Information security

[ follow ]
#russian-hackers #power-grid #power-grid-attack #input-validation #cve-2022-2856 #phishing
#cybersecurity
Information security
fromDevOps.com
2 hours ago

Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable - DevOps.com

A critical vulnerability in a Microsoft GitHub repository allows attackers to exploit CI/CD infrastructure and run arbitrary code.
Information security
fromTheregister
6 hours ago

AI-pwned: Vercel breach traced to stolen employee creds

Vercel's CEO suspects AI aided attackers in a breach that exploited a compromised employee account and non-sensitive environment variables.
Information security
fromThe Hacker News
11 hours ago

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

CISA added eight new vulnerabilities to its KEV catalog, including critical flaws in Cisco Catalyst SD-WAN Manager, indicating active exploitation.
Information security
fromComputerWeekly.com
3 hours ago

M&S one year on: turning anticipation into secure by design | Computer Weekly

Retailers must prioritize preparedness for cyber attacks, focusing on third-party risk and continuous visibility across their supply chains.
Information security
fromDevOps.com
2 hours ago

Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable - DevOps.com

A critical vulnerability in a Microsoft GitHub repository allows attackers to exploit CI/CD infrastructure and run arbitrary code.
more#cybersecurity
#data-breach
more#data-breach
Information security
fromTheregister
2 hours ago

macOS ClickFix attacks deliver AppleScript stealers

A ClickFix campaign targets macOS users with an AppleScript infostealer that collects sensitive data from various browsers and cryptocurrency wallets.
Information security
fromTheregister
9 hours ago

Adaptavist Group breach: Ransomware crew claims mega-haul

Adaptavist Group is investigating a security breach involving stolen credentials, while a ransomware group claims to have accessed extensive data.
Information security
fromSecurityWeek
5 hours ago

Unsecured Perforce Servers Expose Sensitive Data From Major Orgs

Many internet-facing Perforce P4 servers are misconfigured, exposing sensitive information and allowing unauthorized access.
#vercel
Information security
fromSiliconANGLE
22 hours ago

Developer tooling provider Vercel discloses breach that exposed some users' data - SiliconANGLE

Vercel experienced a security breach through Context.ai, compromising limited customer data and employee information.
Information security
fromTechRepublic
1 day ago

Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand

Vercel confirmed a security incident involving unauthorized access to internal systems, with a threat actor claiming to sell stolen company data.
Information security
fromTechCrunch
1 day ago

App host Vercel confirms security incident, says customer data was stolen via breach at Context AI | TechCrunch

Vercel experienced a data breach due to a compromised employee account linked to Context AI, exposing customer credentials.
Information security
fromTheregister
1 day ago

Next.js developer Vercel warns customer creds compromised

Vercel experienced a data leak due to a compromise of Context.ai, affecting customer credentials and prompting immediate action.
Information security
fromSiliconANGLE
22 hours ago

Developer tooling provider Vercel discloses breach that exposed some users' data - SiliconANGLE

Vercel experienced a security breach through Context.ai, compromising limited customer data and employee information.
Information security
fromTechRepublic
1 day ago

Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand

Vercel confirmed a security incident involving unauthorized access to internal systems, with a threat actor claiming to sell stolen company data.
Information security
fromTechCrunch
1 day ago

App host Vercel confirms security incident, says customer data was stolen via breach at Context AI | TechCrunch

Vercel experienced a data breach due to a compromised employee account linked to Context AI, exposing customer credentials.
Information security
fromTheregister
1 day ago

Next.js developer Vercel warns customer creds compromised

Vercel experienced a data leak due to a compromise of Context.ai, affecting customer credentials and prompting immediate action.
more#vercel
#vulnerabilities
Information security
fromSecurityWeek
6 hours ago

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Progress Software released patches for multiple vulnerabilities in MOVEit WAF and LoadMaster that could lead to remote code execution and command injection.
Information security
fromSecurityWeek
6 hours ago

