Loading…

Whats The Hax?

Daily intelligence on threats, breaches, and defenders

Latest
Latest newsAmazon dropped this Blink video doorbell and security camera bundle to 43% off - and we recommend itThe Hacker NewsTwo Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL HackThe Record from Recorded Future NewsUK investigates TikTok for alleged age-verification lapses, exposing kids to online harmsThe Record from Recorded Future NewsUkrainians rally against dismissal of tech-minded defense minister FedorovMicrosoft Security BlogLeast privilege for AI agents: Identity, access, and tool bindingLatest newsAmazon just cut $300 off the Google Pixel 10 Pro - and I'd recommend buying oneLatest news6 cheap kitchen gadgets that will make your life easier for under $20 (I promise)The Hacker NewsThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More StoriesSecurityWeekLegacy Systems, Real-World Impacts: The Reality of OT SecurityJohn HammondEvil Token MarketplaceLatest newsBuying a new Apple device? You can get it tax-free in 8 states - but only on these datesLatest newsManagers play critical role in a company's AI transformation - and they know itBleepingComputerAI Agents Broke the Security Playbook. Here's What Replaces It.The Record from Recorded Future NewsSandworm hackers have a CAPTCHA trick for UkrainiansHelp Net SecurityScattered Spider members jailed over Transport for London hack that cost £29 millionBleepingComputer23andMe to pay $18 million in new genetics data breach settlementLatest newsAnthropic's Claude Corps will pay $85,000 to 1,000 early-career professionals - apply nowHelp Net SecurityAdaptiva simplifies secure patch management for air-gapped networksThe Hacker Newsn8n Token Exchange Flaw Could Let Attackers Log In as Users From Another IssuerHelp Net SecurityCISA folds its own hard-won lessons into coordinated vulnerability disclosure guidanceLatest newsAmazon dropped this Blink video doorbell and security camera bundle to 43% off - and we recommend itThe Hacker NewsTwo Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL HackThe Record from Recorded Future NewsUK investigates TikTok for alleged age-verification lapses, exposing kids to online harmsThe Record from Recorded Future NewsUkrainians rally against dismissal of tech-minded defense minister FedorovMicrosoft Security BlogLeast privilege for AI agents: Identity, access, and tool bindingLatest newsAmazon just cut $300 off the Google Pixel 10 Pro - and I'd recommend buying oneLatest news6 cheap kitchen gadgets that will make your life easier for under $20 (I promise)The Hacker NewsThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More StoriesSecurityWeekLegacy Systems, Real-World Impacts: The Reality of OT SecurityJohn HammondEvil Token MarketplaceLatest newsBuying a new Apple device? You can get it tax-free in 8 states - but only on these datesLatest newsManagers play critical role in a company's AI transformation - and they know itBleepingComputerAI Agents Broke the Security Playbook. Here's What Replaces It.The Record from Recorded Future NewsSandworm hackers have a CAPTCHA trick for UkrainiansHelp Net SecurityScattered Spider members jailed over Transport for London hack that cost £29 millionBleepingComputer23andMe to pay $18 million in new genetics data breach settlementLatest newsAnthropic's Claude Corps will pay $85,000 to 1,000 early-career professionals - apply nowHelp Net SecurityAdaptiva simplifies secure patch management for air-gapped networksThe Hacker Newsn8n Token Exchange Flaw Could Let Attackers Log In as Users From Another IssuerHelp Net SecurityCISA folds its own hard-won lessons into coordinated vulnerability disclosure guidance

By Source

Feeds organized so you can skim by site.

Density Sort
LN
Latest news
1h ago · 20 items
Amazon dropped this Blink video doorbell and security camera bundle to 43% off - and we recommend it 1h ago This Blink Video Doorbell and Outdoor 4 security camera bundle deal will help you set up a home security system for less. Amazon just cut $300 off the Google Pixel 10 Pro - and I'd recommend buying one 3h ago Google's Pixel 10 Pro has one of the best camera systems for an Android today. Grab it for $699 right now, one of the best prices we've seen. 6 cheap kitchen gadgets that will make your life easier for under $20 (I promise) 3h ago These kitchen gadgets won't break the bank, but will seriously upgrade your cooking. Buying a new Apple device? You can get it tax-free in 8 states - but only on these dates 4h ago Starting July 17, certain states will let you buy items tax-free from different retailers, and Apple is one of them. Here are the states and products that qualify. Managers play critical role in a company's AI transformation - and they know it 4h ago More than two-thirds of middle managers are optimistic about AI's role in the future of work, and they feel personally accountable for their team's adoption of AI tools. Anthropic's Claude Corps will pay $85,000 to 1,000 early-career professionals - apply now 5h ago The Claude Corps fellowship matches professionals with partner nonprofits and pays them with benefits. But the deadline ends soon. I found a stunning Apple Notes alternative for my Mac - and it's (mostly) free 5h ago I finally ditched Notes on my Mac for this beautiful, Liquid Glass-like alternative. Here's why. 1Password's new Agentic Mode lets Claude log into your accounts without seeing your credentials 6h ago 1Password wants to solve one of AI's biggest practical problems: secure logins. Its Claude integration can enter passwords and MFA codes without exposing credentials to Anthropic or the model. This surprisingly useful Windows 11 tool helps me block distractions - and get more done 6h ago It has completely replaced my Pomodoro timer and task tracker, and it's free. Linus Torvalds puts his foot down, tells anti-AI programmers to 'fork it' 6h ago 'AI is a tool, just like other tools we use. And it's clearly a useful one.'
