Loading…

Whats The Hax?

Daily intelligence on threats, breaches, and defenders

Latest
BleepingComputerCloudZ malware abuses Microsoft Phone Link to steal SMS and OTPsLatest newsTrojan abuses Microsoft Phone Link app to steal your passwordscybersecurityThe UK’s Age Verification Law Is Producing Compliance TheatercybersecurityMicrosoft Edge: Passwords end up in memory as plaintextcybersecurityDo people still get viruses in 2026, or is that mostly a myth now?cybersecurityMitigation script for Copy Fail vulnerability CVE-2026-31431cybersecurityPopular DAEMON Tools software infected – supply chain attack ongoing since April 8, 2026SecurityWeekMetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairshacking: security in practiceIs this fake too?🤣Reverse EngineeringCopy.fail: Why Internal LLMs Are Non-Negotiable for SecurityFor [Blue|Purple] Teams in Cyber DefenceThe cPanel Zero-Day Was Active for 64 Days Before Anyone KnewThe Hacker NewsScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and WindowscybersecurityCritical Apache HTTP Server RCE (CVE-2026-23918) - Millions of Servers Potentially Exposed. Patches releasedBleepingComputerScarCruft hackers push BirdCall Android malware via game platformSecurityWeekWhatsApp Discloses File Spoofing, Arbitrary URL Scheme VulnerabilitiesLatest newsThe best mobile antivirus software of 2026: Expert tested and reviewedLatest newsWhat you'll pay for AI agents will be wildly variable and unpredictableHelp Net SecurityNorth Korean hackers trojanize gaming platform to spy on ethnic Koreans in ChinacybersecurityDigiCert breached via malicious screensaver fileMSRC Security Update GuideCVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissionsBleepingComputerCloudZ malware abuses Microsoft Phone Link to steal SMS and OTPsLatest newsTrojan abuses Microsoft Phone Link app to steal your passwordscybersecurityThe UK’s Age Verification Law Is Producing Compliance TheatercybersecurityMicrosoft Edge: Passwords end up in memory as plaintextcybersecurityDo people still get viruses in 2026, or is that mostly a myth now?cybersecurityMitigation script for Copy Fail vulnerability CVE-2026-31431cybersecurityPopular DAEMON Tools software infected – supply chain attack ongoing since April 8, 2026SecurityWeekMetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairshacking: security in practiceIs this fake too?🤣Reverse EngineeringCopy.fail: Why Internal LLMs Are Non-Negotiable for SecurityFor [Blue|Purple] Teams in Cyber DefenceThe cPanel Zero-Day Was Active for 64 Days Before Anyone KnewThe Hacker NewsScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and WindowscybersecurityCritical Apache HTTP Server RCE (CVE-2026-23918) - Millions of Servers Potentially Exposed. Patches releasedBleepingComputerScarCruft hackers push BirdCall Android malware via game platformSecurityWeekWhatsApp Discloses File Spoofing, Arbitrary URL Scheme VulnerabilitiesLatest newsThe best mobile antivirus software of 2026: Expert tested and reviewedLatest newsWhat you'll pay for AI agents will be wildly variable and unpredictableHelp Net SecurityNorth Korean hackers trojanize gaming platform to spy on ethnic Koreans in ChinacybersecurityDigiCert breached via malicious screensaver fileMSRC Security Update GuideCVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions

By Source

Feeds organized so you can skim by site.

