Loading…

Whats The Hax?

Daily intelligence on threats, breaches, and defenders

Latest
The Record from Recorded Future NewsTaiwan charges two businessmen over alleged role in Chinese espionage campaignLatest newsSony's True RGB display made this one of the most impressive TVs I've testedBleepingComputerEntra passkey enrollment vishing targets Microsoft 365 usersLatest newsOpenAI's new GPT-Live-1 voice model won't interrupt you - why that's a big dealLatest newsI tried DuckDuckGo's new video player, and it blocks YouTube ads for freeSecurityWeekAccenture Confirms Data Breach After Hacker Claims Source Code TheftJohn HammondTeamPCP AttentionThe Cyber MentorLIVE: 1 Million Subscribers | DEF CON/Summer Camp GiveawayCisco Security AdvisoryCisco Advance Notification for Publication of July 15, 2026, Security AdvisoriesSecurityWeekChina-Linked APT Expands Arsenal With New ‘Leash’ BackdoorsLatest newsI tried Claude Cowork on my Gmail inbox after Gemini choked - and it saved me hours of workThe Hacker NewsNew HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet MalwareLatest newsI tested the Roborock Saros 20, and I'd trust it for the next decadeBlack HatBlack Hat Europe 2025 | Breaking AI Inference Systems: Lessons From Pwn2Own BerlinThe Hacker NewsUbiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OSThe Record from Recorded Future NewsFormer UK privacy chief preparing legal action against woman who reported him, minister saysHelp Net SecurityAttackers using Langflow flaw for credential harvesting (CVE-2026-55255)BleepingComputer3 Ways AI Powers Service Desk Attacks and How to Prevent ThemHelp Net SecurityCensys Internet Map links real-time DNS data to internet infrastructureThe Record from Recorded Future NewsSpain arrests alleged supporter of pro-Russian hacktivist groups after FBI tipThe Record from Recorded Future NewsTaiwan charges two businessmen over alleged role in Chinese espionage campaignLatest newsSony's True RGB display made this one of the most impressive TVs I've testedBleepingComputerEntra passkey enrollment vishing targets Microsoft 365 usersLatest newsOpenAI's new GPT-Live-1 voice model won't interrupt you - why that's a big dealLatest newsI tried DuckDuckGo's new video player, and it blocks YouTube ads for freeSecurityWeekAccenture Confirms Data Breach After Hacker Claims Source Code TheftJohn HammondTeamPCP AttentionThe Cyber MentorLIVE: 1 Million Subscribers | DEF CON/Summer Camp GiveawayCisco Security AdvisoryCisco Advance Notification for Publication of July 15, 2026, Security AdvisoriesSecurityWeekChina-Linked APT Expands Arsenal With New ‘Leash’ BackdoorsLatest newsI tried Claude Cowork on my Gmail inbox after Gemini choked - and it saved me hours of workThe Hacker NewsNew HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet MalwareLatest newsI tested the Roborock Saros 20, and I'd trust it for the next decadeBlack HatBlack Hat Europe 2025 | Breaking AI Inference Systems: Lessons From Pwn2Own BerlinThe Hacker NewsUbiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OSThe Record from Recorded Future NewsFormer UK privacy chief preparing legal action against woman who reported him, minister saysHelp Net SecurityAttackers using Langflow flaw for credential harvesting (CVE-2026-55255)BleepingComputer3 Ways AI Powers Service Desk Attacks and How to Prevent ThemHelp Net SecurityCensys Internet Map links real-time DNS data to internet infrastructureThe Record from Recorded Future NewsSpain arrests alleged supporter of pro-Russian hacktivist groups after FBI tip

By Source

Feeds organized so you can skim by site.

Density Sort
LN
Latest news
1h ago · 20 items
Sony's True RGB display made this one of the most impressive TVs I've tested 1h ago Outfitted with Sony's new Micro RGB panels, the Bravia 9 II is well on its way to usurping its OLED cousin's supremacy. OpenAI's new GPT-Live-1 voice model won't interrupt you - why that's a big deal 1h ago Not every new model is all it's cracked up to be. Our tracker keeps each release in context with its peers, so you know which models are worth your time. I tried DuckDuckGo's new video player, and it blocks YouTube ads for free 1h ago Even as Chrome is killing ad blockers, DuckDuckGo's new video player now blocks ads by default on YouTube and elsewhere. Duck Player is available for MacOS, Windows, Android, and iOS. I tried Claude Cowork on my Gmail inbox after Gemini choked - and it saved me hours of work 2h ago Gmail's AI failed at a nuanced research task, but Claude Cowork found the right pitches, quotes, and permissions, proving connected AI assistants may finally help tackle some aspects of email overload. I tested the Roborock Saros 20, and I'd trust it for the next decade 2h ago Roborock took its flagship robot vacuum and really improved it, while keeping the same price. Here's how. GitHub's former CEO launches a distributed Git network built for the agentic coding age 4h ago The developer tools startup said it's building better infrastructure for a future run by coding agents. Why we're all posting less on social media these days 4h ago Americans are getting quieter and more selective about what they share online. And, honestly, same. 3 Android Auto automations that make my drives much easier - and how I set them up 6h ago Android automations are nothing new, but incorporating them into you car can change your drive. Why leaving extension cords plugged in permanently is riskier than you realize 7h ago Sure, home extension cords and power strips are handy, but they also result in thousands of preventable fires each year. Here's how to use them more safely. This free Android app makes sharing files across Windows, Mac, and iOS so easy for me 15h ago If you're looking for an effortless way of transferring files from Android to your other devices, look no further than Blip.
