Information security
Information security

[ follow ]

macOS ClickFix attacks deliver AppleScript stealers

A ClickFix campaign targets macOS users with an AppleScript infostealer that collects sensitive data from various browsers and cryptocurrency wallets.

Information security

fromThe Hacker News

2 hours ago

5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time

MTTR is impacted by structural issues in threat intelligence integration, not just analyst availability.

Information security

fromnews.bitcoin.com

3 hours ago

Dune Data Reveals Close to 50% of Layerzero Apps Use Basic Security

Nearly half of Layerzero applications use the lowest level of DVN security, raising concerns about cross-chain vulnerabilities.

#cybersecurity

fromTheregister

4 hours ago

Information security

AI-pwned: Vercel breach traced to stolen employee creds

fromComputerWeekly.com

1 hour ago

Information security

M&S one year on: turning anticipation into secure by design | Computer Weekly

fromThe Hacker News

18 minutes ago

Information security

22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters

fromAxios

1 hour ago

Information security

Scoop: Top U.S. cyber agency doesn't have access to Anthropic's powerful hacking model

Information security

fromThe Hacker News

4 hours ago

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

Stolen credentials remain the primary entry point for attackers, despite advancements in cybersecurity.

Information security

fromThe Hacker News

9 hours ago

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

CISA added eight new vulnerabilities to its KEV catalog, including critical flaws in Cisco Catalyst SD-WAN Manager, indicating active exploitation.

Information security

fromTheregister

4 hours ago

AI-pwned: Vercel breach traced to stolen employee creds

Vercel's CEO suspects AI aided attackers in a breach that exploited a compromised employee account and non-sensitive environment variables.

Information security

fromComputerWeekly.com

1 hour ago

M&S one year on: turning anticipation into secure by design | Computer Weekly

Retailers must prioritize preparedness for cyber attacks, focusing on third-party risk and continuous visibility across their supply chains.

Information security

fromThe Hacker News

18 minutes ago

22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters

22 new vulnerabilities in serial-to-IP converters could allow attackers to hijack devices and tamper with data.

fromAxios

1 hour ago

Information security

Scoop: Top U.S. cyber agency doesn't have access to Anthropic's powerful hacking model

Information security

fromThe Hacker News

4 hours ago

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

Stolen credentials remain the primary entry point for attackers, despite advancements in cybersecurity.

Information security

fromThe Hacker News

9 hours ago

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

CISA added eight new vulnerabilities to its KEV catalog, including critical flaws in Cisco Catalyst SD-WAN Manager, indicating active exploitation.

Unsecured Perforce Servers Expose Sensitive Data From Major Orgs

Many internet-facing Perforce P4 servers are misconfigured, exposing sensitive information and allowing unauthorized access.

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Progress Software released patches for multiple vulnerabilities in MOVEit WAF and LoadMaster that could lead to remote code execution and command injection.

Information security

fromSecurityWeek

1 day ago

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Serial-to-IP converters have serious vulnerabilities that can expose critical systems to remote attacks.

Information security

fromSecurityWeek

4 hours ago

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Progress Software released patches for multiple vulnerabilities in MOVEit WAF and LoadMaster that could lead to remote code execution and command injection.

Information security

fromSecurityWeek

1 day ago

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Serial-to-IP converters have serious vulnerabilities that can expose critical systems to remote attacks.

more#vulnerabilities

Information security

fromTNW | Next-Featured

1 hour ago

Lovable security crisis: 48 days of exposed projects, closed bug reports, & the structural failure of vibe coding security

Lovable's security incidents expose vulnerabilities in AI-generated code and highlight a market focus on growth over security.

Information security

fromSecurityWeek

2 hours ago

Dozens of Malicious Crypto Apps Land in Apple App Store

Over two dozen fake cryptocurrency apps targeting iOS users have been found in the Apple App Store, aimed at stealing recovery phrases and private keys.

Information security

fromArs Technica

3 hours ago

Contrary to popular superstition, AES 128 is just fine in a post-quantum world

AES 128 remains secure against quantum threats despite misconceptions about its vulnerability.

Information security

fromSecuritymagazine

16 hours ago

When Metal Theft Becomes a Life Safety Crisis

Scrap and metal theft has evolved into a serious threat to human life, particularly when it targets critical infrastructure.

