Loading…

Whats The Hax?

Daily intelligence on threats, breaches, and defenders

What's New

Top 5 Across All Sources
Latest
cybersecurityAre teams still finding AI API keys in public repos?Latest newsThis metal detector for $60 off on Amazon is a smart buy - here's why I recommend itLatest newsI switched to a Bose-Sonos hybrid setup for my home audio - and it worked harmoniouslyLatest newsAfter testing Bose's $1,100 Ultra soundbar, I'm a little less worried for SonosLatest newsRoborock vs. Ecovacs: I've tested dozens of robot vacuums from both brands - this one winscybersecurityMentorship Monday - Post All Career, Education and Job questions here!cybersecurityMean time-to-exploit just hit 2.1 days. Critical vulnerabilities everywhere. Is the AI apocalypse here?cybersecurityDoes the CBP bug phones?BleepingComputerNew Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC releasedcybersecurityWhat We Learned Building Runtime Visibility for Modern Telco NetworksHelp Net SecurityDebian 13.5 point release lands with security fixes, bug patchescybersecurityThe Politics of AI TransparencycybersecurityA million baby monitors and security cameras were easily viewable by hackerscybersecurityNGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCEhacking: security in practiceDoes anyone know if this file is still accessible to download?cybersecurityIs cybersecurity becoming more behavioral than technical?cybersecurityQuestions About Promo Items for a Cybersecurity ConferenceFor [Blue|Purple] Teams in Cyber DefenceDirtyCBC: When Linux Kernel Decrypt-Before-MAC Turns Authenticated Encryption Into a Page-Cache WriteFor [Blue|Purple] Teams in Cyber DefenceFlowerStorm unleashes the KrakVM: PhaaS operators turn to VM-based obfuscationcybersecurityMicrosoft - "Your single use code" email when it was not requestedcybersecurityAre teams still finding AI API keys in public repos?Latest newsThis metal detector for $60 off on Amazon is a smart buy - here's why I recommend itLatest newsI switched to a Bose-Sonos hybrid setup for my home audio - and it worked harmoniouslyLatest newsAfter testing Bose's $1,100 Ultra soundbar, I'm a little less worried for SonosLatest newsRoborock vs. Ecovacs: I've tested dozens of robot vacuums from both brands - this one winscybersecurityMentorship Monday - Post All Career, Education and Job questions here!cybersecurityMean time-to-exploit just hit 2.1 days. Critical vulnerabilities everywhere. Is the AI apocalypse here?cybersecurityDoes the CBP bug phones?BleepingComputerNew Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC releasedcybersecurityWhat We Learned Building Runtime Visibility for Modern Telco NetworksHelp Net SecurityDebian 13.5 point release lands with security fixes, bug patchescybersecurityThe Politics of AI TransparencycybersecurityA million baby monitors and security cameras were easily viewable by hackerscybersecurityNGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCEhacking: security in practiceDoes anyone know if this file is still accessible to download?cybersecurityIs cybersecurity becoming more behavioral than technical?cybersecurityQuestions About Promo Items for a Cybersecurity ConferenceFor [Blue|Purple] Teams in Cyber DefenceDirtyCBC: When Linux Kernel Decrypt-Before-MAC Turns Authenticated Encryption Into a Page-Cache WriteFor [Blue|Purple] Teams in Cyber DefenceFlowerStorm unleashes the KrakVM: PhaaS operators turn to VM-based obfuscationcybersecurityMicrosoft - "Your single use code" email when it was not requested

By Source

Feeds organized so you can skim by site.

Density Sort
CY
cybersecurity
1h ago · 20 items
Are teams still finding AI API keys in public repos? 1h ago Mentorship Monday - Post All Career, Education and Job questions here! 3h ago Mean time-to-exploit just hit 2.1 days. Critical vulnerabilities everywhere. Is the AI apocalypse here? 3h ago Does the CBP bug phones? 3h ago What We Learned Building Runtime Visibility for Modern Telco Networks 4h ago The Politics of AI Transparency 5h ago A million baby monitors and security cameras were easily viewable by hackers 5h ago NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE 5h ago Is cybersecurity becoming more behavioral than technical? 6h ago Questions About Promo Items for a Cybersecurity Conference 6h ago
20 loaded
LN
Latest news
1h ago · 20 items
This metal detector for $60 off on Amazon is a smart buy - here's why I recommend it 1h ago Search for treasures on the beach or in your own backyard with this metal detector bundle at Amazon. I switched to a Bose-Sonos hybrid setup for my home audio - and it worked harmoniously 2h ago Months after sunsetting the SoundTouch lineup, Bose's Lifestyle Ultra proves that it can still make versatile and great-sounding speaker. After testing Bose's $1,100 Ultra soundbar, I'm a little less worried for Sonos 2h ago Bose's premium soundbar debuts with improvements under the hood, but it's reinventing itself in an already crowded field. Roborock vs. Ecovacs: I've tested dozens of robot vacuums from both brands - this one wins 2h ago I've tested dozens of robot vacuum brands, with Roborock and Ecovacs models consistently delivering market-leading performance. Here's how they compare. Samsung vs. Motorola: I've tested dozens of phones from both brands - here's my choice 14h ago Samsung and Motorola both make strong Android phones, but the better choice depends on your budget and more. Here's which one I'd choose and why. I tried ditching my laptop for a more futuristic setup - and found 5 surprising alternatives 17h ago From XR glasses to headsets to tablets, here's how various work systems fared over 30 days. The best NAS devices of 2026: Expert tested and reviewed 18h ago The best NAS storage devices of 2026 offer effortless storage solutions for home and professional use. These are our favorites including hardware we use ourselves. Amazon's discounted Fitbit Air deal comes with a free band - but I'd act quick 1d ago The latest Fitbit is here, and you can save 26% on it when you preorder on Amazon today. The best external hard drives of 2026: Expert tested and reviewed 1d ago The best external hard drives available today provide ample storage, reliability, and security for different price points. We went hands-on to find the best hardware available in 2026. The 4th Linux kernel flaw this month can lead to stolen SSH host keys 2d ago The good news is there's already a patch. The bad news is that the fix isn't available for all Linux distributions yet. Here's what you can do in the meantime.
20 loaded
BL
BleepingComputer
4h ago · 15 items
New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released 4h ago A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing 12h ago The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. Microsoft rejects critical Azure vulnerability report, no CVE issued 1d ago A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft disputes the claim, telling BleepingComputer the behavior was expected and that Russian hackers turn Kazuar backdoor into modular P2P botnet 1d ago The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence, stealth, and data collection. Funnel Builder WordPress plugin bug exploited to steal credit cards 2d ago A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own 2d ago ​During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux fo... Popular node-ipc npm package compromised to steal credentials 2d ago Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. Avada Builder WordPress plugin flaws allow site credential theft 2d ago Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the database. Microsoft backpedals: Edge to stop loading passwords into memory 2d ago Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it was Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution 2d ago Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the REMUS infostealer evolved around session theft and operational scalability.
