Cybersecurity News

Gartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections....

Organizations are growing serious about what nation’s rules apply to their data. Experts point to geopolitical tensions as a main contributing factor....

Shyam Sankar, the chief technology officer at Palantir Technologies, has emerged as a lead contender for the long vacant Cybersecurity and Infrastructure Security Agency (CISA) dir...

Twitter, renamed X in 2023, filed a petition saying that the settlement terms are unfair because the order was issued against a company that “no longer exists,” the workers respons...

The groups have previously claimed responsibility for cyberattacks targeting critical infrastructure and government institutions in Russia and Belarus....

Cisco has released a patch for a server-side request forgery (SSRF) vulnerability in Unified Communications Manager (Unified CM) and its Session Management Edition that allows an u...

A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a singl...

Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic's C...

It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weir...

A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts ...

Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alt...

The United Nations' World Food Programme (WFP), the world's largest humanitarian organization, revealed over the weekend that its self-registration application (SRA) for Palestine ...

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. [...]...

Threat actors are actively teaching newcomers how to find, exploit, and profit from vulnerable systems. Flare explores what a popular underground hacking tutorial reveals about mod...

On Wednesday, Microsoft fixed an issue that caused some Windows devices to install driver updates without notice despite policies configured to prevent auto-updates. [...]...

French and Spanish authorities took down an online marketplace selling fake identity documents to migrant smuggling rings operating within the European Union. [...]...

As AI agents, machine identities, and third-party applications multiply across enterprises, Offroad is betting autonomous security agents can restore control over an increasingly u...

Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. The post Web...

Willow (formerly Webrix) emerged from stealth mode with an access platform designed to secure enterprise AI agents. The post Willow Raises $7 Million for Securing Autonomous AI Age...

Attackers could have triggered dangerous actions, including controlling smart home devices via Google Home and starting Zoom video calls. The post Gemini Voice Assistant Hijacked v...

A flaw in the Full Page Cache Warmer extension can be exploited without authentication via serialized PHP object payloads. The post Mirasvit Vulnerability Exploited to Execute Code...

The Trump administration had backed the FCC’s position and, apart from Justice Clarence Thomas, the high court agreed....

In a message sent to aid recipients via Telegram over the weekend, the World Food Programme (WFP) said that "unauthorized parties" had accessed data stored in its self-registration...

The security researcher, Ammar Askar, released the new proof-of-concept exploit on his personal blog — alongside the public tracker for issues in VS Code — giving a GitHub security...

The alert warned that Chinese intelligence officers are posing as recruiters and consultants for front companies based outside China in order to target Five Eyes government and mil...

Cybersecurity researchers at Check Point have uncovered a large-scale SEO poisoning operation that impersonates popular open-source and freeware projects to distribute malware thro...

Unknown attackers maintained undetected access to the Outlook mailbox of a senior executive at a major global stock exchange for at least five months, systematically exfiltrating c...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to...

The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabl...

Cisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. [...]...