Information security

fromComputerWeekly.com

1 hour ago

Sans Institute preps live systems for Nato cyber exercise | Computer Weekly

The Sans Institute is providing a real operational cyber range for the NATO Locked Shields exercise to enhance cyber security training and readiness.

#ransomware

fromTechCrunch

22 minutes ago

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

fromSecurityWeek

1 hour ago

Information security

Third US Security Expert Admits Helping Ransomware Gang

fromTechCrunch

22 minutes ago

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

fromSecurityWeek

1 hour ago

Information security

Third US Security Expert Admits Helping Ransomware Gang

The cookbook for safe, powerful agents

Capability without control in AI agents creates vulnerabilities, necessitating a structured control architecture for safe deployment.

Information security

fromTheregister

7 hours ago

Adaptavist Group breach: Ransomware crew claims mega-haul

Adaptavist Group is investigating a security breach involving stolen credentials, while a ransomware group claims to have accessed extensive data.

Developer tooling provider Vercel discloses breach that exposed some users' data - SiliconANGLE

Vercel experienced a security breach through Context.ai, compromising limited customer data and employee information.

Information security

fromTechRepublic

23 hours ago

Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand

Vercel confirmed a security incident involving unauthorized access to internal systems, with a threat actor claiming to sell stolen company data.

Information security

fromTechCrunch

1 day ago

App host Vercel confirms security incident, says customer data was stolen via breach at Context AI | TechCrunch

Vercel experienced a data breach due to a compromised employee account linked to Context AI, exposing customer credentials.

Information security

fromTheregister

1 day ago

Next.js developer Vercel warns customer creds compromised

Vercel experienced a data leak due to a compromise of Context.ai, affecting customer credentials and prompting immediate action.

Information security

fromSecurityWeek

1 day ago

Next.js Creator Vercel Hacked

Vercel confirmed a data breach involving unauthorized access to internal systems and compromised customer credentials.

Information security

fromInfoWorld

1 day ago

Hackers exploit Vercel's trust in AI integration

Sensitive secrets should be treated as potentially exposed and rotated as a priority.

Information security

fromSiliconANGLE

19 hours ago

Developer tooling provider Vercel discloses breach that exposed some users' data - SiliconANGLE

Vercel experienced a security breach through Context.ai, compromising limited customer data and employee information.

Information security

fromTechRepublic

23 hours ago

Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand

Vercel confirmed a security incident involving unauthorized access to internal systems, with a threat actor claiming to sell stolen company data.

Information security

fromTechCrunch

1 day ago

App host Vercel confirms security incident, says customer data was stolen via breach at Context AI | TechCrunch

Vercel experienced a data breach due to a compromised employee account linked to Context AI, exposing customer credentials.

Information security

fromTheregister

1 day ago

Next.js developer Vercel warns customer creds compromised

Vercel experienced a data leak due to a compromise of Context.ai, affecting customer credentials and prompting immediate action.

Information security

fromSecurityWeek

1 day ago

Next.js Creator Vercel Hacked

Vercel confirmed a data breach involving unauthorized access to internal systems and compromised customer credentials.

Information security

fromInfoWorld

1 day ago

Hackers exploit Vercel's trust in AI integration

Sensitive secrets should be treated as potentially exposed and rotated as a priority.

more#vercel

#data-breach

fromwww.businessinsider.com

4 hours ago

Information security

Hot AI startup Lovable's security stumble shows one big risk in vibe coding

Information security

fromSecuritymagazine

1 day ago

Vercel Breach Originated from an Employee's AI Tool

Vercel confirmed a data breach caused by a third-party AI tool used by an employee, impacting a limited subset of customers.

Information security

fromwww.businessinsider.com

4 hours ago

Hot AI startup Lovable's security stumble shows one big risk in vibe coding

Lovable experienced a security issue allowing access to user data, prompting concerns about vibe coding among software engineers.

Information security

fromSecuritymagazine

1 day ago

Vercel Breach Originated from an Employee's AI Tool

Vercel confirmed a data breach caused by a third-party AI tool used by an employee, impacting a limited subset of customers.

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with eight new flaws, including high-severity bugs in Cisco and Kentico products.

Information security

fromTheregister

9 hours ago

Iran claims US used backdoors in networking equipment

Iran claims the US sabotaged its networking equipment during the war using backdoors or botnets.