15 loaded
HN
Help Net Security
5h ago · 10 items
Debian 13.5 point release lands with security fixes, bug patches 5h ago Debian 13.5 point release lands for trixie with security fixes, package updates, and an installer refresh from the Debian project. Week in review: Cisco patches SD-WAN 0-day, unpatched Microsoft Exchange Server flaw exploited 19h ago Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Review: Foundations of Cybersecurity, 2nd edition Jason Google lets Workspace admins apply one policy across all SAML apps 2d ago Google Workspace now supports a default Context-Aware Access policy for SAML apps, reducing admin overhead and improving security for SaaS. Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182) 2d ago A Cisco Catalyst SD-WAN Controller authentication bypass vulnerability (CVE-2026-20182) has been exploited in zero-day attacks. Akamai to acquire LayerX for $205 million 2d ago Akamai acquires LayerX for $205 million to strengthen browser-based AI security and zero trust protection. Thieves unlock stolen iPhones using cheap tools sold on Telegram 2d ago Telegram groups are selling phishing kits, smishing templates, and unlocking tools used to access stolen iPhones. Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897) 2d ago A critical XSS vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. Rocky Linux launches opt-in security repository for urgent fixes 2d ago The Rocky Linux security repository ships urgent fixes ahead of upstream when public exploits exist before patches are available. Keycard helps developers secure autonomous AI agents with scoped access 2d ago Keycard for Multi-Agent Apps secures autonomous AI agents with scoped access, delegated sessions, and attribution. Deepfake detection is losing ground to generative models 2d ago Deepfake detection has been built around a single question for close to a decade. Given a video or audio clip, is it real or synthetic? Commercial
HS
hacking: security in practice
6h ago · 20 items
Does anyone know if this file is still accessible to download? 6h ago High school students organized a Jeopardy CTF competition - give it a try 8h ago Official Miasma Poison Tar Pit Docker Image Now Available 12h ago Does anybody know where I may stumble upon some Sh1mmer bin downloads 19h ago Leader of Ukrainian Hacking Group: GRU Bribed Kyivstar Employee to Hack Company’s Network 1d ago GZDoom in the browser 1d ago A stealth Playwright (Firefox) version that passes all anti-bot and CAPTCHA 2d ago [Tutorial] How to hack DOS games: Reversing Prince of Persia 2d ago My Privacy Focused USB Drive 2d ago Proxmark5 - Next-Gen Open Source RFID Research Tool (Iceman Edition) 2d ago
20 loaded
FB
DirtyCBC: When Linux Kernel Decrypt-Before-MAC Turns Authenticated Encryption Into a Page-Cache Write 7h ago FlowerStorm unleashes the KrakVM: PhaaS operators turn to VM-based obfuscation 8h ago LID: LID — Linux Integrity Drift: Bypassing AppArmor via eBPF pathname rewriting. Pre-LSM syscall argument manipulation with zero audit footprint. "Linux is Dying" 13h ago Static Kitten APT Adversary Simulation 13h ago Eimeria: five layers from RAR5 to RunPE 15h ago ghosttype: Local forensic scanner that extracts credentials from AI tool conversation history. For authorized red team and DLP use only. 15h ago openDCIM exploitation 15h ago HASBL CTF - A Jeopardy-Style CTF Organized by High School Students! 16h ago We Have Packet Capture at Home 18h ago Suspected China-Linked Threat Actor Targets Global Manufacturer with Undocumented TencShell Malware 19h ago
20 loaded
TI
Ansible security and compliance guide 10h ago Instrumenting QT6 desktop apps with Frida - Part 1 2d ago From Vercel Typosquatting to an Obfuscated macOS Malware Loader 2d ago Detecting Exploitation of CrushFTP Vulnerability (CVE-2025-31161) With PacketSmith Yara Detection Module - Using track_state and flow_state 3d ago VELVET CHOLLIMA Infostealer Campaign Using Trading App as Lure 3d ago CVE-2026-42945 : NGINX Heap Buffer Overflow in rewrite module - Writeup and PoC 3d ago WaSteal: 126 Chrome extensions, 148K installs, one Brazilian operator silently sending WhatsApp user data and ad cookies to its servers 4d ago /sbin/ping -G sweepmax has no bounds check on macOS: deterministic BSS out-of-bounds write, confirmed by Apple 4d ago A stealth approach to Process Injection - EntryPoint Hijacking 4d ago Dead.Letter (CVE-2026-45185) How XBOW found an unauthenticated RCE on Exim 5d ago
20 loaded
MA
Malware Analysis & Reports
10h ago · 20 items
Malware learning 10h ago Brovan: Binary user-mode emulator for x86_64 2d ago npm supply chain compromise on a Next.js app — XMRig miner bundled into webpack output 3d ago VELVET CHOLLIMA Infostealer Campaign Using Trading App as Lure 3d ago clens.io - new public threat & data intel service 4d ago [Tool] IOCX – deterministic IOC extraction engine (static‑only, PE‑aware, plugin‑extensible) 4d ago OS scanner that checks repos for traces of the Shai Hulud worm 5d ago Mini Shai-Hulud Supply-Chain Worm Compromises npm and PyPI Packages, Including TanStack, Mistral, Lightning, and Guardrails AI 5d ago Mass npm Supply Chain Attack Hits TanStack, Mistral AI, and 170+ Packages 5d ago New Shai-Hulud npm worm variant 6d ago
20 loaded
BH
Black Hat
12h ago · 15 items
Connecting at Black Hat | Hear from the CEO & Founder of FuzzingLabs 12h ago SecTor 2025 | Threat Architecture, Attack Surfaces & Real-World Risk 2d ago Black Hat Stories Episode 3 |  Patrick Ventuzelo, CEO & Founder of FuzzingLabs 3d ago Bridging Research & Reality | Why Academics Attend Black Hat 5d ago Black Hat Stories | Patrick Ventuzelo, CEO and Founder of FuzzingLabs 5d ago SecTor 2025 | Detecting Forbidden White Labeled and Counterfeit Devices 13d ago SecTor 2025 | Not-So-Secret Agents: Deploying AI to Optimize Security Operations 18d ago Why Black Hat is Essential for Academics | Black Hat Stories 19d ago What Makes Black Hat Truly Shine | Black Hat Stories 20d ago SecTor 2025 | AI, Deepfakes, and the Next Evolution of Digital Identity Verification 20d ago
15 loaded
DB
David Bombal
13h ago · 15 items
My Dream "home lab" 13h ago Warning: AI can give your passwords to hackers. Prompt injection demo 2d ago Is this laptop any good? (Real World Use cases) 7d ago 3 risks of using clear DNS 9d ago May the force help you troubleshoot ... 13d ago Dual Boot Windows and Ubuntu Linux in 10 Minutes (2026) 14d ago They got hacked and now you will get attacked ☹️ 19d ago Stop Reflashing USBs: Build a Ventoy Toolkit 21d ago Stop using these browsers in 2026! 23d ago How long before your encryption is broken? (Quantum Switch is here) 24d ago
15 loaded
HA
Hak5
13h ago · 15 items
