Whats The Hax?

RE

Reverse Engineering

1h ago · 20 items

LAN-LOK: Living as a sysadmin at an isolated Antarctic research station in the early 90s [DOS game -- would like to collab to reverse engineer] 1h ago r2garlic - The world's fastest Android/DEX decompiler meets radare2! 7h ago GitHub - iss4cf0ng/OpenBootloader: A Proof-of-Concept of simple bootloader, written in Assembly (NASM) and C language. 16h ago Lockbit Black Loader and Shellcode Analysis - Full Thought process, Technical Writeup and Blue Team perspective 1d ago Reverse Engineering Fisher-Price Pixter 1d ago /r/ReverseEngineering's Weekly Questions Thread 2d ago Check out my matplotlib of BLE live wire data for Oura ring! 2d ago Positron: DLL injection based runtime JS injection toolkit for Electron(v8) apps on Windows 2d ago Building a Wasm-in-Wasm Virtualizer (with JIT decrypted paged memory) 2d ago PE Entropy Visualizer with per-block RVA/VA mapping, locate packed payloads and encrypted blobs, then jump straight to them in IDA/Ghidra 2d ago Ghidra-SNES: A Ghidra extension for reverse engineering SNES ROMs (first public release, feedback welcome!) 4d ago Reverse-engineered DaVinci Resolve's activation check with Claude — Frida runtime tracing + radare2 4d ago SASS King Part 2: reverse-engineering ptxas heuristic decisions and what the compiled binary actually reveals 5d ago I just released a C++ rewrite of **Minecraft rd-20090515** (May 15, 2009 — one of the earliest pre-Classic versions).If you find it interesting, a ⭐ on GitHub would mean a lot and help the project grow! 5d ago The first FREE online WebAssembly Reverse Engineering workbench (and how we built it) 5d ago VLC Media Player MKV Exploit Analysis 5d ago pyghidra-mcp Meets Ghidra GUI: Drive Project-Wide RE with Local AI 6d ago ant4g0nist/pyre: Ghidra decompiler in your browser 7d ago Resident Evil: Code Veronica X is able to play the opening FMV from the decompiled PS2 source! 7d ago Reverse-engineering the 1998 Ultima Online demo server 7d ago

20 loaded Show 10 more

LN

Latest news

1h ago · 20 items

Sony just gave me a compelling reason to put my AirPods and Bose headphones away 1h ago I like headphones that understand exactly what I want them to do - that's why I consider Adaptive Sound Control to be one of Sony's best feats. Fedora Kinoite vs. Silverblue: My verdict after testing both immutable Linux distros 6h ago Fedora offers two different takes on an immutable option, each of which might be similar on the inside, but on the outside, they couldn't be different. Buying a robot mower? You can safely ignore these specs (and which ones actually matter) 7h ago Robot mowers aren't one-size-fits-all devices - many have overhyped specs you don't even need. Here are the mower features you can safely skip. Chromebook vs. Googlebook: How I'm deciding which laptop to upgrade to next 7h ago Google is going all-in on its new product line while assuring users Chromebooks aren't being phased out. Elementary OS vs. Linux Mint: I compared my once favorite distro to the Windows alternative 7h ago If you're looking for a user-friendly Linux distribution, your destination could depend on your starting point. Here's how two of your best options compare. I switched to a Wi-Fi 7 mesh router at home, and the faster download speed is so worth it 8h ago The Tenda BE5100 three-pack mesh Wi-Fi system is a low-cost, high-speed, easy-to-use package that kills wireless dead spots. How I made my Windows 11 widgets truly useful: 8 simple tweaks to try before you hide them 8h ago The Widgets feature can be annoying but it's also able to provide useful news and info. Here's how I tweak it to be less intrusive and more helpful. I kept losing my Roku TV remotes - until I discovered 3 easy and cost-effective fixes 14h ago From simply asking to using the app to secret buttons, there are several ways to find a lost remote. Your Android phone is getting agentic powers with Gemini Intelligence - here's how and when 16h ago Gemini got a major agentic upgrade on Android, handling multi-step tasks across apps - and powering new features. Google will let you watch YouTube videos on Android Auto now - is your car supported? 16h ago Android Auto will officially support full HD videos, including watching YouTube. But there are a couple of limits. I'm a devoted iPhone user but Android 17 is tempting me with its new video and social features 16h ago First look at Googlebook: A premium Chromebook alternative for Android users 16h ago Android will hang up on banking scammers for you - how its new anti-spoofing feature works 16h ago How to get Amazon Prime for 50% off: The two ways to qualify in 2026 17h ago Your iPhone RCS chats with Android are encrypted in iOS 26.5: How to verify E2E is enabled 18h ago I've tested dozens of power stations - here's how I'm preparing for summer blackouts 19h ago Why business architects are poised to lead the corporate AI revolution 20h ago Best Buy is selling this 4TB WD Black SSD for 65% off right now - and I'm seriously tempted 1d ago Windows 11's new Low Latency Profile may give your PC the speed boost it deserves 1d ago Microsoft PowerToys now lets you control your monitor from the taskbar - here's how 1d ago

20 loaded Show 10 more

MS

MSRC Security Update Guide

1h ago · 20 items

CVE-2026-44656 Vim: OS Command Injection via 'path' completion 1h ago CVE-2026-45130 Vim: Heap Buffer Overflow in spell file loading 1h ago CVE-2026-6666 PgBouncer crash in kill_pool_logins_server_error 1h ago CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command 1h ago CVE-2026-6665 PgBouncer buffer overflow in SCRAM 1h ago CVE-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsing 1h ago CVE-2026-35469 SpdyStream: DOS on CRI 1h ago CVE-2026-41636 Apache Thrift: Node.js skip() recursion 1h ago CVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow 1h ago CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification 1h ago CVE-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflow 1h ago CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error. 1h ago CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API 1h ago CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload 1h ago CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash 1h ago CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go 1h ago CVE-2026-33811 Crash when handling long CNAME response in net 1h ago CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences 1h ago CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go 1h ago CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go 1h ago

20 loaded Show 10 more

SE

SecurityWeek

1h ago · 10 items

Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities 1h ago Hundreds of Malicious Packages Force RubyGems to Suspend Registrations 1h ago ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA 2h ago Microsoft Patches 137 Vulnerabilities 14h ago Exaforce Raises $125 Million for Agentic SOC Platform 15h ago Adobe Patches 52 Vulnerabilities in 10 Products 16h ago White Circle Raises $11 Million for AI Control Platform 17h ago BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months 18h ago Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware 19h ago Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform 19h ago

CY

cybersecurity

1h ago · 20 items

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub 1h ago Is it realistic to move from Tech Risk/GRC into technical cybersecurity? 1h ago Are IPhone autofill passwords safe to use? 1h ago Access approvals happen over Slack dm and I don't know how to present that to an auditor 1h ago China is going dark to develop its own Mythos, German cyber chief fears 2h ago Is prompt injection a real problem for you? 2h ago New Exim BDAT bug shows why “just patch the mail server” is still not simple 2h ago Microsoft France's legal affairs director told the French Senate, under oath, that he can't guarantee European "sovereign cloud" data stays out of US reach 2h ago Cybersecurity guide 4h ago Cyebrsecurity Startup Advice 6h ago How worried should we be about AI powered cyberattacks? 7h ago Foxconn Ransomware Attack Shows Nothing Is Safe Forever 10h ago Zscaler AI Security Capabilities ? 11h ago Disgruntled researcher who dropped BlueHammer and RedSun drops two new Windows 11 zero-days: A Bitlocker bypass, nicknamed YellowKey, and LPE, nicknamed GreenPlasma 12h ago Škoda warns of customer data breach after online shop hack 14h ago Google launches new Android security feature to help uncover spyware attacks 14h ago Fancy Bear: Stealing Credentials Invisibly 15h ago Nightmare Eclipse has published Greenplasma and YellowKey 15h ago Chris Cochran at SANS Institute: AMA about the AI Security Maturity Model we just released. 20h ago Canvas hack: company pays criminals to delete students' stolen data 22h ago

20 loaded Show 10 more

FB

For [Blue|Purple] Teams in Cyber Defence

1h ago · 20 items

My Analysis of a Bandook RAT PCAP 1h ago Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign 4h ago Owning a service principal equals owning its permissions. 12h ago Claude Code RCE: Exploiting Deeplink Handlers via Settings Injection 13h ago CPU OP Cache Corruption - AMD has identified a vulnerability in the CPU operation (op/µop) cache on Zen 2‑based products that can cause incorrect instructions to be executed at a higher privilege level. 13h ago Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware 19h ago Postmortem: TanStack npm supply-chain compromise 21h ago bits from the release team - Aided by the efforts of the Reproducible Builds project, we've decided it's time to say that Debian must ship reproducible packages 1d ago rxrpc_privesc: RxRPC privesc PoC without fcrypt() restrictions 1d ago Detecting Remote Thread Creation with Windows Driver 1d ago Mythos finds a curl vulnerability 1d ago Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access - some leaps pending technical details 1d ago Reverse Engineering a Multi Stage File Format Steganography Chain of the TeamPCP Telnyx Campaign 1d ago Threat Actor Mr_Rot13 Actively Exploits CVE-2026-41940 for Backdoor Deployment 1d ago esp32-c5-deauth: A deauth with nuker for 2.4Ghz and 5Ghz controlled by BLE with Android app 1d ago LOLRMM Publishers - PR merges 182 new code signing certificates and adds important safety warnings to entries containing certificates from major software vendors. 1d ago How Cloudflare responded to the “Copy Fail” Linux vulnerability 1d ago I analyzed 196k+ Sysmon events and found APT29 staging malware in Temp. Here is my detection logic. 1d ago LUKSbox: Store sensitive files in the cloud, or on shared media without trusting the host. LUKSbox is a Rust-based encrypted-container tool with passphrase, FIDO2 (YubiKey, Titan, Nitrokey, Windows Hello), TPM 2.0, and hybrid post-quantum (ML-KEM-768 / 1024) keyslots. 1d ago EtwWatcher 1d ago