20 loaded
BL
BleepingComputer
1h ago · 15 items
Entra passkey enrollment vishing targets Microsoft 365 users 1h ago A threat actor has been targeting organizations across multiple sectors with voice-based fake security requests that ask Microsoft 365 users to enroll a new Entra passkey. 3 Ways AI Powers Service Desk Attacks and How to Prevent Them 3h ago Specops Software explains how AI is making service desk impersonation attacks more convincing, personalized, and scalable, along with practical steps organizations can take to strengthen onboarding and identity verification. DuckDuckGo browser now blocks YouTube video ads 5h ago DuckDuckGo announced that its browser can now block most video ads on YouTube, including those shown before the video starts playing and during playback. Telco giant KDDI says data breach affects over 12 million people 5h ago Japanese telecommunications giant KDDI says that millions of people had their email addresses and passwords exposed after attackers breached an email platform used by five internet service providers (ISPs) in the country. CISA orders feds to prioritize patching Langflow auth bypass flaw 7h ago The U.S. Cybersecurity and Infrastructure Security Agency (CISA) gave federal agencies until Friday to patch an actively exploited vulnerability in the Langflow visual framework for building AI agents. Ubiquiti warns of new max severity UniFi OS vulnerability 8h ago Ubiquiti has released security updates to patch seven critical vulnerabilities in UniFi OS, including a maximum-severity flaw that can be exploited in command injection attacks. CISA orders feds to patch max severity ColdFusion flaw by Friday 9h ago The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to patch an actively exploited maximum-severity flaw in the Adobe ColdFusion commercial web app development platform by Friday. Accenture confirms breach after hacker offers stolen data for sale 19h ago IT services giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and other data from the company. Chinese hackers develop LONGLEASH malware to expand ORB network 22h ago Chinese hackers tracked as 'UAT-7810' are actively evolving their malware to expand their Operational Relay Box (ORB) network by compromising internet-facing networking devices, primarily unpatched Ruckus routers. Hidden backdoor in Tenda router firmware grants admin access 23h ago A hidden authentication backdoor has been found in multiple Tenda router firmware versions, potentially allowing an attacker to gain administrative access to the device's web management panel.
15 loaded
SE
SecurityWeek
1h ago · 10 items
JH
John Hammond
1h ago · 15 items
15 loaded
TC
The Cyber Mentor
1h ago · 15 items
15 loaded
CS
Cisco Security Advisory
1h ago · 52 items
Cisco Advance Notification for Publication of July 15, 2026, Security Advisories 1h ago On July 15, 2026, the Cisco Product Security Incident Response Team (PSIRT) will publish advisories to disclose security vulnerability information along with fixed software releases for the following Cisco products: Identity Services Engine... ClamAV Vulnerabilities Affecting Cisco Products: July 2026 7d ago Multiple vulnerabilities in ClamAV could allow a remote attacker to cause a denial of service (DoS) condition, interrupting scanning operations. For more information about these vulnerabilities, see the Details section of this advisory. For... Cisco Catalyst Center Arbitrary File Read Vulnerability 7d ago A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exp... Cisco Advance Notification for Publication of July 1, 2026, Security Advisories 14d ago On July 1, 2026, the Cisco Product Security Incident Response Team (PSIRT) will publish advisories to disclose security vulnerability information along with fixed software releases for the following Cisco products: Catalyst Center Secure En... Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities 16d ago Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a c... Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities 21d ago Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow a remote attacker to achieve remote code execution or conduct information disclosure attacks on an affected devi... Cisco Crosswork Network Controller Server-Side Template Injection Vulnerability 21d ago A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input v... Cisco Webex App Open Redirect Vulnerability 21d ago A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer ... Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability 21d ago A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands.... Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability 21d ago A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an un...
52 loaded
TH
The Hacker News
2h ago · 20 items
New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware 2h ago Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS 2h ago New Ghost Phishing Wave Is Breaking Traditional Email Security 4h ago SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users 4h ago GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures 5h ago The Verification Step Is the New ATO Battleground in 2026 5h ago GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code 5h ago China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware 8h ago 15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros 10h ago CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV 11h ago
20 loaded
BH
Black Hat
2h ago · 15 items
15 loaded
HN
Help Net Security
3h ago · 10 items
Attackers using Langflow flaw for credential harvesting (CVE-2026-55255) 3h ago CISA is warning about yet another Langflow vulnerability (CVE-2026-55255) leveraged by attackers in the wild. Censys Internet Map links real-time DNS data to internet infrastructure 3h ago Censys Internet Map now includes real-time DNS visibility, helping security teams investigate domains and infrastructure. Blackpoint AI SOC Agent autonomously contains identity-based attacks 3h ago Blackpoint AI SOC Agent autonomously detects and contains identity threats targeting Microsoft 365 and Google Workspace. First Recon AI Security Runtime helps enterprises govern AI with audit-ready evidence 3h ago First Recon AI Security Runtime governs and secures enterprise AI use by enforcing policies and auditing every AI interaction. FalconStor Cloud Clean Room enables validated recovery without dedicated infrastructure 3h ago FalconStor Cloud Clean Room enables validated recovery testing in a secure enclave, with each test starting from a known state. DNSFilter makes its DNS threat protection available to OEM partners 4h ago DNSFilter's OEM program lets partners embed DNS threat protection, VPN, and privacy features into apps, devices, and services. Attestiv DeepScan combines AI and forensic analysis for file validation 4h ago Attestiv DeepScan validates photos, documents, audio, and video to help organizations detect fraud and make trusted decisions. Accenture acknowledges security incident following 35GB data theft claim 5h ago Technology consulting company Accenture appears to have suffered a data breach, the extent of which is currently unknown. Crusoe brings serverless fine-tuning to AI model development 7h ago Crusoe added serverless AI model fine-tuning and self-serve deployments to simplify training and production inference. Automox MCP Server adds visual reviews and AI-driven patch policy creation 7h ago Automox MCP Server 2.2 adds visual review surfaces, Patch by Severity policies, and live capability discovery for IT teams.
