cryptographic infrastruc... GUEST ESSAY: How augmented reality (AR) can turn building images into ad space with no control 45d ago Every major building in America has three things: a physical address, a legal owner, and an unmonitored attack surface. Related: Sam Altman's quest to usurp the browswer That surface extends from the ground up through every floor, every fac... FIRESIDE CHAT: Leaked secrets are now the go-to attack vector — and AI is accelerating exposures 46d ago A consequential shift is underway in how enterprise breaches begin. The leaked credential ‚Äî once treated as a hygiene problem ‚Äî has become the primary on-ramp. Related: No easy fixes for AI risk Last August‚Äôs Salesloft campaign was th...
16 loaded
DE
DEFCONConference
44d ago · 15 items
DEF CON 34 - DEF CON Policy Announcement - Katie Noble, Heather West 44d ago DEF CON 33 - DisguiseDelimit: Exploiting Synology NAS with Delimiters and Novel Tricks - Ryan Emmon 113d ago DEF CON 33 - Browser Extension Clickjacking: One Click and Your Credit Card Is Stolen - Marek Tóth 113d ago DEF CON 33 - Can't Stop the ROP: Automating Universal ASLR Bypasses - Bramwell Brizendine 113d ago DEF CON 33 Recon Village - How to Become One of Them: Deep Cover Ops - Sean Jones, Kaloyan Ivanov 163d ago DEF CON 33 Recon Village - Inside the Shadows Tracking RaaS Groups, Cyber Threats - John Dilgen 163d ago DEF CON 33 Recon Village - Autonomous Video Hunter AI Agents for Real Time OSINT - Kevin Dela Rosa 163d ago DEF CON 33 Recon Village - A Playbook for Integration Servers - Ryan Bonner, Guðmundur Karlsson 163d ago DEF CON 33 Recon Village - Mapping the Shadow War From Estonia to Ukraine - Evgueni Erchov 163d ago DEF CON 33 Recon Village - Building Local Knowledge Graphs for OSINT - Donald Pellegrino 163d ago
15 loaded
CC
CISA Cybersecurity Advisories
52d ago · 10 items
Defending Against China-Nexus Covert Networks of Compromised Devices 52d ago Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure 67d ago U.S. organizations should review the TTPs and IOCs in this advisory for indications of current or historical activity on their networks, and apply the Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure 188d ago The authoring organizations encourage critical infrastructure organizations to implement the recommendations in this advisory to reduce the likelihood and CISA Shares Lessons Learned from an Incident Response Engagement 263d ago Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System 291d ago The authoring agencies strongly urge network defenders to hunt for malicious activity and to apply the mitigations in this CSA to reduce the threat of Chinese CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization 317d ago #StopRansomware: Interlock 326d ago Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider 365d ago CISA urges software vendors, downstream customers, and end users to immediately implement the Mitigations listed in this advisory based on confirmed compromise Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations 387d ago Russian GRU Targeting Western Logistics Entities and Technology Companies 396d ago Executives and network defenders should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and IOCs
BA
Business Fraud at Network Scale: What the $3.5B Medicare Hospice Crisis Reveals About Know Your Business 56d ago What is Customer Due Diligence (CDD) 80d ago Why Legacy Identity Verification Can’t Stop AI-Enabled Fraud 83d ago AML, KYC and Identity Verification in Australia 92d ago When Fraud Becomes Background Noise: The Industrialization of Digital Deception 158d ago The Efficiency Era of KYC: Reverification and Reusable Identity Take Center Stage 158d ago The End of Static KYB: Business Identity in Constant Motion 158d ago Know Your Agent: The Next Chapter in Digital Trust 158d ago When Rules Move Faster Than Readiness: Regulatory Adaptability as a Competitive Advantage 158d ago Digital Identity Trends 2026: AI Fraud, Compliance, and Orchestration 177d ago
13 loaded
FP