20 loaded Show 10 more

HN

Help Net Security

1h ago · 10 items

Versa CSPM brings continuous visibility to cloud risk and compliance exposure 1h ago Versa CSPM identifies, assesses, prioritizes and remediates misconfigurations and compliance risks across multi-cloud environments. NetSPI AI-powered Continuous Pentesting identifies high-impact vulnerabilities 3h ago NetSPI AI-powered Continuous Pentesting identifies, validates, and reduces risk across dynamic external and cloud environments. Sandyaa: Open-source autonomous security bug hunter 3h ago SecureLayer7 has released Sandyaa, an open-source autonomous bug hunter that uses LLMs to find vulnerabilities and write working exploits. The hidden risk of non-human identities in AI adoption 4h ago Securing AI agents starts with fixing risky NHI access, improving visibility, and replacing persistent privileges. Researchers open-source a Wi-Fi cyber range for security training 4h ago Researchers at NTNU built a Wi-Fi cyber range for hands-on 802.11 security training, with a working prototype now open-source on GitHub. Android pushes new scam, theft, and AI protections in 2026 update wave 5h ago Android security 2026 update brings verified bank calls, Android 17 theft protections, AI app monitoring, and on-device AI isolation. Fedora Hummingbird brings the container security model to a Linux host OS 10h ago Fedora Hummingbird Linux extends the distroless container model to the host OS, with atomic updates and continuous CVE remediation. Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days 14h ago Microsoft has marked May 2026 Patch Tuesday by releasing fixes for 120+ CVE-numbered vulnerabilities, none of which are actively exploited. SAP unveils Autonomous Enterprise for AI-driven business operations 16h ago SAP Autonomous Enterprise enhances the world’s most critical business workflows, enabling humans and AI to work together. Exaforce raises $125 million to respond to AI-powered attacks 17h ago Exaforce raises $125M in Series B funding to give security teams the speed, context, and reasoning needed to respond to AI-era threats.

TH

The Hacker News

2h ago · 20 items

Android Adds Intrusion Logging for Sophisticated Spyware Forensics 2h ago New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution 16h ago RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded 18h ago New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots 20h ago Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help 21h ago Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages 21h ago Why Agentic AI Is Security's Next Blind Spot 22h ago Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak 1d ago OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation 1d ago iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android 1d ago TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack 1d ago cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor 1d ago Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation 1d ago ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More 1d ago Your Purple Team Isn't Purple — It's Just Red and Blue in the Same Room 1d ago Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads 2d ago Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak 2d ago cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now 4d ago TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms 4d ago Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads 4d ago

20 loaded Show 10 more

MA

Malware Analysis & Reports

9h ago · 20 items

OS scanner that checks repos for traces of the Shai Hulud worm 9h ago Mini Shai-Hulud Supply-Chain Worm Compromises npm and PyPI Packages, Including TanStack, Mistral, Lightning, and Guardrails AI 13h ago Steam spear phishing 1d ago Fake linked in sponsored google search 1d ago Mass npm Supply Chain Attack Hits TanStack, Mistral AI, and 170+ Packages 1d ago New Shai-Hulud npm worm variant 1d ago looking for "evil" Websites 1d ago Deterministic PE Structural Validation in IOCX v0.7.3 1d ago sl1nk link 2d ago Wtf OPEN Ai 3d ago JDownloader's official website delivered Python RAT 4d ago Discord bot C2 infrastructure 7d ago IOCX v0.7.1 — robustness update focused on malformed PEs, hostile strings, and static‑analysis hardening 7d ago Supply chain attack: DAEMON Tools Lite now contains a backdoor. 7d ago Built a PE Malware Analysis Pipeline to Learn Why Most Detection Tools Suck at Correlation 8d ago Anyone wanna learn the CEH or OSCP red teaming free 10d ago Fake Tailscale site on Google Ads uses ClickFix to get you to execute malware yourself 11d ago Minirat malware deployed via NPM targeting macOS machines 13d ago VECT Ransomware Is Actually a Wiper 13d ago The Malware Factory: GLASSWORM Forensics in Open VSX 14d ago

20 loaded Show 10 more

BH

Black Hat

9h ago · 15 items

Bridging Research & Reality | Why Academics Attend Black Hat 9h ago Black Hat Stories | Patrick Ventuzelo, CEO and Founder of FuzzingLabs 16h ago SecTor 2025 | Detecting Forbidden White Labeled and Counterfeit Devices 8d ago SecTor 2025 | Not-So-Secret Agents: Deploying AI to Optimize Security Operations 13d ago Why Black Hat is Essential for Academics | Black Hat Stories 14d ago What Makes Black Hat Truly Shine | Black Hat Stories 15d ago SecTor 2025 | AI, Deepfakes, and the Next Evolution of Digital Identity Verification 15d ago SecTor 2025 | Security and Safety Testing for Agentic AI 15d ago SecTor 2025 | Quantifying Cyber Risk as a National Defense Imperative 16d ago SecTor 2025 | Foreign Information Manipulation and Interference (FIMI) (Disinformation 2.0) 16d ago SecTor 2025 | Ghost SIM Attack: Hacking Mobile Network Authentication Policies 17d ago SecTor 2025 | CAN Bus for Car Nerds and Security People Who Should Know Better 17d ago SecTor 2025 | Hacking Policy for the Public Good 18d ago SecTor 2025 | Behind Closed Doors - Bypassing RFID Readers & Physical Access Controls 18d ago Black Hat Stories | Meet David Oswald, Cyber Security Professor at Durham University 18d ago

15 loaded Show 5 more

BL

BleepingComputer

9h ago · 15 items

US govt seeks Instructure testimony on massive Canvas cyberattack 9h ago The U.S. House Committee on Homeland Security is calling on Instructure executives to testify about two cyberattacks by the ShinyHunters extortion group that targeted the company's Canvas platform, allowing threat actors to steal student da... UK fines water supplier $1.3M for exposing data of 664k customers 12h ago The Information Commissioner's Office has fined South Staffordshire Water Plc and parent company South Staffordshire Plc £963,900 ($1.3 million) over a cyberattack that exposed the personal data of 663,887 customers and employees. Webinar: Fixing the gaps in network incident response 13h ago IT teams often struggle to quickly coordinate responses across disparate systems during network incidents. This upcoming webinar explores how automation and AI-assisted workflows can reduce response times and help prevent outages. Signal adds security warnings for social engineering, phishing attacks 13h ago Signal has introduced new in-app confirmations and warning messages as additional safeguards against phishing and social engineering attempts that could lead to various forms of fraud. Microsoft releases Windows 10 KB5087544 extended security update 14h ago Microsoft has released the Windows 10 KB5087544 extended security update to fix the May 2026 Patch Tuesday vulnerabilities and resolve an issue with the new Remote Desktop warnings. Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator 14h ago Fortinet has released security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to run commands or arbitrary code. Windows 11 KB5089549 & KB5087420 cumulative updates released 14h ago Microsoft has released Windows 11 KB5089549 and KB5087420 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days 14h ago Today is Microsoft's May 2026 Patch Tuesday, with security updates for 120 flaws and no zero-days disclosed this month. Škoda warns of customer data breach after online shop hack 16h ago Škoda Auto, a wholly owned subsidiary of the Volkswagen Group, has disclosed a data breach after attackers hacked its online shop and stole the personal information of an undisclosed number of customers. Android 17 to expand banking scam call and privacy protections 16h ago Android 17, expected to roll out next month, will introduce several security and privacy features focused on device theft, threat detection, and banking scam calls. Shai Hulud attack ships signed malicious TanStack, Mistral npm packages 21h ago SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA 22h ago Instructure reaches 'agreement' with ShinyHunters to stop data leak 23h ago GM agrees to $12.75M California settlement over sale of drivers’ data 1d ago Official CheckMarx Jenkins package compromised with infostealer 1d ago

