Cybersecurity News

The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions....

The international operation targeted a service known as First VPN, which had been marketed for years on Russian-speaking cybercrime forums as a secure way for criminals to evade la...

In a lengthy joint statement, Moscow and Beijing pledged closer cooperation on satellite internet technologies and joint work on software development and open-source initiatives — ...

Ukrainian cyberpolice, working in coordination with U.S. law enforcement, have identified an 18-year-old male from Odesa suspected of orchestrating an infostealer malware operation...

Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks. [...]...

There is nothing cybersecurity professionals are more excited about, and nothing they fear more, than AI....

Open source software giant GitHub confirmed a data breach this week involving the theft of thousands of repos. One threat actor — TeamPCP — took credit....

The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions....

Government leaders revealed that, in spite of state laws meant to improve cyber hygiene, an analysis of incidents showed issues persist and visibility falls short....

Microsoft has unveiled two new open-source security tools—RAMPART and Clarity—to help developers identify and mitigate vulnerabilities in AI agents during the development lifecycle...

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ...

Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph...

New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, "identity dark matter...

The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. [...]...

Identity checks alone can't stop attackers using stolen session tokens and compromised devices. Specops Software outlines why Zero Trust strategies increasingly depend on continuou...

Drupal has announced a "core security release" scheduled for later today, warning that threat actors might develop exploits within hours of the update disclosure. [...]...

An unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment....

...

Five ways CISOs can prepare for consuming AI Bill of Materials and influence the direction of how they're generated....

The new Series A funding round brings the total raised by Quantum Bridge to $16 million.  The post Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution appea...

The exploitation is mitigated by preventing the FsTx Auto Recovery Utility from starting when the WinRE image launches. The post Microsoft Rolls Out Mitigations for ‘YellowKe...

Digital.ai’s latest threat report warns that agentic AI has erased the distinction between emerging and primary targets, enabling attackers to strike mobile apps within hours of re...

1Password says AI coding agents should never hold persistent secrets, introducing a just-in-time credential model for OpenAI Codex designed to keep credentials out of prompts, code...

The researcher who found it says the vulnerability could have been chained with a prompt injection to exfiltrate data. The post Anthropic Silently Patches Claude Code Sandbox Bypas...

The law mandates that platforms make it easy for people to ask that nonconsensual intimate images be removed and to delete them within 48 hours of a request....

The investigation began after U.S. authorities informed their Ukrainian counterparts that hackers operating from Ukraine could be involved in attacks targeting users of American e-...

The move comes as other major social media platforms are killing end-to-end encryption for messaging. In recent months, Instagram and TikTok both announced they will no longer offe...

The breach notification letters say 7-Eleven discovered the breach on April 8 and, after an investigation, determined that the cybercriminals gained access to “certain 7-Eleven sys...

In most complaints, victims said they were given detailed information by fraudsters on how to take money from their bank account, where to find a cryptocurrency kiosk and how to se...

GitHub has confirmed a significant security incident in which threat actor TeamPCP exfiltrated approximately 3,800 internal repositories after compromising an employee's device thr...