KO
Krebs on Security
4h ago · 10 items
Felons, Fraudsters Flog Offensive Cybersecurity Startup 4h ago A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intellige... FBI Seizes NetNut Proxy Platform, Popa Botnet 5d ago The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technolo... Scattered Spider Hackers Plead Guilty on Day 1 of Trial 15d ago Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The ... ‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm 19d ago For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers ... Who Runs the Ransomware Group ‘The Gentlemen?’ 28d ago A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of... A Record-Breaking Patch Tuesday for June 2026 28d ago Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bug... Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts 36d ago The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how ... Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks 44d ago Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the Euro... Lawmakers Demand Answers as CISA Tries to Contain Data Leak 47d ago Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a v... Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada 47d ago Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed deni...
SL
Security Latest
6h ago · 20 items
OnlyFans Models Are Accidentally Making Hacked Government Websites Disappear 6h ago What Happens if China Hacks the US Water Supply? I Went to a Secret War Game to Find Out 7h ago ICE’s Internal Watchdog Is Now Investigating Online Critics 2d ago Security Roundup: Apple’s Hide My Email Service Fails to Hide Your Email 4d ago EU Politicians Investigated Pegasus Spyware. Then It Ended Up on One of Their Phones 5d ago Claude Helped a Hacker Find a Way to Issue Tickets to Almost Every US Music Festival 7d ago Meta Contractors Posed as Teens to Prompt Rival Chatbots About Suicide, Sex, and Drugs 8d ago Top Google Security Staff Warn Search Data Could Be Hacked if EU Rules Change 9d ago Security News This Week: LastPass Users Had Their Data Stolen—Again 11d ago The Pentagon Is Looking Into the Dialog Data Exposure for Unmasking National Security Officials 12d ago
20 loaded
HS
Heimdal Security Blog
7h ago · 15 items
Cyber-Aware Customers Are Raising the Bar for MSPs and Other Vendors 7h ago Your client is no longer just buying your security advice. They’re auditing whether you live by it. That was the clearest message from the exclusive interview I had with Heather MacDonald, an MSP finance specialist and owner of Counting Cre... How to scale your patches without scaling your team (the patch wave) 5d ago Most breaches don’t start with a vulnerability nobody knew about. They start with one nobody patched in time. Vulnerability exploitation is now the single biggest way attackers get into a network. It has overtaken stolen credentials for the... AI didn’t break patching. It showed us patching was already broken. 5d ago Claude Mythos, an AI model from Anthropic, has found 23,019 software vulnerabilities in the past month. Fewer than 1% of them have been patched. That gap is the story. Finding a vulnerability used to be the hard part, the thing that limited... Heimdal Launches MSP Onboarding Wizard to Help Partners Onboard Microsoft CSP Customers in 2 Minutes 7d ago New feature reduces manual setup, speeds up customer activation, and helps MSPs scale Microsoft CSP estates with less operational work. How Dynamic Defense shuts an attacker out without shutting down the business 12d ago AI has handed hackers a resource advantage. Winning it back means spending your own resources far more precisely, and that’s the strategy we call Dynamic Defense. The principle is simple. Contain the threat just enough, for just long enough... Static security has run out of road. The case for Dynamic Defense 12d ago AI has flipped the economics of cybersecurity in the attacker’s favor. For most of the last decade, defenders held the cost advantage, buying down their risk with a stack of largely static controls. That advantage is gone, and winning it ba... Breaking the MSP Echo Chamber: The Power of Community 14d ago MSPs spend too much time talking to other MSPs and not enough time talking to the people they’re supposed to serve. That’s Paul Croker’s view of some of the channel’s biggest growth problems. While most industry events bring technology prof... How attackers built a RAT on a Windows machine using its own .NET compiler 16d ago In May 2026 an attacker compromised a UK medical practice endpoint without delivering a single malicious file. They used PowerShell and the .NET compiler built into Windows to build a Remcos remote access trojan on the machine itself, so si... Attacker enables RDP, creates admin, erases evidence in ten seconds 16d ago At 06:34am on 2 June 2026, an attacker logged on to a customer’s network. In a single automated burst, they switched on remote desktop and created a rogue administrator account. And deleted the evidence behind them. The intrusion reached 34... The State of AI Risk Management in 2026 22d ago There is no excerpt because this is a protected post.