15 loaded Show 5 more

MS

Microsoft Security Blog

10h ago · 10 items

Accelerating detection engineering using AI-assisted synthetic attack logs generation 10h ago What if you could generate realistic attack telemetry on demand? Explore research methods that translate attacker behaviors (TTPs) into synthetic logs that can trigger detections at scale and without sensitive data. Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark 11h ago Today Microsoft is announcing a major step forward in AI-powered cyber defense: a new multi-model agentic scanning harness (codenamed MDASH). Defending consumer web properties against modern DDoS attacks 17h ago Learn how to protect consumer websites and defend against modern DDoS attacks with layered security, resilient architecture, and graceful service degradation. Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise 18h ago Microsoft Incident Response investigated an attack operated through legitimate and trusted administrative mechanisms to blend seamlessly into routine operations and remain undetected demonstrating that intrusions have increasingly avoided u... Active attack: Dirty Frag Linux vulnerability expands post-compromise risk 4d ago Dirty Frag is a newly disclosed Linux local privilege escalation vulnerability affecting kernel networking and memory-fragment handling components including esp4, esp6, and rxrpc. The vulnerability enables reliable escalation from an unpriv... When prompts become shells: RCE vulnerabilities in AI agent frameworks 5d ago New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these vulnerabilities work, what’s impacted, and how to secure your agents. World Passkey Day: Advancing passwordless authentication 5d ago This World Passkey Day, read how Microsoft is advancing passkey adoption to replace passwords, cut phishing risk, and deliver simpler, more secure sign-ins. ​​Microsoft named an overall leader in KuppingerCole Analyst’s 2026 Emerging AI Security Operations Center (SOC) report ​​ 6d ago Microsoft is excited to be named an Overall Leader, and the Market Leader in the Kuppinger Cole Analyst’s 2026 Emerging AI Security Operations Center (SOC) report, as we see automation and AI as core components of the future of cybersecurit... ClickFix campaign uses fake macOS utilities lures to deliver infostealers 6d ago Threat actors are targeting macOS users with fake utility fixes that trick them into running malicious Terminal commands. This campaign evades traditional defenses by stealing credentials, wallets, and sensitive data. Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise 8d ago Microsoft Defender Research observed a large-scale credential theft campaign that exemplifies this trend, using code of conduct-themed lures, a multi-step attack chain, and legitimate email services to distribute fully authenticated message...

PN

Proofpoint News Feed

11h ago · 10 items

Proofpoint Launches Dedicated MSP Business Unit and Introduces 365 Total Protection for North America 11h ago New MSP Platform business unit, AI-powered all-in-one Microsoft 365 protection, and Marketplace partnership with Pax8 strengthen Proofpoint’s commitment to channel and small and mid-size Proofpoint Establishes Innovation Precedent for Source-Agnostic Modern Enterprise Investigations 7d ago Proofpoint Prism Investigator positioned as first fully autonomous Agentic AI solution to significantly streamline investigations for highly regulated and highly AI and the New Threat Landscape | Sumit Dhawan with NightDragon | RSAC 2026 7d ago The Most Powerful Women Of The Channel 2026: Power 100 8d ago The Power 100 is culled from the ranks of CRN’s 2026 Women of the Channel and spotlights the female executives at vendors and distributors whose insight and influence help drive channel success. AI Security Gaps Create New MSSP Opportunity: Proofpoint 12d ago Claude Mythos Fears Startle Japan's Financial Services Sector 13d ago AI-Era Threats Spread Beyond Email Into SaaS, Collaboration Apps, and AI Assistants 14d ago Proofpoint Research Reveals Half of Global Organizations Experienced AI Incidents Despite Having AI Security Controls in Place 15d ago Inaugural global study finds more than half of organizations are not fully confident their AI security controls would detect compromised AI Clear market trend for software providers to help with AI: Proofpoint CEO 19d ago Sumit Dhawan, Proofpoint CEO, joins 'Closing Bell' to discuss ServiceNow's quarterly earnings results, if Anthropic's Mythos makes incumbent players more important and much more. Proofpoint CEO on AI Security Innovations | Nasdaq at RSAC 2026 20d ago

SL

Security Latest

11h ago · 20 items

Foxconn Ransomware Attack Shows Nothing Is Safe Forever 11h ago Iran Is Using Tiny ‘Mosquito’ Boats to Shut Down the Strait of Hormuz 14h ago Hackable Robot Lawn Mower Unlocks a New Nightmare 3d ago Meet Rassvet, Russia’s Answer to Starlink 5d ago The Canvas Hack Is a New Kind of Ransomware Debacle 5d ago How to Disable Google's Gemini in Chrome 5d ago Thousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open Web 5d ago A Kid With a Fake Mustache Tricked an Online Age-Verification Tool 6d ago Hackers Hate AI Slop Even More Than You Do 6d ago DHS Demanded Google Surrender Data on Canadian’s Activity, Location Over Anti-ICE Posts 8d ago Disneyland Now Uses Face Recognition on Visitors 10d ago Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers 11d ago OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts 12d ago 90,000 Screenshots of One Celebrity's Phone Were Exposed Online 12d ago Why Sharing a Screenshot Can Get You Jailed in the UAE 14d ago The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards 14d ago Cole Allen Charged With Attempting to Assassinate Trump 15d ago California Engineer Identified in Suspected Shooting at White House Correspondents’ Dinner 17d ago Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos 17d ago The Latest Push to Extend Key US Spy Powers Is Still a Mess 18d ago

20 loaded Show 10 more

KO

Krebs on Security

11h ago · 10 items

Patch Tuesday, May 2026 Edition 11h ago Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this m... Canvas Breach Disrupts Schools & Colleges Nationwide 5d ago An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the servi... Anti-DDoS Firm Heaped Attacks on Brazilian ISPs 12d ago A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazi... ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty 21d ago A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phish... Patch Tuesday, April 2026 Edition 28d ago Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dub... Russia Hacked Routers to Steal Microsoft Office Tokens 35d ago Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backe... Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab 37d ago An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gang... ‘CanisterWorm’ Springs Wiper Attack Targeting Iran 50d ago A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or ha... Feds Disrupt IoT Botnets Behind Huge DDoS Attacks 54d ago The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT) devices, such as ro... Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker 62d ago A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub out...

TR

The Record from Recorded Future News

13h ago · 5 items

Foxconn confirms cyberattack impacting North American factories 13h ago Congressman launches inquiry into how food retailers use surveillance pricing 13h ago West Pharmaceutical warns of ransomware attack impacting business operations 14h ago European countries are exporting surveillance tech to countries with poor human rights records, report says 16h ago Instructure pays ransom after Canvas incident as Congress announces investigation 20h ago

JH

John Hammond

14h ago · 15 items

Hackers are Using AI (much scary, very wow) 14h ago JHT Course Launch: Web App Junior Analyst! 11d ago FAKE Zoom Taxes MALWARE 15d ago the WORST phishing email i've ever seen 18d ago Hackers Stole Your Account (for free) 19d ago The Dawn of AI Warfare (with Katrina Manson) 21d ago The Payload Podcast #005 - Casey Smith 21d ago JHT Livestream: mitmproxy & OpenWRT to read HTTPS traffic! 25d ago HUGE AI-powered Microsoft Account phishing campaign 33d ago robots take over the world or something i guess idk 34d ago How Teenage Hackers Hijack the Internet (with Joe Tidy!) 34d ago Hackers make FAKE notifications 35d ago AI Cyber Defense Ops Course Launch! 39d ago Extremely Easy Identity Management (with Authentik!) 39d ago The Payload Podcast #004 - AI with Shane Caldwell 40d ago

15 loaded Show 5 more

TC

The Cyber Mentor

15h ago · 15 items

A Quick Way to Prove Your Cybersecurity Skillset! 15h ago A Guide to LNK File Forensics 11d ago Josh Mason | Real Folks of Cyber | DITL 13d ago Use BLUR-IT to Increase Your OPSEC 21d ago How to Investigate with Windows Prefetch Files 25d ago Cybersecurity Books to Read: DFIR Investigative Mindset 28d ago Bye Bye Bellini! | Andrew Bellini's Farewell Stream | Cybersecurity | AMA 34d ago Getting Started With The Windows Registry 39d ago How Digital Forensics Caught the BTK Killer 42d ago Welcoming Megan to TCM! | Cybersecurity | AMA 48d ago 3 Reasons IoT Security Will Explode in 2026 49d ago Blue Team CTF Walkthrough: DFIR 53d ago The Importance of Forensic Soundness 56d ago 5 Cybersecurity Books That Made Me a Better Investigator 60d ago LIVE: On-Stream GIVEAWAY! | CTF Launch | AMA 62d ago