20 loaded
TH
The Hacker News
2h ago · 20 items
Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack 2h ago ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories 3h ago n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer 5h ago New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands 6h ago New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password 6h ago 20+ Hijacked Government Websites Became
an Attack Channel 7h ago New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands 7h ago Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor 7h ago AI Can Find Bugs, But Human Knowledge Still Proves Them 9h ago Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide 9h ago
20 loaded
MS
Microsoft Security Blog
3h ago · 10 items
Least privilege for AI agents: Identity, access, and tool binding 3h ago As AI agents become more autonomous, strong identity, access, and auditing controls are critical to keeping them secure. Unpacking the AsyncAPI npm supply chain compromise and import-time payload delivery 17h ago Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This analysis breaks down the attack chain, payload delivery, and recommended defenses. Turning threat intelligence into decisive action with Defender Experts 1d ago Security teams have never had more visibility, yet rarely have they felt more uncertain. Signal pours in from endpoints, identities, cloud workloads, and a sprawling mix of third-party tools. Defending SaaS-based applications against ShinyHunters OAuth abuse 2d ago Microsoft Threat Intelligence identified threat actor activity with overlapping tradecraft commonly associated with ShinyHunters, including voice phishing (vishing), supply-chain compromise, and misconfigured guest access targeting SaaS-bas... Microsoft Entra ID security updates: Passkeys are the default authentication method in Entra ID 3d ago Starting September 1, 2026, passkeys will become the default authentication experience in Microsoft Entra. Read more about how to prepare. Securing our future: July 2026 progress report on Microsoft’s Secure Future Initiative 6d ago Microsoft’s latest Secure Future Initiative report outlines progress on secure foundations, AI-powered defense, and future-ready cybersecurity. GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware 7d ago GigaWiper is a destructive backdoor that combines multiple wiping and ransomware-like capabilities into a single operational platform. This blog analyzes how the malware incorporates code from several previously separate malware families an... Protecting Microsoft at AI speed: How SFI proactively hardens our cloud 8d ago Learn how Microsoft uses AI to proactively harden its own cloud services through the Secure Future Initiative (SFI). 5 insights from Frost & Sullivan’s 2025 Frost Radar™ for Cloud Security Posture Management 10d ago Read five key learnings from the Frost & Sullivan 2025 Frost Radar™ for CSPM to learn how CSPM is evolving from point-in-time compliance to continuous risk management. Improving security posture across the Microsoft partner ecosystem 14d ago Read how Microsoft strengthens partner ecosystem security with CSP vetting, least privilege access, monitoring, and risk management best practices.
SE
SecurityWeek
3h ago · 10 items
JH
John Hammond
4h ago · 15 items
15 loaded
BL
BleepingComputer
5h ago · 552 items
AI Agents Broke the Security Playbook. Here's What Replaces It. 5h ago Traditional security workflows were built for environments that changed at human speed. Token Security explains why AI agents require a new approach: building on a live identity foundation while giving security teams the flexibility to crea... 23andMe to pay $18 million in new genetics data breach settlement 5h ago Genetic testing company 23andMe has agreed to pay $18 million to settle claims from a coalition of 43 attorneys general that it failed to protect customers' genetic data. Scattered Spider members behind TfL hack get five years in prison 6h ago Two leading members of the Scattered Spider cybercrime collective were sentenced to five years and six months in prison each for hacking Transport for London (TfL) in 2024. Windows 11 24H2 Home and Pro reach end of support in 90 days 7h ago Microsoft announced on Wednesday that systems running Windows 10 Enterprise LTSB 2016 and Home and Pro editions of Windows 11 24H2 will stop receiving updates in three months. CISA orders feds to patch actively exploited Oracle flaw by Saturday 8h ago CISA has ordered federal agencies to secure their systems by Saturday against ongoing attacks exploiting a critical vulnerability in the Oracle E-Business Suite financial application. Russian hackers trojanize WebEx, Zoom apps to push Starland malware 8h ago A financially motivated Russian threat actor tracked as UAT-11795 is using trojanized software to steal credentials and cryptocurrency by deploying a new backdoor called Starland RAT. New Spirals ransomware encrypts victim network in under 24 hours 9h ago A new ransomware actor called Spirals completed a corporate intrusion, from initial access to data theft and encryption, in less than 24 hours. Dutch police bust investment fraud ring stealing over €100 million 21h ago The Dutch Police announced the arrest of multiple individuals suspected of being part of an international investment fraud scheme estimated to have tens of thousands of victims. Zoom warns of critical account takeover vulnerability 22h ago Zoom is warning of a critical vulnerability in its desktop client and software development kit for Windows that could be exploited by an unauthenticated party to hijack accounts. Google Gemini CLI abused as a hacking agent, malware botnet operator 1d ago A Russian-speaking threat actor known as
552 loaded
HN
Help Net Security
5h ago · 10 items
Scattered Spider members jailed over Transport for London hack that cost £29 million 5h ago Two Scattered Spider members get 5.5 years each for the Transport London hacking that disrupted services for thousands of commuters. Adaptiva simplifies secure patch management for air-gapped networks 5h ago Adaptiva launches AirGap for OneSite Patch, enabling secure autonomous patching for air-gapped systems without breaking isolation. CISA folds its own hard-won lessons into coordinated vulnerability disclosure guidance 5h ago CISA and allied cyber authorities published a guide telling software vendors how to build a coordinated vulnerability disclosure program. Russian cybercriminal used jailbroken Gemini CLI to rebuild botnet infrastructure in six minutes 7h ago Trend Micro found a jailbroken Gemini CLI writing code, deploying servers, and rebuilding a hacker's C2 botnet from scratch. ValorC3 extends SaaS protection with immutable cloud backups 7h ago ValorC3 launches Backup as a Service (BaaS) to protect Microsoft 365, Entra ID, and Salesforce data with immutable backups. Intruder brings AI-powered, on-demand penetration testing to web applications 7h ago Intruder adds AI-powered web application pentesting, delivering on-demand security testing with audit-ready reports. Romania’s land registry hit by cyber attack, data allegedly for sale 8h ago Romania's National Agency for Cadastre and Land Registration (ANCPI) suffered a major disruption on Tuesday, following a cyber attack. Tenable One unifies code risks with enterprise exposure data 9h ago Tenable expands Tenable One with application security data for unified code-to-runtime exposure management. Lineation.ai focuses on runtime security for autonomous AI agents 9h ago Lineation.ai launches an agentic AI security platform with Zero Trust controls, runtime defense, and reasoning audit trails. Microsoft makes Windows SSO prompts easier to manage 10h ago Microsoft introduces a registry-based policy for Windows SSO, letting IT admins automatically accept permissions on eligible managed devices.