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Progress Software released patches for multiple vulnerabilities in MOVEit WAF and LoadMaster that could lead to remote code execution and command injection.
more#vulnerabilities
Information security
fromSecurityWeek
7 hours ago

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with eight new flaws, including high-severity bugs in Cisco and Kentico products.
Information security
fromTNW | Next-Featured
3 hours ago

Lovable security crisis: 48 days of exposed projects, closed bug reports, & the structural failure of vibe coding security

Lovable's security incidents expose vulnerabilities in AI-generated code and highlight a market focus on growth over security.
Information security
fromSecurityWeek
4 hours ago

Dozens of Malicious Crypto Apps Land in Apple App Store

Over two dozen fake cryptocurrency apps targeting iOS users have been found in the Apple App Store, aimed at stealing recovery phrases and private keys.
#defi
Information security
fromnews.bitcoin.com
1 hour ago

Charles Hoskinson Points to Cardano and Midnight as Fix for Cross-Chain Flaws Behind KelpDAO Hack

A cross-chain exploit drained 116,500 restaked ETH from KelpDAO, causing over $13 billion in DeFi TVL outflows within 48 hours.
Information security
fromnews.bitcoin.com
20 hours ago

Chainalysis Flags Critical Blind Spot in DeFi Security as $292M Exploit Bypasses Burn Verification

A $292M DeFi exploit reveals critical vulnerabilities in cross-chain systems, highlighting flawed trust assumptions and the need for better security measures.
Information security
fromnews.bitcoin.com
19 hours ago

Ripple's Schwartz Flags DeFi Bridge Trade-Offs After KelpDAO Incident

Bridge security trade-offs in DeFi infrastructure may compromise protections during real-world deployment, raising concerns about operational shortcuts and risk management.
Information security
fromnews.bitcoin.com
1 hour ago

Charles Hoskinson Points to Cardano and Midnight as Fix for Cross-Chain Flaws Behind KelpDAO Hack

A cross-chain exploit drained 116,500 restaked ETH from KelpDAO, causing over $13 billion in DeFi TVL outflows within 48 hours.
Information security
fromnews.bitcoin.com
20 hours ago

Chainalysis Flags Critical Blind Spot in DeFi Security as $292M Exploit Bypasses Burn Verification

A $292M DeFi exploit reveals critical vulnerabilities in cross-chain systems, highlighting flawed trust assumptions and the need for better security measures.
Information security
fromnews.bitcoin.com
19 hours ago

Ripple's Schwartz Flags DeFi Bridge Trade-Offs After KelpDAO Incident

Bridge security trade-offs in DeFi infrastructure may compromise protections during real-world deployment, raising concerns about operational shortcuts and risk management.
more#defi
Information security
fromComputerWeekly.com
3 hours ago

Sans Institute preps live systems for Nato cyber exercise | Computer Weekly

The Sans Institute is providing a real operational cyber range for the NATO Locked Shields exercise to enhance cyber security training and readiness.
#ransomware
more#ransomware
Information security
fromSecuritymagazine
1 day ago

58% of Organizations Spend Over 10 Hours a Month Securing AI-generated Code

31% of organizations using AI-generated code spend 10 hours or less per month on validation and auditing, raising security concerns.
Information security
fromTechRepublic
1 day ago

Over 800 Android Apps Targeted in PIN-Stealing Trojan Campaign

Hackers exploit Android's overlay feature to capture PINs and monitor user interactions across over 800 apps using banking trojans.
Information security
fromTechzine Global
1 day ago

Kubernetes attack surface explodes: number of threats quadruples

Kubernetes faces a surge in cyberattacks, with a 282% increase in attempts, particularly targeting the IT sector and crypto exchanges.
Information security
fromTechzine Global
1 day ago

Aikido Endpoint offers developers additional protection against supply chain attacks