Information security

fromSecuritymagazine

1 day ago

58% of Organizations Spend Over 10 Hours a Month Securing AI-generated Code

31% of organizations using AI-generated code spend 10 hours or less per month on validation and auditing, raising security concerns.

Information security

fromArs Technica

1 day ago

Anthropic's Mythos AI model sparks fears of turbocharged hacking

AI-enabled cyber attacks surged 89% in 2025, with attackers acting within 29 minutes of gaining access.

Information security

fromTechRepublic

22 hours ago

Over 800 Android Apps Targeted in PIN-Stealing Trojan Campaign

Hackers exploit Android's overlay feature to capture PINs and monitor user interactions across over 800 apps using banking trojans.

Chainalysis Flags Critical Blind Spot in DeFi Security as $292M Exploit Bypasses Burn Verification

A $292M DeFi exploit reveals critical vulnerabilities in cross-chain systems, highlighting flawed trust assumptions and the need for better security measures.

Information security

fromnews.bitcoin.com

17 hours ago

Ripple's Schwartz Flags DeFi Bridge Trade-Offs After KelpDAO Incident

Bridge security trade-offs in DeFi infrastructure may compromise protections during real-world deployment, raising concerns about operational shortcuts and risk management.

Information security

fromnews.bitcoin.com

18 hours ago

Chainalysis Flags Critical Blind Spot in DeFi Security as $292M Exploit Bypasses Burn Verification

A $292M DeFi exploit reveals critical vulnerabilities in cross-chain systems, highlighting flawed trust assumptions and the need for better security measures.

Information security

fromnews.bitcoin.com

17 hours ago

Ripple's Schwartz Flags DeFi Bridge Trade-Offs After KelpDAO Incident

Bridge security trade-offs in DeFi infrastructure may compromise protections during real-world deployment, raising concerns about operational shortcuts and risk management.

Top 3 Cyber Insurance Incident Claims

Cyber incidents are increasing claims in the insurance industry despite decreasing premiums, indicating a more active risk environment.

Information security

fromTechzine Global

1 day ago

Kubernetes attack surface explodes: number of threats quadruples

Kubernetes faces a surge in cyberattacks, with a 282% increase in attempts, particularly targeting the IT sector and crypto exchanges.

Information security

fromSecurityWeek

1 day ago

Hackers Abuse QEMU for Defense Evasion

Threat actors are exploiting QEMU for ransomware and remote access tool deployment, with increased activity observed since late 2025.

Information security

fromTechzine Global

1 day ago

Aikido Endpoint offers developers additional protection against supply chain attacks

Aikido Endpoint protects developers' endpoints from supply chain attacks by blocking high-risk installations before they reach the system.

Information security

fromThe Hacker News

1 day ago

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

ZionSiphon malware targets Israeli water treatment systems, showcasing a trend in politically motivated attacks on critical infrastructure.

Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched

Three new security flaws in Microsoft Defender are actively exploited, with only one patched, allowing full SYSTEM-level access to attackers.

Information security

fromThe Hacker News

4 days ago

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Threat actors are exploiting three vulnerabilities in Microsoft Defender for elevated privileges, with one flaw already addressed by Microsoft.

Information security

fromTechRepublic

22 hours ago

Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched

Three new security flaws in Microsoft Defender are actively exploited, with only one patched, allowing full SYSTEM-level access to attackers.

Information security

fromThe Hacker News

4 days ago

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Threat actors are exploiting three vulnerabilities in Microsoft Defender for elevated privileges, with one flaw already addressed by Microsoft.

more#microsoft-defender

Microsoft releases Windows Server update to fix April update

Microsoft released an out-of-band update to fix a restart loop issue affecting Windows Server devices after the April 2026 update.

Information security

fromTheregister

4 days ago

Microsoft closes book on rogue Windows Server 2025 upgrades

Microsoft has resolved the Windows Server 2025 upgrade issue, but new problems have emerged with the cumulative update KB5082063.

Information security

fromTheregister

1 day ago

Microsoft releases Windows Server update to fix April update

Microsoft released an out-of-band update to fix a restart loop issue affecting Windows Server devices after the April 2026 update.

Information security

fromTheregister

4 days ago

Microsoft closes book on rogue Windows Server 2025 upgrades

Microsoft has resolved the Windows Server 2025 upgrade issue, but new problems have emerged with the cumulative update KB5082063.