15 loaded
CY
CyberScoop
8h ago · 126 items
Found fast, fixed slow: The gap the AI clearinghouse must close 8h ago Spain arrests suspected hacker linked to Russian hacktivist campaign 19h ago Deepfake CSAM lawsuit against xAI, Grok expands 20h ago Suspected Chinese espionage group used a Roundcube exploit chain to burrow into universities 1d ago Proofpoint researchers said attackers targeted physics and engineering departments, and warn that the campaign is likely ongoing. US Army websites defaced with pro-Kurdish sentiments, insults to Trump 1d ago Sysdig clocks first documented case of agentic ransomware 2d ago Finding vulnerabilities was never the hard part 2d ago Someone infected a spyware probe overseer with spyware 5d ago Alleged longstanding member of Scattered Spider extradited to US 6d ago Researchers spot exploitation of another critical Oracle defect 6d ago
126 loaded
SA
Security - Ars Technica
10h ago · 20 items
Hackers can use 9 of the most popular AI tools to assemble massive botnets 10h ago Newly discovered PamStealer isn't your typical macOS malware 5d ago NASA inspector general suggests Boeing's Starliner will now be a decade late 7d ago New attack provides one more reason why AI browsers are a bad idea 7d ago US offers $10 million for info on group behind Signal and WhatsApp hacking spree 8d ago One-two punch delivered in global operation disrupts cybercrime "assembly line" 13d ago White House drastically shortens deadline for dropping quantum-vulnerable crypto 14d ago Following user outcry, AMD reinstates memory encryption in consumer CPUs 15d ago Microsoft discovers new lightweight backdoor that steals cryptocurrency 19d ago Apple patches high-severity eavesdropping vulnerability in Beats Studio Buds 19d ago
20 loaded
HA
Hak5
16h ago · 15 items
15 loaded
RF
Recorded Future
17h ago · 20 items
The Threat Isn’t the Frontier Model 17h ago Iran-Nexus TAG-182 Disseminates MarkiRAT Surveillance Tool 7d ago Where Expertise Meets Algorithm: The Insikt Group® Intelligence Edge 13d ago Discover how Recorded Future’s Insikt Group combines human expertise with automated analysis to turn raw data into actionable, industry-leading threat intelligence. Evaluating Mexico’s New Cybersecurity Plan 13d ago Explore an analysis of Mexico’s 2025–2030 National Cybersecurity Plan. Discover how Mexico is addressing critical threats like ransomware, organized crime, and AI-driven attacks while preparing its digital infrastructure for the 2026 FIFA W... FortiBleed Campaign Exposing Credentials for 73,932 FortiGate Systems 14d ago A dataset containing valid administrative and VPN credentials for tens of thousands of Fortinet FortiGate firewalls, Recorded Future recommends organizations patch their systems immediately. The Purchase Scam Tactic Headed for the World Cup | Recorded Future 15d ago A purchase scam tactic hijacks organic search through compromised sites, and it’s built to scale into 2026 FIFA World Cup fraud. How it works and how to respond. State Digital Surveillance Risk Landscape 21d ago Explore the state digital surveillance risk landscape. Learn how governments use spyware, AI, and network interception to monitor travelers and how to mitigate these risks. The Intelligence No One Else Has: Inside Recorded Future’s Proprietary Collection Engine 22d ago Learn how Recorded Future’s proprietary collection engine empowers organizations to move beyond reactive security. Discover the power of our four unique intelligence source types—technical, underground, community, and open-source—working to... Recorded Future Launches Impact and Metrics Dashboard 27d ago See the business value of your intelligence program in one live, continuously updated dashboard, built for the conversations that matter most with the executives who own budget and strategy. Cyber-Enabled Maritime Sanctions Evasion 27d ago Discover how Iranian and Russian shadow fleets use a vast network of fake maritime websites and fraudulent documents to evade international sanctions
20 loaded
MS
MSRC Security Update Guide
1d ago · 20 items
CVE-2026-45638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 1d ago CVE-2026-9080 UAF after pause in socket callback 1d ago CVE-2026-8926 password leak with netrc and user in URL 1d ago CVE-2026-10536 HTTP/2 stream-dependency tree UAF 1d ago CVE-2026-8286 wrong STARTTLS connection reuse 1d ago CVE-2026-8458 wrong reuse for different services 1d ago CVE-2026-8924 trailing dot domain super cookie 1d ago CVE-2026-8932 incomplete mTLS config matching in conn reuse 1d ago CVE-2026-9545 exposing HTTP/3 early data 1d ago CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh 1d ago
20 loaded
SE
Securelist
1d ago · 10 items
Threat landscape for industrial automation systems. Q1 2026 1d ago This report contains industrial threat statistics for Q1 2026, including industrial threat distribution by type, source, region and industry. When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website 2d ago The OAuth 2.0 Device Authorization Grant specification was designed to streamline authentication for Smart TVs, IoT devices, and printers. Today, threat actors are weaponizing it. Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign 5d ago An inside look at the active Armored Likho APT campaign. The attackers are using spear-phishing, AI-generated loaders, and a new Python-based tool, BusySnake Stealer, to target organizations in Russia, Kazakhstan, and Brazil. Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects 6d ago Kaspersky Compromise Assessment specialists analyze trends from the service’s 2025 projects and provide tips on how to enhance your organization’s security. The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign 7d ago Kaspersky experts have uncovered a malicious network infrastructure for delivering AsyncRAT. The Trojan is dropped via compromised ScreenConnect software. In this post, we break down the infection chain and analyze the C2 infrastructure. OpenClaw: risks for the users and how to mitigate them 7d ago Researching OpenClaw vulnerabilities, malicious skills and other security issues with the popular agent, and providing tips on how to mitigate them. ToddyCat: your hidden email assistant. Part 2 8d ago An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications in Gmail. The attack targeted OAuth authorization tokens, allowing threat actors to gain access to Google services. The Gentlemen are knocking: сustom backdoors and evolving tactics 9d ago Kaspersky researchers analyze incidents related to The Gentlemen RaaS group, disclose their tools and TTPs, and find a new ransomware variant. Beware of the license manager: how a Schneider Electric software vulnerability puts industrial facilities at risk 12d ago Analysis of CVE-2024-2658 as found in Schneider Electric’s Floating License Manager. Discover how this FlexNet Publisher vulnerability potentially allows attackers to escalate to NT AUTHORITY\SYSTEM privileges and expand their foothold; lea... Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools 13d ago Kaspersky researchers analyze the threat landscape for SMBs in 2026: the rise of attacks involving fake AI tools, phishing schemes, and data sold on the dark web.