Density Sort
BL
BleepingComputer
1h ago · 15 items
CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs 1h ago A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices. ScarCruft hackers push BirdCall Android malware via game platform 1h ago The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain attack through a video game platform. Weaver E-cology critical bug exploited in attacks since March 11h ago Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. Amazon SES increasingly abused in phishing to evade detection 14h ago The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. Backdoored PyTorch Lightning package drops credential stealer 16h ago A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services. Trellix discloses data breach after source code repository hack 17h ago Cybersecurity firm Trellix disclosed a data breach after attackers gained access to They don’t hack, they borrow: How fraudsters target credit unions 20h ago Fraudsters aren't hacking credit unions, they are exploiting normal business processes. Flare reveals how structured loan fraud methods use stolen identities to pass verification and secure funds. Progress warns of critical MOVEit Automation auth bypass flaw 21h ago Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. Webinar: Why MSPs must rethink security and backup strategies 21h ago Security breaches don't just test your defenses—they test your recovery. Join Kaseya in our upcoming webinar to learn how MSPs strengthen resilience with SaaS backups and BCDR to stay operational after attacks. CISA says ‘Copy Fail’ flaw now exploited to root Linux systems 22h ago CISA has warned that threat actors have started exploiting the
15 loaded
LN
Latest news
1h ago · 20 items
Trojan abuses Microsoft Phone Link app to steal your passwords 1h ago Cross-device syncing isn't always a safe practice. Here's everything you need to know about this threat. The best mobile antivirus software of 2026: Expert tested and reviewed 1h ago My hands-on guide to the best mobile antivirus apps covers top picks like Bitdefender, Sophos, and more for Android and iOS. What you'll pay for AI agents will be wildly variable and unpredictable 1h ago A test of leading AI agents found vastly different amounts of tokens consumed with no transparency and no guarantees of success. Forget the soundbar: How I upgraded my TV audio with spare Bluetooth speakers 9h ago You don't have to shell out hundreds (or thousands) of dollars on smart speakers for a robust home entertainment setup. Android phone slow? I changed 2 developer settings for an instant speed boost 9h ago Skip the optimizer apps. Simply enable Android Developer Options to unlock these performance-enhancing features. It's much easier than you think. This wearable gadget effectively soothes my migraines and headaches, and it's under $50 13h ago The Renpho Eyeris 2 Massager helps alleviate my headaches and tired eyes, and I can stream music with it too. This e-reader lets you view in color, and it's $60 cheaper now 13h ago The Kindle Colorsoft brings a smooth color display to your favorite books, and it's dropped in price again. Verizon will give you a free Samsung Galaxy S26, watch, and tablet right now - how to qualify 14h ago The latest add-a-line deal gets you a free Galaxy S26, Galaxy Watch 8, and Galaxy Tab S10 FE Tablet at Verizon. The future of IT service delivery is built on AI and automation 15h ago IT teams and Managed Service Providers are under pressure to deliver faster service in an increasingly complex threat landscape. They can no longer do without integrated, AI-driven systems. I tested Google Maps vs. Apple Maps to find the best navigation app - and this one wins 15h ago Apple Maps has improved over the years, but how does it compare to Google Maps today? Here's which one is best.
20 loaded
CY
cybersecurity
1h ago · 20 items
The UK’s Age Verification Law Is Producing Compliance Theater 1h ago Microsoft Edge: Passwords end up in memory as plaintext 1h ago Do people still get viruses in 2026, or is that mostly a myth now? 1h ago Mitigation script for Copy Fail vulnerability CVE-2026-31431 1h ago Popular DAEMON Tools software infected – supply chain attack ongoing since April 8, 2026 1h ago Critical Apache HTTP Server RCE (CVE-2026-23918) - Millions of Servers Potentially Exposed. Patches released 1h ago DigiCert breached via malicious screensaver file 1h ago CISO Security Mind Map 2026 2h ago AI Security Trainings 3h ago Who are your favorite cybersecurity YouTubers? 6h ago
20 loaded
SE
SecurityWeek
1h ago · 10 items
HS
hacking: security in practice
1h ago · 20 items
20 loaded
RE
Reverse Engineering
1h ago · 20 items