SE
Securelist
6h ago · 10 items
HelloNet campaign — new malicious modules launched through the ViPNet update system 6h ago We identified targeted infection attempts against large Russian organizations using the ViPNet update system (a software suite for creating secure networks). GoSerpent: a persistent threat evolves with sophisticated data collection and exfiltration 7h ago Two-phase attacks with the GoSerpent backdoor, Stowaway RAT, ThumbcacheService and other tools aim to steal data from government entities in Southeast Asia. OkoBot: new sophisticated malware framework targets cryptocurrency users 1d ago Kaspersky GReAT experts dissect the new OkoBot campaign targeting cryptocurrency users. This complex framework employs TookPS, exfiltrates seed phrases, monitors Chromium-based browsers, and installs various malware strains, including the R... Threat landscape for industrial automation systems. Q1 2026 9d ago This report contains industrial threat statistics for Q1 2026, including industrial threat distribution by type, source, region and industry. When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website 10d ago The OAuth 2.0 Device Authorization Grant specification was designed to streamline authentication for Smart TVs, IoT devices, and printers. Today, threat actors are weaponizing it. Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign 13d ago An inside look at the active Armored Likho APT campaign. The attackers are using spear-phishing, AI-generated loaders, and a new Python-based tool, BusySnake Stealer, to target organizations in Russia, Kazakhstan, and Brazil. Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects 14d ago Kaspersky Compromise Assessment specialists analyze trends from the service’s 2025 projects and provide tips on how to enhance your organization’s security. The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign 15d ago Kaspersky experts have uncovered a malicious network infrastructure for delivering AsyncRAT. The Trojan is dropped via compromised ScreenConnect software. In this post, we break down the infection chain and analyze the C2 infrastructure. OpenClaw: risks for the users and how to mitigate them 15d ago Researching OpenClaw vulnerabilities, malicious skills and other security issues with the popular agent, and providing tips on how to mitigate them. ToddyCat: your hidden email assistant. Part 2 16d ago An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications in Gmail. The attack targeted OAuth authorization tokens, allowing threat actors to gain access to Google services.
CD
Cyber Defense Magazine
7h ago · 10 items
MS
MSRC Security Update Guide
10h ago · 20 items
CVE-2026-59831 GitHub CLI `gh codespace jupyter` could allow remote code execution when connecting to a malicious Codespace 10h ago CVE-2026-58644 Microsoft SharePoint Remote Code Execution Vulnerability 1d ago CVE-2026-50341 Windows NTFS Information Disclosure Vulnerability 1d ago CVE-2026-50375 DirectX Graphics Kernel Elevation of Privilege Vulnerability 1d ago CVE-2026-56182 Windows NTFS Elevation of Privilege Vulnerability 1d ago CVE-2026-45637 Microsoft DWM Core Library Elevation of Privilege Vulnerability 1d ago CVE-2026-58253 NATS Server: Route API Auth Bypass 1d ago CVE-2026-58209 NATS Server: MQTT retained and QoS replay bypass subscribe deny filters 1d ago CVE-2026-58252 NATS Server: Subscribe Authz Bypass via Wildcard-Overlap 1d ago CVE-2026-58250 NATS Server: Pre-auth server crash via double INFO in leafnode handshake 1d ago
20 loaded
RF
Recorded Future
19h ago · 20 items
AI Has Enhanced Iran’s Asymmetric Playbook During the 2026 Conflict 19h ago The Shift: A New Era of AI Regulation 1d ago The FBI Warned About Fake Permit Fees. The Harder Question Is Where the Money Goes. | Recorded Future 2d ago June 2026 CVE Landscape 6d ago RiskX interview video featuring Colin Mahony and Mastercard's Aditi Sawhney 7d ago The Threat Isn’t the Frontier Model 8d ago Iran-Nexus TAG-182 Disseminates MarkiRAT Surveillance Tool 15d ago Where Expertise Meets Algorithm: The Insikt Group® Intelligence Edge 21d ago Discover how Recorded Future’s Insikt Group combines human expertise with automated analysis to turn raw data into actionable, industry-leading threat intelligence. Evaluating Mexico’s New Cybersecurity Plan 21d ago Explore an analysis of Mexico’s 2025–2030 National Cybersecurity Plan. Discover how Mexico is addressing critical threats like ransomware, organized crime, and AI-driven attacks while preparing its digital infrastructure for the 2026 FIFA W... FortiBleed Campaign Exposing Credentials for 73,932 FortiGate Systems 22d ago A dataset containing valid administrative and VPN credentials for tens of thousands of Fortinet FortiGate firewalls, Recorded Future recommends organizations patch their systems immediately.