DB
David Bombal
1d ago · 15 items
15 loaded
NE
NetworkChuck
2d ago · 15 items
15 loaded
MS
Microsoft Security Blog
2d ago · 10 items
5 insights from Frost & Sullivan’s 2025 Frost Radar™ for Cloud Security Posture Management 2d ago Read five key learnings from the Frost & Sullivan 2025 Frost Radar™ for CSPM to learn how CSPM is evolving from point-in-time compliance to continuous risk management. Improving security posture across the Microsoft partner ecosystem 6d ago Read how Microsoft strengthens partner ecosystem security with CSP vetting, least privilege access, monitoring, and risk management best practices. Microsoft named a leader in the Frost Radar for cloud and application runtime security 7d ago Frost Radar recognizes Microsoft leadership in cloud and application runtime security, helping teams prioritize and reduce exploitable risk. Accelerating the quantum-safe timeline 7d ago We’re accelerating quantum-safe readiness—and sharing what organizations can do now to transition earlier and with confidence. ​​What’s new in Microsoft Security: June 2026 8d ago This month’s updates help security and IT teams strengthen identity and multicloud foundations, protect data wherever it lives, and secure the developer workflows powering AI innovation. Securing AI agents: When AI tools move from reading to acting 8d ago MCP tool poisoning turns trusted AI agents into a control plane for data loss. Learn how threat actors manipulate tool descriptions to trigger unauthorized actions, and how to detect, contain, and prevent it. Chromium extension uses AI‑related branding to redirect browser search 9d ago A malicious Chromium-based extension that spoofs the AI-powered answer engine Perplexity AI redirects browser search traffic using MV3 APIs and intermediary infrastructure. Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access 12d ago Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in Europe and Asia. The campaign uses photo-themed ZIP archives and fake image shortcut files to deliver a persistent Node... Microsoft a Leader in The Forrester Wave™ for Endpoint Management Platforms 13d ago Microsoft named a Leader in the Forrester Wave™: Endpoint Management Platforms, Q2 2026, with the highest scores in the current offering and strategy categories. CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms 13d ago Discover how Microsoft aligns with the next phase of CNAPP—helping organizations correlate signals, prioritize risk, and reduce cloud exposure across modern application environments.
NA
NahamSec
2d ago · 15 items
15 loaded
Playing Around With ADIDNS RPC Internals 2d ago Windows Service - Playbook & Detection Strategies 2d ago It’s 37oC, And All We Can Think About Is ColdFusion (Adobe ColdFusion Security Bulletin APSB26-68 CVE Bonanza) - watchTowr Labs 6d ago FIFA was saved this time 6d ago /r/netsec's Q3 2026 Information Security Hiring Thread 6d ago Privilege escalation to root in Lima QEMU guests via a world-writable agent socket (CVE-2026-53657) 7d ago r/netsec monthly discussion & tool thread 7d ago CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451) - watchTowr Labs 7d ago Auditing OpenReception: 16 CVEs in an end-to-end encrypted appointment booking platform (unauthenticated admin creation, account takeover, E2E bypass) 8d ago Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037) - watchTowr Labs 8d ago
271 loaded
IP
IppSec
4d ago · 15 items
15 loaded
WE
WeLiveSecurity
5d ago · 20 items
20 loaded
TL
The Last Watchdog
6d ago · 29 items
News alert: Link11 launches faster DDoS mitigation to counter AI-driven, adaptive network attacks 6d ago FRANKFURT, July 1, 2026, CyberNewswire – Link11, a leading European provider of cloud-based cybersecurity solutions, today announced the launch of its completely rebuilt Layer 3/4 DDoS mitigation solution, designed to address the growing ... News alert: Reflectiz partners with Taboola to host webinar on AI-driven marketing security risks 7d ago BOSTON, June 30, 2026, CyberNewswire – Reflectiz, the web exposure management platform, today announced a live webinar with Taboola, "Securing Third-Party Marketing in the AI Era," taking place July 8 at 9 AM EDT / 3 PM CEST. Every market... News alert: OpenMatter launches platform to verify AI activity across enterprise systems 7d ago MELBOURNE, Fla., June 30, 2026, CyberNewswire – OpenMatter Network today announced the launch of its cryptographically verifiable platform for secure collaboration and AI governance, built on a simple premise: Don't Trust Data. Prove It. ... News alert: SpyCloud report finds phishing surge exposing employee data at Fortune 100 companies 20d ago AUSTIN, Tex., June 17, 2026, CyberNewswireŌĆōSpyCloud, the leader in identity threat protection, today released its 2026 Phishing Pulse Report, revealing that phishing attacks continue to increase in both volume and sophistication for enter... News alert: Heimdal study finds executives are more confident than frontline IT teams on AI risk 20d ago LONDON, June 17, 2026, CyberNewswire–Heimdal today published The State of AI Risk Management in 2026, a survey of 1,000 IT professionals across the United Kingdom and the United States. The report's headline finding is a divide inside the... News alert: Aembit secures Copilot Studio agents with identity-based access controls and audit trails 21d ago LAS VEGAS, June 16, 2026, CyberNewswire–Aembit on Tuesday announced support for Copilot Studio, extending its identity and access management capabilities to Microsoft's