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

A critical vulnerability in SGLang allows remote code execution via a crafted GGUF model file, with a CVSS score of 9.8.

Information security

fromwww.socialmediatoday.com

2 days ago

TikTok's US joint venture gains security infrastructure certification

TikTok USDS Joint Venture has achieved ISO/IEC 27001:2022 certification, enhancing user trust in its data security measures.

Information security

fromTechCrunch

23 hours ago

Mastodon says its flagship server was hit by a DDoS attack | TechCrunch

Mastodon's flagship server experienced a DDoS attack, causing significant outages and instability, but countermeasures were implemented to restore access.

#bluesky

fromSecurityWeek

1 day ago

Information security

Bluesky Disrupted by Sophisticated DDoS Attack

fromTechRepublic

4 days ago

Information security

Bluesky Outage: Coordinated Traffic Attack Causes Widespread Errors

fromMashable

4 days ago

Information security

Bluesky outage: Why it happened

fromSecurityWeek

1 day ago

Information security

Bluesky Disrupted by Sophisticated DDoS Attack

fromTechRepublic

4 days ago

Information security

Bluesky Outage: Coordinated Traffic Attack Causes Widespread Errors

fromMashable

4 days ago

Information security

Bluesky outage: Why it happened

more#bluesky

fromEngadget

19 hours ago

Mastodon was hit by a 'major' DDoS attack that briefly took down parts of the service

Mastodon began reporting issues early Monday morning as much of the Mastodon-operated server became inaccessible. Andy Piper described the incident as a 'major' attack.

Information security

AI vendors' response to security flaws: It wasn't me

AI vendors promote AI for security but often dismiss flaws as intended behavior.

fromTheregister

1 day ago

Information security

Prompt injection proves AI models are gullible like humans

fromSecurityWeek

5 days ago

Information security

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

Information security

fromTheregister

2 days ago

AI vendors' response to security flaws: It wasn't me

AI vendors promote AI for security but often dismiss flaws as intended behavior.

Information security

fromTheregister

1 day ago

Prompt injection proves AI models are gullible like humans

Prompt injection attacks exploit AI systems, similar to phishing, by embedding malicious instructions that the AI executes instead of treating as content.

Information security

fromSecurityWeek

5 days ago

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A prompt injection attack method named 'Comment and Control' targets AI code security tools, allowing attackers to hijack AI agents using crafted GitHub comments.

Why Trust and Verification Are Critical for Modern Online Platform Businesses

Trust is essential yet fragile in the digital economy, with platforms facing increasing challenges from sophisticated online scams.

Information security

fromThe Hacker News

3 days ago

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors exploit vulnerabilities in TBK DVR and TP-Link routers to deploy Mirai-botnet variants, targeting IoT devices for large-scale attacks.

Information security

fromSecurityWeek

3 days ago

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

Information security

fromwww.independent.co.uk

3 days ago

Scottish man faces 22 years in US prison for $8m virtual currency scam

A Scottish man pleaded guilty to hacking and stealing over $8 million in virtual currency through phishing attacks.

Information security

fromHarvard Gazette

3 days ago

Time for government, business leaders to figure out AI cybersecurity regulation - Harvard Gazette

Agentic AI poses both opportunities for cybersecurity and risks to personal data, economy, and national security, necessitating regulation by leaders.

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

fromSecurityWeek

4 days ago

Information security

ZionSiphon Malware Targets ICS in Water Facilities

fromThe Hacker News

5 days ago

Information security

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

Information security

fromTechRepublic

4 days ago

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

Information security

fromSecurityWeek

4 days ago

ZionSiphon Malware Targets ICS in Water Facilities

ZionSiphon is a new malware targeting water treatment plants in Israel, designed to manipulate chlorine levels and pressure in these facilities.

Information security

fromThe Hacker News

5 days ago

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

A new malware campaign targeting Ukrainian healthcare institutions has been identified, utilizing deceptive emails to deliver malicious payloads.

What is Claude Mythos and what risks does it pose?

Anthropic's Claude Mythos AI model outperforms humans in some cybersecurity tasks, raising concerns among regulators and tech companies.