15 loaded Show 5 more

TI

Technical Information Security Content & Discussion

15h ago · 20 items

Dead.Letter (CVE-2026-45185) How XBOW found an unauthenticated RCE on Exim 15h ago Malicious Coding Agent Skills and the Risk of Dynamic Context | Datadog Security Labs 16h ago AI Vulnerability Research and the Fuzzer Era Déjà Vu 17h ago I spent a weekend trying to get OpenClaw to leak my own personal data and it caught me immediately... 20h ago Curl lead developer Daniel Stenberg provides insightful feedbacks from Mythos analysis results 23h ago New ipTIME Pre-Auth RCE in CWMP 1d ago Postmortem: TanStack npm supply-chain compromise 1d ago GhostLock: SMB Deny-Share Handles as a Zero-Privilege Availability Weapon 1d ago MyAudi app:Security issues in Audi Connected Vehicle experience 2d ago Giving Claude Code Full Control of a Hardware Fault Injection Setup to Bypass Secure Boot 2d ago Autonomous Vulnerability Hunting with MCP 2d ago ShinyHunters / AT&T ransom payment traced on-chain — paper draft, seeking arXiv cs.CR endorsement 2d ago Data in Use Protection: How MPC Keeps Inputs Hidden from the Cloud - Stoffel - MPC Made Simple 2d ago The compression of the exploit timeline: Why n-day gaps and 90-day embargoes are failing in practice. 2d ago Outrunning SHA256 with Physics 3d ago Defence in Depth: A Practical Secure Corporate Network Topology 3d ago Technical Analysis of EagleSpy V6.0 (CraxsRAT Rebrand) Distributed Through Odysee and Telegram 3d ago Getting LLMs Drunk to Find Remote Linux Kernel OOB Writes (and More) 3d ago Seclens: Role-specific Evaluation of LLM's for security vulnerablity detection 4d ago Securing CI/CD for an open source project: lessons from Cilium 4d ago

20 loaded Show 10 more

AC

All CISA Advisories

21h ago · 20 items

ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax 21h ago Subnet Solutions PowerSYSTEM Center 21h ago Software Bill of Materials for AI - Minimum Elements 21h ago ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities 21h ago ABB AC500 V3 Multiple Vulnerabilities 21h ago ABB Automation Builder Gateway for Windows 21h ago Fuji Electric Tellus 21h ago CISA Adds One Known Exploited Vulnerability to Catalog 4d ago CISA Adds One Known Exploited Vulnerability to Catalog 5d ago MAXHUB Pivot Client Application 5d ago CISA Adds One Known Exploited Vulnerability to Catalog 6d ago Hitachi Energy PCM600 7d ago Johnson Controls CEM AC2000 7d ago ABB B&R PVI 7d ago ABB B&R Automation Runtime 7d ago ABB B&R Automation Studio 7d ago CISA Adds One Known Exploited Vulnerability to Catalog 11d ago Careful Adoption of Agentic AI Services 11d ago ABB Ability OPTIMAX 12d ago ABB AWIN Gateways 12d ago

20 loaded Show 10 more

HS

Heimdal Security Blog

23h ago · 15 items

AI Will Absorb 99.98% of SOC Triage Within a Year, as 79% of IT teams brace for AI-driven workload shift 23h ago Morten Kjaersgaard expects fewer than 500 of three million monthly alerts to need a human analyst in the year ahead. The role is being rebuilt around cases that warrant judgement. Heimdal Expands AI Strategy with AI Wingman and Third-Party AI Containment 21d ago Heimdal today unveiled the next phase of its AI strategy, expanding AI Wingman with three new layers - Assist, Triage and SOC - alongside the introduction of Third-Party AI Containment. You Only Know What You’ve Got When Its Gone 46d ago Prepare for the expected. Rehearse an action plan in case of technology failure or cyberattacks. We all know they can happen. Nordic MSPs Can Now Access Heimdal’s Unified Security and Compliance Platform Through Elovade 56d ago Heimdal has appointed Elovade as its official distributor in the Nordic region. The move gives MSPs and resellers across Sweden, Norway, Denmark, Iceland, and Finland direct access to Heimdal's consolidated cybersecurity platform through a ... OpenClaw Incidents Show Why AI Adoption Pressure Puts Companies at Risk 68d ago The OpenClaw security failures show how hasty AI adoption can expose businesses and supply chains to major cyber risk. Heimdal Claims Industry First With a Cyber Essentials Control Mapping for PEDM to Help Organisations Prove Least Privilege 93d ago Heimdal is the first vendor to publish a dedicated Cyber Essentials control mapping for PEDM, setting out how privilege management supports Cyber Essentials requirements and what evidence can be produced to support assessment and assurance. Five Predictions for Cyber Security Trends in 2026 97d ago Morten Kjaersgaard, Heimdal’s Founder, and Adam Pilton, a former cybercrime investigator, predict five cyber security trends for 2026. Heimdal Achieves OPSWAT Gold Certification for Anti-Malware 118d ago Heimdal today announced that its Next-Gen Antivirus (NGAV) with Extended Threat Protection (XTP) has achieved OPSWAT Gold Certification for Anti-Malware, validating its compatibility and effectiveness within OPSWAT’s industry-leading Access... How to Avoid Holiday Shopping Scams (From a Former Cyber Detective) 152d ago Worried about holiday scams? Ex-cybercrime detective Adam Pilton breaks down the biggest threats and how to shop safely this festive season. ITDR Best Practices: How to Detect, Prevent, and Contain Critical Identity Threats 166d ago Key takeaways: ITDR solutions monitor identity-based threats that traditional security tools miss, like hackers logging in with stolen credentials Effective ITDR requires integration with privileged access management and automated responses... When Buyers Discount MSPs With One Big Customer 166d ago You’re Not Technical? That Excuse Just Expired! 166d ago Tool Sprawl Taxes Your Business More Than You Think 168d ago Heimdal 5.1.0 RC Dashboard: Smarter Automation, Stronger Compliance, and Smoother Control 172d ago Can Generative AI Be Weaponized for Cyberattacks? 175d ago

15 loaded Show 5 more

HS

hacking: security in practice

1d ago · 20 items

Anyone here familiar with the Internet Computer Protocol (ICP) and why TeamPCP would choose to use it? 1d ago Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation 1d ago Reading old s4 memory with xgecu t48 1d ago Autonomous Vulnerability Hunting with MCP 2d ago Is it true that the professionals have the worst setups? 2d ago Refining hacking basics — scaling them aswell 3d ago AI Agent for Hacking, connects a brain to Kali (open-source & model-agnostic) 3d ago Bridging the Gap Between Vulnerabilities and Working Exploits 3d ago LAB Setup 4d ago Ethical malware development community 4d ago Has Instructure paid SH? 4d ago New trends (not mainstream) 4d ago Best tools to find exposed web services by HTML title / HTTP response? 4d ago Why wouldn’t the hackers already have our passwords if they infiltrated canvas potentially weeks ago? 5d ago A hacker ran me over with a robot lawn mower - The Verge 5d ago Happened today 5d ago Shinyhunters and Canvas 5d ago OpenCTI founder, Samuel Hassine, arrested and charged for buying child porn / CSAM 6d ago Jailbreaking my cars infotainment system and implementing my own custom software 6d ago Are there any chill hacking youtubers? 6d ago

20 loaded Show 10 more

SE

Securelist

1d ago · 10 items

State of ransomware in 2026 1d ago Kaspersky researchers are sharing insights into the main ransomware trends for 2026: EDR killers on the rise, switching from data encryption to data leaks, and more. CVE-2025-68670: discovering an RCE vulnerability in xrdp 5d ago During a security assessment of Kaspersky USB Redirector, we discovered CVE-2025-68670: a pre-auth RCE in the xrdp server component. Project maintainers promptly patched the vulnerability. Exploits and vulnerabilities in Q1 2026 5d ago This report provides statistical data on published vulnerabilities and exploits we researched during Q1 2026. It also includes summary data on the use of C2 frameworks in APT attacks. OceanLotus suspected of using PyPI to deliver ZiChatBot malware 6d ago Kaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT. Websites with an undefined trust level: avoiding the trap 6d ago We explain what suspicious websites are and how to distinguish a safe site from a fraudulent one. A new category in Kaspersky solutions: we’re sharing global statistics on untrusted site detection. “Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security 8d ago Kaspersky expert breaks down a new phishing scheme that uses the Amazon SES cloud email service. Let’s look at some examples to see how you can tell a phishing email from a real one. Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India 13d ago The Silver Fox group is targeting companies in Russia and India by impersonating tax authorities to distribute ValleyRAT and the new ABCDoor backdoor. PhantomRPC: A new privilege escalation technique in Windows RPC 19d ago Kaspersky researcher discovered a vulnerability in RPC architecture that enables an attacker to create a fake RPC server and escalate their privileges. FakeWallet crypto stealer spreading through iOS apps in the App Store 22d ago In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Threat landscape for industrial automation systems in Q4 2025 27d ago The report contains industrial threat statistics for Q4 2025. It covers various infection vectors and malware types, as well as regional statistics and statistics by industry.