🔴 [PAYLOAD REVIEW] WiFi Pineapple Pager 📟🍍 13h ago 🔴 [LIVE] Payload Review & 1M Subs! 3d ago 🔴 [LIVE] Hak5 Hits 1 MILLION SUBSCRIBERS 4d ago Google’s Silent AI Install: What They’re Hiding in Your Files | Threat Wire 4d ago The Fatal 4-Byte Error That Just Broke Linux | Threat Wire 9d ago The Worst-Case Scenario for Password Managers | THREAT WIRE 17d ago NIST Is Scaling Back CVEs — And That’s a Problem | THREAT WIRE 23d ago there are too many stories to cover #cybersecurity #news @endingwithali 31d ago Use After Free Bugs Are Out of Control @endingwithali #threatwire #cybersecurity 31d ago Are you thinking about software supply chain attacks? #hacker @endingwithali #cybersecurity 31d ago
15 loaded
CD
Cyber Defense Magazine
14h ago · 10 items
Why Is Cybersecurity Now A Business Priority, Not Just An IT Function? 14h ago The Security Mistakes Being Repeated With Ai 1d ago The Hidden Risk For IT Subcontractors: When Insurance, Not Security, Costs You The Contract 2d ago Innovator Spotlight: Klever Compliance 3d ago Innovator Spotlight: Radware 3d ago Innovator Spotlight: Jscrambler 3d ago Innovators Spotlight: OPSWAT 4d ago The Board Is Asking The Wrong Security Question 4d ago Synthetic Identity Fraud Requires An Equal Focus On Biometrics And Document Verification 5d ago Innovator Spotlight: Iru 6d ago
TH
The Hacker News
15h ago · 20 items
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE 15h ago Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt 19h ago Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming 1d ago Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access 2d ago Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence 2d ago What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface 2d ago TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates 2d ago On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email 2d ago CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits 2d ago Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access 3d ago
20 loaded
RE
Reverse Engineering
16h ago · 20 items
PE packer/crypter with random VM ISA per build 16h ago A Tale of Two File Names 1d ago PE reconstruction 1d ago A File Format Uncracked for 20 Years: Part 2 1d ago Resident Evil: Code Veronica X is able to use inventory and view files from the decompiled PS2 source! 1d ago [CrackMe] PyVMP v7 : The vault. Important info : the server is now live, take a look inside the gofile link. 1d ago Exploiting Toshiba Qiomem.sys vulnerable driver 1d ago HDD Firmware Hacking Part 1 1d ago Region-based binary diff tool for firmware analysis 1d ago A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens 2d ago
20 loaded
MS
MSRC Security Update Guide
19h ago · 20 items
CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address 19h ago CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects 19h ago CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection 19h ago CVE-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks 19h ago CVE-2026-46483 Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag 19h ago CVE-2026-43490 ksmbd: validate inherited ACE SID length 1d ago CVE-2026-46333 ptrace: slightly saner 'get_dumpable()' logic 1d ago CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding 1d ago CVE-2026-44431 urllib3: Sensitive headers forwarded across origins in proxied low-level redirects 1d ago CVE-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability 1d ago
20 loaded
IP
IppSec
1d ago · 15 items
HackTheBox - Pterodactyl 1d ago HackTheBox - Overwatch 8d ago HackTheBox - Sorcery 22d ago HackTheBox - AirTouch 29d ago HackThebox - Eighteen 36d ago HackTheBox - DarkZero 43d ago HackTheBox - Browsed 50d ago HackTheBox - Conversor 57d ago HackTheBox - Gavel 64d ago HackTheBox - Principal 65d ago
15 loaded
SL
Security Latest
1d ago · 20 items
Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording 1d ago Your iPhone Gets Stolen. Then the Hacking Begins 3d ago DHS Plans Experiment Running ‘Reconnaissance’ Drones Along the US-Canada Border 4d ago WhatsApp Adds Meta AI Chats That Are Built to Be Fully Private 4d ago Foxconn Ransomware Attack Shows Nothing Is Safe Forever 5d ago Iran Is Using Tiny ‘Mosquito’ Boats to Shut Down the Strait of Hormuz 5d ago Hackable Robot Lawn Mower Unlocks a New Nightmare 8d ago Meet Rassvet, Russia’s Answer to Starlink 9d ago The Canvas Hack Is a New Kind of Ransomware Debacle 9d ago How to Disable Google's Gemini in Chrome 10d ago
20 loaded
SE
SecurityWeek
1d ago · 10 items
PoC Code Published for Critical NGINX Vulnerability 1d ago In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws 2d ago Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild 2d ago American Lending Center Data Breach Affects 123,000 Individuals 2d ago OpenAI Hit by TanStack Supply Chain Attack 2d ago TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code 2d ago Chrome 148 Update Patches Critical Vulnerabilities 2d ago Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 2d ago Enhancing Data Center Security Without Sacrificing Performance 3d ago New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation 3d ago
JH
John Hammond
1d ago · 15 items
Hack a Drug Lord's Smart Toilet! 1d ago The Payload Podcast 006 2d ago Hackers are Using AI (much scary, very wow) 5d ago JHT Course Launch: Web App Junior Analyst! 15d ago FAKE Zoom Taxes MALWARE 20d ago the WORST phishing email i've ever seen 23d ago Hackers Stole Your Account (for free) 24d ago The Dawn of AI Warfare (with Katrina Manson) 26d ago The Payload Podcast #005 - Casey Smith 26d ago JHT Livestream: mitmproxy & OpenWRT to read HTTPS traffic! 30d ago
15 loaded
CY
CyberScoop
2d ago · 28 items
Colorado governor commutes prison sentence for election denier Tina Peters 2d ago Here’s how the FTC plans to enforce the Take It Down Act 2d ago Cisco zero-day under ongoing attack by persistent threat group 2d ago Pentagon cyber official calls advanced AI ‘revolutionary warfare’ 3d ago White House cyber official: identity security matters more than ever in the age of AI 3d ago Major tech manufacturer Foxconn confirms cyberattack hit North American factories 3d ago Researchers say AI just broke every benchmark for autonomous cyber capability 4d ago Closed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risks 4d ago DOJ releases legal rationale for nationwide voter data collection 4d ago Weaponized AI: The new frontier of fraud and identity spoofing 4d ago
28 loaded
AL
Alerts
2d ago · 20 items
CISA Adds One Known Exploited Vulnerability to Catalog 2d ago CISA Adds One Known Exploited Vulnerability to Catalog 3d ago CISA Adds One Known Exploited Vulnerability to Catalog 9d ago CISA Adds One Known Exploited Vulnerability to Catalog 10d ago CISA Adds One Known Exploited Vulnerability to Catalog 11d ago CISA Adds One Known Exploited Vulnerability to Catalog 16d ago CISA Adds One Known Exploited Vulnerability to Catalog 17d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 19d ago CISA Adds Four Known Exploited Vulnerabilities to Catalog 23d ago CISA Adds One Known Exploited Vulnerability to Catalog 24d ago