#north-korea

fromComputerWeekly.com

3 days ago

Information security

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

Information security

fromTheregister

4 days ago

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

Information security

fromComputerWeekly.com

3 days ago

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

Information security

fromTheregister

4 days ago

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

Recent advances push Big Tech closer to the Q-Day danger zone

Organizations are transitioning to new algorithms to replace RSA and elliptic curves due to vulnerabilities exposed by quantum computing threats.

Information security

fromDevOps.com

3 days ago

The Open Source Trap: Why Trust Isn't a Security Strategy - DevOps.com

The software supply chain is vulnerable due to reliance on under-resourced open source maintainers, requiring active organizational support for security.

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

NIST will only enrich certain cybersecurity vulnerabilities in its database due to a surge in CVE submissions.

Information security

fromComputerWeekly.com

3 days ago

Surging CVE disclosures force NIST to shake up workflows | Computer Weekly

NIST is changing its approach to handling CVEs, focusing on those with the greatest potential impact due to increased submissions.

Information security

fromThe Hacker News

4 days ago

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

NIST will only enrich certain cybersecurity vulnerabilities in its database due to a surge in CVE submissions.

Information security

fromComputerWeekly.com

3 days ago

Surging CVE disclosures force NIST to shake up workflows | Computer Weekly

NIST is changing its approach to handling CVEs, focusing on those with the greatest potential impact due to increased submissions.

Cursor AI Vulnerability Exposed Developer Devices

A vulnerability in Cursor AI allows attackers to hijack developer machines via malicious repositories without user interaction.

Information security

fromThe Cipher Brief

4 days ago

An FBI Perspective on FISA Section 702

Allowing Section 702 to lapse would create intelligence gaps that adversaries are poised to exploit, threatening American security.

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

CISA warns of a critical Apache ActiveMQ vulnerability requiring federal agencies to patch within two weeks to prevent exploitation.

Information security

fromThe Hacker News

4 days ago

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A high-severity security flaw in Apache ActiveMQ Classic, CVE-2026-34197, is actively exploited, requiring urgent fixes by April 30, 2026.

Information security

fromSecurityWeek

4 days ago

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

A vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, is being actively exploited, requiring immediate patching by organizations.

Information security

fromTheregister

3 days ago

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

CISA warns of a critical Apache ActiveMQ vulnerability requiring federal agencies to patch within two weeks to prevent exploitation.

Information security

fromThe Hacker News

4 days ago

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A high-severity security flaw in Apache ActiveMQ Classic, CVE-2026-34197, is actively exploited, requiring urgent fixes by April 30, 2026.

Information security

fromSecurityWeek

4 days ago

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

A vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, is being actively exploited, requiring immediate patching by organizations.

How CSOs Can Win Board Support for Gunshot Detection Technology

CSOs must effectively frame gunshot detection technology to gain executive support and align it with corporate risk priorities.

Cisco Wi-Fi boxes writing 5MB of undeletable data daily

Cisco Wi-Fi access points may fill onboard memory with nonessential data, risking software update failures due to insufficient disk space.

Information security

fromThe Hacker News

5 days ago

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.

Information security

fromSecurityWeek

5 days ago

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.

Information security

fromTheregister

4 days ago

Cisco Wi-Fi boxes writing 5MB of undeletable data daily

Cisco Wi-Fi access points may fill onboard memory with nonessential data, risking software update failures due to insufficient disk space.

Information security

fromThe Hacker News

5 days ago

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.

Information security

fromSecurityWeek

5 days ago

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.

more#cisco

fromThe Hacker News

4 days ago

Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts

"Booter services allow users to launch DDoS attacks against targeted websites, servers, or networks. Their infrastructure is made up of servers, databases, and other technical components that make DDoS-for-hire activities possible. By seizing these infrastructures, authorities were able to hinder these criminal operations and prevent further damage to victims."

Information security

fromTechzine Global

4 days ago

Broadcom brings secure AI agent environment to VMware Tanzu

Broadcom's VMware Tanzu Platform Agent Foundations provides a secure environment for autonomous AI applications with zero-trust networking and automated management.

Information security

fromTechRepublic

4 days ago

McGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records Leaked

Unauthorized access to limited internal data at McGraw-Hill was linked to a Salesforce misconfiguration, raising concerns about potential identity fraud and harassment.

Information security

fromThe Hacker News

5 days ago

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

A social engineering campaign exploits Obsidian to distribute PHANTOMPULSE trojan targeting financial and cryptocurrency sectors.

