Information security

[ follow ]
#russian-hackers #power-grid #power-grid-attack #input-validation #cve-2022-2856 #phishing
Information security
fromtheregister
1 hour ago

To gain root access at this company, all an intruder had to do was ask nicely

IT staff reset an account after a caller failed challenge questions, enabling unauthorized access through social engineering and weak password reset procedures.
Information security
fromThe Hacker News
1 hour ago

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

NGINX Rift is a critical ngx_http_rewrite_module heap buffer overflow enabling remote code execution or denial-of-service via crafted requests.
#linux-kernel
Information security
fromThe Hacker News
8 minutes ago

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

Fragnesia (CVE-2026-46300) enables unprivileged local attackers to corrupt kernel page cache and gain root via the XFRM ESP-in-TCP subsystem.
Information security
fromInfoQ
2 days ago

Copy Fail and Dirty Frag: Linux Page-Cache Exploits Target Every Major Distribution

Two Linux kernel local privilege escalation flaws enable unprivileged users to obtain root by manipulating page cache via AF_ALG and related logic bugs.
Information security
fromThe Hacker News
8 minutes ago

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

Fragnesia (CVE-2026-46300) enables unprivileged local attackers to corrupt kernel page cache and gain root via the XFRM ESP-in-TCP subsystem.
Information security
fromInfoQ
2 days ago

Copy Fail and Dirty Frag: Linux Page-Cache Exploits Target Every Major Distribution

Two Linux kernel local privilege escalation flaws enable unprivileged users to obtain root by manipulating page cache via AF_ALG and related logic bugs.
more#linux-kernel
Information security
fromSecuritymagazine
8 hours ago

The Bench You'll Need in Three Years Depends on Decisions You Make Now

AI-native security tools automate entry-level tasks, shrinking the entry talent pipeline and creating a widening skills mismatch that will reduce hiring, provider quality, and bench strength.
Information security
fromSecurityWeek
16 hours ago

Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code

Microsoft and Palo Alto Networks report significant vulnerability discoveries after enabling AI-driven scanning on their own code and product portfolios.
Information security
fromSecuritymagazine
1 day ago

What Security Leaders Say About the First AI-Developed Zero-Day Exploit

AI-generated zero-day exploitation has become operational, requiring stronger, phishing-resistant authentication and treating privileged access as a separate attack surface.
#ai-security
Information security
fromComputerworld
19 hours ago

Microsoft's new AI system finds 16 Windows flaws, including four critical RCEs

MDASH will enter enterprise private preview in June, using AI agents to discover and help remediate Windows vulnerabilities, including critical remote code execution flaws.
Information security
fromComputerworld
19 hours ago

Microsoft's new AI system finds 16 Windows flaws, including four critical RCEs

MDASH will enter enterprise private preview in June, using AI agents to discover and help remediate Windows vulnerabilities, including critical remote code execution flaws.
Information security
fromThe Hacker News
18 hours ago

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

MDASH is a model-agnostic, multi-agent AI pipeline that discovers, validates, and proves exploitable vulnerabilities at scale in complex codebases.
Information security
fromSecurityWeek
1 day ago

White Circle Raises $11 Million for AI Control Platform

White Circle raised $11M seed funding to build an AI control layer that monitors inputs/outputs, detects risks, enforces policies, and improves model accuracy over time.
more#ai-security
Information security
fromSecurityWeek
17 hours ago

Sweet Security Launches Agentic AI Red Teaming to Counter 'Mythos Moment'

Human security cannot match AI-assisted cyberattack speed and volume, requiring security programs that use environment-specific AI agents and continuous red teaming.
Information security
fromtheregister
11 hours ago

Bug hunter tracks down three massive MCP flaws and one vendor won't fix theirs

Missing or faulty security validation in MCP servers enables SQL injection, metadata exfiltration, and potential takeover of internet-exposed database instances.
#cybersecurity
Information security
fromTechzine Global
2 days ago

Google: AI likely aided attackers to develop a zero-day

Generative AI is increasingly used to develop exploits, enabling attackers to bypass two-factor authentication and automate offensive workflows.
Information security
fromwww.bbc.com
1 day ago

Canvas hack: company pays criminals to delete students' stolen data

Instructure paid hackers to prevent publication of stolen Canvas data, returning it with digital confirmation of destruction and preventing extortion of affected customers.
Information security
fromBusiness Matters
2 days ago