Copy.fail: Why Internal LLMs Are Non-Negotiable for Security 1h ago Reverse-engineering Final Fantasy X (PS3) trophy system with Ghidra 13h ago [CrackMe] PyVMP v6 : The Fortress. I dare you to break it (again x2). 15h ago [WIP] Resolve indirect calls in Binary Ninja with DynamoRIO instrumentation 20h ago IDA-MCP Is Now RE-MCP With Ghidra Support 21h ago Reverse-engineered the BLE protocol of the LuckPrinter-SDK family of thermal pocket printers (DP-L1S) — Python CLI + Web Bluetooth client + full command reference 22h ago /r/ReverseEngineering's Weekly Questions Thread 1d ago GitHub - 03DSmoothie/minecraft-cpp-versions: Minecraft recoded in C++ (multiple versions) 1d ago Automated RASP Bypass with Frida + AI Agent | nutcracker & aipwn demo 1d ago Please critique my reverse engineering ctf platform. It is meant for beginners but I would like input from serious reverse engineers. It is functionally done but I need criticism for further refinements, thank you! 1d ago
20 loaded
The cPanel Zero-Day Was Active for 64 Days Before Anyone Knew 1h ago GIDR: A behavioral intrusion detection system for Windows. Files are innocent until proven guilty at runtime. When malicious behavior is detected, the entire attack chain is traced to root and eliminated. 6h ago dMSA Ouroboros: Self-Sustaining Credential Extraction in Windows Server 2025 6h ago N-Day Research with AI: Using Ollama and n8n 6h ago 38 CVEs in Healthcare Software Used by 100,000 Medical Providers 16h ago Recursively fuzzing MS-RPC structures and monitoring using ETW 17h ago VanGuard — open-source single-binary DFIR toolkit (Velociraptor, Hayabusa, Chainsaw, Loki, YARA) with TUI, air-gap support, and 28 pre-built use cases 23h ago CVE-2026-31431:我用 DeepSeek 复现了 AI 发现Copy Fail 提权的全过程 - CVE-2026-31431: I used DeepSeek to reproduce the entire process of AI detecting Copy Fail privilege escalation. 1d ago 《APT高级威胁研究报告》(2026 版)- Advanced Threat Research Report (2026 Edition) 1d ago nginxpulse: 轻量级 Nginx 访问日志分析与可视化面板,提供实时统计、PV 过滤、IP 归属地与客户端解析。- A lightweight Nginx access log analysis and visualization dashboard, providing real-time statistics, PV filtering, IP geolocation, and client resolution. 1d ago
20 loaded
TH
The Hacker News
1h ago · 20 items
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows 1h ago Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API 2h ago Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries 3h ago Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools 16h ago Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass 17h ago ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More 19h ago 2026: The Year of AI-Assisted Attacks 22h ago Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia 22h ago Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks 1d ago Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M 1d ago
20 loaded
HN
Help Net Security
1h ago · 10 items
North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China 1h ago ScarCruft supply chain attack trojanized Windows and Android games on a Yanbian gaming platform to spy on ethnic Koreans since late 2024. Meta adds proof-based security to encrypted backups 1h ago Meta encrypted backups update adds OTA key distribution and verifiable HSM deployments to strengthen WhatsApp and Messenger security. Can your coding style predict whether your code is vulnerable? 5h ago Code stylometry vulnerability detection uses developer coding habits to flag risky software, but LLM-generated code may erode the signal. One in four MCP servers opens AI agent security to code execution risk 5h ago Noma research shows AI agent security gaps in Skills create blind spots that MCP-focused governance and observability tools miss. Cybersecurity jobs available right now: May 5, 2026 6h ago Here are the worldwide cybersecurity job openings available as of May 5, 2026, including on-site, hybrid, and remote roles. Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) 19h ago CVE-2026-4670 and CVE-2026-5174 in MOVEit Automation may allow unauthorized access, administrative control, and lead to data exposure. Penske Logistics launches platform for real-time supply chain visibility 20h ago Penske Logistics launches Supply Chain Insight, a platform offering real-time visibility across transportation and warehousing operations. DigiCert breached via malicious screensaver file 20h ago A security breach at DigiCert enabled attackers to issue code signing certificates later used to sign malware. Operant AI Endpoint Protector secures AI agents and MCP tools 20h ago Operant AI launches Endpoint Protector to secure AI tools, coding agents, and MCP workflows at endpoints against emerging threats. Owl IRD enables one-way forensic data transfer for incident response teams 20h ago Owl Cyber Defense launches IRD, a pocket-sized diode for secure transfer of forensic data from compromised systems to safe environments.