20 loaded
AC
All CISA Advisories
2d ago · 20 items
CISA Adds One Known Exploited Vulnerability to Catalog 2d ago Siemens Siemens ROS# 3d ago Siemens gWAP 3d ago Siemens SIMATIC 3d ago Siemens Ruggedcom Rox 3d ago Siemens Ruggedcom Rox 3d ago Siemens Simcenter Femap 3d ago Universal Robots Polyscope 5 3d ago Siemens Ruggedcom Rox 3d ago Siemens Teamcenter 3d ago
20 loaded
WE
WeLiveSecurity
2d ago · 20 items
Why geopolitical turmoil is a gift for scammers, and how to stay safe 2d ago FrostyNeighbor: Fresh mischief and digital shenanigans 3d ago Eyes wide open: How to mitigate the security and privacy risks of smart glasses 6d ago Fake call logs, real payments: How CallPhantom tricks Android users 10d ago Fixing the password problem is as easy as 123456 10d ago A rigged game: ScarCruft compromises gaming platform in a supply-chain attack 12d ago This month in security with Tony Anscombe – April 2026 edition 17d ago The calm before the ransom: What you see is not all there is 23d ago GopherWhisper: A burrow full of malware 24d ago New NGate variant hides in a trojanized NFC payment app 26d ago
20 loaded
RF
Recorded Future
3d ago · 20 items
April 2026 CVE Landscape 3d ago In April 2026, Insikt Group® identified 37 high-impact vulnerabilities that should be prioritized for remediation, 35 of which had a Very Critical Recorded Future Risk Score. This represents a 19% increase from last month. NIST NVD Enrichment Policy Change: Prioritizing Vulnerabilities with Attacker Behavior Signals 4d ago NVD enrichment now covers only 15–20% of CVEs. Learn how Recorded Future Vulnerability Intelligence prioritizes risk using real attacker behavior signals. Beyond Acceleration and Automation: How AI + Intelligence Changes Cyber Defense 4d ago The real question in modern cyber defense isn't who has more technology. It's who uses their resources more efficiently. Here's how AI fused with threat intelligence tips that balance. Working in London at the World’s Largest Intelligence Company 10d ago See what it is like to work at the Recorded Future London office. Quantum Risk Explained 11d ago Learn how the "Harvest Now, Decrypt Later" (HNDL) risk exposes long-lived sensitive data today, regardless of when Cryptographically Relevant Quantum Computers (CRQCs) arrive. Recorded Future Named a Leader in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies. And there’s more. 12d ago Recorded Future shares exciting developments since being named a leader. Threat Activity Enablers: The Backbone of Today’s Threat Landscape 12d ago Behind every ransomware demand, botnet, or threat activity group is a server sitting in a data center. Hacking Embodied AI 13d ago Embodied AI, intelligent systems in physical forms such as humanoid and quadruped robots, is moving from spectacle to staffing plans. The Iran War: What You Need to Know 17d ago Insikt Group tracks the cyber, physical, and geopolitical components of the US-Israeli strikes on Iran — with continuously updated threat analysis and scenarios. Risk Scenarios for the US’s Strategic Pivot 18d ago The United States (US) is shifting toward a more force-driven security strategy primarily relying on military operations and economic pressure to counter transnational criminal organizations and limit Chinese, Russian, and Iranian influence...
20 loaded
SA
Security - Ars Technica
3d ago · 20 items
Zero-day exploit completely defeats default Windows 11 BitLocker protections 3d ago Linux bitten by second severe vulnerability in as many weeks 6d ago Chaos erupts as cyberattack disrupts learning platform Canvas amid finals 9d ago Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives" 10d ago Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack 12d ago Ubuntu infrastructure has been down for more than a day 16d ago GPT-5.5 matches heavily hyped Mythos Preview in new cybersecurity tests 16d ago The most severe Linux threat to surface in years catches the world flat-footed 17d ago Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden 18d ago Open source package with 1 million monthly downloads stole user credentials 20d ago
20 loaded
MS
Microsoft Security Blog
3d ago · 10 items
Defense in depth for autonomous AI agents 3d ago As AI agents gain autonomy, defense in depth must evolve, with application-layer design, identity, and human oversight at the center. Kazuar: Anatomy of a nation-state botnet 3d ago Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused operations. Over time, Kazuar has expanded f... When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps 3d ago Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by threat actors. Learn how exploitable misconfigurations lead to RCE and data leaks. Accelerating detection engineering using AI-assisted synthetic attack logs generation 5d ago What if you could generate realistic attack telemetry on demand? Explore research methods that translate attacker behaviors (TTPs) into synthetic logs that can trigger detections at scale and without sensitive data. Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark 5d ago Today Microsoft is announcing a major step forward in AI-powered cyber defense: a new multi-model agentic scanning harness (codenamed MDASH). Defending consumer web properties against modern DDoS attacks 5d ago Learn how to protect consumer websites and defend against modern DDoS attacks with layered security, resilient architecture, and graceful service degradation. Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise 5d ago Microsoft Incident Response investigated an attack operated through legitimate and trusted administrative mechanisms to blend seamlessly into routine operations and remain undetected demonstrating that intrusions have increasingly avoided u... Active attack: Dirty Frag Linux vulnerability expands post-compromise risk 9d ago Dirty Frag is a newly disclosed Linux local privilege escalation vulnerability affecting kernel networking and memory-fragment handling components including esp4, esp6, and rxrpc. The vulnerability enables reliable escalation from an unpriv... When prompts become shells: RCE vulnerabilities in AI agent frameworks 10d ago New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these vulnerabilities work, what’s impacted, and how to secure your agents. World Passkey Day: Advancing passwordless authentication 10d ago This World Passkey Day, read how Microsoft is advancing passkey adoption to replace passwords, cut phishing risk, and deliver simpler, more secure sign-ins.