SA

Security - Ars Technica

1d ago · 20 items

Linux bitten by second severe vulnerability in as many weeks 1d ago Chaos erupts as cyberattack disrupts learning platform Canvas amid finals 4d ago Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives" 5d ago Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack 7d ago Ubuntu infrastructure has been down for more than a day 11d ago GPT-5.5 matches heavily hyped Mythos Preview in new cybersecurity tests 11d ago The most severe Linux threat to surface in years catches the world flat-footed 12d ago Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden 13d ago Open source package with 1 million monthly downloads stole user credentials 15d ago Why are top university websites serving porn? It comes down to shoddy housekeeping. 18d ago In a first, a ransomware family is confirmed to be quantum-safe 19d ago Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage 20d ago Microsoft issues emergency update for macOS and Linux ASP.NET threat 20d ago Mozilla: Anthropic's Mythos found 271 security vulnerabilities in Firefox 150 21d ago Contrary to popular superstition, AES 128 is just fine in a post-quantum world 21d ago US-sanctioned currency exchange says $15 million heist done by "unfriendly states" 25d ago Recent advances push Big Tech closer to the Q-Day danger zone 25d ago "TotalRecall Reloaded" tool finds a side entrance to Windows 11's Recall database 27d ago UK gov's Mythos AI tests help separate cybersecurity threat from hype 28d ago Iran-linked hackers disrupt operations at US critical infrastructure sites 34d ago

20 loaded Show 10 more

NA

NahamSec

1d ago · 15 items

The Bug Bounty Roadmap I'd Follow If I Started Over (With AI) 1d ago Is the AI hype helping or killing your bug bounty dreams? #hacking #bugbounty 1d ago Stop Using AI Connectors Until You Watch This 8d ago One ChatGPT connector. One email. Full AI agent hijack. #BugBounty #PromptInjection #ai #hacking 8d ago This hacker made $40,000 using Claude #ai #hacking #bugbounty 15d ago My Friend Made $40,000 Using Claude Code (Here's How) 15d ago I Learned How to Jailbreak AI Chatbots 22d ago Here’s everything I have learned from making $2M in bounties. #bugbounty 26d ago Is AI Killing Bug Bounty? 29d ago An AI Hacker Showed Me How to Exfil Data in Zero Clicks 36d ago I Earned $2M Hacking. Here's Everything I Know 43d ago BECOMING AN AI HACKER (Episode 01) 57d ago Was This Vulnerability Worth $15,000? 64d ago I Hacked My First AI Chatbot 78d ago Can I Replace AI With My Recon Methodology? 85d ago

15 loaded Show 5 more

CY

CyberScoop

1d ago · 10 items

The missing cybersecurity leader in small business 1d ago Sen. Schumer seeks DHS plan on AI cyber coordination with state, local governments 4d ago ShinyHunters claims nearly 9,000 schools affected by Canvas data breach 4d ago Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI 4d ago Ivanti customers confront yet another actively exploited zero-day 5d ago Trump officials are steering a cybersecurity scholarship program toward AI 5d ago American duo sentenced for hosting laptop farms for North Korean IT workers 5d ago One House Democrat is pressing Commerce on the government’s spyware use 5d ago A DOD contractor’s API flaw exposed military course data and service member records 6d ago A critical Palo Alto PAN-OS zero-day is being exploited in the wild 6d ago

WE

WeLiveSecurity

2d ago · 20 items

Eyes wide open: How to mitigate the security and privacy risks of smart glasses 2d ago Fake call logs, real payments: How CallPhantom tricks Android users 6d ago Fixing the password problem is as easy as 123456 6d ago A rigged game: ScarCruft compromises gaming platform in a supply-chain attack 8d ago This month in security with Tony Anscombe – April 2026 edition 13d ago The calm before the ransom: What you see is not all there is 19d ago GopherWhisper: A burrow full of malware 20d ago New NGate variant hides in a trojanized NFC payment app 22d ago What the ransom note won’t say 23d ago That data breach alert might be a trap 26d ago Supply chain dependencies: Have you checked your blind spot? 26d ago Recovery scammers hit you when you’re down: Here’s how to avoid a second strike 33d ago As breakout time accelerates, prevention-first cybersecurity takes center stage 36d ago Digital assets after death: Managing risks to your loved one’s digital estate 42d ago This month in security with Tony Anscombe – March 2026 edition 43d ago RSAC 2026 wrap-up – Week in security with Tony Anscombe 46d ago A cunning predator: How Silver Fox preys on Japanese firms this tax season 47d ago Virtual machines, virtually everywhere – and with real security gaps 48d ago Cloud workload security: Mind the gaps 49d ago Move fast and save things: A quick guide to recovering a hacked account 53d ago

20 loaded Show 10 more

TM

Trend Micro Research, News, Perspectives

2d ago · 20 items

Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America 2d ago Supporting the National Cyber Strategy: How TrendAI™ Helps 7d ago InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise 8d ago Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities 9d ago Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia 13d ago Kuse Web App Abused to Host Phishing Document 14d ago Bad actors took advantage of the legitimate name and services of Kuse, a popular AI-based app designed for workplaces. The attackers exploited the users’ trust in Kuse to carry out a phishing attack. Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories 22d ago The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables 23d ago Identity Protection in the AI Era 30d ago Learn about a proactive, identity-first security approach that integrates visibility, threat detection and response, zero trust enforcement, AI protection, and threat intelligence into a unified model. U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026 34d ago Discover how TrendAI Vision One™ empowers government agencies and educational institutions with advanced visibility, intelligence, and automation to stay ahead of evolving public sector threats. Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do 36d ago Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads 40d ago TrendAI Insight: New U.S. National Cyber Strategy 42d ago The Real Risk of Vibecoding 43d ago Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads 43d ago TrendAI™ Research at RSAC 2026: Advancing Defense Across AI‑Driven and Cyber‑Physical Threats 43d ago TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM 44d ago Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise 48d ago Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities 48d ago Your AI Stack Just Handed Over Your Root Keys: Inside the litellm PyPI Breach 49d ago

20 loaded Show 10 more

DB

David Bombal

2d ago · 15 items

Is this laptop any good? (Real World Use cases) 2d ago 3 risks of using clear DNS 4d ago May the force help you troubleshoot ... 8d ago Dual Boot Windows and Ubuntu Linux in 10 Minutes (2026) 9d ago They got hacked and now you will get attacked ☹️ 14d ago Stop Reflashing USBs: Build a Ventoy Toolkit 16d ago Stop using these browsers in 2026! 18d ago How long before your encryption is broken? (Quantum Switch is here) 19d ago I want this WiFi gadget! (Speed Testing and more) 21d ago How to track dark ships using OSINT (with demos) 23d ago How your ISP tracks you (even with encrypted DNS) 25d ago Hackers are using AI to win. 3 ways to STOP them in 2026. 30d ago Hacking Windows Active Directory in 10 minutes 32d ago Learn Linux in 180s: head and tail commands 33d ago Warning: Vibe Hacking is here 34d ago

15 loaded Show 5 more

CD

Cyber Defense Magazine

2d ago · 22 items

Fighting Fire With Fire: Future-Proofing The Cybersecurity Workforce With AI 2d ago Innovator Spotlight: Lineaje 3d ago Why Vulnerability Scanning Is Not Penetration Testing, And Why Cisos Should Care 4d ago Bouncing Back from Cyberattacks: How Fast Recovery Is Mastered 5d ago When AI Stops Assisting And Starts Discovering: What Claude Mythos Preview Means For Cybersecurity 5d ago Innovators Spotlight: Badge (Part II) 6d ago Redefining Security Operations Through Seceon’s Open Threat Management Platform 6d ago The Insurance Industry Is Rewriting Cybersecurity Strategy 7d ago Securing The AI-Enabled Workforce: The Next Evolution Of Human Risk Management 8d ago Ai Didn’t Break Cybersecurity, It Revealed It 9d ago RSAC 2026: The Power of Community 10d ago Inside RSAC 2026 11d ago Innovator Spotlight: The Open Group 12d ago Preparing For Hybrid Warfare: Actions To Take When The Cloud Goes Dark 12d ago Operationalizing Cyber Resilience: A Practitioner’s Framework for Real-World Security Constraints 13d ago Innovator Spotlight: Puneet Bhatnagar 14d ago Cybersecurity Risks in 2026 14d ago Retro-Coding and the Roots of Logic: Why The Byte Brothers: Program a Problem Still Matters 15d ago Innovator Spotlight: TokenCore 15d ago Platform Engineering: The Rise of a Disciplinary Rethink 15d ago 60% Of Cyberattacks Are Identity Based — Is Identity First A Bad Idea? 15d ago From Threat Detection To Decision Intelligence: Rethinking Modern Cyber Defense 16d ago

22 loaded Show 12 more

IP

IppSec

3d ago · 15 items

HackTheBox - Overwatch 3d ago HackTheBox - Sorcery 17d ago HackTheBox - AirTouch 24d ago HackThebox - Eighteen 31d ago HackTheBox - DarkZero 38d ago HackTheBox - Browsed 45d ago HackTheBox - Conversor 52d ago HackTheBox - Gavel 59d ago HackTheBox - Principal 60d ago HackTheBox - ExpressWay 66d ago HackTheBox - Guardian 73d ago HackTheBox - GiveBack 80d ago HackTheBox - Soulmate 87d ago HackTheBox - Signed 94d ago HackTheBox - CodePartTwo 101d ago

