#cybersecurity

[ follow ]
#ai #vulnerability #ransomware #malware #data-breach #openai #vulnerabilities #phishing #hacking #china #extradition
#supply-chain-attacks
Information security
fromTheregister
3 hours ago

Ongoing supply chain attacks worm into SAP npm packages

Supply chain attacks have compromised multiple npm packages, including those from SAP and Intercom, with credential-stealing malware affecting developers.
Information security
fromTheregister
2 days ago

Don't pay VECT a ransom - your big files are likely gone

Organizations affected by Trivy and LiteLLM compromises that paid Vect likely received little data recovery, according to Check Point Research.
Information security
fromTheregister
3 hours ago

Ongoing supply chain attacks worm into SAP npm packages

Supply chain attacks have compromised multiple npm packages, including those from SAP and Intercom, with credential-stealing malware affecting developers.
Information security
fromTheregister
2 days ago

Don't pay VECT a ransom - your big files are likely gone

Organizations affected by Trivy and LiteLLM compromises that paid Vect likely received little data recovery, according to Check Point Research.
more#supply-chain-attacks
Cryptocurrency
fromnews.bitcoin.com
4 hours ago

Pentagon Eyes Bitcoin Infrastructure as Strategic Asset, Hegseth Says

Bitcoin is integrated into classified U.S. Defense Department efforts to enhance national security and counter China.
Information security
fromArs Technica
6 hours ago

The most severe Linux threat to surface in years catches the world flatfooted

A critical Linux vulnerability allows unprivileged users to gain root access, posing severe risks to data centers and personal devices.
Information security
fromNextgov.com
5 hours ago

Why recovery speed matters when the homeland is the cyber battlefield

Cyberattacks are now a constant threat to essential services and military readiness, requiring a shift in defense strategies to anticipate and recover from disruptions.
#phishing
Information security
fromThe Hacker News
12 hours ago

ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

New phishing kits are evolving, integrating advanced features for targeted attacks, while security vulnerabilities continue to pose significant risks online.
Information security
fromThe Hacker News
12 hours ago

ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

New phishing kits are evolving, integrating advanced features for targeted attacks, while security vulnerabilities continue to pose significant risks online.
more#phishing
#hacking
Information security
fromTheregister
6 hours ago

FBI: China's hacker-for-hire ecosystem 'out of control'

China's hacker-for-hire ecosystem, linked to state security, poses significant cybersecurity threats and operates with profit-driven motives.
Information security
fromTheregister
6 hours ago

FBI: China's hacker-for-hire ecosystem 'out of control'

China's hacker-for-hire ecosystem, linked to state security, poses significant cybersecurity threats and operates with profit-driven motives.
more#hacking
#cpanel
Information security
fromTechCrunch
6 hours ago

Hackers are actively exploiting a bug in cPanel, used by millions of websites | TechCrunch

A critical vulnerability in cPanel and WHM allows hackers to gain full control of affected servers, necessitating immediate patching by users.
Information security
fromSecurityWeek
15 hours ago

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months

A critical authentication bypass vulnerability in cPanel & WHM allows remote attackers to gain administrative access, risking system takeover.
Information security
fromTheregister
16 hours ago

Critical cPanel, WHM flaw probs exploited as 0-day, pros say

A critical vulnerability in cPanel and WHM allows attackers to bypass authentication and gain root access, affecting millions of domains.
Information security
fromTechCrunch
6 hours ago

Hackers are actively exploiting a bug in cPanel, used by millions of websites | TechCrunch

A critical vulnerability in cPanel and WHM allows hackers to gain full control of affected servers, necessitating immediate patching by users.
Information security
fromSecurityWeek
15 hours ago

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months

A critical authentication bypass vulnerability in cPanel & WHM allows remote attackers to gain administrative access, risking system takeover.
Information security
fromTheregister
16 hours ago

Critical cPanel, WHM flaw probs exploited as 0-day, pros say

A critical vulnerability in cPanel and WHM allows attackers to bypass authentication and gain root access, affecting millions of domains.
more#cpanel
#openai
Information security
fromTNW | Next-Featured
7 hours ago

OpenAI launches hardware security keys for ChatGPT with Yubico partnership and disables password login for high-risk users

OpenAI launched Advanced Account Security, replacing passwords with hardware keys and disabling email recovery, targeting sensitive user accounts.
Information security
fromTechCrunch
6 hours ago

After dissing Anthropic for limiting Mythos, OpenAI restricts access to Cyber, too | TechCrunch