enterprise AI agent platform. The integration, unveiled at Identivers... News alert: GitGuardian adds endpoint protection as developer laptops become credential troves 21d ago NEW YORK, June 16, 2026, CyberNewswire–GitGuardian announced today that it is introducing Developer Endpoint Protection, extending its secrets and non-human identity (NHI) security platform coverage to developer workstations. After 12 mon... News alert: Varist announces AI-scale malware detection for healthcare and medical imaging 22d ago REYKJAVIK, Iceland, June 16, 2026 — Varist today introduced its DICOM Detection Engine™, a specialized system designed to safeguard electronic health records (EHR) and picture archiving and communication systems (PACS) from all known ma... News alert: Cloud security report finds fragmented tools widening the cloud complexity gap 27d ago News alert: Halo Security recognized for helping MSPs manage customers’ external attack surfaces 35d ago
29 loaded
PN
Proofpoint News Feed
7d ago · 10 items
New Cargo Theft Surge: From Lobster Heists To Bourbon Warehouse Scams 7d ago Cargo theft is evolving with cybercrime. Learn how organized crime is hijacking shipments—from a $400,000 lobster theft to a $500,000 bourbon heist—and what needs to be done. Defending the Authentication Flow: Device Code Phishing with Selena Larson 8d ago Host Caleb Tolin sits down with Selena Larson, Staff Threat Researcher and Lead, Intelligence Analysis and Strategy at Proofpoint and Host of the DISCARDED podcast, to discuss the mechanics of device code phishing and the widespread abuse o... Proofpoint Joins the OpenAI Daybreak Cyber Partner Program to Advance Responsible AI-Powered Cyber Defense 16d ago Proofpoint has been selected to participate in OpenAI Daybreak, which helps trusted cybersecurity companies integrate AI into defensive security operations. Through the OpenAI Daybreak Cyber OpenAI Lets Cyber Vendors Embed GPT-5.5 in Defenses 16d ago Suspected North Korean actors use fake ‘coding assignments’ to steal crypto 29d ago China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa 34d ago Proofpoint Introduces Active Exploits Protection to Help Organizations Prioritize Vulnerability Patching for Real-World Attacks in the AI Era 42d ago New solution reduces exposure to actively exploited vulnerabilities in minutes by turning intelligence into immediate protection across primary attack paths Disrupts AI-powered exploit- Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks 47d ago Proofpoint Integrates with the Claude Compliance API to Extend Data Security and Governance to Claude 48d ago New product integrations bring data protection, insider risk detection, and governance into Claude Enterprise and Claude Platform activity Organizations gain unified visibility across Proofpoint Launches Dedicated MSP Business Unit and Introduces 365 Total Protection for North America 56d ago New MSP Platform business unit, AI-powered all-in-one Microsoft 365 protection, and Marketplace partnership with Pax8 strengthen Proofpoint’s commitment to channel and small and mid-size
CD
Cyber Defense Magazine
7d ago · 82 items
The Chaya_006 Alert: OT Edge Devices Under Fire 7d ago Nissan Americas Hit in Global Oracle PeopleSoft Data Breach 8d ago CISA Warns Attackers Are Targeting Critical Internal Business Platforms 9d ago Return On Risk: The New Measure Of Cyber Resilience 10d ago Path to StateRAMP 10d ago Rethinking Identity Security In The Age Of AI Driven Fraud 11d ago New Age Insider Risk 11d ago Openclaw And The Agentic AI Inflection Point: From “Cool Demo” To Governed Infrastructure 12d ago Reasonable Reliance: The Test Duty-Holders Are Quietly Being Held To 12d ago The Moment Of Reliance: The Question Safety Governance Cannot Currently Answer 13d ago
82 loaded
BF
Blog – Forter
9d ago · 10 items
TONResolver RAT Abuses TON Blockchain to Target Japan's Hotel Industry 9d ago From Langflow to Monero: Inside CVE-2026-33017 Cryptominer 15d ago PeopleSoft PeopleTools Pre-Authentication RCE: A PSIGW SSRF Chain That Executes Inside the JVM 20d ago Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign 21d ago Governing Claude Enterprise in Environments Where Inline Controls Can't Go 26d ago GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026 28d ago Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open 30d ago Pwn2Own Berlin 2026: On the Ground With TrendAI™ ZDI's Biggest AI Showdown Yet 37d ago Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet 43d ago Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware 47d ago
20 loaded
DA
darkreading
12d ago · 104 items
Name That Toon Contest 12d ago Europe Evolves Into Ransomware's Favorite Region 13d ago Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure 13d ago 2026 FIFA World Cup Faces Surge in Cyber Threats 13d ago Do CISOs Need a Code of Ethics? 13d ago More Malicious OpenClaw Skills Threaten AI Supply Chain 14d ago Apple's MacOS Gap Lets Users Disable Security Tools 14d ago Scope of Salesforce Attacks Expands as Icarus Leaks Data 14d ago 'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows 14d ago SocGholish Takedown Highlights Malicious TDS Threats 15d ago
104 loaded
M3
Microsoft 365 Blog
13d ago · 10 items