Stryker hack shows cyber intelligence is more important than ever

A major medical device company’s devices were wiped after an Iran-linked ransomware attack, showing cyber threats can strike anytime and require urgent security priorities.
Information security
fromSecuritymagazine
1 day ago

Cybersecurity Is No Longer a Gatekeeper, But the Engine of Delivery Across Digital Economy

Cybersecurity is a top fast-growing skill and must be integrated into product delivery, since both protection gaps and misconfigured controls can cause outages, breaches, and lost trust.
Information security
from24/7 Wall St.
16 hours ago

AI Threats Are Accelerating and These 3 Cybersecurity Stocks Under $30 Are Built to Win

Cybersecurity demand for AI workloads, identity control, and data pipeline protection is driving growth, while several stocks trade under $30 at compressed valuations.
Information security
fromSecurityWeek
19 hours ago

Government to Scrutinize Instructure Over Canvas Disruption, Data Breach

Instructure faced repeated Canvas intrusions, exploited Free-For-Teacher issues, and is temporarily shutting accounts while the House Homeland Security Committee demands incident details.
Information security
fromTechzine Global
2 days ago

Google: AI likely aided attackers to develop a zero-day

Generative AI is increasingly used to develop exploits, enabling attackers to bypass two-factor authentication and automate offensive workflows.
Information security
fromwww.bbc.com
1 day ago

Canvas hack: company pays criminals to delete students' stolen data

Instructure paid hackers to prevent publication of stolen Canvas data, returning it with digital confirmation of destruction and preventing extortion of affected customers.
more#cybersecurity
#microsoft-security-updates
fromThe Hacker News
19 hours ago
Information security

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

Microsoft released patches for 138 vulnerabilities across its products, including critical Windows DNS and Azure flaws, with no publicly known active attacks reported.
Information security
fromZero Day Initiative
1 day ago

Zero Day Initiative - The May 2026 Security Update Review

Most Microsoft fixes address elevation of privilege, with several code execution paths requiring varying attacker access levels and one kernel issue enabling code execution via crafted NVMe-oF handshake messages.
Information security
fromThe Hacker News
19 hours ago

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

Microsoft released patches for 138 vulnerabilities across its products, including critical Windows DNS and Azure flaws, with no publicly known active attacks reported.
Information security
fromZero Day Initiative
1 day ago

Zero Day Initiative - The May 2026 Security Update Review

Most Microsoft fixes address elevation of privilege, with several code execution paths requiring varying attacker access levels and one kernel issue enabling code execution via crafted NVMe-oF handshake messages.
more#microsoft-security-updates
Information security
fromwww.bbc.com
1 day ago

More than 70 million warnings sent to people seeking child abuse material

Over two years, 70 million CSAM warning messages were sent, with 700,000 accessing support resources, and most who seek help continued engaging.
Information security
fromtheregister
15 hours ago

Mystery Microsoft bug leaker keeps the zero-days coming

YellowKey enables attackers with physical access to bypass BitLocker and gain unrestricted shell access, turning stolen laptops into potential breach events.
Information security
fromSecurityWeek
22 hours ago

Fortinet, Ivanti Patch Critical Vulnerabilities

Fortinet and Ivanti released patches for 18 vulnerabilities, including three critical flaws enabling remote, unauthenticated code execution or file manipulation.
Information security
fromtheregister
8 hours ago

Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits

AI-based code scanning is rapidly increasing vulnerability discovery, driving more patches and greater administrative workload while raising risks if patches break systems.
#microsoft-patch-tuesday
Information security
fromSecurityWeek
21 hours ago

Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises

CVE-2026-40361 is a zero-click Outlook remote code execution flaw requiring patching to protect enterprise inboxes.
Information security
fromTechzine Global
1 day ago

Microsoft patches 137 vulnerabilities and deploys AI scanner

Microsoft’s May Patch Tuesday fixes 137 vulnerabilities, including 30 critical, with AI-driven detection and an internal MDASH scanning environment accelerating discovery and patching.
Information security
fromComputerWeekly.com
1 day ago

Microsoft releases rare zero-day free Patch Tuesday update | Computer Weekly

May 2026 Patch Tuesday fixes about 140 CVEs with no zero-days, but nearly 20 critical flaws require rapid patching and Secure Boot certificate rotation by 26 June.
Information security
fromSecurityWeek
21 hours ago

Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises

CVE-2026-40361 is a zero-click Outlook remote code execution flaw requiring patching to protect enterprise inboxes.
Information security
fromTechzine Global
1 day ago

Microsoft patches 137 vulnerabilities and deploys AI scanner

Microsoft’s May Patch Tuesday fixes 137 vulnerabilities, including 30 critical, with AI-driven detection and an internal MDASH scanning environment accelerating discovery and patching.
Information security
fromComputerWeekly.com
1 day ago

Microsoft releases rare zero-day free Patch Tuesday update | Computer Weekly

May 2026 Patch Tuesday fixes about 140 CVEs with no zero-days, but nearly 20 critical flaws require rapid patching and Secure Boot certificate rotation by 26 June.
more#microsoft-patch-tuesday
Information security
fromSecurityWeek
23 hours ago

Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities

Intel and AMD released May 2026 Patch Tuesday advisories covering 70 vulnerabilities, including critical flaws enabling privilege escalation and potential code execution.
#ransomware
Information security
fromTechzine Global
22 hours ago

Foxconn attackers allegedly obtained Apple and Nvidia data

Foxconn confirmed a North American ransomware attack, with Nitrogen claiming theft of confidential data and Foxconn restarting affected factories.
Information security
fromTechzine Global
1 day ago

On Anti-Ransomware Day, some good news arrives for cyber defenders

Ransomware victim rates are falling, while attackers shift to sophisticated intrusions, access sales, and fragmented operations.
Information security
fromWIRED
1 day ago

Foxconn Ransomware Attack Shows Nothing Is Safe Forever

Nitrogen claims it stole 8 TB of Foxconn data and extorts the electronics manufacturer, which reported cyberattacks and resuming production at affected North American factories.
Information security
fromtheregister
1 day ago

Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files

A ransomware attack hit Foxconn’s North American operations, disrupting some factories but enabling resumption of normal production after response measures.
Information security
fromTechzine Global
22 hours ago

Foxconn attackers allegedly obtained Apple and Nvidia data

Foxconn confirmed a North American ransomware attack, with Nitrogen claiming theft of confidential data and Foxconn restarting affected factories.
Information security
fromTechzine Global
1 day ago

On Anti-Ransomware Day, some good news arrives for cyber defenders

Ransomware victim rates are falling, while attackers shift to sophisticated intrusions, access sales, and fragmented operations.
Information security
fromWIRED
1 day ago

Foxconn Ransomware Attack Shows Nothing Is Safe Forever

Nitrogen claims it stole 8 TB of Foxconn data and extorts the electronics manufacturer, which reported cyberattacks and resuming production at affected North American factories.
Information security
fromtheregister
1 day ago

Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files

A ransomware attack hit Foxconn’s North American operations, disrupting some factories but enabling resumption of normal production after response measures.
more#ransomware
Information security
fromSecurityWeek
1 day ago

ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA

Multiple vendors released May 2026 ICS security advisories addressing critical and high-severity vulnerabilities, including remote code execution, takeover, XSS, and session hijacking.
#malware
Information security
fromwww.theregister.com
1 day ago

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

Shai-Hulud worm source code was open-sourced, enabling rapid modification and credential-stealing attacks against npm packages and cloud accounts.
Information security
fromSecurityWeek
1 day ago

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware

CRPx0 uses a free OnlyFans lure to deliver stealthy malware that steals cryptocurrency, exfiltrates data, and deploys ransomware via persistence and C2 control.
Information security
fromwww.theregister.com
1 day ago

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

Shai-Hulud worm source code was open-sourced, enabling rapid modification and credential-stealing attacks against npm packages and cloud accounts.
Information security
fromSecurityWeek
1 day ago

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware

CRPx0 uses a free OnlyFans lure to deliver stealthy malware that steals cryptocurrency, exfiltrates data, and deploys ransomware via persistence and C2 control.
more#malware
Information security
fromComputerworld
16 hours ago

Cyberattack: First they come for Foxconn, then they come for you

Attackers can still disrupt and compromise highly secured industrial networks, causing widespread operational shutdowns and data theft claims.
Information security
fromThe Hacker News
22 hours ago

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data

GemStuffer abuses RubyGems to exfiltrate scraped UK council portal content by publishing data-bearing gems using hardcoded API keys.
fromSecurityWeek
14 hours ago