20 loaded
CS
Cisco Security Advisory
21h ago · 20 items
Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator Authenticated Privilege Escalation Vulnerability 21h ago A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local ... Cisco Advance Notification for Publication of July 15, 2026, Security Advisories 1d ago On July 15, 2026, the Cisco Product Security Incident Response Team (PSIRT) will publish advisories to disclose security vulnerability information along with fixed software releases for the following Cisco products: Identity Services Engine... Cisco RoomOS Security Hardening Release: July 2026 1d ago As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses m... Cisco Identity Services Engine Path Traversal Vulnerability 1d ago A vulnerability in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system to either read or ... Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities 9d ago Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow a remote attacker to achieve remote code execution or conduct information disclosure attacks on an affected devi... Cisco Catalyst Center Arbitrary File Read Vulnerability 10d ago A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exp... ClamAV Vulnerabilities Affecting Cisco Products: July 2026 13d ago Multiple vulnerabilities in ClamAV could allow a remote attacker to cause a denial of service (DoS) condition, interrupting scanning operations. For more information about these vulnerabilities, see the Details section of this advisory. For... Cisco Advance Notification for Publication of July 1, 2026, Security Advisories 15d ago On July 1, 2026, the Cisco Product Security Incident Response Team (PSIRT) will publish advisories to disclose security vulnerability information along with fixed software releases for the following Cisco products: Catalyst Center Secure En... Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability 15d ago A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery... Cisco Finesse Remote File Inclusion Vulnerability 21d ago A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability ...
20 loaded
SL
Security Latest
22h ago · 20 items
Here’s the Truth About Whether Meta’s NameTag Face Recognition Tech ‘Exists’ 22h ago A Leak of San Francisco Police Drone Footage Exposes the New Reality of Urban Surveillance 3d ago AI Found a Root Bug in Linux That Everyone Missed for 15 Years 5d ago A Majority of European Lawmakers Voted Against Letting Big Tech Read Our Messages. They’re Going to Anyway 7d ago Madison Square Garden Kept a List of Gay Celebrities 7d ago OnlyFans Models Are Accidentally Making Hacked Government Websites Disappear 8d ago What Happens if China Hacks the US Water Supply? I Went to a Secret War Game to Find Out 8d ago ICE’s Internal Watchdog Is Now Investigating Online Critics 10d ago Security Roundup: Apple’s Hide My Email Service Fails to Hide Your Email 12d ago EU Politicians Investigated Pegasus Spyware. Then It Ended Up on One of Their Phones 13d ago
20 loaded
SA
Security - Ars Technica
23h ago · 20 items
Windows 0-day drops the same day Microsoft releases record number of patches 23h ago Microsoft’s Secure Boot has been broken for a decade and no one noticed until now 1d ago The US government warns that Russia state hackers are coming after your router 2d ago Now, defenders are embracing the prompt injection, too 3d ago Patch for Windows Defender 0-day could allow attackers to fill hard disk 6d ago Google pays $250K for Linux vulnerability allowing guest VM escapes 8d ago Hackers can use 9 of the most popular AI tools to assemble massive botnets 8d ago Newly discovered PamStealer isn't your typical macOS malware 13d ago NASA inspector general suggests Boeing's Starliner will now be a decade late 15d ago New attack provides one more reason why AI browsers are a bad idea 15d ago
20 loaded
BH
Black Hat
1d ago · 15 items
15 loaded
HA
Hak5
1d ago · 15 items
15 loaded
PF
KO
Krebs on Security
1d ago · 10 items
Microsoft Patches a Record 570 Security Flaws 1d ago Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesd... Lessons Learned from CISA’s Recent GitHub Leak 3d ago The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a data leak in which a contractor published dozens of internal CISA credentials -- including AWS Govcloud keys -- in a public GitHub repository for almos... Felons, Fraudsters Flog Offensive Cybersecurity Startup 8d ago A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intellige... FBI Seizes NetNut Proxy Platform, Popa Botnet 13d ago The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technolo... Scattered Spider Hackers Plead Guilty on Day 1 of Trial 23d ago Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The ... ‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm 28d ago For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers ... Who Runs the Ransomware Group ‘The Gentlemen?’ 36d ago A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of... A Record-Breaking Patch Tuesday for June 2026 36d ago Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bug... Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts 45d ago The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how ... Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks 52d ago Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the Euro...