OpenAI will restrict access to its cybersecurity tool Cyber, similar to Anthropic's approach with Mythos.
Information security
fromTNW | Next-Featured
7 hours ago

OpenAI launches hardware security keys for ChatGPT with Yubico partnership and disables password login for high-risk users

OpenAI launched Advanced Account Security, replacing passwords with hardware keys and disabling email recovery, targeting sensitive user accounts.
Information security
fromTechCrunch
6 hours ago

After dissing Anthropic for limiting Mythos, OpenAI restricts access to Cyber, too | TechCrunch

OpenAI will restrict access to its cybersecurity tool Cyber, similar to Anthropic's approach with Mythos.
more#openai
Information security
fromSecurityWeek
7 hours ago

AI Fuels 'Industrial' Cybercrime as Time-to-Exploit Shrinks to Hours

Industrialized cybercrime utilizes AI and automation for efficient, sophisticated attacks, necessitating defenders to adopt similar technologies for effective countermeasures.
#ai-security
Information security
fromSecurityWeek
7 hours ago

Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge

Claude Security aims to empower defenders against advanced AI threats by providing automated vulnerability scanning and patching capabilities.
Artificial intelligence
fromAxios
2 days ago

Exclusive: OpenAI, Anthropic meet with House Homeland Security behind closed doors on cyber threats

Anthropic and OpenAI are collaborating with federal agencies to address cybersecurity risks associated with their AI models.
Information security
fromSecurityWeek
7 hours ago

Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge

Claude Security aims to empower defenders against advanced AI threats by providing automated vulnerability scanning and patching capabilities.
Artificial intelligence
fromAxios
2 days ago

Exclusive: OpenAI, Anthropic meet with House Homeland Security behind closed doors on cyber threats

Anthropic and OpenAI are collaborating with federal agencies to address cybersecurity risks associated with their AI models.
more#ai-security
Information security
fromWIRED
8 hours ago

OpenAI Rolls Out 'Advanced' Security Mode for At-Risk Accounts

OpenAI introduces Advanced Account Security to enhance protection against account takeover attacks for ChatGPT and Codex users.
Information security
fromThe Hacker News
8 hours ago

PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials

Malicious versions of the Lightning Python package were released, enabling credential theft through an automated attack chain.
#ai
Information security
fromZDNET
9 hours ago

Anthropic's new Claude Security tool scans your codebase for flaws - and helps you decide what to fix first

AI vulnerability scanning is integrating into developer workflows to enhance cybersecurity.
Privacy technologies
fromZDNET
1 day ago

Privacy in the AI era is possible, says Proton's CEO, but one thing keeps him up at night

AI and Big Tech are compromising personal privacy, prompting increased interest in encrypted tools like those offered by Proton.
Artificial intelligence
fromNextgov.com
1 day ago

White House is drafting plans to permit federal Anthropic use

The White House is considering allowing federal agencies to use Anthropic's AI tools despite previous supply chain risk designations.
Information security
fromZDNET
9 hours ago

Anthropic's new Claude Security tool scans your codebase for flaws - and helps you decide what to fix first

AI vulnerability scanning is integrating into developer workflows to enhance cybersecurity.
Information security
fromSecuritymagazine
1 day ago

New Research: AI-Driven Cybercrime Led to a 389% Increase in Ransomware Victims

Cybercriminals are using AI to enhance efficiency, leading to fewer brute force attempts and a rise in exploitation and ransomware incidents.
Privacy technologies
fromZDNET
1 day ago

Privacy in the AI era is possible, says Proton's CEO, but one thing keeps him up at night

AI and Big Tech are compromising personal privacy, prompting increased interest in encrypted tools like those offered by Proton.
Artificial intelligence
fromNextgov.com
1 day ago

White House is drafting plans to permit federal Anthropic use

The White House is considering allowing federal agencies to use Anthropic's AI tools despite previous supply chain risk designations.
more#ai
World politics
fromFortune
10 hours ago

For years, the risk Jamie Dimon was most concerned about was geopolitics. His answer has shifted | Fortune

Geopolitical tensions and cybersecurity risks are the greatest threats to the global economy, according to Jamie Dimon.
Information security
fromTNW | Opinion
12 hours ago

Why cybersecurity leaders are losing control in the age of AI threats

AI-driven threats are increasing, and effective cybersecurity relies on leadership clarity, AI integration, and workforce awareness.
Women in technology
fromAbove the Law
12 hours ago