Foxconn Confirms North American Factories Hit by Cyberattack

“The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery. The affected factories are currently resuming normal production,” Foxconn told SecurityWeek.
Information security
fromThe Hacker News
18 hours ago

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting.
Information security
Information security
fromIndependent
1 day ago

More than 200 fake websites targeted Irish residents with scams last year

Financial scams targeting Irish residents increased 52% in one year, often impersonating Revenue, An Post, and Irish banks to steal money.
fromIndependent
1 day ago

More than 200 fake websites targeted Irish residents with scams last year

More than 200 websites were found to be targeting Irish residents with scams last year, including fake online shops and fraudulent loan websites claiming to be regulated by the Central Bank of Ireland.
Information security
Information security
fromInfoQ
2 days ago

GitHub Expands Secret Scanning with General Availability of MCP Server Integration

GitHub added general availability of secret scanning via its MCP Server to let AI agents and automation detect and remediate exposed credentials in structured workflows.
Information security
fromSearch Storage
2 days ago

Attackers targeting storage infrastructure for remote work | TechTarget

Threat actors increasingly target storage infrastructure to access valuable data, disable backups, steal credentials, and spread ransomware impact efficiently.
#supply-chain-attacks
Information security
fromThe Hacker News
1 day ago

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP modified npm and PyPI packages to run obfuscated environment profiling and credential stealing, exfiltrating data via external domains and GitHub token abuse.
fromInfoWorld
1 day ago
Information security

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

Automated Mini Shai-Hulud worm attacks rapidly spread through package ecosystems on May 11 by hijacking release pipelines via pull_request_target and maintainer misconfigurations.
Information security
fromThe Hacker News
1 day ago

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP modified npm and PyPI packages to run obfuscated environment profiling and credential stealing, exfiltrating data via external domains and GitHub token abuse.
Information security
fromInfoWorld
1 day ago

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

Automated Mini Shai-Hulud worm attacks rapidly spread through package ecosystems on May 11 by hijacking release pipelines via pull_request_target and maintainer misconfigurations.
more#supply-chain-attacks
Information security
fromMedium
1 day ago

AI's Double-Edged Sword: Innovation, Risk, and the Expanding Attack Surface

AI capability is expanding cybersecurity risks by turning intelligence and autonomy into attack vectors for fraud, misinformation, and physical threats.
#agentic-ai
Information security
fromSecurityWeek
1 day ago

Exaforce Raises $125 Million for Agentic SOC Platform

Exaforce raised $125M Series B to expand its agentic SOC platform using Exabots for autonomous detection, triage, investigation, and response across cloud and SaaS.
Information security
fromSecurityWeek
1 day ago

Exaforce Raises $125 Million for Agentic SOC Platform

Exaforce raised $125M Series B to expand its agentic SOC platform using Exabots for autonomous detection, triage, investigation, and response across cloud and SaaS.
more#agentic-ai
#soc-operations
Information security
fromSecurityWeek
1 day ago

Is The SOC Obsolete, And We Just Haven't Admitted It Yet?

SOC operations are increasingly mismatched to machine-speed threats, and current AI SOC promises rarely replace human investigation and contextual decision-making.
Information security
fromThe Hacker News
1 day ago

Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help

High-risk SOC alerts go unanswered due to structural coverage ceilings, lack of specialized expertise, and automation limits that deprioritize unfamiliar or novel alert categories.
Information security
fromSecurityWeek
1 day ago

Is The SOC Obsolete, And We Just Haven't Admitted It Yet?

SOC operations are increasingly mismatched to machine-speed threats, and current AI SOC promises rarely replace human investigation and contextual decision-making.
Information security
fromThe Hacker News
1 day ago

Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help

High-risk SOC alerts go unanswered due to structural coverage ceilings, lack of specialized expertise, and automation limits that deprioritize unfamiliar or novel alert categories.
more#soc-operations
Information security
fromSecurityWeek
1 day ago

Microsoft Patches 137 Vulnerabilities

Microsoft patched 137 vulnerabilities, including critical privilege escalation and remote code execution flaws, with none reported exploited in the wild.
Information security
fromDevOps.com
1 day ago

OpenAI's Daybreak Challenges Anthropic in AI Cybersecurity Race

Daybreak embeds AI-driven vulnerability identification, fix validation, and faster patching into enterprise software development workflows using Codex Security and vendor integrations.
Information security
fromTechRepublic
1 day ago