MS
MSRC Security Update Guide
1h ago · 20 items
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions 1h ago CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow 1h ago CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference 1h ago CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net 1h ago CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place 2h ago CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow 2h ago CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow 2h ago CVE-2026-42798 2h ago CVE-2026-37457 2h ago CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions 2h ago
20 loaded
Proton Pass: Second-Password Bypass Through Emergency Access 1h ago We probed 6,000 web apps for Stripe webhook signature checks. 1,542 don't bother 5h ago Lateral Movement - Cross-Session Activation 19h ago "AccountDumpling": Hunting Down the Google-Sent Phishing Wave Compromising 30,000+ Facebook Accounts 1d ago Acoustic Keystroke Recovery - Reconstructing Typed Text from a Laptop Microphone (Full Guide, 85% success rate) 1d ago How to exfiltrate data using only numeric outputs 2d ago For vulnerability research, smaller models run repeatedly can outperform larger frontier models on cost-to-recall. 3d ago Every incident public companies have disclosed to the SEC, in one searchable database 3d ago r/netsec monthly discussion & tool thread 3d ago Handled, Not Hosted: Administrative Activity Inside a Bulletproof Hoster 4d ago
20 loaded
NE
NetworkChuck
11h ago · 15 items
15 loaded
BH
Black Hat
14h ago · 15 items
15 loaded
MA
Malware Analysis & Reports
17h ago · 20 items
20 loaded
MS
Microsoft Security Blog
19h ago · 10 items
Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise 19h ago Microsoft Defender Research observed a large-scale credential theft campaign that exemplifies this trend, using code of conduct-themed lures, a multi-step attack chain, and legitimate email services to distribute fully authenticated message... CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments 3d ago A high-severity Linux vulnerability, “Copy Fail” (CVE-2026-31431), enables root privilege escalation across cloud environments and Kubernetes workloads. With a working exploit already in the wild, organizations should act quickly to detect,... Microsoft Agent 365, now generally available, expands capabilities and integrations 3d ago ​We’re announcing the general availability of Agent 365, plus previews of new capabilities to discover and manage shadow AI agents. Learn more. What’s new, updated, or recently released in Microsoft Security 4d ago Stay ahead of emerging threats with Microsoft’s newest security innovations and updates, delivered through the In the Loop series. Email threat landscape: Q1 2026 trends and insights 4d ago In early 2026, email threats increased with a rise in credential phishing, QR code phishing, and CAPTCHA-gated campaigns, highlighted by Microsoft’s disruption of the Tycoon2FA phishing platform which led to a 15% volume decrease and shifts... 8 best practices for CISOs conducting risk reviews 5d ago Read Microsoft expert tips for CISOs on embracing strong proactive security to mitigate increased exposure to security threats. Simplifying AWS defense with Microsoft Sentinel UEBA 6d ago Learn how Microsoft Sentinel UEBA helps defenders distinguish benign AWS activity from attacker behavior by enriching raw CloudTrail logs with clear, binary behavioral signals derived from baseline user, peer, and device behavior patterns. AI-powered defense for an AI-accelerated threat landscape 12d ago Read how Microsoft is partnering with Anthropic and broader industry to use leading models, paired with our platforms and expertise, to turn AI-driven discovery into protection at scale. Detection strategies across cloud and identities against infiltrating IT workers 13d ago The shift to remote and hybrid work since the pandemic expanded global hiring and accelerated digital onboarding, increasing reliance on online identity verification and remote access. Making opportunistic cyberattacks harder by design 14d ago How Microsoft secures Dynamics 365 and Power Platform by removing credentials, reducing attack surfaces, and using platform engineering to block opportunistic threats.