ILTA EVOLVE: Sometimes Less Is More - A Focus On Leadership - Above the Law

Smaller, focused conferences like ILTA EVOLVE enhance interaction and address critical topics such as cybersecurity, GenAI, and leadership in legal tech.
#malware
Information security
fromThe Hacker News
13 hours ago

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

DEEP#DOOR is a Python-based backdoor framework that enables persistent access and sensitive information harvesting from compromised systems.
Information security
fromInfoWorld
16 hours ago

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

Attackers view developer workstations as critical access points, targeting them to infiltrate software supply chains.
more#malware
#china
Information security
fromTheregister
15 hours ago

Chinese spy group caught lurking in Poland, Asia networks

A China-linked threat group infiltrated critical networks in multiple countries, using advanced techniques and tools for long-term access and espionage.
Information security
fromTheregister
15 hours ago

Chinese spy group caught lurking in Poland, Asia networks

A China-linked threat group infiltrated critical networks in multiple countries, using advanced techniques and tools for long-term access and espionage.
more#china
Privacy professionals
fromWIRED
16 hours ago

Exposed Data Illustrates the Nightmare Scenario for a Stalkerware Victim

Stalkerware enables secret surveillance of individuals, leading to severe privacy violations and potential data breaches of sensitive information.
#quantum-computing
Information security
fromInfoQ
1 day ago

Meta's Approach to Migrating their Systems to Post-Quantum Cryptography

Meta is migrating to post-quantum cryptography to protect against quantum computing threats, using a five-level maturity model to track progress.
Cryptocurrency
fromFuturism
3 days ago

Bitcoin Developers Are Debating a Move That Could Send Crypto Markets Into a Tailspin

Quantum computers pose a significant cybersecurity threat, prompting proposals to freeze dormant Bitcoins to protect them.
Information security
fromInfoQ
1 day ago

Meta's Approach to Migrating their Systems to Post-Quantum Cryptography

Meta is migrating to post-quantum cryptography to protect against quantum computing threats, using a five-level maturity model to track progress.
Cryptocurrency
fromFuturism
3 days ago

Bitcoin Developers Are Debating a Move That Could Send Crypto Markets Into a Tailspin

Quantum computers pose a significant cybersecurity threat, prompting proposals to freeze dormant Bitcoins to protect them.
more#quantum-computing
Information security
fromThe Hacker News
16 hours ago

New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions

A high-severity Linux vulnerability allows unprivileged users to gain root access through a flaw in the kernel's cryptographic subsystem.
#data-breach
Healthcare
fromSecurityWeek
17 hours ago

Sandhills Medical Says Ransomware Breach Affects 170,000

Sandhills Medical Foundation experienced a data breach affecting nearly 170,000 individuals due to a ransomware attack discovered on May 8, 2025.
Healthcare
fromSecurityWeek
17 hours ago

Sandhills Medical Says Ransomware Breach Affects 170,000

Sandhills Medical Foundation experienced a data breach affecting nearly 170,000 individuals due to a ransomware attack discovered on May 8, 2025.
more#data-breach
European startups
fromTechzine Global
17 hours ago

mnemonic opens Dutch Security Operations Centre (SOC) and relocates to new office in Utrecht

mnemonic will open a new Security Operations Centre in the Netherlands on 1 May to enhance local SOC services for the Benelux market.
Information security
fromTheregister
18 hours ago

Finance company stored their DB credentials in spreadsheet

Sensitive information was inadequately protected in a publicly accessible SharePoint folder, highlighting significant security flaws in a fintech startup's practices.
#agentic-ai
Information security
fromIT Brew
1 day ago

Does the agentic era signal the end of cybersecurity perimeters?

Agentic AI complicates cybersecurity by enabling synthetic identities and unsupervised workflows, challenging traditional perimeter defenses.
Information security
fromSecurityWeek
2 days ago

The Mythos Moment: Enterprises Must Fight Agents with Agents

Agentic AI poses significant cyber risks by autonomously identifying and exploiting software vulnerabilities, necessitating advanced defensive measures.
Information security
fromIT Brew
1 day ago

Does the agentic era signal the end of cybersecurity perimeters?

