#cybersecurity

[ follow ]
#data-breach #malware #ai #ransomware #vulnerability #vulnerabilities #shinyhunters #ai-security #national-security
#ai
Artificial intelligence
fromNextgov.com
1 hour ago

White House is drafting plans to permit federal Anthropic use

The White House is considering allowing federal agencies to use Anthropic's AI tools despite previous supply chain risk designations.
Information security
fromTheregister
1 day ago

Cursor-Opus agent snuffs out startup's production database

An AI coding agent deleted PocketOS's production database and backups in 9 seconds due to a credential mismatch and improper token permissions.
more#ai
#supply-chain-attack
Information security
fromThe Hacker News
2 hours ago

SAP npm Packages Compromised by "Mini Shai-Hulud" Credential-Stealing Malware

A new supply chain attack campaign targets SAP-related npm packages with credential-stealing malware, affecting multiple versions and compromising developer environments.
Information security
fromArs Technica
8 hours ago

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Checkmarx and Bitwarden were compromised in a supply chain attack linked to TeamPCP, highlighting vulnerabilities in security tools.
Information security
fromThe Hacker News
2 hours ago

SAP npm Packages Compromised by "Mini Shai-Hulud" Credential-Stealing Malware

A new supply chain attack campaign targets SAP-related npm packages with credential-stealing malware, affecting multiple versions and compromising developer environments.
Information security
fromArs Technica
8 hours ago

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Checkmarx and Bitwarden were compromised in a supply chain attack linked to TeamPCP, highlighting vulnerabilities in security tools.
more#supply-chain-attack
Information security
fromTheregister
3 hours ago

CISA flags data-theft bug in NSA-built OT networking tool

CISA warns of a vulnerability in GrassMarlin that could expose sensitive information due to insufficient XML parsing hardening.
Privacy technologies
fromZDNET
4 hours ago

These two critical Mac security features are off by default - how to turn them on and why you should

A Firewall and Stealth Mode are essential for securing Macs against network vulnerabilities.
Information security
fromTechCrunch
5 hours ago

Sri Lanka discloses another missing payment, days after hackers stole $2.5M from its finance ministry | TechCrunch

Sri Lanka is investigating missing payments and cyber thefts linked to hackers targeting its financial systems.
Information security
fromSecurityWeek
5 hours ago

Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure

A critical SQL injection vulnerability in LiteLLM was exploited shortly after disclosure, allowing unauthorized access to sensitive database information.
DevOps
fromThe Hacker News
6 hours ago

What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

Exposure management platforms vary in effectiveness, and security leaders need to evaluate them based on their ability to reduce actual risk.
Privacy professionals
fromTheregister
9 hours ago

Non-profit's GoDaddy nightmare and the IT chaos that ensued

GoDaddy is investigating claims of unauthorized domain transfer without proper authentication, leading to significant downtime for a client.
#github
Information security
fromThe Verge
8 hours ago

GitHub rushed to fix a critical vulnerability in less than six hours

GitHub fixed a critical vulnerability in under six hours, preventing potential access to millions of repositories.
Information security
fromThe Hacker News
23 hours ago

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

A critical vulnerability in GitHub allows remote code execution via a single 'git push' command due to improper input sanitization.
more#github
#vulnerabilities
Information security
fromThe Hacker News
9 hours ago

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

CISA added two vulnerabilities to its KEV catalog due to active exploitation, impacting ConnectWise ScreenConnect and Microsoft Windows.
Information security
fromThe Hacker News
4 days ago

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

CISA added four vulnerabilities to its KEV catalog, indicating active exploitation affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link routers.
Information security
fromThe Hacker News
9 hours ago

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

CISA added two vulnerabilities to its KEV catalog due to active exploitation, impacting ConnectWise ScreenConnect and Microsoft Windows.
Information security
fromThe Hacker News
4 days ago

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

CISA added four vulnerabilities to its KEV catalog, indicating active exploitation affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link routers.
more#vulnerabilities
#ransomware
Information security
fromThe Hacker News
1 day ago

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

VECT 2.0 acts as a wiper, permanently destroying files instead of encrypting them, making recovery impossible even for victims who pay the ransom.
Information security
fromFuturism
3 days ago

Ransomware Negotiator Pleads Guilty to Deploying Ransomware Himself

A ransomware negotiator conspired with hackers, betraying clients and facilitating attacks against multiple companies.
Information security
fromThe Hacker News
1 day ago

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

VECT 2.0 acts as a wiper, permanently destroying files instead of encrypting them, making recovery impossible even for victims who pay the ransom.
Information security
fromFuturism
3 days ago

Ransomware Negotiator Pleads Guilty to Deploying Ransomware Himself

A ransomware negotiator conspired with hackers, betraying clients and facilitating attacks against multiple companies.
more#ransomware
Information security
fromThe Hacker News
13 hours ago

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

A critical SQL injection vulnerability in BerriAI's LiteLLM package is actively exploited within 36 hours of disclosure, allowing unauthorized database access.
#ai-security
fromAxios
21 hours ago
Artificial intelligence

Exclusive: OpenAI, Anthropic meet with House Homeland Security behind closed doors on cyber threats

fromSecurityWeek
2 days ago
Information security

Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google

Artificial intelligence
fromAxios
21 hours ago

Exclusive: OpenAI, Anthropic meet with House Homeland Security behind closed doors on cyber threats

Anthropic and OpenAI are collaborating with federal agencies to address cybersecurity risks associated with their AI models.
Information security
fromSecurityWeek
2 days ago

Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google

Google's research reveals an increase in indirect prompt injection attacks on AI, though their sophistication remains relatively low.
more#ai-security
fromNextgov.com
20 hours ago