15 loaded Show 5 more

HA

Hak5

4d ago · 15 items

The Fatal 4-Byte Error That Just Broke Linux | Threat Wire 4d ago Why You Must Check Your Password Manager Immediately | THREAT WIRE 12d ago NIST Is Scaling Back CVEs — And That’s a Problem | THREAT WIRE 18d ago there are too many stories to cover #cybersecurity #news @endingwithali 26d ago Use After Free Bugs Are Out of Control @endingwithali #threatwire #cybersecurity 26d ago Are you thinking about software supply chain attacks? #hacker @endingwithali #cybersecurity 26d ago Age Restricted Internet Is On It’s Way #threatwire @endingwithali #hackernews 26d ago Age Restricted Internet Is On It’s Way - Threat Wire 27d ago Use After Free Bugs Are Out of Control! - Threat Wire 33d ago 🔴 [PAYLOAD REVIEW] WiFi Pineapple Pager 📟🍍 35d ago 🍍📟 Firmware 1.0.8 - WiFi Pineapple Pager 36d ago No More Routers In The US - Threat Wire 41d ago Why is Google Closing Android? - Threat Wire 47d ago Meta Ending End to End on Instagram- Threat Wire 53d ago Chrome Is Thinking Quantum - Threat Wire 61d ago

15 loaded Show 5 more

AL

Alerts

4d ago · 20 items

CISA Adds One Known Exploited Vulnerability to Catalog 4d ago CISA Adds One Known Exploited Vulnerability to Catalog 5d ago CISA Adds One Known Exploited Vulnerability to Catalog 6d ago CISA Adds One Known Exploited Vulnerability to Catalog 11d ago CISA Adds One Known Exploited Vulnerability to Catalog 12d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 14d ago CISA Adds Four Known Exploited Vulnerabilities to Catalog 18d ago CISA Adds One Known Exploited Vulnerability to Catalog 19d ago CISA Adds One Known Exploited Vulnerability to Catalog 20d ago ​​Supply Chain Compromise Impacts Axios Node Package Manager​ 22d ago CISA Adds Eight Known Exploited Vulnerabilities to Catalog 22d ago CISA Adds One Known Exploited Vulnerability to Catalog 26d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 28d ago CISA Adds Seven Known Exploited Vulnerabilities to Catalog 29d ago CISA Adds One Known Exploited Vulnerability to Catalog 34d ago CISA Adds One Known Exploited Vulnerability to Catalog 36d ago CISA Adds One Known Exploited Vulnerability to Catalog 40d ago CISA Adds One Known Exploited Vulnerability to Catalog 41d ago CISA Adds One Known Exploited Vulnerability to Catalog 43d ago CISA Adds One Known Exploited Vulnerability to Catalog 46d ago

20 loaded Show 10 more

RF

Recorded Future

5d ago · 20 items

Working in London at the World’s Largest Intelligence Company 5d ago See what it is like to work at the Recorded Future London office. A Complete History of Cybersecurity: From Early Viruses to AI-Powered Threats 5d ago A comprehensive history of cybersecurity and the eras of threat on the internet. The Different Types of Payment Fraud and How to Prevent Them 5d ago Explore the different types of payment fraud and become aware of telltale signs and how to prevent them. Digital Citizenship Glossary: Key Terms Every Internet User Should Know 5d ago A glossary of key internet terms every user should know to protect themselves from scams, phishing, malware, and other digital threats. Quantum Risk Explained 6d ago Learn how the "Harvest Now, Decrypt Later" (HNDL) risk exposes long-lived sensitive data today, regardless of when Cryptographically Relevant Quantum Computers (CRQCs) arrive. Recorded Future Named a Leader in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies. And there’s more. 7d ago Recorded Future shares exciting developments since being named a leader. Threat Activity Enablers: The Backbone of Today’s Threat Landscape 7d ago Behind every ransomware demand, botnet, or threat activity group is a server sitting in a data center. Hacking Embodied AI 8d ago Embodied AI, intelligent systems in physical forms such as humanoid and quadruped robots, is moving from spectacle to staffing plans. The Iran War: What You Need to Know 12d ago Insikt Group tracks the cyber, physical, and geopolitical components of the US-Israeli strikes on Iran — with continuously updated threat analysis and scenarios. Risk Scenarios for the US’s Strategic Pivot 13d ago The United States (US) is shifting toward a more force-driven security strategy primarily relying on military operations and economic pressure to counter transnational criminal organizations and limit Chinese, Russian, and Iranian influence... Building with AI: Here's What No Briefing Will Tell You 13d ago The Money Mule Solution: What Every Scam Has in Common 15d ago Lazarus Doesn't Need AGI 15d ago From Overwhelmed to Autonomous: Rethinking Threat Intelligence in 2026 19d ago Critical minerals and cyber operations 20d ago Today, trust is the superpower that makes innovation possible 20d ago Evolution of Chinese-Language Guarantee Telegram Marketplaces 21d ago AI Hype vs. Reality: Is AI Really Rewriting the Vulnerability Equation? 21d ago Emerging Enterprise Security Risks of AI 22d ago 4 Essential Integration Workflows for Operationalizing Threat Intelligence Recorded Future 26d ago

20 loaded Show 10 more

NE

NetworkChuck

6d ago · 15 items

Compliance can be frustrating. But....CALMpliance........that's a whole different thing. 6d ago Summer of CCNA LIVE Launch Party 8d ago Learn networking with REAL labs 👉 Join the Summer of CCNA 15d ago Most AI coding tools don’t sandbox on Windows (except one) 18d ago I built a network with gachapon machines 29d ago i didn't want to like this.... 33d ago Milla Jovovich made an AI memory tool…..it’s pretty good 35d ago Gemma 4 on the iPhone (local AI, no internet required) 37d ago Anthropic says NO MORE OpenClaw!! 39d ago the WORST hack of 2026 42d ago OpenClaw......RIGHT NOW??? (it's not what you think) 43d ago I almost quit YouTube.... 62d ago YouTube BROKE but the ads kept working... 64d ago the prompting trick nobody teaches you 67d ago hackers now steal your data in 72 minutes 69d ago

15 loaded Show 5 more

CS

Cisco Security Advisory

6d ago · 20 items

Cisco Unity Connection Remote Code Execution and Server-Side Request Forgery Vulnerabilities 6d ago Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to execute arbitrary code on or conduct server-side request forgery (SSRF) attacks through an affected device. For more information about these vulnerabilities... Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability 6d ago A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a... Cisco Identity Services Engine Authentication Bypass Vulnerabilities 6d ago Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow a remote attacker to bypass authorization mechanisms or examine error messages to gain access to sensitive information on an affected device. For more information ... Cisco Prime Infrastructure Information Disclosure Vulnerability 6d ago A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization chec... Cisco Slido Insecure Direct Object Reference Vulnerability 6d ago A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and ... Cisco IoT Field Network Director Vulnerabilities 6d ago Multiple vulnerabilities in the web-based management interface of Cisco IoT Field Network Director Software could allow an authenticated, remote attacker to access files, execute commands, and cause denial of service (DoS) conditions on man... Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Connection Exhaustion Denial of Service Vulnerability 6d ago A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a... Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vulnerability 6d ago A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow an authenticated, remote attacker to caus... Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities 7d ago Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulner... Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense 12d ago On April 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an update to V1: Emergency Directive (ED) 25-03: Identify and Mitigate Potential Compromise of Cisco Devices related to Cisco Secure Firewall Adaptiv... Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities 14d ago Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability 18d ago Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities 20d ago Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities 20d ago Cisco Catalyst SD-WAN Vulnerabilities 20d ago Cisco Webex Services Certificate Validation Vulnerability 26d ago Cisco Secure Web Appliance Authentication Bypass Vulnerability 26d ago Cisco Identity Services Engine Remote Code Execution Vulnerabilities 27d ago Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability 27d ago Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities 27d ago

20 loaded Show 10 more

TL

The Last Watchdog

7d ago · 10 items

News alert: LuxSci launches HIPAA-compliant email platform for mid-size healthcare market 7d ago CAMBRIDGE, Mass., May 5, 2026, CyberNewswireŌĆöLuxSci, a leading provider of HIPAA compliant secure healthcare communications, today announced the launch of LuxSci Secure High Volume Email for mid-sized healthcare organizations, the industr... SHARED INTEL Q&A: PKI’s unfinished business—’digital passports’ for content, models and agents 12d ago As if keeping track of machine identities wasnŌĆÖt hard enough. AI agents are now arriving by the thousands ŌĆö and most enterprises are just handing them borrowed credentials and hoping for the best. Meanwhile, the cryptographic infrastruc... GUEST ESSAY: How augmented reality (AR) can turn building images into ad space with no control 14d ago Every major building in America has three things: a physical address, a legal owner, and an unmonitored attack surface. Related: Sam Altman's quest to usurp the browswer That surface extends from the ground up through every floor, every fac... FIRESIDE CHAT: Leaked secrets are now the go-to attack vector — and AI is accelerating exposures 15d ago A consequential shift is underway in how enterprise breaches begin. The leaked credential ‚Äî once treated as a hygiene problem ‚Äî has become the primary on-ramp. Related: No easy fixes for AI risk Last August‚Äôs Salesloft campaign was th... News alert: BreachLock’s integrated attack validation platform debuts in Gartner AEV category 20d ago NEW YORK, Apr. 21, 2026, CyberNewswire—BreachLock, a global leader in offensive security, today announced it has been named a representative vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation. This recognition mar... Fireside Chat: PKI has carried digital trust through every tech advance—now comes the hardest one 22d ago Public key infrastructure -- the authentication and encryption framework that has held digital commerce together through every chaotic leap forward in technology -- is facing a double whammy. Related: Achieveing AI security won't be easy Au... News Alert: NTT Research launches SaltGrain—advanced Attribute-Based Encryption security 27d ago SUNNYVALE, Calif., Apr. 15, 2026 ŌĆō NTT Research, Inc., a division of NTT (TYO:9432), today announced the launch of Scale Academy, a startup incubator responsible for bringing to market products and services based upon technologies studied... GUEST ESSAY: Google’s 2029 deadline exposes readiness gap as move to quantum-safe crypto lags 28d ago For years, quantum risk was easy for most institutions to treat as premature: real in theory, urgent someday, but not yet an operational problem. That is no longer tenable. Related: AI spawns semantic attacks Two developments this month bro... News alert: Mallory launches AI-native platform to cut through alert noise and surface real risk 33d ago AUSTIN, Texas, Apr. 9, 2026, CyberNewswire—Mallory is launching a AI-native threat intelligence platform, purpose-built to answer the questions CISOs and their teams are asking every day: •What are the real threat vectors for our organi... FIRESIDE CHAT: Geopolitical turmoil, rising AI risk add a new layer to enterprise cyber defense 35d ago As if securing the enterprise against a tidal wave of AI tools wasn't hard enough, it turns out the geopolitical instability of the moment is making things worse. That wasn't the headline at RSAC 2026 last week -- agentic AI dominated the a...