CS
Cisco Security Advisory
3d ago · 20 items
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability 3d ago May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability was disclosed in February 2026. This ... Cisco Catalyst SD-WAN Manager Vulnerabilities 3d ago Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow a remote attacker to gain access to sensitive information, elevate privileges, or gain unauthorized access to the application. For more informat... Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory 3d ago Following the initial publication of the Security Advisory about a denial of service (DoS) condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator (NSO), additional information has been made available to the ... Cisco Unity Connection Remote Code Execution and Server-Side Request Forgery Vulnerabilities 11d ago Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to execute arbitrary code on or conduct server-side request forgery (SSRF) attacks through an affected device. For more information about these vulnerabilities... Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability 11d ago A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a... Cisco Identity Services Engine Authentication Bypass Vulnerabilities 11d ago Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow a remote attacker to bypass authorization mechanisms or examine error messages to gain access to sensitive information on an affected device. For more information ... Cisco Prime Infrastructure Information Disclosure Vulnerability 11d ago A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization chec... Cisco Slido Insecure Direct Object Reference Vulnerability 11d ago A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and ... Cisco IoT Field Network Director Vulnerabilities 11d ago Multiple vulnerabilities in the web-based management interface of Cisco IoT Field Network Director Software could allow an authenticated, remote attacker to access files, execute commands, and cause denial of service (DoS) conditions on man... Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vulnerability 11d ago A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow an authenticated, remote attacker to caus...
20 loaded
BF
Blog – Forter
3d ago · 10 items
Japan’s 3DS Mandate: One Year In 3d ago One-Click Refunds Are Not as Hard as You Think 12d ago Toys“R”Us Japan Implements Forter’s Fraud Management and Payment Optimization Solutions 18d ago More of What Matters: Forter’s April Product Release 19d ago If AI Agents Can’t Find You, Do You Even Exist? 20d ago Return Policy Abuse Is Theft. It’s Time to Treat It That Way. 32d ago What Is Return Abuse and Why Is It Getting Harder to Stop? 32d ago Return Abuse Prevention Starts with the Person, Not the Policy 32d ago Shoptalk 2026: Retail in the Age of AI 41d ago Visa’s Updated VAMP Program: What Merchants Need to Know 53d ago
SE
Securelist
3d ago · 10 items
Kimsuky targets organizations with PebbleDash-based tools 3d ago Kaspersky researchers analyze a range of new PebbleDash-based tools used in recent Kimsuky campaigns and reveal their connection to the AppleSeed malware cluster. State of ransomware in 2026 5d ago Kaspersky researchers are sharing insights into the main ransomware trends for 2026: EDR killers on the rise, switching from data encryption to data leaks, and more. CVE-2025-68670: discovering an RCE vulnerability in xrdp 9d ago During a security assessment of Kaspersky USB Redirector, we discovered CVE-2025-68670: a pre-auth RCE in the xrdp server component. Project maintainers promptly patched the vulnerability. Exploits and vulnerabilities in Q1 2026 10d ago This report provides statistical data on published vulnerabilities and exploits we researched during Q1 2026. It also includes summary data on the use of C2 frameworks in APT attacks. OceanLotus suspected of using PyPI to deliver ZiChatBot malware 11d ago Kaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT. Websites with an undefined trust level: avoiding the trap 11d ago We explain what suspicious websites are and how to distinguish a safe site from a fraudulent one. A new category in Kaspersky solutions: we’re sharing global statistics on untrusted site detection. “Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security 13d ago Kaspersky expert breaks down a new phishing scheme that uses the Amazon SES cloud email service. Let’s look at some examples to see how you can tell a phishing email from a real one. Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India 17d ago The Silver Fox group is targeting companies in Russia and India by impersonating tax authorities to distribute ValleyRAT and the new ABCDoor backdoor. PhantomRPC: A new privilege escalation technique in Windows RPC 23d ago Kaspersky researcher discovered a vulnerability in RPC architecture that enables an attacker to create a fake RPC server and escalate their privileges. FakeWallet crypto stealer spreading through iOS apps in the App Store 27d ago In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets.
TC
The Cyber Mentor
3d ago · 15 items
LIVE: 🕵️ HTB Sherlocks! | Cybersecurity | Blue Team 3d ago A Quick Way to Prove Your Cybersecurity Skillset! 5d ago A Guide to LNK File Forensics 16d ago Josh Mason | Real Folks of Cyber | DITL 17d ago Use BLUR-IT to Increase Your OPSEC 26d ago How to Investigate with Windows Prefetch Files 30d ago Cybersecurity Books to Read: DFIR Investigative Mindset 33d ago Bye Bye Bellini! | Andrew Bellini's Farewell Stream | Cybersecurity | AMA 38d ago Getting Started With The Windows Registry 44d ago How Digital Forensics Caught the BTK Killer 47d ago
15 loaded
TM
Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft 5d ago Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America 7d ago Supporting the National Cyber Strategy: How TrendAI™ Helps 12d ago InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise 13d ago Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities 14d ago Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia 18d ago Kuse Web App Abused to Host Phishing Document 19d ago Bad actors took advantage of the legitimate name and services of Kuse, a popular AI-based app designed for workplaces. The attackers exploited the users’ trust in Kuse to carry out a phishing attack. Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories 27d ago The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables 28d ago Identity Protection in the AI Era 35d ago Learn about a proactive, identity-first security approach that integrates visibility, threat detection and response, zero trust enforcement, AI protection, and threat intelligence into a unified model.
20 loaded
PN
Proofpoint News Feed
5d ago · 10 items
Proofpoint Launches Dedicated MSP Business Unit and Introduces 365 Total Protection for North America 5d ago New MSP Platform business unit, AI-powered all-in-one Microsoft 365 protection, and Marketplace partnership with Pax8 strengthen Proofpoint’s commitment to channel and small and mid-size The spy who logged me in. 8d ago ⁠Mark Kelly⁠, Staff Threat Researcher at ⁠Proofpoint⁠, is discussing their work on "I’d come running back to EU again: TA416 resumes European government espionage campaigns." China-linked threat group TA416 has resumed large-scale phishing ... Proofpoint Establishes Innovation Precedent for Source-Agnostic Modern Enterprise Investigations 11d ago Proofpoint Prism Investigator positioned as first fully autonomous Agentic AI solution to significantly streamline investigations for highly regulated and highly AI and the New Threat Landscape | Sumit Dhawan with NightDragon | RSAC 2026 12d ago The Most Powerful Women Of The Channel 2026: Power 100 13d ago The Power 100 is culled from the ranks of CRN’s 2026 Women of the Channel and spotlights the female executives at vendors and distributors whose insight and influence help drive channel success. AI Security Gaps Create New MSSP Opportunity: Proofpoint 17d ago Claude Mythos Fears Startle Japan's Financial Services Sector 18d ago AI-Era Threats Spread Beyond Email Into SaaS, Collaboration Apps, and AI Assistants 19d ago Proofpoint Research Reveals Half of Global Organizations Experienced AI Incidents Despite Having AI Security Controls in Place 19d ago Inaugural global study finds more than half of organizations are not fully confident their AI security controls would detect compromised AI Clear market trend for software providers to help with AI: Proofpoint CEO 24d ago Sumit Dhawan, Proofpoint CEO, joins 'Closing Bell' to discuss ServiceNow's quarterly earnings results, if Anthropic's Mythos makes incumbent players more important and much more.