Google Says Hackers Used AI to Build Zero-Day Exploit

A zero-day exploit with AI assistance targeted 2FA in an open-source web administration tool, but was disrupted before large-scale use.
Information security
fromtheregister
1 day ago

Cache-poisoning caper turns TanStack npm packages toxic

Eighty-four malicious TanStack npm package versions stole credentials, self-propagated, and wiped disks after poisoning GitHub Actions caches and extracting npm OIDC tokens.
Information security
fromSecurityWeek
1 day ago

Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means

Claude Mythos testing of curl found only one low-severity vulnerability, challenging claims of thousands of zero-days and suggesting curl’s security may be strong.
Information security
fromTNW | Data-Security
1 day ago

Google identifies first AI-developed zero-day exploit and thwarts planned mass exploitation event

Google identified an AI-assisted zero-day exploit, disrupted a planned mass exploitation event, and documented state-sponsored AI use in vulnerability research and malware development.
#ai-cybersecurity
Information security
fromTNW | Openai
1 day ago

OpenAI launches Daybreak to take on Anthropic's Mythos in cyber defence

Daybreak pairs GPT-5.5 variants with security partners to model threats, find vulnerabilities, generate patches, and validate fixes in enterprise codebases under controlled access.
Information security
fromTechCrunch
1 day ago

Exaforce raises $125M Series B to build AI for catching and stopping cyberattacks as they happen | TechCrunch

AI-enabled security operations can detect and stop threats in real time while reducing analyst workload by automating investigation and filtering false positives.
Information security
fromTNW | Openai
1 day ago

OpenAI launches Daybreak to take on Anthropic's Mythos in cyber defence

Daybreak pairs GPT-5.5 variants with security partners to model threats, find vulnerabilities, generate patches, and validate fixes in enterprise codebases under controlled access.
Information security
fromTechCrunch
1 day ago

Exaforce raises $125M Series B to build AI for catching and stopping cyberattacks as they happen | TechCrunch

AI-enabled security operations can detect and stop threats in real time while reducing analyst workload by automating investigation and filtering false positives.
more#ai-cybersecurity
Information security
fromSecurityWeek
1 day ago

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

A coordinated Mini Shai-Hulud supply chain attack compromised 170+ packages, stealing tokens and credentials and spreading via CI publishing of malicious package versions.
Information security
fromwww.cbc.ca
1 day ago

Instructure strikes deal with hackers after massive Canvas cyber breach hits universities | CBC News

Instructure reached an agreement with the hacking group, received verification of data destruction, and assured customers would not face extortion or further targeting.
Information security
fromtheregister
1 day ago

Frontier AI safety tests may be creating the very risks they're meant to stop

Third-party AI evaluations require outsider access, but inconsistent standards and weak controls create new risks of theft, tampering, espionage, and abuse.
Information security
fromNextgov.com
1 day ago

The Pentagon's cyber rules leave MSPs as an attack vector

CMMC aims to secure defense supply chains, but MSP privileged access can become an exploitable attack vector if MSPs aren’t held to equivalent standards.
Information security
fromThe Hacker News
1 day ago

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

TrickMo C uses TON-based command-and-control and updated network features to target banking and crypto users while turning infected devices into traffic-exit nodes.
Information security
fromTechRepublic
1 day ago

Over 1 Million Baby Monitors, Security Cameras Exposed Through Meari Flaws

Vulnerabilities in Meari Technology exposed private baby monitor and camera data across over one million devices, including images, motion alerts, and real-time activity.
Information security
fromSecurityWeek
1 day ago

SAP Patches Critical S/4HANA, Commerce Vulnerabilities

SAP released 15 security notes for May 2026 Patch Day, including critical SQL and code injection flaws in S/4HANA and SAP Commerce.
Information security
from24/7 Wall St.
1 day ago

5 Cybersecurity Stocks That May Be Acquired in 2026's M&A Wave

Cybersecurity M&A in 2026 is accelerating as platform consolidation, AI disruption, and hyperscaler demand drive acquisitions of sub-scale vendors.
#cybercrime
Information security
fromNextgov.com
2 days ago

Canvas breach spotlights cybercriminal appetite for student data

Education technology platforms like Canvas are being targeted for breaches that can expose student data and enable fraud, identity theft, extortion, and further intrusions.
Information security
fromtheregister
1 day ago

