Cybersecurity News

The White House's executive order establishes voluntary framework for early government access to frontier models while investing in federal security....

CVE Lite CLI is a free, open-source command line tool that scans your projects in seconds and tells you exactly which included packages contain a vulnerability. The post OWASP Incu...

Other noteworthy stories that might have slipped under the radar: Ultrahuman data leak, The Gentlemen ransomware analysis, Hola Browser bundles miner. The post In Other News: Anthr...

The package bundles two draft laws — a Chips Act 2.0 and a Cloud and AI Development Act (CADA) — alongside an Open Source Strategy and a roadmap for digitalizing the energy system....

Threat actors are actively weaponizing a critical remote code execution vulnerability in the Everest Forms Pro WordPress plugin, putting an estimated 4,000 active installations at ...

Cybersecurity researchers and the FBI are sounding the alarm on a massive wave of FIFA-themed fraud targeting World Cup 2026 fans, just days before the June 11 opening match. With ...

On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privil...

The ShinyHunters extortion group leaked roughly 234 GB of data allegedly stolen from the dental benefits administrator. The post Hackers Leak DentaQuest Information Impacting 2.6 M...

Over 100 bugs are critical or high-severity, mainly use-after-free and insufficient validation of untrusted input flaws. The post Chrome 149 Patches 429 Vulnerabilities appeared fi...

Experts commented on the EO’s voluntary nature, the balance between innovation and security, and potential implementation gaps. The post Industry Reactions to New Trump AI Cybersec...

Posing as recruiters on online platforms, Chinese intelligence officers target personnel with access to classified or privileged information. The post Five Eyes: Chinese Spies Targ...

The company detected a network intrusion in March and an investigation showed that some files were stolen during the attack. The post Nightclub Giant RCI Says Data Breach Affects 4...

The threat actor tracked as PCPJack has compromised at least 230 cloud servers across Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure, converting them into a ...

The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet. The post Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026...

Russian authorities have promoted Max as a domestic alternative to foreign messaging platforms such as Telegram and WhatsApp....

Brave Software has publicly launched Brave Origin, a $59.99 paid version of its privacy-focused browser that removes cryptocurrency wallets, AI integrations, rewards programs, and ...

The Windows version of Hola Browser was compromised in a supply chain attack that pushed an undeclared Monero cryptocurrency miner to a small fraction of users, according to Bleepi...

A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. [...]...

A data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts.  [...]...

Like Shai-Hulud, the campaign targets developers to steal credentials and reuses them to propagate across the software supply channel....

One of the world's most diverse, least-focused cybercrime groups is enlarging its footprint beyond East Asia....

Gartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections....

Organizations are growing serious about what nation’s rules apply to their data. Experts point to geopolitical tensions as a main contributing factor....

Shyam Sankar, the chief technology officer at Palantir Technologies, has emerged as a lead contender for the long vacant Cybersecurity and Infrastructure Security Agency (CISA) dir...

Twitter, renamed X in 2023, filed a petition saying that the settlement terms are unfair because the order was issued against a company that “no longer exists,” the workers respons...

The groups have previously claimed responsibility for cyberattacks targeting critical infrastructure and government institutions in Russia and Belarus....

Cisco has released a patch for a server-side request forgery (SSRF) vulnerability in Unified Communications Manager (Unified CM) and its Session Management Edition that allows an u...

A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a singl...

Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic's C...

It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weir...