Copilot in Excel: Built for the era of Frontier Finance 13d ago - Discover how Copilot in Excel transforms finance workflows with skills, data connectors, and capabilities for traceability. Copilot Cowork is now generally available 22d ago Copilot Cowork is now generally available worldwide, bringing secure, AI-powered automation for complex enterprise tasks in Microsoft 365. Introducing Microsoft Scout: Your always-on personal agent 35d ago Microsoft introduces a new, always-on personal agent, Microsoft Scout, integrated across the Microsoft 365 apps you use every day. Announcing the new Work IQ APIs 36d ago Build enterprise agents with Work IQ APIs for Microsoft 365—bringing business context, tools, and secure, scalable intelligence into every workflow. Introducing Microsoft 365 Business with Copilot: The new standard for small business 40d ago Meet Microsoft 365 Business with Copilot—the AI-powered solution transforming how small businesses work, collaborate, and compete. Introducing a new design for Microsoft 365 Copilot 41d ago Copilot’s redesigned experience delivers faster performance, adaptive tools, and clearer AI-powered workflows to help you easily move from intention to outcome. New and improved: Computer-using agents, a new workflows experience, and real-time voice experiences 43d ago Explore what's new in Copilot Studio, May 2026: computer-using agents are now available, plus redesigned workflows and Work IQ extensibility. New and improved: Agent governance, intelligent workflows, and connected app experiences 57d ago See what's new in Copilot Studio, April 2026: updates to workflows, more control over agent operations, and an expanded agent usage estimator. Copilot Cowork: From conversation to action across skills, integrations, and devices 64d ago Today, we’re announcing additional capabilities in Cowork to expand on what it can make possible for you. Microsoft 365 Copilot, human agency, and the opportunity for every organization 64d ago Empower your organization with Microsoft 365 Copilot—AI that bridges human potential and business outcomes for the future of work.
AL
Alerts
20d ago · 44 items
CISA Adds One Known Exploited Vulnerability to Catalog 20d ago CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure 20d ago CISA Adds One Known Exploited Vulnerability to Catalog 22d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 23d ago CISA Adds One Known Exploited Vulnerability to Catalog 26d ago CISA Adds One Known Exploited Vulnerability to Catalog 27d ago CISA Adds Three Known Exploited Vulnerabilities to Catalog 29d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 30d ago CISA Adds One Known Exploited Vulnerability to Catalog 33d ago CISA Adds One Known Exploited Vulnerability to Catalog 35d ago CISA has added one new vulnerability to its KEV Catalog, based on evidence of active exploitation.
44 loaded
AC
All CISA Advisories
20d ago · 125 items
Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT 20d ago CISA Adds One Known Exploited Vulnerability to Catalog 20d ago Schneider Electric EasyLogic T150 and Saitel DP 20d ago AVer PTC cameras 20d ago Rockwell Automation FactoryTalk Historian Site Edition 20d ago AzeoTech DAQFactory 20d ago Schneider Electric Easergy, EcoStruxture, PowerLogic, and Saitel Products 20d ago Mitsubishi Electric MELSEC iQ-F Series 20d ago Mitsubishi Electric Co.'s MELSEC iQ-F Series FX5-ENET/IP Ethernet Module 20d ago CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure 20d ago
125 loaded
CY
cybersecurity
26d ago · 1867 items
Any solutions we can use? 26d ago Possible targeted attack 27d ago RoguePlanet: Windows Zero-Day That Weaponizes Defender's Own Quarantine Pipeline 27d ago Facebook messenger to text 27d ago Managing Solution Agents 27d ago Nottingham University data breach affects over 450,000 students 27d ago SWGs that support 3rd party external DNS resolver 27d ago Sub:jugation - Hijacking Cloud Identities by Recycling Namespaces in Global OIDC Issuers 27d ago Chrome extensions with 10M+ installations are actively vulnerable to UXSS & UXSG 27d ago Cybersecurity researchers aren't happy about the guardrails on Anthropic's Fable | TechCrunch 27d ago
1867 loaded
HS
hacking: security in practice
27d ago · 241 items
DIY pwnagotchi-like device on esp32 27d ago Flipper Blackhat + Bjorn 27d ago Do you think AI is making hacking easier or harder 27d ago What can i do left? PSN 27d ago Proxmark5 campaign ending in less than 18 hours. 27d ago How to bypass speed queen coin slot for washer and dryer 27d ago Self-hosting stuff for when things get ugly 27d ago Malware Includes Taboo In Text To Prevent LLM Analysis 27d ago added Mac support for my corporate hacking game, demo on Steam 27d ago Catfished 28d ago
241 loaded
RE
Reverse Engineering
27d ago · 181 items
Reverse engineered BLE protocol of a $7 generic Chinese smart ring from Temu, and built an iOS app around it 27d ago [Reverse-Engineering] Skeet CS:GO source code (Gamesense) 27d ago [Reverse-Engineering] Skeet CS:GO source code (Gamesense) 27d ago Giulio Zausa's MMO-CHIP Makes Reverse Engineering Old Silicon Chips a Multiplayer Game 27d ago I built 99 adversarially malformed PE files to test tool robustness - here’s what happened 27d ago Drive Firmware Security - Phison S11 27d ago IDA 9.4 Beta | Hex-Rays Docs 27d ago Trane Tracer HVAC cybersecurity issues 28d ago 🚀 Release PyMemoryEditor v2.0 — read, write and scan the memory of any running process, in pure Python (Windows, Linux & macOS) 28d ago I reverse engineered Lofree Hypace mouse firmware flashing protocol to bypass their official web based configuration on MacOS. 28d ago
181 loaded