KO
Krebs on Security
5d ago · 10 items
Patch Tuesday, May 2026 Edition 5d ago Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this m... Canvas Breach Disrupts Schools & Colleges Nationwide 10d ago An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the servi... Anti-DDoS Firm Heaped Attacks on Brazilian ISPs 17d ago A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazi... ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty 26d ago A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phish... Patch Tuesday, April 2026 Edition 33d ago Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dub... Russia Hacked Routers to Steal Microsoft Office Tokens 40d ago Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backe... Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab 42d ago An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gang... ‘CanisterWorm’ Springs Wiper Attack Targeting Iran 55d ago A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or ha... Feds Disrupt IoT Botnets Behind Huge DDoS Attacks 59d ago The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT) devices, such as ro... Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker 67d ago A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub out...
HS
Heimdal Security Blog
5d ago · 15 items
AI Will Absorb 99.98% of SOC Triage Within a Year, as 79% of IT teams brace for AI-driven workload shift 5d ago Morten Kjaersgaard expects fewer than 500 of three million monthly alerts to need a human analyst in the year ahead. The role is being rebuilt around cases that warrant judgement. Top 10 Cybersecurity Companies in Europe 12d ago Over the last 10-15 years, the cybersecurity scene has gotten increasingly complex, as organizations adopt new technology and hackers evolve more innovative ways to target them. At the same time, data protection and compliance have become m... Heimdal Expands AI Strategy with AI Wingman and Third-Party AI Containment 26d ago Heimdal today unveiled the next phase of its AI strategy, expanding AI Wingman with three new layers - Assist, Triage and SOC - alongside the introduction of Third-Party AI Containment. You Only Know What You’ve Got When Its Gone 51d ago Prepare for the expected. Rehearse an action plan in case of technology failure or cyberattacks. We all know they can happen. Nordic MSPs Can Now Access Heimdal’s Unified Security and Compliance Platform Through Elovade 60d ago Heimdal has appointed Elovade as its official distributor in the Nordic region. The move gives MSPs and resellers across Sweden, Norway, Denmark, Iceland, and Finland direct access to Heimdal's consolidated cybersecurity platform through a ... OpenClaw Incidents Show Why AI Adoption Pressure Puts Companies at Risk 73d ago The OpenClaw security failures show how hasty AI adoption can expose businesses and supply chains to major cyber risk. Heimdal Claims Industry First With a Cyber Essentials Control Mapping for PEDM to Help Organisations Prove Least Privilege 97d ago Heimdal is the first vendor to publish a dedicated Cyber Essentials control mapping for PEDM, setting out how privilege management supports Cyber Essentials requirements and what evidence can be produced to support assessment and assurance. Five Predictions for Cyber Security Trends in 2026 102d ago Morten Kjaersgaard, Heimdal’s Founder, and Adam Pilton, a former cybercrime investigator, predict five cyber security trends for 2026. Heimdal Achieves OPSWAT Gold Certification for Anti-Malware 122d ago Heimdal today announced that its Next-Gen Antivirus (NGAV) with Extended Threat Protection (XTP) has achieved OPSWAT Gold Certification for Anti-Malware, validating its compatibility and effectiveness within OPSWAT’s industry-leading Access... How to Avoid Holiday Shopping Scams (From a Former Cyber Detective) 157d ago Worried about holiday scams? Ex-cybercrime detective Adam Pilton breaks down the biggest threats and how to shop safely this festive season.
15 loaded
M3
Microsoft 365 Blog
6d ago · 10 items
New and improved: Agent governance, intelligent workflows, and connected app experiences 6d ago See what's new in Copilot Studio, April 2026: updates to workflows, more control over agent operations, and an expanded agent usage estimator. Copilot Cowork: From conversation to action across skills, integrations, and devices 12d ago Today, we’re announcing additional capabilities in Cowork to expand on what it can make possible for you. Microsoft 365 Copilot, human agency, and the opportunity for every organization 12d ago Empower your organization with Microsoft 365 Copilot—AI that bridges human potential and business outcomes for the future of work. Microsoft Agent 365, now generally available, expands capabilities and integrations 16d ago ​We’re announcing the general availability of Agent 365, plus previews of new capabilities to discover and manage shadow AI agents. Learn more. Copilot’s agentic capabilities in Word, Excel, and PowerPoint are generally available 25d ago Copilot's newest features are now generally available as the default experience across all Microsoft 365 subscriptions. Bring your everyday business apps into the flow of work with agents in Microsoft 365 Copilot 34d ago Discover how apps integrate with AI agents to power Copilot experiences, streamline workflows, and turn business context into action. New and improved: Multi-agent orchestration, connected experiences, and faster prompt iteration 46d ago Explore what's new in Copilot Studio: Multi-agent systems now generally available, plus updates to the Prompt Editor and governance controls. Copilot Cowork: Now available in Frontier 48d ago Today, Copilot Cowork—designed for long-running, multi-step work in Microsoft 365—is available via the Frontier program. Copilot Cowork: A new way of getting work done 69d ago Copilot Cowork turns intent into action across Microsoft 365—automating tasks, coordinating workflows, and keeping you in control. See how. Powering Frontier Transformation with Copilot and agents 69d ago Wave 3 of Microsoft 365 Copilot introduces Copilot Cowork, multi‑model intelligence, and enterprise‑ready AI—built to get real work done.