Agentic AI complicates cybersecurity by enabling synthetic identities and unsupervised workflows, challenging traditional perimeter defenses.
Information security
fromSecurityWeek
2 days ago

The Mythos Moment: Enterprises Must Fight Agents with Agents

Agentic AI poses significant cyber risks by autonomously identifying and exploiting software vulnerabilities, necessitating advanced defensive measures.
more#agentic-ai
#robinhood
Deliverability
fromTechRepublic
1 day ago

Hackers Abuse Robinhood Signup Process to Deliver Phishing Emails

Robinhood users received phishing emails that appeared legitimate, exploiting a flaw in the account creation process to steal login credentials.
Deliverability
fromSecurityWeek
2 days ago

Robinhood Vulnerability Exploited for Phishing Attacks

Cybercriminals exploited Robinhood's account creation process to send phishing emails, but no personal information or funds were compromised.
Deliverability
fromTechRepublic
1 day ago

Hackers Abuse Robinhood Signup Process to Deliver Phishing Emails

Robinhood users received phishing emails that appeared legitimate, exploiting a flaw in the account creation process to steal login credentials.
Deliverability
fromSecurityWeek
2 days ago

Robinhood Vulnerability Exploited for Phishing Attacks

Cybercriminals exploited Robinhood's account creation process to send phishing emails, but no personal information or funds were compromised.
more#robinhood
#supply-chain-attack
Information security
fromThe Hacker News
1 day ago

SAP npm Packages Compromised by "Mini Shai-Hulud" Credential-Stealing Malware

A new supply chain attack campaign targets SAP-related npm packages with credential-stealing malware, affecting multiple versions and compromising developer environments.
Information security
fromArs Technica
1 day ago

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Checkmarx and Bitwarden were compromised in a supply chain attack linked to TeamPCP, highlighting vulnerabilities in security tools.
Information security
fromThe Hacker News
1 day ago

SAP npm Packages Compromised by "Mini Shai-Hulud" Credential-Stealing Malware

A new supply chain attack campaign targets SAP-related npm packages with credential-stealing malware, affecting multiple versions and compromising developer environments.
Information security
fromArs Technica
1 day ago

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Checkmarx and Bitwarden were compromised in a supply chain attack linked to TeamPCP, highlighting vulnerabilities in security tools.
more#supply-chain-attack
Information security
fromTheregister
1 day ago

CISA flags data-theft bug in NSA-built OT networking tool

CISA warns of a vulnerability in GrassMarlin that could expose sensitive information due to insufficient XML parsing hardening.
Privacy technologies
fromZDNET
1 day ago

These two critical Mac security features are off by default - how to turn them on and why you should

A Firewall and Stealth Mode are essential for securing Macs against network vulnerabilities.
Information security
fromTechCrunch
1 day ago

Sri Lanka discloses another missing payment, days after hackers stole $2.5M from its finance ministry | TechCrunch

Sri Lanka is investigating missing payments and cyber thefts linked to hackers targeting its financial systems.
Information security
fromSecurityWeek
1 day ago

Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure

A critical SQL injection vulnerability in LiteLLM was exploited shortly after disclosure, allowing unauthorized access to sensitive database information.
DevOps
fromThe Hacker News
1 day ago

What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

Exposure management platforms vary in effectiveness, and security leaders need to evaluate them based on their ability to reduce actual risk.
Information security
fromSecurityWeek
1 day ago

Hundreds of Internet-Facing VNC Servers Expose ICS/OT

Millions of RDP and VNC servers are exposed online, with significant risks to industrial control systems and operational technology.
Privacy professionals
fromTheregister
1 day ago

Non-profit's GoDaddy nightmare and the IT chaos that ensued

GoDaddy is investigating claims of unauthorized domain transfer without proper authentication, leading to significant downtime for a client.
#github
Information security
fromThe Verge
1 day ago

GitHub rushed to fix a critical vulnerability in less than six hours

GitHub fixed a critical vulnerability in under six hours, preventing potential access to millions of repositories.
Information security
fromThe Hacker News
2 days ago

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

A critical vulnerability in GitHub allows remote code execution via a single 'git push' command due to improper input sanitization.
Information security
fromThe Verge
1 day ago

GitHub rushed to fix a critical vulnerability in less than six hours

GitHub fixed a critical vulnerability in under six hours, preventing potential access to millions of repositories.
Information security
fromThe Hacker News
2 days ago

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

A critical vulnerability in GitHub allows remote code execution via a single 'git push' command due to improper input sanitization.
more#github
Information security
fromThe Hacker News
1 day ago

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

CISA added two vulnerabilities to its KEV catalog due to active exploitation, impacting ConnectWise ScreenConnect and Microsoft Windows.
#ransomware
Information security
fromThe Hacker News
2 days ago