AI in Tax Season: Risks, Scams, and How to Protect Your Data 99d ago Tax Season Scams to Watch For This Year 106d ago Beware of Misleading Tax Advice on Social Media 274d ago Each year the IRS educates taxpayers on the most trending fraud schemes that could deceive individuals and businesses during tax season. In late 2024, The IRS took to warning the public against misleading “tips” or... Scammers Up Their Game With AI 275d ago Learn how to spot the threats and protect yourself from scammers using AI for phishing and deepfakes with smart security practices. The Essential Guide to Safeguarding Your Online Passwords 353d ago Protect your personal and business data with strong passwords, two-factor authentication, and smart cybersecurity practices. Beware: Tax Season is Scam Season 464d ago Tax season is also prime time for tax scams. To safeguard your personal information, consider these key points: Communication methods The IRS initiates contact primarily through mail, not email or phone calls. Be cautious of... Stop Scams: Fraud Prevention Starts with Your Employees 477d ago You can be as proactive and protective as possible when it comes to cyber security for your business, but there’s one vulnerability you cannot eliminate: human error. In fact, statistics estimate that as much as... ‘Tis the Season for Holiday Shopping Scams 550d ago The holidays are typically the time of year for gifting presents to friends and family or donations to charity. Unfortunately, not-so-jolly fraudsters take advantage of this generosity. Protect yourself by watching for these common scams:..... IRS Issues “Dirty Dozen” Fraud Warnings 735d ago Each year, the IRS releases a “Dirty Dozen” series to highlight the most common fraud schemes taxpayers should be aware of. IRS Identity Theft Season Begins Now 864d ago Each year thieves try to steal billions in federal withholdings by stealing your identity. As the IRS focuses more attention on this quickly growing problem, now is the time of year to be extra vigilant....
LI
LiveOverflow
99d ago · 15 items
Security-driven Rapid Release - Pwn2Own Documentary (Part 4) 99d ago Firefox JIT Bug - Pwn2Own Documentary (Part 3) 102d ago The First Exploit - Pwn2Own Documentary (Part 2) 106d ago The World's Hardest Hacking Competition - Pwn2Own Documentary (Part 1) 109d ago From Zero to Zero Day (and beyond) - Life of a Hacker: Jonathan Jacobi 429d ago The German Hacking Championship 455d ago Do you know this common Go vulnerability? 469d ago Google's Mobile VRP Behind the Scenes with Kristoffer Blasiak (Hextree Podcast Ep.1) 604d ago My theory on how the webp 0day was discovered #short 620d ago My theory on how the webp 0day was discovered (BLASTPASS) 621d ago
15 loaded
HA
HackerSploit
429d ago · 15 items
How FIN6 Exfiltrates Files Over FTP 429d ago Emulating FIN6 - Active Directory Enumeration Made EASY 480d ago The SECRET to Embedding Metasploit Payloads in VBA Macros 485d ago Offensive VBA 0x4 - Reverse Shell Macro with Powercat 493d ago Offensive VBA 0x3 - Developing PowerShell Droppers 499d ago Offensive VBA 0x2 - Program & Command Execution 504d ago Offensive VBA 0x1 - Your First Macro 506d ago Emulating FIN6 - Gaining Initial Access (Office Word Macro) 511d ago FIN6 Adversary Emulation Plan (TTPs & Tooling) 515d ago Developing An Adversary Emulation Plan 515d ago
15 loaded
TH
Threatpost
1381d ago · 10 items
Student Loan Breach Exposes 2.5M Records 1381d ago 2.5 million people were affected, in a breach that could spell more trouble down the line. Watering Hole Attacks Push ScanBox Keylogger 1382d ago Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms 1383d ago Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. Ransomware Attacks are on the Rise 1386d ago Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. Cybercriminals Are Selling Access to Chinese Surveillance Cameras 1386d ago Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. Twitter Whistleblower Complaint: The TL;DR Version 1388d ago Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. Firewall Bug Under Active Attack Triggers CISA Warning 1389d ago CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP. Fake Reservation Links Prey on Weary Travelers 1390d ago Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. iPhone Users Urged to Update to Patch 2 Zero-Days 1393d ago Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. Google Patches Chrome’s Fifth Zero-Day of the Year 1394d ago An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

No matching sources found.