SL
Security Latest
19h ago · 20 items
DHS Demanded Google Surrender Data on Canadian’s Activity, Location Over Anti-ICE Posts 19h ago Disneyland Now Uses Face Recognition on Visitors 2d ago Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers 3d ago OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts 4d ago 90,000 Screenshots of One Celebrity's Phone Were Exposed Online 5d ago Why Sharing a Screenshot Can Get You Jailed in the UAE 6d ago The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards 6d ago Cole Allen Charged With Attempting to Assassinate Trump 7d ago California Engineer Identified in Suspected Shooting at White House Correspondents’ Dinner 9d ago Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos 9d ago
20 loaded
DB
David Bombal
20h ago · 15 items
15 loaded
NA
NahamSec
21h ago · 15 items
15 loaded
SE
Securelist
1d ago · 10 items
“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security 1d ago Kaspersky expert breaks down a new phishing scheme that uses the Amazon SES cloud email service. Let’s look at some examples to see how you can tell a phishing email from a real one. Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India 5d ago The Silver Fox group is targeting companies in Russia and India by impersonating tax authorities to distribute ValleyRAT and the new ABCDoor backdoor. PhantomRPC: A new privilege escalation technique in Windows RPC 11d ago Kaspersky researcher discovered a vulnerability in RPC architecture that enables an attacker to create a fake RPC server and escalate their privileges. FakeWallet crypto stealer spreading through iOS apps in the App Store 15d ago In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Threat landscape for industrial automation systems in Q4 2025 19d ago The report contains industrial threat statistics for Q4 2025. It covers various infection vectors and malware types, as well as regional statistics and statistics by industry. JanelaRAT: a financial threat targeting users in Latin America 22d ago Kaspersky GReAT experts describe the latest JanelaRAT campaign detailing infection chain and malware functionality updates. The long road to your crypto: ClipBanker and its marathon infection chain 26d ago Threat actors are distributing a Trojan disguised as Proxifier software; through a multi-stage infection chain, it delivers ClipBanker – malware that replaces cryptocurrency wallet addresses in the clipboard. Financial cyberthreats in 2025 and the outlook for 2026 27d ago In this report, Kaspersky experts share their insights into the 2025 financial threat landscape, including regional statistics and trends in phishing, PC malware, and infostealers. A laughing RAT: CrystalX combines spyware, stealer, and prankware features 34d ago Kaspersky researchers analyze a new CrystalX RAT distributed as MaaS and featuring extensive spyware, stealer, and prankware capabilities. An AI gateway designed to steal your data 39d ago Dissecting the supply chain attack on LiteLLM, a multifunctional gateway used in many AI agents. Explaining the dangers of the malicious code and how to protect yourself.
RF
Recorded Future
1d ago · 20 items
Working in London at the World’s Largest Intelligence Company 1d ago See what it is like to work at the Recorded Future London office. The Iran War: What You Need to Know 4d ago Insikt Group tracks the cyber, physical, and geopolitical components of the US-Israeli strikes on Iran — with continuously updated threat analysis and scenarios. Risk Scenarios for the US’s Strategic Pivot 5d ago The United States (US) is shifting toward a more force-driven security strategy primarily relying on military operations and economic pressure to counter transnational criminal organizations and limit Chinese, Russian, and Iranian influence... Building with AI: Here's What No Briefing Will Tell You 5d ago What building with AI for three months revealed about four leadership blind spots executives can't afford to ignore: the comprehension gap, eroding competitive moats, deployment complexity, and what "senior" really means now. The Money Mule Solution: What Every Scam Has in Common 7d ago Learn how mule account intelligence — not tactic-tracking — is the most effective lever for preventing APP fraud before funds move. Lazarus Doesn't Need AGI 7d ago Explore the 2026 Claude Mythos breach, supply chain risks, and the $2B+ crypto theft pipeline. From Overwhelmed to Autonomous: Rethinking Threat Intelligence in 2026 11d ago For most security teams today, volume and access to intelligence isn’t the problem. It’s the speed at which they can turn that intelligence into action. . Critical minerals and cyber operations 12d ago Learn how critical minerals and rare earth elements (REEs) are evolving from commodities into strategic flashpoints. Explore the geopolitical risks of China’s refining dominance, the race for resources in the Arctic and space, and the risin... Today, trust is the superpower that makes innovation possible 12d ago How better intelligence and collaboration can unlock new opportunities for growth and greater financial health for more people. Evolution of Chinese-Language Guarantee Telegram Marketplaces 13d ago Chinese-language, Telegram-based “guarantee” marketplaces are increasingly popular among Chinese-speaking criminal groups despite the widely publicized shutdown of Huione Guarantee in 2025.