Aikido Endpoint protects developers' endpoints from supply chain attacks by blocking high-risk installations before they reach the system.
Information security
fromThe Hacker News
1 day ago

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

ZionSiphon malware targets Israeli water treatment systems, showcasing a trend in politically motivated attacks on critical infrastructure.
#microsoft-defender
Information security
fromTechRepublic
1 day ago

Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched

Three new security flaws in Microsoft Defender are actively exploited, with only one patched, allowing full SYSTEM-level access to attackers.
Information security
fromThe Hacker News
4 days ago

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Threat actors are exploiting three vulnerabilities in Microsoft Defender for elevated privileges, with one flaw already addressed by Microsoft.
Information security
fromTechRepublic
1 day ago

Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched

Three new security flaws in Microsoft Defender are actively exploited, with only one patched, allowing full SYSTEM-level access to attackers.
Information security
fromThe Hacker News
4 days ago

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Threat actors are exploiting three vulnerabilities in Microsoft Defender for elevated privileges, with one flaw already addressed by Microsoft.
more#microsoft-defender
#microsoft
Information security
fromTheregister
1 day ago

Microsoft releases Windows Server update to fix April update

Microsoft released an out-of-band update to fix a restart loop issue affecting Windows Server devices after the April 2026 update.
Information security
fromTheregister
4 days ago

Microsoft closes book on rogue Windows Server 2025 upgrades

Microsoft has resolved the Windows Server 2025 upgrade issue, but new problems have emerged with the cumulative update KB5082063.
Information security
fromTheregister
1 day ago

Microsoft releases Windows Server update to fix April update

Microsoft released an out-of-band update to fix a restart loop issue affecting Windows Server devices after the April 2026 update.
Information security
fromTheregister
4 days ago

Microsoft closes book on rogue Windows Server 2025 upgrades

Microsoft has resolved the Windows Server 2025 upgrade issue, but new problems have emerged with the cumulative update KB5082063.
more#microsoft
Information security
fromTechCrunch
1 day ago

Mastodon says its flagship server was hit by a DDoS attack | TechCrunch

Mastodon's flagship server experienced a DDoS attack, causing significant outages and instability, but countermeasures were implemented to restore access.
#bluesky
more#bluesky
fromEngadget
21 hours ago

Mastodon was hit by a 'major' DDoS attack that briefly took down parts of the service

Mastodon began reporting issues early Monday morning as much of the Mastodon-operated server became inaccessible. Andy Piper described the incident as a 'major' attack.
Information security
#ai-security
fromSecurityWeek
5 days ago
Information security

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

Information security
fromTheregister
1 day ago

Prompt injection proves AI models are gullible like humans

Prompt injection attacks exploit AI systems, similar to phishing, by embedding malicious instructions that the AI executes instead of treating as content.
Information security
fromSecurityWeek
5 days ago

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A prompt injection attack method named 'Comment and Control' targets AI code security tools, allowing attackers to hijack AI agents using crafted GitHub comments.
more#ai-security
Information security
fromBusiness Matters
4 days ago

Why Trust and Verification Are Critical for Modern Online Platform Businesses

Trust is essential yet fragile in the digital economy, with platforms facing increasing challenges from sophisticated online scams.
Information security
fromThe Hacker News
3 days ago

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors exploit vulnerabilities in TBK DVR and TP-Link routers to deploy Mirai-botnet variants, targeting IoT devices for large-scale attacks.
Information security
fromSecurityWeek
3 days ago

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.
Information security
fromHarvard Gazette
3 days ago

Time for government, business leaders to figure out AI cybersecurity regulation - Harvard Gazette

Agentic AI poses both opportunities for cybersecurity and risks to personal data, economy, and national security, necessitating regulation by leaders.
#malware
Information security
fromTechRepublic
4 days ago

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.
fromSecurityWeek
4 days ago
Information security

ZionSiphon Malware Targets ICS in Water Facilities

ZionSiphon is a new malware targeting water treatment plants in Israel, designed to manipulate chlorine levels and pressure in these facilities.
Information security
fromTechRepublic
4 days ago

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.
Information security
fromSecurityWeek
4 days ago

ZionSiphon Malware Targets ICS in Water Facilities

ZionSiphon is a new malware targeting water treatment plants in Israel, designed to manipulate chlorine levels and pressure in these facilities.
more#malware
Information security
fromwww.bbc.com
4 days ago

What is Claude Mythos and what risks does it pose?