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

VECT 2.0 acts as a wiper, permanently destroying files instead of encrypting them, making recovery impossible even for victims who pay the ransom.
Information security
fromThe Hacker News
2 days ago

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

VECT 2.0 acts as a wiper, permanently destroying files instead of encrypting them, making recovery impossible even for victims who pay the ransom.
more#ransomware
Information security
fromThe Hacker News
1 day ago

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

A critical SQL injection vulnerability in BerriAI's LiteLLM package is actively exploited within 36 hours of disclosure, allowing unauthorized database access.
fromNextgov.com
2 days ago

Pentagon launches cyber apprenticeship program

"This program is a critical investment in our people and the bedrock of our national security," Marci McCarthy, the DOD CIO's director of external engagements, said in a statement. "The Cyber RAP provides a direct pathway for dedicated individuals to join our mission, securing the vital networks, infrastructure, and weapon systems that our Warfighters depend on every single day."
Washington DC
Information security
fromSecurityWeek
2 days ago

Cyber Insurance Data Gives CISOs New Ammo for Budget Talks

CFOs and boards must understand cybersecurity risks in financial terms, which can be achieved through insurance data and analysis.
Artificial intelligence
fromAxios
2 days ago

How Cyber Command is building its AI cyber war playbook

Cyber Command is building flexible infrastructure to utilize various AI models, regardless of origin, to enhance cyber operations.
Information security
fromSecurityWeek
2 days ago

Vimeo Confirms User and Customer Data Breach

Vimeo confirmed a data breach involving user data theft through a third-party vendor, but no video content or payment information was compromised.
UK news
fromLondon Business News | Londonlovesbusiness.com
2 days ago

MPs consider issuing survival handbook as Britain braces for potential large-scale war - London Business News | Londonlovesbusiness.com

UK households may receive survival guides as the government updates its Cold War-era contingency planning framework to address rising threats.
Information security
fromSecurityWeek
2 days ago

Dozens of Open VSX Extension Clones Linked to GlassWorm Malware

Over 70 extensions in the Open VSX marketplace are likely linked to GlassWorm malware, designed to steal sensitive information and deploy malware.
Information security
fromSecurityWeek
2 days ago

Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable

Predictable budgets and on-demand defensive agentic AI can now be aligned despite historical incompatibility.
fromThe Hacker News
2 days ago

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

LeRobot contains an unsafe deserialization vulnerability in the async inference pipeline, where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components.
Privacy professionals
Information security
fromSecurityWeek
2 days ago

Electric Motorcycles and Scooters Face Hacking Risks to Security and Rider Safety

Electric motorcycles from Zero Motorcycles and scooters from Yadea have vulnerabilities that could impact physical security and safety.
Germany news
fromSecurityWeek
2 days ago

Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials

Germany suspects Russia behind phishing attacks on Signal targeting politicians and journalists, with investigations ongoing into espionage allegations.
Business
fromFortune
2 days ago

What the NSA's former director wants CEOs to know about navigating a dangerous world | Fortune

Agility in volatile times requires understanding complex threats and adapting strategies to new realities, especially in national security and economic contexts.
Information security
fromTechzine Global
2 days ago

Malicious Python package poses new supply chain threat

The open-source package elementary-data was compromised, leading to the publication of a malicious version that stole sensitive user credentials.
Information security
fromThe Hacker News
2 days ago

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Microsoft acknowledged active exploitation of a high-severity security flaw in Windows Shell, now patched, allowing unauthorized access to sensitive information.
Information security
fromComputerWeekly.com
2 days ago

Are tech leaders risking a cyber resourcing crisis? | Computer Weekly

Cybersecurity professionals face low pay rises and high job dissatisfaction, risking a talent crisis despite the growing demand for their skills.
Privacy professionals
fromSecurityWeek
2 days ago

Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak

Medtronic confirmed a hack by ShinyHunters, claiming millions of records were stolen, but asserts no impact on patient safety or operations.
UK politics
fromwww.independent.co.uk
3 days ago

MP's website sees cyberattack traceable to China', sending users to gambling pages

The Independent provides critical journalism on various issues, emphasizing the importance of donations to support unbiased reporting without paywalls.
Marketing tech
fromThedrum
3 days ago

White Bullet appoints Stuart Dickinson as Director of Advertising Operations and Client Success

Stuart Dickinson joins White Bullet as Director of Advertising Operations to enhance adtech partnerships and programmatic integrations.
[ Load more ]