Congress investigates Canvas breach as company pays ransom

US Congress summoned Instructure CEO Steve Daly to explain two Canvas breaches, including data accessed, containment, notifications, and coordination with federal law enforcement and CISA.
Information security
fromNextgov.com
2 days ago

Canvas breach spotlights cybercriminal appetite for student data

Education technology platforms like Canvas are being targeted for breaches that can expose student data and enable fraud, identity theft, extortion, and further intrusions.
more#cybercrime
Information security
fromTechzine Global
1 day ago

Cisco open-sources Foundry Security Spec for CISO-ready agents

Foundry Security Spec standardizes LLM-based security evaluations with orchestration, validation, coverage tracking, and auditable outputs.
Information security
fromEngadget
1 day ago

Google announces upcoming security tools for Android, including enhanced protection against banking scam calls - Engadget

Android adds protections against banking scam calls, expands live threat detection for abusive apps, and introduces device-theft security settings.
Information security
fromSecurityWeek
1 day ago

Adobe Patches 52 Vulnerabilities in 10 Products

Adobe released patches for 52 vulnerabilities across 10 products, including critical flaws enabling arbitrary code execution and privilege escalation.
Information security
fromThe Hacker News
1 day ago

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

Exim security updates fix CVE-2026-45185, a GnuTLS-related BDAT use-after-free that can cause heap corruption and potential code execution.
#linux-kernel-security
Information security
fromTechzine Global
2 days ago

Linux kernel kill switch proposal sparks fierce debate

Privileged administrators could disable vulnerable kernel functions temporarily until patches arrive, reducing exposure during zero-day gaps but raising concerns about delaying patching and adding operational risk.
Information security
fromZDNET
2 days ago

Dirty Frag is a new Linux bug putting your system at risk - and there's no easy fix yet

Dirty Frag enables local privilege escalation from an unprivileged account to root by corrupting kernel page cache via networking and authentication logic bugs.
Information security
fromTechzine Global
2 days ago

Linux kernel kill switch proposal sparks fierce debate

Privileged administrators could disable vulnerable kernel functions temporarily until patches arrive, reducing exposure during zero-day gaps but raising concerns about delaying patching and adding operational risk.
Information security
fromZDNET
2 days ago

Dirty Frag is a new Linux bug putting your system at risk - and there's no easy fix yet

Dirty Frag enables local privilege escalation from an unprivileged account to root by corrupting kernel page cache via networking and authentication logic bugs.
more#linux-kernel-security
fromTechzine Global
1 day ago

Veeam launches DataAI Command Platform for the agentic era

“The infrastructure to deploy AI exists. The infrastructure to trust it doesn't. With the DataAI Command Platform, Veeam is building the missing layer combining resilience, security, governance, compliance and privacy, in one platform.”
Information security
Information security
fromtheregister
1 day ago

FCC walks back router update ban before it bricked America's network security

The FCC extended update waivers for certain foreign-made routers to prevent millions of devices from becoming unpatched through at least January 1, 2029.
Information security
fromThe Verge
1 day ago

Canvas owner reaches 'agreement' with hackers to secure stolen data

Instructure reached an agreement with hackers after a Canvas breach, claiming stolen data was returned and customers will not be extorted.
Information security
fromwww.theregister.com
2 days ago

Japan's PM orders cybersecurity review to defend against Anthropic Mythos

Japan ordered a cabinet-level review of cybersecurity strategy to assess government system vulnerabilities and ensure critical infrastructure operators can detect and fix them amid AI-enabled attack risks.
Information security
fromTNW | Business
1 day ago

ServiceNow lines up $4bn bond sale to refinance Armis acquisition debt

ServiceNow plans a $4bn US high-grade bond sale to refinance 2025 debt used for its Armis acquisition and support AI-driven growth.
Information security
fromZDNET
2 days ago

Beyond the cleanup job: Redefining application security for the modern enterprise

Security must be built into software before release through a funded, managed, repeatable operating model with board-level accountability.
Information security
fromZDNET
2 days ago

The patching treadmill: Why traditional application security is no longer enough

Continuous deployment and scanning create endless find-and-fix cycles, overwhelming teams and making old security models obsolete.
Information security
fromSecurityWeek
2 days ago

Build Application Firewalls Aim to Stop the Next Supply Chain Attack

Supply chain attacks repeatedly compromise CI/CD build processes via trusted dependencies, enabling malicious code to enter builds and deliver payloads through automation.
[ Load more ]