DB
David Bombal
2d ago · 15 items
15 loaded
BF
Blog – Forter
2d ago · 10 items
WE
WeLiveSecurity
2d ago · 20 items
20 loaded
NA
NahamSec
3d ago · 15 items
15 loaded
Scanning malicious websites with arbitrary number of VPN tunnels (Part 2) 5d ago Can AI-generated adversaries break TTP-based attribution? (arXiv 2026) 6d ago Towards CSI: What's the best harness? (arXiv 2026) 6d ago Suspected Russian Threat Actor Impersonates Legitimate Crypto Wallets to Deploy Remote Utilities 7d ago 1 in 2 devices sold in Africa exfiltrate data to China 8d ago Inside an AI coal mine security camera network powered by plaintext passwords 8d ago Drift Corpus: binary diffs of 240+ 2026 Windows kernel patches 8d ago Bad Epoll: The bug missed by Mythos 8d ago GitLost: a public GitHub issue can steer an org's Agentic Workflow into leaking private repo contents, and a one-word prefix ("Additionally") bypassed the threat-detection guardrail 9d ago New OST2 class: "Architecture 1901: From zero to QEMU - A Gentle introduction to emulators from the ground up!" 10d ago
281 loaded
IP
IppSec
5d ago · 15 items
15 loaded
TC
The Cyber Mentors
6d ago · 15 items
15 loaded
HS
Heimdal Security Blog
6d ago · 15 items
Top 6 Managed Detection and Response Providers 6d ago There are several major managed detection and response (MDR) companies to choose from. We’ve compared the main offerings of the best MDR providers to help you decide which is right for your organisation. Maybe it was a near miss, or a secur... Cyber-Aware Customers Are Raising the Bar for MSPs and Other Vendors 8d ago Your client is no longer just buying your security advice. They’re auditing whether you live by it. That was a clear message from my exclusive interview with Heather MacDonald Alford, an MSP finance specialist and owner of Counting Creators... How to scale your patches without scaling your team (the patch wave) 13d ago Most breaches don’t start with a vulnerability nobody knew about. They start with one nobody patched in time. Vulnerability exploitation is now the single biggest way attackers get into a network. It has overtaken stolen credentials for the... AI didn’t break patching. It showed us patching was already broken. 13d ago Claude Mythos, an AI model from Anthropic, has found 23,019 software vulnerabilities in the past month. Fewer than 1% of them have been patched. That gap is the story. Finding a vulnerability used to be the hard part, the thing that limited... Heimdal Launches MSP Onboarding Wizard to Help Partners Onboard Microsoft CSP Customers in 2 Minutes 15d ago New feature reduces manual setup, speeds up customer activation, and helps MSPs scale Microsoft CSP estates with less operational work. How Dynamic Defense shuts an attacker out without shutting down the business 20d ago AI has handed hackers a resource advantage. Winning it back means spending your own resources far more precisely, and that’s the strategy we call Dynamic Defense. The principle is simple. Contain the threat just enough, for just long enough... Static security has run out of road. The case for Dynamic Defense 20d ago AI has flipped the economics of cybersecurity in the attacker’s favor. For most of the last decade, defenders held the cost advantage, buying down their risk with a stack of largely static controls. That advantage is gone, and winning it ba... Breaking the MSP Echo Chamber: The Power of Community 22d ago MSPs spend too much time talking to other MSPs and not enough time talking to the people they’re supposed to serve. That’s Paul Croker’s view of some of the channel’s biggest growth problems. While most industry events bring technology prof... How attackers built a RAT on a Windows machine using its own .NET compiler 24d ago In May 2026 an attacker compromised a UK medical practice endpoint without delivering a single malicious file. They used PowerShell and the .NET compiler built into Windows to build a Remcos remote access trojan on the machine itself, so si... Attacker enables RDP, creates admin, erases evidence in ten seconds 24d ago At 06:34am on 2 June 2026, an attacker logged on to a customer’s network. In a single automated burst, they switched on remote desktop and created a rogue administrator account. And deleted the evidence behind them. The intrusion reached 34...
15 loaded
CY
CyberScoop
6d ago · 130 items
Former DigitalMint ransomware negotiator who duped clients sentenced to 70 months in jail 6d ago Interpol cybercrime crackdown nets 5,800 arrests across 97 countries 7d ago 764 splinter group leader sentenced to 40 years in jail 7d ago French nonprofit starts global intelligence and research hub for AI cyber threats 8d ago Found fast, fixed slow: The gap the AI clearinghouse must close 8d ago Spain arrests suspected hacker linked to Russian hacktivist campaign 8d ago Deepfake CSAM lawsuit against xAI, Grok expands 8d ago Suspected Chinese espionage group used a Roundcube exploit chain to burrow into universities 9d ago Proofpoint researchers said attackers targeted physics and engineering departments, and warn that the campaign is likely ongoing. US Army websites defaced with pro-Kurdish sentiments, insults to Trump 10d ago Sysdig clocks first documented case of agentic ransomware 10d ago
130 loaded
NE
NetworkChuck
6d ago · 15 items
15 loaded
TL
The Last Watchdog
14d ago · 29 items
