Cybersecurity News

Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should...

Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login portals and leave an extortion message. [...]...

Resetting a password doesn't always remove attackers from Active Directory. Specops Software explains how cached credentials and Kerberos tickets can keep attackers authenticated a...

Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web administration tool was likely generated using AI. [...]...

This upcoming webinar explores how organizations need to combine security, backups, and recovery planning to reduce the impact of modern cyberattacks. [...]...

The privilege escalation vulnerability, which is similar to other Linux flaws like Copy Fail and Dirty Pipe, may already be under limited exploitation....

Cyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestrate complex attacks....

The campaign quietly compromises aerospace and drone operators to exfiltrate GIS files, terrain models, and GPS data and gain a clear picture of adversaries' world view....

Team8, Index Ventures, Picture Capital, Elad Gil, Cerca Partners, and Tesonet invested in Frame Security. The post Frame Security Emerges From Stealth With $50M for Awareness and T...

Rather than scanning code alone, Build Application Firewalls inspect runtime behavior inside the software build pipeline. The post Build Application Firewalls Aim to Stop the Next ...

The zero-day was designed to bypass 2FA and it was developed by a prominent cybercrime group. The post Google Detects First AI-Generated Zero-Day Exploit appeared first on Security...

The router deadline, originally slated for March 1, 2027, has been pushed back to at least January 1, 2029, according to the announcement from the FCC’s Office of Engineering and T...

The Information Commissioner's Office (ICO) fined South Staffordshire Water £963,900 ($1.3 million) on Monday over an attack by the Cl0p ransomware group that led to the personal d...

The issue was found in the same area of the Linux kernel that produced last month’s Copy Fail bug, and also allows anyone with a basic account on an affected computer to seize full...

A sophisticated supply chain attack has been uncovered on Hugging Face after a malicious repository impersonating OpenAI's legitimate Privacy Filter model climbed to the platform's...

The cybersecurity industry’s beloved “purple team” concept is broken by design. According to data from CISA KEV, VulnCheck KEV, and ExploitDB, the mean time from ...

A new variant of the TrickMo Android banking malware, delivered in campaigns targeting users across Europe, introduces new commands and uses The Open Network (TON) for stealthy com...

Using a vulnerability in the portal, hackers accessed names, addresses, email addresses, and phone numbers. The post Skoda Data Breach Hits Online Shop Customers appeared first on ...

The company topped revenue and earnings forecasts for the first quarter of 2026, but its shares plunged more than 20%. The post Cloudflare Lays Off 1,100 Employees in AI-Driven Res...

The incident occurred on April 20 and did not affect customer data in the company’s production and staging environments. The post SailPoint Discloses GitHub Repository Hack appeare...

A malicious version of the plugin was published to the Jenkins Marketplace late last week. The post Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack appeared first o...

Tens of thousands of students studying for final exams around the world have regained access to a key online learning system after a cyberattack had earlier knocked it offline. The...

Also called Copy Fail 2 and tracked as CVE-2026-43284 and CVE-2026-43500, the exploit was disclosed before a patch was released. The post New ‘Dirty Frag’ Linux Vulnera...

The second iteration of the German-speaking online crime marketplace had over 22,000 users and more than 100 sellers. The post Resurrected ‘Crimenetwork’ Marketplace Ta...

A sophisticated phishing operation dubbed "Operation HookedWing" has been systematically targeting organizations across critical sectors for over four years, according to threat in...

A sophisticated malvertising campaign is leveraging Google Ads and the public chat‑sharing feature of Anthropic’s Claude.ai to distribute a macOS backdoor. Victims who search for "...

German law‑enforcement agencies, led by the Federal Criminal Police Office (BKA) and the Hessian State Criminal Police Office (LKA Hessen) in close coordination with Europol’s Euro...

Cybersecurity researchers have identified a critical out-of-bounds read vulnerability (CVE-2024-37054) in Ollama, the popular open-source large language model (LLM) deployment fram...

cPanel Inc. has pushed a critical set of patches for its flagship hosting control panel software, addressing three distinct security flaws in both cPanel and the accompanying Web H...

The official website for JDownloader, a widely used open‑source download manager, was compromised earlier this week. Attackers altered the download links for both Windows and Linux...