BF

Blog – Forter

7d ago · 10 items

One-Click Refunds Are Not as Hard as You Think 7d ago Toys“R”Us Japan Implements Forter’s Fraud Management and Payment Optimization Solutions 14d ago More of What Matters: Forter’s April Product Release 15d ago If AI Agents Can’t Find You, Do You Even Exist? 15d ago Return Policy Abuse Is Theft. It’s Time to Treat It That Way. 27d ago What Is Return Abuse and Why Is It Getting Harder to Stop? 28d ago Return Abuse Prevention Starts with the Person, Not the Policy 28d ago Shoptalk 2026: Retail in the Age of AI 36d ago Visa’s Updated VAMP Program: What Merchants Need to Know 48d ago New at Forter: Go Live in Days, Not Months 56d ago

DA

darkreading

7d ago · 25 items

How the Story of a USB Penetration Test Went Viral 7d ago RMM Tools Fuel Stealthy Phishing Campaign 8d ago Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability 8d ago Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia 8d ago How Dark Reading Lifted Off the Launchpad in 2006 8d ago 76% of All Crypto Stolen in 2026 Is Now in North Korea 11d ago If AI's So Smart, Why Does It Keep Deleting Production Databases? 11d ago Name That Toon: Mark of (Security) Progress 11d ago 20 Years in Cyber: Dark Reading Marks Milestone With Month of Special Coverage 11d ago TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack 12d ago Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug 12d ago Anthropic's Mythos Has Landed: Here's What Comes Next for Cyber 12d ago Oracle Red Bull Racing Team Revs Up Automation to Boost Security 12d ago Claude Mythos Fears Startle Japan's Financial Services Sector 13d ago Reverse Engineering With AI Unearths High-Severity GitHub Bug 13d ago AI Finds 38 Security Flaws in Electronic Health Record Platform 13d ago Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error 13d ago Lotus Wiper Attack Targets Venezuelan Energy Firms, Utilities 13d ago BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures 14d ago NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later 14d ago Feuding Ransomware Groups Leak Each Other's Data 14d ago Vidar Rises to Top of Chaotic Infostealer Market 14d ago Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain 14d ago UNC6692 Combines Social Engineering, Malware, Cloud Abuse 15d ago Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation 15d ago

25 loaded Show 15 more

M3

Microsoft 365 Blog

7d ago · 10 items

Copilot Cowork: From conversation to action across skills, integrations, and devices 7d ago Today, we’re announcing additional capabilities in Cowork to expand on what it can make possible for you. Microsoft 365 Copilot, human agency, and the opportunity for every organization 7d ago Empower your organization with Microsoft 365 Copilot—AI that bridges human potential and business outcomes for the future of work. Microsoft Agent 365, now generally available, expands capabilities and integrations 11d ago ​We’re announcing the general availability of Agent 365, plus previews of new capabilities to discover and manage shadow AI agents. Learn more. Copilot’s agentic capabilities in Word, Excel, and PowerPoint are generally available 20d ago Copilot's newest features are now generally available as the default experience across all Microsoft 365 subscriptions. Bring your everyday business apps into the flow of work with agents in Microsoft 365 Copilot 29d ago Discover how apps integrate with AI agents to power Copilot experiences, streamline workflows, and turn business context into action. New and improved: Multi-agent orchestration, connected experiences, and faster prompt iteration 41d ago Explore what's new in Copilot Studio: Multi-agent systems now generally available, plus updates to the Prompt Editor and governance controls. Copilot Cowork: Now available in Frontier 43d ago Today, Copilot Cowork—designed for long-running, multi-step work in Microsoft 365—is available via the Frontier program. Copilot Cowork: A new way of getting work done 64d ago Copilot Cowork turns intent into action across Microsoft 365—automating tasks, coordinating workflows, and keeping you in control. See how. Powering Frontier Transformation with Copilot and agents 64d ago Wave 3 of Microsoft 365 Copilot introduces Copilot Cowork, multi‑model intelligence, and enterprise‑ready AI—built to get real work done. SharePoint at 25: How Microsoft is putting knowledge to work in the AI era 71d ago Discover how SharePoint’s 25‑year legacy powers Microsoft 365 Copilot, Work IQ, and AI‑driven knowledge for organizations worldwide.

WE

WeLiveSecurity

8d ago · 20 items

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack 8d ago This month in security with Tony Anscombe – April 2026 edition 13d ago The calm before the ransom: What you see is not all there is 19d ago GopherWhisper: A burrow full of malware 20d ago New NGate variant hides in a trojanized NFC payment app 22d ago What the ransom note won’t say 23d ago That data breach alert might be a trap 26d ago Supply chain dependencies: Have you checked your blind spot? 26d ago Recovery scammers hit you when you’re down: Here’s how to avoid a second strike 33d ago As breakout time accelerates, prevention-first cybersecurity takes center stage 36d ago Digital assets after death: Managing risks to your loved one’s digital estate 42d ago This month in security with Tony Anscombe – March 2026 edition 43d ago RSAC 2026 wrap-up – Week in security with Tony Anscombe 46d ago A cunning predator: How Silver Fox preys on Japanese firms this tax season 47d ago Virtual machines, virtually everywhere – and with real security gaps 48d ago Cloud workload security: Mind the gaps 49d ago Move fast and save things: A quick guide to recovering a hacked account 53d ago EDR killers explained: Beyond the drivers 54d ago Face value: What it takes to fool facial recognition 60d ago Cyber fallout from the Iran war: What to have on your radar 61d ago

20 loaded Show 10 more

SM

Security | Microsoft Azure Blog | Microsoft Azure

8d ago · 10 items

Azure IaaS: Defense in depth built on secure-by-design principles 8d ago Explore how Azure IaaS uses defense in depth and secure-by-design principles to deliver layered, scalable cloud security across compute, network, and data. Enforcing trust and transparency: Open-sourcing the Azure Integrated HSM 12d ago Learn how Microsoft Azure Integrated HSM delivers hardware‑enforced key protection in the cloud, combining FIPS Level 3 assurances with transparency and open‑source collaboration. Azure IaaS: Keep critical applications running with built-in resiliency at scale 41d ago Learn how Azure IaaS helps organizations start from a resilient platform foundation with availability, continuity, and recovery capabilities. Azure IaaS: Explore new resources for building a stronger, more efficient infrastructure 69d ago Learn how Azure IaaS helps you modernize infrastructure, improve performance and resilience, optimize costs, and prepare for AI workloads. Read more. Azure reliability, resiliency, and recoverability: Build continuity by design 84d ago Learn how Azure reliability, resiliency, and recovery capabilities work together to improve cloud continuity. Read more. Microsoft strengthens sovereign cloud capabilities with new services 189d ago Discover new Microsoft digital sovereignty capabilities and upcoming features across AI, security, and productivity, to address sovereign cloud needs. Enhancing software supply chain security with Microsoft’s Signing Transparency 190d ago Microsoft Signing Transparency delivers verifiable code integrity and tamper-evident software releases for stronger supply chain security. Oracle Database@Azure offers new features, regions, and programs to unlock data and AI innovation 210d ago Migrate Oracle solutions to the cloud with a trusted, enterprise-ready platform from Microsoft and Oracle. Learn more. Building secure, scalable AI in the cloud with Microsoft Azure 315d ago Forrester Research shows how Azure helps enterprises scale generative AI securely, unlocking real business value. Learn more. Enhance AI security with Azure Prompt Shields and Azure AI Content Safety 341d ago Learn how Prompt Shields and Azure AI Content Safety can help guard against direct and indirect threats to your LLM-based solution.