News alert: Link11 launches faster DDoS mitigation to counter AI-driven, adaptive network attacks 14d ago FRANKFURT, July 1, 2026, CyberNewswire – Link11, a leading European provider of cloud-based cybersecurity solutions, today announced the launch of its completely rebuilt Layer 3/4 DDoS mitigation solution, designed to address the growing ... News alert: Reflectiz partners with Taboola to host webinar on AI-driven marketing security risks 16d ago BOSTON, June 30, 2026, CyberNewswire – Reflectiz, the web exposure management platform, today announced a live webinar with Taboola, "Securing Third-Party Marketing in the AI Era," taking place July 8 at 9 AM EDT / 3 PM CEST. Every market... News alert: OpenMatter launches platform to verify AI activity across enterprise systems 16d ago MELBOURNE, Fla., June 30, 2026, CyberNewswire – OpenMatter Network today announced the launch of its cryptographically verifiable platform for secure collaboration and AI governance, built on a simple premise: Don't Trust Data. Prove It. ... News alert: SpyCloud report finds phishing surge exposing employee data at Fortune 100 companies 29d ago AUSTIN, Tex., June 17, 2026, CyberNewswireŌĆōSpyCloud, the leader in identity threat protection, today released its 2026 Phishing Pulse Report, revealing that phishing attacks continue to increase in both volume and sophistication for enter... News alert: Heimdal study finds executives are more confident than frontline IT teams on AI risk 29d ago LONDON, June 17, 2026, CyberNewswire–Heimdal today published The State of AI Risk Management in 2026, a survey of 1,000 IT professionals across the United Kingdom and the United States. The report's headline finding is a divide inside the... News alert: Aembit secures Copilot Studio agents with identity-based access controls and audit trails 29d ago LAS VEGAS, June 16, 2026, CyberNewswire–Aembit on Tuesday announced support for Copilot Studio, extending its identity and access management capabilities to Microsoft's enterprise AI agent platform. The integration, unveiled at Identivers... News alert: GitGuardian adds endpoint protection as developer laptops become credential troves 29d ago NEW YORK, June 16, 2026, CyberNewswire–GitGuardian announced today that it is introducing Developer Endpoint Protection, extending its secrets and non-human identity (NHI) security platform coverage to developer workstations. After 12 mon... News alert: Varist announces AI-scale malware detection for healthcare and medical imaging 30d ago REYKJAVIK, Iceland, June 16, 2026 — Varist today introduced its DICOM Detection Engine™, a specialized system designed to safeguard electronic health records (EHR) and picture archiving and communication systems (PACS) from all known ma... News alert: Cloud security report finds fragmented tools widening the cloud complexity gap 36d ago News alert: Halo Security recognized for helping MSPs manage customers’ external attack surfaces 43d ago
29 loaded
PN
Proofpoint News Feed
15d ago · 10 items
New Cargo Theft Surge: From Lobster Heists To Bourbon Warehouse Scams 15d ago Cargo theft is evolving with cybercrime. Learn how organized crime is hijacking shipments—from a $400,000 lobster theft to a $500,000 bourbon heist—and what needs to be done. Defending the Authentication Flow: Device Code Phishing with Selena Larson 16d ago Host Caleb Tolin sits down with Selena Larson, Staff Threat Researcher and Lead, Intelligence Analysis and Strategy at Proofpoint and Host of the DISCARDED podcast, to discuss the mechanics of device code phishing and the widespread abuse o... Proofpoint Joins the OpenAI Daybreak Cyber Partner Program to Advance Responsible AI-Powered Cyber Defense 24d ago Proofpoint has been selected to participate in OpenAI Daybreak, which helps trusted cybersecurity companies integrate AI into defensive security operations. Through the OpenAI Daybreak Cyber OpenAI Lets Cyber Vendors Embed GPT-5.5 in Defenses 24d ago Suspected North Korean actors use fake ‘coding assignments’ to steal crypto 37d ago China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa 42d ago Proofpoint Introduces Active Exploits Protection to Help Organizations Prioritize Vulnerability Patching for Real-World Attacks in the AI Era 50d ago New solution reduces exposure to actively exploited vulnerabilities in minutes by turning intelligence into immediate protection across primary attack paths Disrupts AI-powered exploit- Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks 55d ago Proofpoint Integrates with the Claude Compliance API to Extend Data Security and Governance to Claude 56d ago New product integrations bring data protection, insider risk detection, and governance into Claude Enterprise and Claude Platform activity Organizations gain unified visibility across Proofpoint Launches Dedicated MSP Business Unit and Introduces 365 Total Protection for North America 64d ago New MSP Platform business unit, AI-powered all-in-one Microsoft 365 protection, and Marketplace partnership with Pax8 strengthen Proofpoint’s commitment to channel and small and mid-size
TONResolver RAT Abuses TON Blockchain to Target Japan's Hotel Industry 17d ago From Langflow to Monero: Inside CVE-2026-33017 Cryptominer 23d ago PeopleSoft PeopleTools Pre-Authentication RCE: A PSIGW SSRF Chain That Executes Inside the JVM 28d ago Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign 29d ago Governing Claude Enterprise in Environments Where Inline Controls Can't Go 34d ago GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026 36d ago Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open 38d ago Pwn2Own Berlin 2026: On the Ground With TrendAI™ ZDI's Biggest AI Showdown Yet 45d ago Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet 51d ago Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware 55d ago
20 loaded
DA
darkreading
20d ago · 104 items
Name That Toon Contest 20d ago Europe Evolves Into Ransomware's Favorite Region 21d ago Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure 21d ago 2026 FIFA World Cup Faces Surge in Cyber Threats 21d ago Do CISOs Need a Code of Ethics? 22d ago More Malicious OpenClaw Skills Threaten AI Supply Chain 22d ago Apple's MacOS Gap Lets Users Disable Security Tools 22d ago Scope of Salesforce Attacks Expands as Icarus Leaks Data 22d ago 'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows 22d ago SocGholish Takedown Highlights Malicious TDS Threats 23d ago