20 loaded
Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities 1d ago Kuse Web App Abused to Host Phishing Document 6d ago Bad actors took advantage of the legitimate name and services of Kuse, a popular AI-based app designed for workplaces. The attackers exploited the users’ trust in Kuse to carry out a phishing attack. Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories 14d ago The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables 15d ago Identity Protection in the AI Era 22d ago Learn about a proactive, identity-first security approach that integrates visibility, threat detection and response, zero trust enforcement, AI protection, and threat intelligence into a unified model. U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026 26d ago Discover how TrendAI Vision One™ empowers government agencies and educational institutions with advanced visibility, intelligence, and automation to stay ahead of evolving public sector threats. Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do 28d ago Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads 32d ago TrendAI Insight: New U.S. National Cyber Strategy 34d ago Explore the White House National Cyber Strategy and its six pillars to strengthen U.S. cybersecurity—covering deterrence, regulation, federal modernization, critical infrastructure protection, AI leadership, and workforce development. The Real Risk of Vibecoding 35d ago
20 loaded
JH
John Hammond
3d ago · 15 items
15 loaded
DA
darkreading
3d ago · 20 items
20 loaded
SA
Security - Ars Technica
3d ago · 20 items
Ubuntu infrastructure has been down for more than a day 3d ago GPT-5.5 matches heavily hyped Mythos Preview in new cybersecurity tests 3d ago The most severe Linux threat to surface in years catches the world flat-footed 4d ago Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden 5d ago Open source package with 1 million monthly downloads stole user credentials 7d ago Why are top university websites serving porn? It comes down to shoddy housekeeping. 10d ago In a first, a ransomware family is confirmed to be quantum-safe 11d ago Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage 12d ago Microsoft issues emergency update for macOS and Linux ASP.NET threat 12d ago Mozilla: Anthropic's Mythos found 271 security vulnerabilities in Firefox 150 13d ago
20 loaded
TC
The Cyber Mentor
3d ago · 15 items
15 loaded
AL
Alerts
3d ago · 20 items
20 loaded
AC
All CISA Advisories
3d ago · 20 items
20 loaded
HA
Hak5
4d ago · 15 items
15 loaded
CS
Cisco Security Advisory
4d ago · 20 items
Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense 4d ago On April 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an update to V1: Emergency Directive (ED) 25-03: Identify and Mitigate Potential Compromise of Cisco Devices related to Cisco Secure Firewall Adaptiv... Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities 6d ago Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to achieve remote code execution or conduct path traversal attacks on an affec... Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability 10d ago A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability... Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities 12d ago Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more informatio... Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities 12d ago Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to execute arbitrary code or commands on the underlying operating system of an affe... Cisco Catalyst SD-WAN Vulnerabilities 12d ago Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an attacker to access an affected system, elevate privileges to root, gain access to sensitive information, and overwrite arbitrary files. For m... Cisco Webex Services Certificate Validation Vulnerability 18d ago A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of imp... Cisco Secure Web Appliance Authentication Bypass Vulnerability 18d ago A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improp... Cisco Identity Services Engine Remote Code Execution Vulnerabilities 19d ago Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit these vulnerabilities, the att... Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability 19d ago A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the u...
20 loaded
Enforcing trust and transparency: Open-sourcing the Azure Integrated HSM 4d ago Learn how Microsoft Azure Integrated HSM delivers hardware‑enforced key protection in the cloud, combining FIPS Level 3 assurances with transparency and open‑source collaboration. Azure IaaS: Keep critical applications running with built-in resiliency at scale 33d ago Learn how Azure IaaS helps organizations start from a resilient platform foundation with availability, continuity, and recovery capabilities. Azure IaaS: Explore new resources for building a stronger, more efficient infrastructure 61d ago Learn how Azure IaaS helps you modernize infrastructure, improve performance and resilience, optimize costs, and prepare for AI workloads. Read more. Azure reliability, resiliency, and recoverability: Build continuity by design 76d ago Learn how Azure reliability, resiliency, and recovery capabilities work together to improve cloud continuity. Read more. Microsoft strengthens sovereign cloud capabilities with new services 181d ago Discover new Microsoft digital sovereignty capabilities and upcoming features across AI, security, and productivity, to address sovereign cloud needs. Enhancing software supply chain security with Microsoft’s Signing Transparency 182d ago Microsoft Signing Transparency delivers verifiable code integrity and tamper-evident software releases for stronger supply chain security. Oracle Database@Azure offers new features, regions, and programs to unlock data and AI innovation 202d ago Migrate Oracle solutions to the cloud with a trusted, enterprise-ready platform from Microsoft and Oracle. Learn more. Building secure, scalable AI in the cloud with Microsoft Azure 307d ago Forrester Research shows how Azure helps enterprises scale generative AI securely, unlocking real business value. Learn more. Enhance AI security with Azure Prompt Shields and Azure AI Content Safety 333d ago Learn how Prompt Shields and Azure AI Content Safety can help guard against direct and indirect threats to your LLM-based solution. Navigating the 2024 holiday season: Insights into Azure’s DDoS defense 462d ago Learn more on how Azure DDoS is keeping you prepared for this years trends in advanced attack tactics to keep your data secure.