ZU

ZDI: Upcoming Advisories

13d ago · 1 items

ZDI-CAN-30796: Docker 13d ago

DE

DEFCONConference

14d ago · 15 items

DEF CON 34 - DEF CON Policy Announcement - Katie Noble, Heather West 14d ago DEF CON 33 - DisguiseDelimit: Exploiting Synology NAS with Delimiters and Novel Tricks - Ryan Emmon 83d ago DEF CON 33 - Browser Extension Clickjacking: One Click and Your Credit Card Is Stolen - Marek Tóth 83d ago DEF CON 33 - Can't Stop the ROP: Automating Universal ASLR Bypasses - Bramwell Brizendine 83d ago DEF CON 33 Recon Village - How to Become One of Them: Deep Cover Ops - Sean Jones, Kaloyan Ivanov 132d ago DEF CON 33 Recon Village - Inside the Shadows Tracking RaaS Groups, Cyber Threats - John Dilgen 132d ago DEF CON 33 Recon Village - Autonomous Video Hunter AI Agents for Real Time OSINT - Kevin Dela Rosa 132d ago DEF CON 33 Recon Village - A Playbook for Integration Servers - Ryan Bonner, Guðmundur Karlsson 132d ago DEF CON 33 Recon Village - Mapping the Shadow War From Estonia to Ukraine - Evgueni Erchov 132d ago DEF CON 33 Recon Village - Building Local Knowledge Graphs for OSINT - Donald Pellegrino 132d ago DEF CON 33 Recon Village - OSINT & Modern Recon Uncover Global VPN Infrastructure - Vladimir Tokarev 132d ago DEF CON 33 Recon Village - Pretty Good Pivot - Simwindie 132d ago DEF CON 33 Recon Village - enumeraite: AI Assisted Web Attack Surface Enumeration - Özgün Kültekin 132d ago DEF CON 33 Recon Village - OSINT Signals Pop Quiz - Master Chen 132d ago DEF CON 33 Recon Village - Investigating Foreign Tech from Online Retailers - Michael Portera 132d ago

15 loaded Show 5 more

FP

Fraud Prevention – Riskified

19d ago · 1 items

Agentic commerce: harness it, don’t outsource it 19d ago External AI agents fly blind without your data. Learn why native AI, powered by identity intelligence, is the key to owning customer relationships in retail.

CC

CISA Cybersecurity Advisories

21d ago · 10 items

Defending Against China-Nexus Covert Networks of Compromised Devices 21d ago Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure 36d ago U.S. organizations should review the TTPs and IOCs in this advisory for indications of current or historical activity on their networks, and apply the Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure 158d ago The authoring organizations encourage critical infrastructure organizations to implement the recommendations in this advisory to reduce the likelihood and CISA Shares Lessons Learned from an Incident Response Engagement 232d ago Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System 260d ago The authoring agencies strongly urge network defenders to hunt for malicious activity and to apply the mitigations in this CSA to reduce the threat of Chinese CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization 287d ago #StopRansomware: Interlock 295d ago Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider 334d ago CISA urges software vendors, downstream customers, and end users to immediately implement the Mitigations listed in this advisory based on confirmed compromise Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations 357d ago Russian GRU Targeting Western Logistics Entities and Technology Companies 365d ago Executives and network defenders should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and IOCs

BA

Blog Articles - Identity Insights | Trulioo

26d ago · 13 items

Business Fraud at Network Scale: What the $3.5B Medicare Hospice Crisis Reveals About Know Your Business 26d ago What is Customer Due Diligence (CDD) 50d ago Why Legacy Identity Verification Can’t Stop AI-Enabled Fraud 53d ago AML, KYC and Identity Verification in Australia 62d ago When Fraud Becomes Background Noise: The Industrialization of Digital Deception 127d ago The Efficiency Era of KYC: Reverification and Reusable Identity Take Center Stage 127d ago The End of Static KYB: Business Identity in Constant Motion 127d ago Know Your Agent: The Next Chapter in Digital Trust 127d ago When Rules Move Faster Than Readiness: Regulatory Adaptability as a Competitive Advantage 127d ago Digital Identity Trends 2026: AI Fraud, Compliance, and Orchestration 146d ago The World’s Identity Platform 1198d ago KYC: 3 Steps to Achieving Know Your Customer Compliance 1469d ago AML Compliance Checklist: Best Practices for Anti-Money Laundering 1484d ago

13 loaded Show 3 more

II

InfoSec Insights

62d ago · 3 items

SSL/TLS Certificate Lifespans Are Decreasing to 200 Days 62d ago A Guide to PKI Authentication with 8 Examples 182d ago How to Open 443 Port and Check If It Is Enabled or Not 196d ago

FP

Fraud Prevention Archives - Alloy Silverstein

68d ago · 2 items

AI in Tax Season: Risks, Scams, and How to Protect Your Data 68d ago Tax Season Scams to Watch For This Year 75d ago

LI

LiveOverflow

69d ago · 15 items

Security-driven Rapid Release - Pwn2Own Documentary (Part 4) 69d ago Firefox JIT Bug - Pwn2Own Documentary (Part 3) 72d ago The First Exploit - Pwn2Own Documentary (Part 2) 76d ago The World's Hardest Hacking Competition - Pwn2Own Documentary (Part 1) 79d ago From Zero to Zero Day (and beyond) - Life of a Hacker: Jonathan Jacobi 399d ago The German Hacking Championship 424d ago Do you know this common Go vulnerability? 438d ago Google's Mobile VRP Behind the Scenes with Kristoffer Blasiak (Hextree Podcast Ep.1) 573d ago My theory on how the webp 0day was discovered #short 589d ago My theory on how the webp 0day was discovered (BLASTPASS) 590d ago Learn Android Hacking! - University Nevada, Las Vegas (2024) 617d ago My Trip to Las Vegas for DEFCON & Black Hat 630d ago Finding The .webp Vulnerability in 8s (Fuzzing with AFL++) 841d ago A Vulnerability to Hack The World - CVE-2023-4863 873d ago Reinventing Web Security 904d ago

15 loaded Show 5 more

SK

STÖK

261d ago · 15 items

Life in the Nordics 🌲 | Foraging Blueberries, Mushrooms & Nosework Training with Our Dogs 261d ago Winter vanlife = good times 863d ago What an experience! Getting a Christmas tree from our own piece of land. #movingupnorth! 870d ago Had to much GLÖGG and lost my camera during - 13371122 - Intigriti + Visma 876d ago IS THIS THE END? 936d ago Escaping the grind and decompiling python 3.9 pyc files to find vulnerabilites 1091d ago How to turn bugs into a "passive" income stream! ft Detectify's Almroot 1331d ago HOW DID THIS HAPPEN!? (13370822 LHE VLOG) 1345d ago Q: How to write a BUG BOUNTY report that actually gets paid? 1461d ago facts: Bug Bounty hunters has made ridiculous amounts of $$ from known DNS techniques.. 1475d ago Q: HOW do you find hidden stuff on websites? (this episode is all about CONTENT DISCOVERY!) 1489d ago Q: HOW do you get started in bug bounty?? How do you build your automation?! 1503d ago Q: PENTEST VS BUGBOUNTY? (Bounty Thursday's - ON AIR) 1517d ago BOUNTY THURSDAYS - LIVE #2 (NEWS/TOOLS and Community Questions with Jason Haddix) 1531d ago Livestream från STÖK 1545d ago

15 loaded Show 5 more

HA

HackerSploit

398d ago · 15 items

How FIN6 Exfiltrates Files Over FTP 398d ago Emulating FIN6 - Active Directory Enumeration Made EASY 449d ago The SECRET to Embedding Metasploit Payloads in VBA Macros 454d ago Offensive VBA 0x4 - Reverse Shell Macro with Powercat 463d ago Offensive VBA 0x3 - Developing PowerShell Droppers 469d ago Offensive VBA 0x2 - Program & Command Execution 473d ago Offensive VBA 0x1 - Your First Macro 475d ago Emulating FIN6 - Gaining Initial Access (Office Word Macro) 481d ago FIN6 Adversary Emulation Plan (TTPs & Tooling) 484d ago Developing An Adversary Emulation Plan 484d ago Introduction To Advanced Persistent Threats (APTs) 489d ago Introduction To Adversary Emulation 510d ago Mastering Persistence: Using an Apache2 Rootkit for Stealth and Defense Evasion 519d ago Planning Red Team Operations | Scope, ROE & Reporting 659d ago Mapping APT TTPs With MITRE ATT&CK Navigator 664d ago

15 loaded Show 5 more

TH

Threatpost

1350d ago · 10 items

Student Loan Breach Exposes 2.5M Records 1350d ago 2.5 million people were affected, in a breach that could spell more trouble down the line. Watering Hole Attacks Push ScanBox Keylogger 1351d ago Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms 1352d ago Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. Ransomware Attacks are on the Rise 1355d ago Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. Cybercriminals Are Selling Access to Chinese Surveillance Cameras 1356d ago Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. Twitter Whistleblower Complaint: The TL;DR Version 1357d ago Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. Firewall Bug Under Active Attack Triggers CISA Warning 1358d ago CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP. Fake Reservation Links Prey on Weary Travelers 1359d ago Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. iPhone Users Urged to Update to Patch 2 Zero-Days 1362d ago Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. Google Patches Chrome’s Fifth Zero-Day of the Year 1363d ago An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.