US charges suspected Russian hacker with facilitating cyber campaign 27d ago Hawkish GOP lawmaker Don Bacon says he was hacked by Russia 27d ago Oops, I Weaponized the Database: Abusing AI Features in SQL Server 2025 27d ago GreatXML: GreatXML bitlocker bypass vulnerability 27d ago GreatXML a bitlocker that seems to only work if you ever had Defender Offline Scan 27d ago I found 23 Chrome extensions hijacking 758,000 users' searches for affiliate revenue 27d ago [Op Report] From SSA Phish to AdaptixC2: A Multi-RAT Intrusion 27d ago GhostTrace – CLI forensic scanner for Windows: 22 modules, MITRE ATT&CK mapped, read-only by default 27d ago Miasma-style supply chain attacks 27d ago On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet 27d ago
603 loaded
MA
Malware Analysis & Reports
27d ago · 115 items
I built 99 adversarially malformed PE files to test tool robustness - here’s what happened 27d ago ClickFix attack in the wild — fake Cloudflare CAPTCHA delivering obfuscated PowerShell dropper 28d ago WordPress malware in official WooCommerce theme (Kiosko): hidden admin users and corrupted sitemap 28d ago Inside the DPRK-Linked Backdoor Loitering in the VS Code Marketplace 28d ago Fake Interview deploys stealthy cross platform (macOS/Windows) through npm package install in take home assessment 29d ago 73 Microsoft GitHub repositories impacted by Miasma malware 30d ago Unauthorized Onlyfans Payment 30d ago Building A Malware Lab From Scratch Part 2! 32d ago Detecting npm Native Addon Malware: node-gyp Abuse 32d ago Microsoft Warns of GPU Cryptojacking Campaign Spread Through AI Chatbot Links 33d ago
115 loaded
WE
WeLiveSecurity
27d ago · 36 items
OceanLotus: From external espionage to domestic targeting 27d ago Unpacking SMB cyber-readiness – and what makes or breaks it 28d ago Cybercriminals: the 'auditors' you never hired 29d ago Lessons for life: Why children’s data is a long-term identity risk 35d ago This month in security with Tony Anscombe – May 2026 edition 40d ago ESET APT Activity Report Q4 2025–Q1 2026 41d ago What to consider before asking an AI chatbot for health advice 42d ago BTMOB: A stealthy RAT burrowing deep into Android devices 43d ago Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise 47d ago Webworm: New burrowing techniques 49d ago
36 loaded
SK
STÖK
45d ago · 15 items
15 loaded
DE
DEFCONConference
70d ago · 15 items
15 loaded
13 loaded
AI in Tax Season: Risks, Scams, and How to Protect Your Data 125d ago Tax Season Scams to Watch For This Year 132d ago Beware of Misleading Tax Advice on Social Media 300d ago Each year the IRS educates taxpayers on the most trending fraud schemes that could deceive individuals and businesses during tax season. In late 2024, The IRS took to warning the public against misleading “tips” or... Scammers Up Their Game With AI 301d ago Learn how to spot the threats and protect yourself from scammers using AI for phishing and deepfakes with smart security practices. The Essential Guide to Safeguarding Your Online Passwords 379d ago Protect your personal and business data with strong passwords, two-factor authentication, and smart cybersecurity practices. Beware: Tax Season is Scam Season 490d ago Tax season is also prime time for tax scams. To safeguard your personal information, consider these key points: Communication methods The IRS initiates contact primarily through mail, not email or phone calls. Be cautious of... Stop Scams: Fraud Prevention Starts with Your Employees 503d ago You can be as proactive and protective as possible when it comes to cyber security for your business, but there’s one vulnerability you cannot eliminate: human error. In fact, statistics estimate that as much as... ‘Tis the Season for Holiday Shopping Scams 576d ago The holidays are typically the time of year for gifting presents to friends and family or donations to charity. Unfortunately, not-so-jolly fraudsters take advantage of this generosity. Protect yourself by watching for these common scams:..... IRS Issues “Dirty Dozen” Fraud Warnings 761d ago Each year, the IRS releases a “Dirty Dozen” series to highlight the most common fraud schemes taxpayers should be aware of. IRS Identity Theft Season Begins Now 890d ago Each year thieves try to steal billions in federal withholdings by stealing your identity. As the IRS focuses more attention on this quickly growing problem, now is the time of year to be extra vigilant....
LI
LiveOverflow
125d ago · 15 items
15 loaded
HA
HackerSploit
455d ago · 15 items
15 loaded
TH
Threatpost
1407d ago · 10 items
Student Loan Breach Exposes 2.5M Records 1407d ago 2.5 million people were affected, in a breach that could spell more trouble down the line. Watering Hole Attacks Push ScanBox Keylogger 1408d ago Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms 1409d ago Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. Ransomware Attacks are on the Rise 1412d ago Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. Cybercriminals Are Selling Access to Chinese Surveillance Cameras 1412d ago Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. Twitter Whistleblower Complaint: The TL;DR Version 1414d ago Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. Firewall Bug Under Active Attack Triggers CISA Warning 1415d ago CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP. Fake Reservation Links Prey on Weary Travelers 1416d ago Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. iPhone Users Urged to Update to Patch 2 Zero-Days 1419d ago Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. Google Patches Chrome’s Fifth Zero-Day of the Year 1420d ago An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

No matching sources found.