Information security

fromTheregister

4 days ago

MCP 'design flaw' puts 200k servers at risk: Researcher

A design flaw in Anthropic's Model Context Protocol puts 200,000 servers at risk, despite repeated requests for a patch from security researchers.

[ Load more ]

Information securityInformation security

macOS ClickFix attacks deliver AppleScript stealers

5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time

Dune Data Reveals Close to 50% of Layerzero Apps Use Basic Security

AI-pwned: Vercel breach traced to stolen employee creds

M&S one year on: turning anticipation into secure by design | Computer Weekly

22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters

Scoop: Top U.S. cyber agency doesn't have access to Anthropic's powerful hacking model

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

AI-pwned: Vercel breach traced to stolen employee creds

M&S one year on: turning anticipation into secure by design | Computer Weekly

22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters

Scoop: Top U.S. cyber agency doesn't have access to Anthropic's powerful hacking model

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

Unsecured Perforce Servers Expose Sensitive Data From Major Orgs

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Lovable security crisis: 48 days of exposed projects, closed bug reports, & the structural failure of vibe coding security

Dozens of Malicious Crypto Apps Land in Apple App Store

Contrary to popular superstition, AES 128 is just fine in a post-quantum world

When Metal Theft Becomes a Life Safety Crisis

Sans Institute preps live systems for Nato cyber exercise | Computer Weekly

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

Third US Security Expert Admits Helping Ransomware Gang

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

Third US Security Expert Admits Helping Ransomware Gang

The cookbook for safe, powerful agents

Adaptavist Group breach: Ransomware crew claims mega-haul

Developer tooling provider Vercel discloses breach that exposed some users' data - SiliconANGLE

Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand

App host Vercel confirms security incident, says customer data was stolen via breach at Context AI | TechCrunch

Next.js developer Vercel warns customer creds compromised

Next.js Creator Vercel Hacked

Hackers exploit Vercel's trust in AI integration

Developer tooling provider Vercel discloses breach that exposed some users' data - SiliconANGLE

Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand

App host Vercel confirms security incident, says customer data was stolen via breach at Context AI | TechCrunch

Next.js developer Vercel warns customer creds compromised

Next.js Creator Vercel Hacked

Hackers exploit Vercel's trust in AI integration

Hot AI startup Lovable's security stumble shows one big risk in vibe coding

Vercel Breach Originated from an Employee's AI Tool

Hot AI startup Lovable's security stumble shows one big risk in vibe coding

Vercel Breach Originated from an Employee's AI Tool

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

Iran claims US used backdoors in networking equipment

58% of Organizations Spend Over 10 Hours a Month Securing AI-generated Code

Anthropic's Mythos AI model sparks fears of turbocharged hacking

Over 800 Android Apps Targeted in PIN-Stealing Trojan Campaign

Chainalysis Flags Critical Blind Spot in DeFi Security as $292M Exploit Bypasses Burn Verification

Ripple's Schwartz Flags DeFi Bridge Trade-Offs After KelpDAO Incident

Chainalysis Flags Critical Blind Spot in DeFi Security as $292M Exploit Bypasses Burn Verification

Ripple's Schwartz Flags DeFi Bridge Trade-Offs After KelpDAO Incident

Top 3 Cyber Insurance Incident Claims

Kubernetes attack surface explodes: number of threats quadruples

Hackers Abuse QEMU for Defense Evasion

Aikido Endpoint offers developers additional protection against supply chain attacks

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Microsoft releases Windows Server update to fix April update

Microsoft closes book on rogue Windows Server 2025 upgrades

Microsoft releases Windows Server update to fix April update

Microsoft closes book on rogue Windows Server 2025 upgrades

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

TikTok's US joint venture gains security infrastructure certification

Mastodon says its flagship server was hit by a DDoS attack | TechCrunch

Bluesky Disrupted by Sophisticated DDoS Attack

Bluesky Outage: Coordinated Traffic Attack Causes Widespread Errors

Bluesky outage: Why it happened

Bluesky Disrupted by Sophisticated DDoS Attack

Bluesky Outage: Coordinated Traffic Attack Causes Widespread Errors

Bluesky outage: Why it happened

Mastodon was hit by a 'major' DDoS attack that briefly took down parts of the service

Information security
Information security