CD
Cyber Defense Magazine
4d ago · 10 items
KO
Krebs on Security
4d ago · 10 items
Anti-DDoS Firm Heaped Attacks on Brazilian ISPs 4d ago A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazi... ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty 13d ago A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phish... Patch Tuesday, April 2026 Edition 20d ago Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dub... Russia Hacked Routers to Steal Microsoft Office Tokens 27d ago Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backe... Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab 29d ago An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gang... ‘CanisterWorm’ Springs Wiper Attack Targeting Iran 42d ago A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or ha... Feds Disrupt IoT Botnets Behind Huge DDoS Attacks 46d ago The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT) devices, such as ro... Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker 54d ago A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub out... Microsoft Patch Tuesday, March 2026 Edition 55d ago Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing "zero-day" flaws this month (compared to February's five zero-day treat), but as usu... How AI Assistants are Moving the Security Goalposts 57d ago AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers and IT workers. But as so many eyebrow-r...
WE
WeLiveSecurity
5d ago · 20 items
20 loaded
PN
Proofpoint News Feed
5d ago · 10 items
BF
Blog – Forter
6d ago · 10 items
DE
DEFCONConference
6d ago · 15 items
15 loaded
IP
IppSec
9d ago · 15 items
15 loaded
M3
Microsoft 365 Blog
12d ago · 10 items
Copilot’s agentic capabilities in Word, Excel, and PowerPoint are generally available 12d ago Copilot's newest features are now generally available as the default experience across all Microsoft 365 subscriptions. Bring your everyday business apps into the flow of work with agents in Microsoft 365 Copilot 21d ago Discover how apps integrate with AI agents to power Copilot experiences, streamline workflows, and turn business context into action. New and improved: Multi-agent orchestration, connected experiences, and faster prompt iteration 33d ago Explore what's new in Copilot Studio: Multi-agent systems now generally available, plus updates to the Prompt Editor and governance controls. Copilot Cowork: Now available in Frontier 35d ago Today, Copilot Cowork—designed for long-running, multi-step work in Microsoft 365—is available via the Frontier program. Copilot Cowork: A new way of getting work done 56d ago Copilot Cowork turns intent into action across Microsoft 365—automating tasks, coordinating workflows, and keeping you in control. See how. Powering Frontier Transformation with Copilot and agents 56d ago Wave 3 of Microsoft 365 Copilot introduces Copilot Cowork, multi‑model intelligence, and enterprise‑ready AI—built to get real work done. SharePoint at 25: How Microsoft is putting knowledge to work in the AI era 63d ago Discover how SharePoint’s 25‑year legacy powers Microsoft 365 Copilot, Work IQ, and AI‑driven knowledge for organizations worldwide. Microsoft Sovereign Cloud adds governance, productivity, and support for large AI models securely running even when completely disconnected 69d ago The ultimate Microsoft 365 community event returns—your front‑row seat to the future of intelligent work 88d ago Join the ultimate Microsoft 365 community event with fresh insights, AI innovations, and a front‑row look at the future of intelligent work. 6 core capabilities to scale agent adoption in 2026 98d ago Learn six capabilities to support agent adoption at scale in 2026 with Microsoft Copilot Studio, from governance and security to operations.
