Cybersecurity News
Latest updates from top security sources
Uber has appointed Philip Martin as its new Chief Information Security Officer (CISO), tapping a seasoned security leader with deep experience in incident response, threat intellig...
This week's threat landscape blended privacy innovation with two decades of dormant risk. Cloudflare announced a partnership with Google Chrome, Microsoft Edge, and Mozilla Firefox...
Cybersecurity researchers at Novee Security have identified a critical class of CI/CD workflow misconfiguration dubbed "Cordyceps" that exposes more than 300 high-impact GitHub rep...
The U.S. Department of Justice announced on Tuesday the seizure of a cloud computing account operated by subsidiaries of Cambodia-based conglomerate HuiOne Group, a network accused...
Cybersecurity researchers at Zafran Security have disclosed four vulnerabilities in Dify, the open-source agentic workflow platform boasting more than 146,000 GitHub stars, that co...
The enterprise AI risk landscape has fundamentally shifted. Security teams initially focused on employees pasting sensitive data into public AI tools, responding with usage policie...
F5 has released emergency security updates to address two critical vulnerabilities in NGINX Open Source, both carrying a CVSS v4 score of 9.2, that could allow remote unauthenticat...
When an autonomous AI agent interacts with a company's core intellectual property, most security teams cannot instantly name the person who authorized it. The rush to deploy intern...
A cluster of 23 deceptive Chrome browser extensions has been uncovered routing user searches through monetization middleware before delivering results, exposing roughly 758,000 aff...
F5 has issued out-of-band security updates to remediate two critical-severity vulnerabilities in its NGINX web server software that could allow unauthenticated remote attackers to ...
A critical vulnerability in Google Cloud's Vertex AI SDK for Python allowed attackers to hijack machine learning model uploads and execute arbitrary code inside Google's serving in...
A China-linked espionage group tracked as UNC6508 maintained undetected access to North American medical, academic, and military research networks for over a year, quietly siphonin...
Fortinet, Ivanti, and SAP have rolled out urgent security updates addressing multiple critical vulnerabilities that could enable arbitrary code execution, authentication bypass, an...
A clean penetration test report may look reassuring, but security leaders should read it as a warning sign, not a victory lap. According to Autumn Stambaugh and Can Yüceel of Picus...
Cybersecurity researchers at Cyera have disclosed six vulnerabilities in protobuf.js, a widely used JavaScript and TypeScript implementation of Google's Protocol Buffers serializat...
Veeam has shipped an emergency patch for a critical remote code execution vulnerability in its widely deployed Backup & Replication platform. Tracked as CVE-2026-44963, the flaw ca...
ServiceNow disclosed a security incident on June 9, 2026, revealing that attackers exploited an unauthenticated access flaw in a REST API endpoint to query data from hosted custome...
The threat actor tracked as PCPJack has compromised at least 230 cloud servers across Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure, converting them into a ...
Redis has patched a use-after-free vulnerability in its blocking-client code that allows an authenticated user to execute arbitrary OS commands on the host running the database. Tr...
Enterprise identity and access management is approaching a structural breaking point. As organizations scale, identity data fragments across thousands of applications, decentralize...
Cybersecurity researchers at Calif have disclosed a new remote denial-of-service vulnerability dubbed "HTTP/2 Bomb" that affects five major web server platforms: NGINX, Apache HTTP...
Microsoft announced at its Build 2026 developer conference the release of Coreutils for Windows, a package that delivers common Linux command-line utilities as native Windows appli...
Microsoft is actively investigating a widespread service disruption affecting the mail flow pipeline for Exchange Online customers in North America and Germany. The incident, track...
The managed service provider (MSP) cybersecurity landscape is undergoing a significant transformation as traditional vCISO platforms fail to meet the demands of modern security pra...
Sysdig researchers have documented a sophisticated cyberattack where threat actors deployed a large language model (LLM) agent to automate post-exploitation activities following th...
The FBI has issued a critical advisory regarding Kali365, a Telegram-based Phishing-as-a-Service (PhaaS) platform that enables cybercriminals to compromise Microsoft 365 accounts b...
A threat actor recently obtained an AWS access key cached on a developer's workstation through standard browser behavior—no misconfiguration or policy violation required. This sing...
Organizations are dramatically increasing investments in AI agent identity management as enterprise deployments accelerate, according to new research from Omdia. The study reveals ...