NA
NahamSec
6d ago · 15 items
The Bug Bounty Roadmap I'd Follow If I Started Over (With AI) 6d ago Is the AI hype helping or killing your bug bounty dreams? #hacking #bugbounty 6d ago Stop Using AI Connectors Until You Watch This 13d ago One ChatGPT connector. One email. Full AI agent hijack. #BugBounty #PromptInjection #ai #hacking 13d ago This hacker made $40,000 using Claude #ai #hacking #bugbounty 20d ago My Friend Made $40,000 Using Claude Code (Here's How) 20d ago I Learned How to Jailbreak AI Chatbots 27d ago Here’s everything I have learned from making $2M in bounties. #bugbounty 31d ago Is AI Killing Bug Bounty? 34d ago An AI Hacker Showed Me How to Exfil Data in Zero Clicks 41d ago
15 loaded
NE
NetworkChuck
11d ago · 15 items
Compliance can be frustrating. But....CALMpliance........that's a whole different thing. 11d ago Summer of CCNA LIVE Launch Party 13d ago Learn networking with REAL labs 👉 Join the Summer of CCNA 20d ago Most AI coding tools don’t sandbox on Windows (except one) 23d ago I built a network with gachapon machines 34d ago i didn't want to like this.... 38d ago Milla Jovovich made an AI memory tool…..it’s pretty good 40d ago Gemma 4 on the iPhone (local AI, no internet required) 42d ago Anthropic says NO MORE OpenClaw!! 44d ago the WORST hack of 2026 47d ago
15 loaded
TL
The Last Watchdog
12d ago · 10 items
News alert: LuxSci launches HIPAA-compliant email platform for mid-size healthcare market 12d ago CAMBRIDGE, Mass., May 5, 2026, CyberNewswireŌĆöLuxSci, a leading provider of HIPAA compliant secure healthcare communications, today announced the launch of LuxSci Secure High Volume Email for mid-sized healthcare organizations, the industr... SHARED INTEL Q&A: PKI’s unfinished business—’digital passports’ for content, models and agents 17d ago As if keeping track of machine identities wasnŌĆÖt hard enough. AI agents are now arriving by the thousands ŌĆö and most enterprises are just handing them borrowed credentials and hoping for the best. Meanwhile, the cryptographic infrastruc... GUEST ESSAY: How augmented reality (AR) can turn building images into ad space with no control 19d ago Every major building in America has three things: a physical address, a legal owner, and an unmonitored attack surface. Related: Sam Altman's quest to usurp the browswer That surface extends from the ground up through every floor, every fac... FIRESIDE CHAT: Leaked secrets are now the go-to attack vector — and AI is accelerating exposures 20d ago A consequential shift is underway in how enterprise breaches begin. The leaked credential ‚Äî once treated as a hygiene problem ‚Äî has become the primary on-ramp. Related: No easy fixes for AI risk Last August‚Äôs Salesloft campaign was th... News alert: BreachLock’s integrated attack validation platform debuts in Gartner AEV category 25d ago NEW YORK, Apr. 21, 2026, CyberNewswire—BreachLock, a global leader in offensive security, today announced it has been named a representative vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation. This recognition mar... Fireside Chat: PKI has carried digital trust through every tech advance—now comes the hardest one 27d ago Public key infrastructure -- the authentication and encryption framework that has held digital commerce together through every chaotic leap forward in technology -- is facing a double whammy. Related: Achieveing AI security won't be easy Au... News Alert: NTT Research launches SaltGrain—advanced Attribute-Based Encryption security 32d ago SUNNYVALE, Calif., Apr. 15, 2026 ŌĆō NTT Research, Inc., a division of NTT (TYO:9432), today announced the launch of Scale Academy, a startup incubator responsible for bringing to market products and services based upon technologies studied... GUEST ESSAY: Google’s 2029 deadline exposes readiness gap as move to quantum-safe crypto lags 33d ago For years, quantum risk was easy for most institutions to treat as premature: real in theory, urgent someday, but not yet an operational problem. That is no longer tenable. Related: AI spawns semantic attacks Two developments this month bro... News alert: Mallory launches AI-native platform to cut through alert noise and surface real risk 37d ago AUSTIN, Texas, Apr. 9, 2026, CyberNewswire—Mallory is launching a AI-native threat intelligence platform, purpose-built to answer the questions CISOs and their teams are asking every day: •What are the real threat vectors for our organi... FIRESIDE CHAT: Geopolitical turmoil, rising AI risk add a new layer to enterprise cyber defense 40d ago As if securing the enterprise against a tidal wave of AI tools wasn't hard enough, it turns out the geopolitical instability of the moment is making things worse. That wasn't the headline at RSAC 2026 last week -- agentic AI dominated the a...
DA
darkreading
12d ago · 25 items
How the Story of a USB Penetration Test Went Viral 12d ago RMM Tools Fuel Stealthy Phishing Campaign 13d ago Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability 13d ago Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia 13d ago How Dark Reading Lifted Off the Launchpad in 2006 13d ago 76% of All Crypto Stolen in 2026 Is Now in North Korea 16d ago If AI's So Smart, Why Does It Keep Deleting Production Databases? 16d ago Name That Toon: Mark of (Security) Progress 16d ago 20 Years in Cyber: Dark Reading Marks Milestone With Month of Special Coverage 16d ago TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack 17d ago
25 loaded
WE
WeLiveSecurity
12d ago · 20 items
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack 12d ago This month in security with Tony Anscombe – April 2026 edition 17d ago The calm before the ransom: What you see is not all there is 23d ago GopherWhisper: A burrow full of malware 24d ago New NGate variant hides in a trojanized NFC payment app 26d ago What the ransom note won’t say 27d ago That data breach alert might be a trap 30d ago Supply chain dependencies: Have you checked your blind spot? 31d ago Recovery scammers hit you when you’re down: Here’s how to avoid a second strike 37d ago As breakout time accelerates, prevention-first cybersecurity takes center stage 40d ago
20 loaded
SM
Azure IaaS: Defense in depth built on secure-by-design principles 13d ago Explore how Azure IaaS uses defense in depth and secure-by-design principles to deliver layered, scalable cloud security across compute, network, and data. Enforcing trust and transparency: Open-sourcing the Azure Integrated HSM 17d ago Learn how Microsoft Azure Integrated HSM delivers hardware‑enforced key protection in the cloud, combining FIPS Level 3 assurances with transparency and open‑source collaboration. Azure IaaS: Keep critical applications running with built-in resiliency at scale 46d ago Learn how Azure IaaS helps organizations start from a resilient platform foundation with availability, continuity, and recovery capabilities. Azure IaaS: Explore new resources for building a stronger, more efficient infrastructure 74d ago Learn how Azure IaaS helps you modernize infrastructure, improve performance and resilience, optimize costs, and prepare for AI workloads. Read more. Azure reliability, resiliency, and recoverability: Build continuity by design 89d ago Learn how Azure reliability, resiliency, and recovery capabilities work together to improve cloud continuity. Read more. Microsoft strengthens sovereign cloud capabilities with new services 193d ago Discover new Microsoft digital sovereignty capabilities and upcoming features across AI, security, and productivity, to address sovereign cloud needs. Enhancing software supply chain security with Microsoft’s Signing Transparency 195d ago Microsoft Signing Transparency delivers verifiable code integrity and tamper-evident software releases for stronger supply chain security. Oracle Database@Azure offers new features, regions, and programs to unlock data and AI innovation 215d ago Migrate Oracle solutions to the cloud with a trusted, enterprise-ready platform from Microsoft and Oracle. Learn more. Building secure, scalable AI in the cloud with Microsoft Azure 320d ago Forrester Research shows how Azure helps enterprises scale generative AI securely, unlocking real business value. Learn more. Enhance AI security with Azure Prompt Shields and Azure AI Content Safety 346d ago Learn how Prompt Shields and Azure AI Content Safety can help guard against direct and indirect threats to your LLM-based solution.