Anthropic's Claude Mythos AI model outperforms humans in some cybersecurity tasks, raising concerns among regulators and tech companies.
#north-korea
fromComputerWeekly.com
3 days ago
Information security

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.
Information security
fromComputerWeekly.com
3 days ago

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.
more#north-korea
Information security
fromArs Technica
4 days ago

Recent advances push Big Tech closer to the Q-Day danger zone

Organizations are transitioning to new algorithms to replace RSA and elliptic curves due to vulnerabilities exposed by quantum computing threats.
Information security
fromDevOps.com
4 days ago

The Open Source Trap: Why Trust Isn't a Security Strategy - DevOps.com

The software supply chain is vulnerable due to reliance on under-resourced open source maintainers, requiring active organizational support for security.
#nist
more#nist
#apache-activemq
Information security
fromTheregister
4 days ago

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

CISA warns of a critical Apache ActiveMQ vulnerability requiring federal agencies to patch within two weeks to prevent exploitation.
Information security
fromThe Hacker News
4 days ago

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A high-severity security flaw in Apache ActiveMQ Classic, CVE-2026-34197, is actively exploited, requiring urgent fixes by April 30, 2026.
Information security
fromSecurityWeek
4 days ago

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

A vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, is being actively exploited, requiring immediate patching by organizations.
Information security
fromTheregister
4 days ago

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

CISA warns of a critical Apache ActiveMQ vulnerability requiring federal agencies to patch within two weeks to prevent exploitation.
Information security
fromThe Hacker News
4 days ago

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A high-severity security flaw in Apache ActiveMQ Classic, CVE-2026-34197, is actively exploited, requiring urgent fixes by April 30, 2026.
Information security
fromSecurityWeek
4 days ago

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

A vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, is being actively exploited, requiring immediate patching by organizations.
more#apache-activemq
fromTheregister
4 days ago

Cisco Wi-Fi boxes writing 5MB of undeletable data daily

More than 230 different models of Cisco Wi-Fi access points may be writing 5MB a day of nonessential data, filling their onboard flash memory to the point at which they lack space for future software updates.
Information security
fromThe Hacker News
4 days ago

Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts

"Booter services allow users to launch DDoS attacks against targeted websites, servers, or networks. Their infrastructure is made up of servers, databases, and other technical components that make DDoS-for-hire activities possible. By seizing these infrastructures, authorities were able to hinder these criminal operations and prevent further damage to victims."
Information security
Information security
fromTechzine Global
4 days ago

Broadcom brings secure AI agent environment to VMware Tanzu

Broadcom's VMware Tanzu Platform Agent Foundations provides a secure environment for autonomous AI applications with zero-trust networking and automated management.
Information security
fromTechRepublic
4 days ago

McGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records Leaked

Unauthorized access to limited internal data at McGraw-Hill was linked to a Salesforce misconfiguration, raising concerns about potential identity fraud and harassment.
Information security
fromThe Hacker News
5 days ago

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

A social engineering campaign exploits Obsidian to distribute PHANTOMPULSE trojan targeting financial and cryptocurrency sectors.
Information security
fromTheregister
4 days ago

MCP 'design flaw' puts 200k servers at risk: Researcher

A design flaw in Anthropic's Model Context Protocol puts 200,000 servers at risk, despite repeated requests for a patch from security researchers.
[ Load more ]