GitHub has confirmed a significant security incident in which threat actor TeamPCP exfiltrated approximately 3,800 internal repositories after compromising an employee's device thr...
Security researcher Justin O'Leary has disclosed a critical vulnerability in Microsoft Azure Backup for Azure Kubernetes Service (AKS) that allowed privilege escalation from a low-...
Braintrust, an AI infrastructure provider, disclosed on March 5 2026 that an unauthorized party had gained access to one of its Amazon Web Services (AWS) accounts. The intrusion, d...
Security researchers have identified a new self‑propagating threat, named PCPJack, that behaves like a worm while simultaneously purging systems infected by the earlier TeamPCP mal...
NVIDIA has officially confirmed a data breach impacting its GeForce NOW service, exposing personal information for a subset of users in Armenia. The disclosure, made in a statement...
Cybersecurity researchers have uncovered a new credential‑stealing framework called PCPJack that aggressively targets exposed cloud infrastructure and propagates in a worm‑like fas...
Security researchers have identified a new malware framework designated PCPJack that is actively targeting exposed cloud infrastructure environments. The threat operates as a crede...
Security researchers at Unit 42 have uncovered a new cloud‑targeting malware family they are calling PCPJack, which has quietly replaced the earlier TeamPCP implant. PCPJack distin...
In the past twelve months, enterprises have rushed to embed AI‑powered writing assistants, workflow automations and productivity plugins into their Google Workspace and Microsoft 3...
Kaspersky researchers identified a surge in phishing campaigns leveraging Amazon Simple Email Service (SES). Attackers abuse the trusted infrastructure by sending emails via verifi...
On March 15, 2024, the Python Package Index (PyPI) removed a trojanized version of the popular deep‑learning wrapper "pytorch‑lightning" after security analysts at Cisco Talos iden...
Amazon Simple Email Service (SES), the cloud‑based email sending platform offered by Amazon Web Services, is increasingly being weaponized by threat actors to distribute phishing e...
Kaseya announced a live webinar titled “Why MSPs must rethink security and backup strategies” scheduled for June 15, 2026 at 2:00 PM ET. The session, hosted by Kaseya’s Product Mar...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-31431, a critical Linux kernel privilege escalation vulnerability, to its Known Exploited Vulner...
Security researchers have flagged a new iteration of the consent‑phishing tool known as ConsentFix, now labeled v3, which dramatically expands the scale and automation of attacks a...
Cybersecurity researchers have identified two distinct cybercrime groups orchestrating rapid, high‑impact extortion campaigns that operate almost entirely within Software‑as‑a‑Serv...
Managed security services are on a steep ascent, with the market expected to swell from $38.31 billion in 2025 to $69.16 billion by 2030, making cybersecurity the fastest‑growing s...
Security researchers at SentinelOne and WithSecure have uncovered a sophisticated Python-based backdoor named DEEP#DOOR that leverages legitimate tunneling services to establish co...
Oracle Red Bull Racing has launched a sweeping automation initiative aimed at embedding security directly into the team’s high‑velocity development pipelines. With the pit wall and...
Security teams across industries are increasingly discovering that traditional vulnerability management approaches fail to accurately represent organizational risk. Despite closing...
In the rush to hybrid cloud adoption, many organizations treat data movement as a simple connectivity chore. Open a ticket, spin up an SFTP gateway, push the data across, and consi...
Silverfort’s identity threat research team disclosed a critical misconfiguration in a Microsoft Entra ID administrative role designed for AI agents. The role, named “AI Service Adm...
Cybersecurity researchers have identified a sophisticated campaign conducted by the threat actor UNC6692, who is combining social engineering, custom malware, and cloud infrastruct...
Glasswing’s recent announcement that it has secured the core code of its platform is a welcome step toward reducing software vulnerabilities, but security experts warn that the bro...
Security researchers at Secureworks’ Counter Threat Unit (CTU) have uncovered a sophisticated espionage operation conducted by a Chinese state‑sponsored APT that targeted Mongolian...
In a live demonstration at the Dark Reading CyberStorm conference, researchers from Sentinel Labs unveiled 'Zealot', a proof‑of‑concept AI framework designed to autonomously compro...
Security researchers at SecureSphere Labs have uncovered a new file‑wiping worm they have named CanisterWorm, attributed to a financially motivated threat actor tracked under the a...
Google on Monday rebuffed recent reports—published by Ars Technica—that claimed a massive breach exposing all 2.5 billion Gmail accounts, asserting that its security controls are r...