DE
DEFCONConference
19d ago · 15 items
DEF CON 34 - DEF CON Policy Announcement - Katie Noble, Heather West 19d ago DEF CON 33 - DisguiseDelimit: Exploiting Synology NAS with Delimiters and Novel Tricks - Ryan Emmon 88d ago DEF CON 33 - Browser Extension Clickjacking: One Click and Your Credit Card Is Stolen - Marek Tóth 88d ago DEF CON 33 - Can't Stop the ROP: Automating Universal ASLR Bypasses - Bramwell Brizendine 88d ago DEF CON 33 Recon Village - How to Become One of Them: Deep Cover Ops - Sean Jones, Kaloyan Ivanov 137d ago DEF CON 33 Recon Village - Inside the Shadows Tracking RaaS Groups, Cyber Threats - John Dilgen 137d ago DEF CON 33 Recon Village - Autonomous Video Hunter AI Agents for Real Time OSINT - Kevin Dela Rosa 137d ago DEF CON 33 Recon Village - A Playbook for Integration Servers - Ryan Bonner, Guðmundur Karlsson 137d ago DEF CON 33 Recon Village - Mapping the Shadow War From Estonia to Ukraine - Evgueni Erchov 137d ago DEF CON 33 Recon Village - Building Local Knowledge Graphs for OSINT - Donald Pellegrino 137d ago
15 loaded
CC
CISA Cybersecurity Advisories
26d ago · 10 items
Defending Against China-Nexus Covert Networks of Compromised Devices 26d ago Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure 41d ago U.S. organizations should review the TTPs and IOCs in this advisory for indications of current or historical activity on their networks, and apply the Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure 163d ago The authoring organizations encourage critical infrastructure organizations to implement the recommendations in this advisory to reduce the likelihood and CISA Shares Lessons Learned from an Incident Response Engagement 237d ago Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System 265d ago The authoring agencies strongly urge network defenders to hunt for malicious activity and to apply the mitigations in this CSA to reduce the threat of Chinese CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization 292d ago #StopRansomware: Interlock 300d ago Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider 339d ago CISA urges software vendors, downstream customers, and end users to immediately implement the Mitigations listed in this advisory based on confirmed compromise Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations 362d ago Russian GRU Targeting Western Logistics Entities and Technology Companies 370d ago Executives and network defenders should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and IOCs
BA
Business Fraud at Network Scale: What the $3.5B Medicare Hospice Crisis Reveals About Know Your Business 31d ago What is Customer Due Diligence (CDD) 55d ago Why Legacy Identity Verification Can’t Stop AI-Enabled Fraud 58d ago AML, KYC and Identity Verification in Australia 67d ago When Fraud Becomes Background Noise: The Industrialization of Digital Deception 132d ago The Efficiency Era of KYC: Reverification and Reusable Identity Take Center Stage 132d ago The End of Static KYB: Business Identity in Constant Motion 132d ago Know Your Agent: The Next Chapter in Digital Trust 132d ago When Rules Move Faster Than Readiness: Regulatory Adaptability as a Competitive Advantage 132d ago Digital Identity Trends 2026: AI Fraud, Compliance, and Orchestration 151d ago
13 loaded
LI
LiveOverflow
74d ago · 15 items
Security-driven Rapid Release - Pwn2Own Documentary (Part 4) 74d ago Firefox JIT Bug - Pwn2Own Documentary (Part 3) 77d ago The First Exploit - Pwn2Own Documentary (Part 2) 81d ago The World's Hardest Hacking Competition - Pwn2Own Documentary (Part 1) 84d ago From Zero to Zero Day (and beyond) - Life of a Hacker: Jonathan Jacobi 404d ago The German Hacking Championship 429d ago Do you know this common Go vulnerability? 443d ago Google's Mobile VRP Behind the Scenes with Kristoffer Blasiak (Hextree Podcast Ep.1) 578d ago My theory on how the webp 0day was discovered #short 594d ago My theory on how the webp 0day was discovered (BLASTPASS) 595d ago
15 loaded
SK
STÖK
266d ago · 15 items
Life in the Nordics 🌲 | Foraging Blueberries, Mushrooms & Nosework Training with Our Dogs 266d ago Winter vanlife = good times 868d ago What an experience! Getting a Christmas tree from our own piece of land. #movingupnorth! 875d ago Had to much GLÖGG and lost my camera during - 13371122 - Intigriti + Visma 881d ago IS THIS THE END? 941d ago Escaping the grind and decompiling python 3.9 pyc files to find vulnerabilites 1096d ago How to turn bugs into a "passive" income stream! ft Detectify's Almroot 1336d ago HOW DID THIS HAPPEN!? (13370822 LHE VLOG) 1350d ago Q: How to write a BUG BOUNTY report that actually gets paid? 1466d ago facts: Bug Bounty hunters has made ridiculous amounts of $$ from known DNS techniques.. 1480d ago
15 loaded
HA
HackerSploit
403d ago · 15 items
How FIN6 Exfiltrates Files Over FTP 403d ago Emulating FIN6 - Active Directory Enumeration Made EASY 454d ago The SECRET to Embedding Metasploit Payloads in VBA Macros 459d ago Offensive VBA 0x4 - Reverse Shell Macro with Powercat 468d ago Offensive VBA 0x3 - Developing PowerShell Droppers 474d ago Offensive VBA 0x2 - Program & Command Execution 478d ago Offensive VBA 0x1 - Your First Macro 480d ago Emulating FIN6 - Gaining Initial Access (Office Word Macro) 486d ago FIN6 Adversary Emulation Plan (TTPs & Tooling) 489d ago Developing An Adversary Emulation Plan 489d ago
15 loaded
TH
Threatpost
1355d ago · 10 items
Student Loan Breach Exposes 2.5M Records 1355d ago 2.5 million people were affected, in a breach that could spell more trouble down the line. Watering Hole Attacks Push ScanBox Keylogger 1356d ago Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms 1357d ago Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. Ransomware Attacks are on the Rise 1360d ago Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. Cybercriminals Are Selling Access to Chinese Surveillance Cameras 1361d ago Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. Twitter Whistleblower Complaint: The TL;DR Version 1362d ago Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. Firewall Bug Under Active Attack Triggers CISA Warning 1363d ago CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP. Fake Reservation Links Prey on Weary Travelers 1364d ago Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. iPhone Users Urged to Update to Patch 2 Zero-Days 1367d ago Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. Google Patches Chrome’s Fifth Zero-Day of the Year 1368d ago An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

No matching sources found.