CC
CISA Cybersecurity Advisories
13d ago · 10 items
Defending Against China-Nexus Covert Networks of Compromised Devices 13d ago Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure 28d ago U.S. organizations should review the TTPs and IOCs in this advisory for indications of current or historical activity on their networks, and apply the Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure 150d ago The authoring organizations encourage critical infrastructure organizations to implement the recommendations in this advisory to reduce the likelihood and CISA Shares Lessons Learned from an Incident Response Engagement 224d ago Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System 252d ago The authoring agencies strongly urge network defenders to hunt for malicious activity and to apply the mitigations in this CSA to reduce the threat of Chinese CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization 279d ago #StopRansomware: Interlock 287d ago Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider 326d ago CISA urges software vendors, downstream customers, and end users to immediately implement the Mitigations listed in this advisory based on confirmed compromise Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations 349d ago Russian GRU Targeting Western Logistics Entities and Technology Companies 357d ago Executives and network defenders should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and IOCs
HS
Heimdal Security Blog
14d ago · 15 items
Heimdal Expands AI Strategy with AI Wingman and Third-Party AI Containment 14d ago Heimdal today unveiled the next phase of its AI strategy, expanding AI Wingman with three new layers - Assist, Triage and SOC - alongside the introduction of Third-Party AI Containment. You Only Know What You’ve Got When Its Gone 38d ago Prepare for the expected. Rehearse an action plan in case of technology failure or cyberattacks. We all know they can happen. Nordic MSPs Can Now Access Heimdal’s Unified Security and Compliance Platform Through Elovade 48d ago Heimdal has appointed Elovade as its official distributor in the Nordic region. The move gives MSPs and resellers across Sweden, Norway, Denmark, Iceland, and Finland direct access to Heimdal's consolidated cybersecurity platform through a ... OpenClaw Incidents Show Why AI Adoption Pressure Puts Companies at Risk 60d ago The OpenClaw security failures show how hasty AI adoption can expose businesses and supply chains to major cyber risk. Heimdal Claims Industry First With a Cyber Essentials Control Mapping for PEDM to Help Organisations Prove Least Privilege 85d ago Heimdal is the first vendor to publish a dedicated Cyber Essentials control mapping for PEDM, setting out how privilege management supports Cyber Essentials requirements and what evidence can be produced to support assessment and assurance. Five Predictions for Cyber Security Trends in 2026 90d ago Morten Kjaersgaard, Heimdal’s Founder, and Adam Pilton, a former cybercrime investigator, predict five cyber security trends for 2026. Heimdal Achieves OPSWAT Gold Certification for Anti-Malware 110d ago Heimdal today announced that its Next-Gen Antivirus (NGAV) with Extended Threat Protection (XTP) has achieved OPSWAT Gold Certification for Anti-Malware, validating its compatibility and effectiveness within OPSWAT’s industry-leading Access... How to Avoid Holiday Shopping Scams (From a Former Cyber Detective) 144d ago Worried about holiday scams? Ex-cybercrime detective Adam Pilton breaks down the biggest threats and how to shop safely this festive season. ITDR Best Practices: How to Detect, Prevent, and Contain Critical Identity Threats 158d ago Key takeaways: ITDR solutions monitor identity-based threats that traditional security tools miss, like hackers logging in with stolen credentials Effective ITDR requires integration with privileged access management and automated responses... When Buyers Discount MSPs With One Big Customer 158d ago Your biggest customer loves you. Three years together. They trust you, pay on time, and refer others. From where you sit, that’s loyalty. From where a buyer sits, that’s a $$$ discount on your exit. This perception gap kills more MSP deals ...
15 loaded
13 loaded
LI
LiveOverflow
61d ago · 15 items
15 loaded
SK
STÖK
253d ago · 15 items
15 loaded
HA
HackerSploit
390d ago · 15 items
15 loaded
TH
Threatpost
1342d ago · 10 items
Student Loan Breach Exposes 2.5M Records 1342d ago 2.5 million people were affected, in a breach that could spell more trouble down the line. Watering Hole Attacks Push ScanBox Keylogger 1343d ago Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms 1344d ago Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. Ransomware Attacks are on the Rise 1347d ago Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. Cybercriminals Are Selling Access to Chinese Surveillance Cameras 1348d ago Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. Twitter Whistleblower Complaint: The TL;DR Version 1349d ago Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. Firewall Bug Under Active Attack Triggers CISA Warning 1350d ago CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP. Fake Reservation Links Prey on Weary Travelers 1351d ago Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. iPhone Users Urged to Update to Patch 2 Zero-Days 1354d ago Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. Google Patches Chrome’s Fifth Zero-Day of the Year 1355d ago An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

No matching sources found.