104 loaded
M3
Microsoft 365 Blog
21d ago · 10 items
Copilot in Excel: Built for the era of Frontier Finance 21d ago - Discover how Copilot in Excel transforms finance workflows with skills, data connectors, and capabilities for traceability. Copilot Cowork is now generally available 30d ago Copilot Cowork is now generally available worldwide, bringing secure, AI-powered automation for complex enterprise tasks in Microsoft 365. Introducing Microsoft Scout: Your always-on personal agent 44d ago Microsoft introduces a new, always-on personal agent, Microsoft Scout, integrated across the Microsoft 365 apps you use every day. Announcing the new Work IQ APIs 44d ago Build enterprise agents with Work IQ APIs for Microsoft 365—bringing business context, tools, and secure, scalable intelligence into every workflow. Introducing Microsoft 365 Business with Copilot: The new standard for small business 49d ago Meet Microsoft 365 Business with Copilot—the AI-powered solution transforming how small businesses work, collaborate, and compete. Introducing a new design for Microsoft 365 Copilot 49d ago Copilot’s redesigned experience delivers faster performance, adaptive tools, and clearer AI-powered workflows to help you easily move from intention to outcome. New and improved: Computer-using agents, a new workflows experience, and real-time voice experiences 51d ago Explore what's new in Copilot Studio, May 2026: computer-using agents are now available, plus redesigned workflows and Work IQ extensibility. New and improved: Agent governance, intelligent workflows, and connected app experiences 66d ago See what's new in Copilot Studio, April 2026: updates to workflows, more control over agent operations, and an expanded agent usage estimator. Copilot Cowork: From conversation to action across skills, integrations, and devices 72d ago Today, we’re announcing additional capabilities in Cowork to expand on what it can make possible for you. Microsoft 365 Copilot, human agency, and the opportunity for every organization 72d ago Empower your organization with Microsoft 365 Copilot—AI that bridges human potential and business outcomes for the future of work.
AL
Alerts
28d ago · 44 items
CISA Adds One Known Exploited Vulnerability to Catalog 28d ago CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure 28d ago CISA Adds One Known Exploited Vulnerability to Catalog 30d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 31d ago CISA Adds One Known Exploited Vulnerability to Catalog 34d ago CISA Adds One Known Exploited Vulnerability to Catalog 35d ago CISA Adds Three Known Exploited Vulnerabilities to Catalog 37d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 38d ago CISA Adds One Known Exploited Vulnerability to Catalog 41d ago CISA Adds One Known Exploited Vulnerability to Catalog 43d ago CISA has added one new vulnerability to its KEV Catalog, based on evidence of active exploitation.
44 loaded
AC
All CISA Advisories
28d ago · 125 items
Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT 28d ago CISA Adds One Known Exploited Vulnerability to Catalog 28d ago Schneider Electric EasyLogic T150 and Saitel DP 28d ago AVer PTC cameras 28d ago Rockwell Automation FactoryTalk Historian Site Edition 28d ago AzeoTech DAQFactory 28d ago Schneider Electric Easergy, EcoStruxture, PowerLogic, and Saitel Products 28d ago Mitsubishi Electric MELSEC iQ-F Series 28d ago Mitsubishi Electric Co.'s MELSEC iQ-F Series FX5-ENET/IP Ethernet Module 28d ago CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure 28d ago
125 loaded
CY
cybersecurity
35d ago · 1867 items
Any solutions we can use? 35d ago Possible targeted attack 35d ago RoguePlanet: Windows Zero-Day That Weaponizes Defender's Own Quarantine Pipeline 35d ago Facebook messenger to text 35d ago Managing Solution Agents 35d ago Nottingham University data breach affects over 450,000 students 35d ago SWGs that support 3rd party external DNS resolver 35d ago Sub:jugation - Hijacking Cloud Identities by Recycling Namespaces in Global OIDC Issuers 35d ago Chrome extensions with 10M+ installations are actively vulnerable to UXSS & UXSG 35d ago Cybersecurity researchers aren't happy about the guardrails on Anthropic's Fable | TechCrunch 35d ago
1867 loaded
HS
hacking: security in practice
35d ago · 241 items
DIY pwnagotchi-like device on esp32 35d ago Flipper Blackhat + Bjorn 35d ago Do you think AI is making hacking easier or harder 35d ago What can i do left? PSN 35d ago Proxmark5 campaign ending in less than 18 hours. 35d ago How to bypass speed queen coin slot for washer and dryer 35d ago Self-hosting stuff for when things get ugly 35d ago Malware Includes Taboo In Text To Prevent LLM Analysis 36d ago added Mac support for my corporate hacking game, demo on Steam 36d ago Catfished 36d ago
241 loaded
RE
Reverse Engineering
35d ago · 181 items
Reverse engineered BLE protocol of a $7 generic Chinese smart ring from Temu, and built an iOS app around it 35d ago [Reverse-Engineering] Skeet CS:GO source code (Gamesense) 35d ago [Reverse-Engineering] Skeet CS:GO source code (Gamesense) 35d ago Giulio Zausa's MMO-CHIP Makes Reverse Engineering Old Silicon Chips a Multiplayer Game 35d ago I built 99 adversarially malformed PE files to test tool robustness - here’s what happened 35d ago Drive Firmware Security - Phison S11 35d ago IDA 9.4 Beta | Hex-Rays Docs 36d ago Trane Tracer HVAC cybersecurity issues 36d ago 🚀 Release PyMemoryEditor v2.0 — read, write and scan the memory of any running process, in pure Python (Windows, Linux & macOS) 36d ago I reverse engineered Lofree Hypace mouse firmware flashing protocol to bypass their official web based configuration on MacOS. 37d ago
181 loaded
US charges suspected Russian hacker with facilitating cyber campaign 35d ago Hawkish GOP lawmaker Don Bacon says he was hacked by Russia 35d ago Oops, I Weaponized the Database: Abusing AI Features in SQL Server 2025 35d ago GreatXML: GreatXML bitlocker bypass vulnerability 35d ago GreatXML a bitlocker that seems to only work if you ever had Defender Offline Scan 35d ago I found 23 Chrome extensions hijacking 758,000 users' searches for affiliate revenue 35d ago [Op Report] From SSA Phish to AdaptixC2: A Multi-RAT Intrusion 35d ago GhostTrace – CLI forensic scanner for Windows: 22 modules, MITRE ATT&CK mapped, read-only by default 35d ago Miasma-style supply chain attacks 35d ago On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet 36d ago
603 loaded
MA
Malware Analysis & Reports
35d ago · 115 items
I built 99 adversarially malformed PE files to test tool robustness - here’s what happened 35d ago ClickFix attack in the wild — fake Cloudflare CAPTCHA delivering obfuscated PowerShell dropper 36d ago WordPress malware in official WooCommerce theme (Kiosko): hidden admin users and corrupted sitemap 36d ago Inside the DPRK-Linked Backdoor Loitering in the VS Code Marketplace 36d ago Fake Interview deploys stealthy cross platform (macOS/Windows) through npm package install in take home assessment 38d ago 73 Microsoft GitHub repositories impacted by Miasma malware 38d ago Unauthorized Onlyfans Payment 38d ago Building A Malware Lab From Scratch Part 2! 40d ago Detecting npm Native Addon Malware: node-gyp Abuse 40d ago Microsoft Warns of GPU Cryptojacking Campaign Spread Through AI Chatbot Links 41d ago
115 loaded
WE
WeLiveSecurity
35d ago · 36 items
OceanLotus: From external espionage to domestic targeting 35d ago Unpacking SMB cyber-readiness – and what makes or breaks it 36d ago Cybercriminals: the 'auditors' you never hired 37d ago Lessons for life: Why children’s data is a long-term identity risk 43d ago This month in security with Tony Anscombe – May 2026 edition 48d ago ESET APT Activity Report Q4 2025–Q1 2026 49d ago What to consider before asking an AI chatbot for health advice 50d ago BTMOB: A stealthy RAT burrowing deep into Android devices 51d ago Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise 55d ago Webworm: New burrowing techniques 57d ago
36 loaded
SK
STÖK
53d ago · 15 items
15 loaded
DE
DEFCONConference
78d ago · 15 items
15 loaded
13 loaded
AI in Tax Season: Risks, Scams, and How to Protect Your Data 133d ago Tax Season Scams to Watch For This Year 140d ago Beware of Misleading Tax Advice on Social Media 308d ago Each year the IRS educates taxpayers on the most trending fraud schemes that could deceive individuals and businesses during tax season. In late 2024, The IRS took to warning the public against misleading “tips” or... Scammers Up Their Game With AI 310d ago Learn how to spot the threats and protect yourself from scammers using AI for phishing and deepfakes with smart security practices. The Essential Guide to Safeguarding Your Online Passwords 387d ago Protect your personal and business data with strong passwords, two-factor authentication, and smart cybersecurity practices. Beware: Tax Season is Scam Season 498d ago Tax season is also prime time for tax scams. To safeguard your personal information, consider these key points: Communication methods The IRS initiates contact primarily through mail, not email or phone calls. Be cautious of... Stop Scams: Fraud Prevention Starts with Your Employees 511d ago You can be as proactive and protective as possible when it comes to cyber security for your business, but there’s one vulnerability you cannot eliminate: human error. In fact, statistics estimate that as much as... ‘Tis the Season for Holiday Shopping Scams 584d ago The holidays are typically the time of year for gifting presents to friends and family or donations to charity. Unfortunately, not-so-jolly fraudsters take advantage of this generosity. Protect yourself by watching for these common scams:..... IRS Issues “Dirty Dozen” Fraud Warnings 769d ago Each year, the IRS releases a “Dirty Dozen” series to highlight the most common fraud schemes taxpayers should be aware of. IRS Identity Theft Season Begins Now 898d ago Each year thieves try to steal billions in federal withholdings by stealing your identity. As the IRS focuses more attention on this quickly growing problem, now is the time of year to be extra vigilant....
LI
LiveOverflow
134d ago · 15 items
15 loaded
HA
HackerSploit
463d ago · 15 items
15 loaded
TH
Threatpost
1415d ago · 10 items
Student Loan Breach Exposes 2.5M Records 1415d ago 2.5 million people were affected, in a breach that could spell more trouble down the line. Watering Hole Attacks Push ScanBox Keylogger 1416d ago Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms 1417d ago Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. Ransomware Attacks are on the Rise 1420d ago Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. Cybercriminals Are Selling Access to Chinese Surveillance Cameras 1421d ago Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. Twitter Whistleblower Complaint: The TL;DR Version 1422d ago Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. Firewall Bug Under Active Attack Triggers CISA Warning 1423d ago CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP. Fake Reservation Links Prey on Weary Travelers 1424d ago Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. iPhone Users Urged to Update to Patch 2 Zero-Days 1427d ago Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. Google Patches Chrome’s Fifth Zero-Day of the Year 1428d ago An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

No matching sources found.