Pentagon launches cyber apprenticeship program

"This program is a critical investment in our people and the bedrock of our national security," Marci McCarthy, the DOD CIO's director of external engagements, said in a statement. "The Cyber RAP provides a direct pathway for dedicated individuals to join our mission, securing the vital networks, infrastructure, and weapon systems that our Warfighters depend on every single day."
Washington DC
Information security
fromTheregister
1 day ago

Don't pay VECT a ransom - your big files are likely gone

Organizations affected by Trivy and LiteLLM compromises that paid Vect likely received little data recovery, according to Check Point Research.
Information security
fromSecurityWeek
1 day ago

Cyber Insurance Data Gives CISOs New Ammo for Budget Talks

CFOs and boards must understand cybersecurity risks in financial terms, which can be achieved through insurance data and analysis.
Artificial intelligence
fromAxios
1 day ago

How Cyber Command is building its AI cyber war playbook

Cyber Command is building flexible infrastructure to utilize various AI models, regardless of origin, to enhance cyber operations.
Information security
fromSecurityWeek
1 day ago

Vimeo Confirms User and Customer Data Breach

Vimeo confirmed a data breach involving user data theft through a third-party vendor, but no video content or payment information was compromised.
Information security
fromSecurityWeek
1 day ago

The Mythos Moment: Enterprises Must Fight Agents with Agents

Agentic AI poses significant cyber risks by autonomously identifying and exploiting software vulnerabilities, necessitating advanced defensive measures.
fromSecurityWeek
1 day ago

Robinhood Vulnerability Exploited for Phishing Attacks

"This phishing attempt was made possible by an abuse of the account creation flow. It was not a breach of our systems or customer accounts, and personal information and funds were not impacted."
Deliverability
UK news
fromLondon Business News | Londonlovesbusiness.com
1 day ago

MPs consider issuing survival handbook as Britain braces for potential large-scale war - London Business News | Londonlovesbusiness.com

UK households may receive survival guides as the government updates its Cold War-era contingency planning framework to address rising threats.
Information security
fromSecurityWeek
1 day ago

Alleged Chinese State Hacker Extradited to US

Xu Zewei, a Chinese national, was extradited to the US for cyberattacks linked to a state-sponsored APT group targeting US universities.
Information security
fromSecurityWeek
1 day ago

Dozens of Open VSX Extension Clones Linked to GlassWorm Malware

Over 70 extensions in the Open VSX marketplace are likely linked to GlassWorm malware, designed to steal sensitive information and deploy malware.
Information security
fromSecurityWeek
1 day ago

Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable

Predictable budgets and on-demand defensive agentic AI can now be aligned despite historical incompatibility.
fromThe Hacker News
1 day ago

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

LeRobot contains an unsafe deserialization vulnerability in the async inference pipeline, where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components.
Privacy professionals
Information security
fromSecurityWeek
1 day ago

Electric Motorcycles and Scooters Face Hacking Risks to Security and Rider Safety

Electric motorcycles from Zero Motorcycles and scooters from Yadea have vulnerabilities that could impact physical security and safety.
Germany news
fromSecurityWeek
1 day ago

Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials

Germany suspects Russia behind phishing attacks on Signal targeting politicians and journalists, with investigations ongoing into espionage allegations.
Business
fromFortune
1 day ago

What the NSA's former director wants CEOs to know about navigating a dangerous world | Fortune

Agility in volatile times requires understanding complex threats and adapting strategies to new realities, especially in national security and economic contexts.
#hacking
more#hacking
Information security
fromTechzine Global
1 day ago

Malicious Python package poses new supply chain threat

The open-source package elementary-data was compromised, leading to the publication of a malicious version that stole sensitive user credentials.
#microsoft
Information security
fromThe Hacker News
1 day ago

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Microsoft acknowledged active exploitation of a high-severity security flaw in Windows Shell, now patched, allowing unauthorized access to sensitive information.
fromDevOps.com
4 days ago
Artificial intelligence

Microsoft Turns to Anthropic's Mythos to Improve Cyber Defense

Microsoft integrates Anthropic's AI models into its Security Development Lifecycle to enhance code analysis and vulnerability detection.
Information security
fromThe Hacker News
1 day ago

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Microsoft acknowledged active exploitation of a high-severity security flaw in Windows Shell, now patched, allowing unauthorized access to sensitive information.
Artificial intelligence
fromDevOps.com
4 days ago

Microsoft Turns to Anthropic's Mythos to Improve Cyber Defense

Microsoft integrates Anthropic's AI models into its Security Development Lifecycle to enhance code analysis and vulnerability detection.
more#microsoft
Information security
fromComputerWeekly.com
1 day ago

Are tech leaders risking a cyber resourcing crisis? | Computer Weekly

Cybersecurity professionals face low pay rises and high job dissatisfaction, risking a talent crisis despite the growing demand for their skills.
Privacy professionals
fromSecurityWeek
1 day ago

Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak

Medtronic confirmed a hack by ShinyHunters, claiming millions of records were stolen, but asserts no impact on patient safety or operations.
#data-breach
fromSecuritymagazine
2 days ago
Privacy professionals

ADT Breach Confirmed: Names, Phone Numbers, and Addresses Exposed

ADT experienced a data breach, with personal information of customers accessed, but no payment information was compromised.
Privacy professionals
fromTheregister
2 days ago

Burglar alarm biz gets burgled, ShinyHunters pursues ransom

ADT confirmed a cyber intrusion by ShinyHunters, claiming over 10 million records were stolen, while ADT reported a limited data breach.
Information security
fromThe Hacker News
2 days ago

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

Checkmarx's investigation reveals a cybercriminal group published data from its GitHub repository on the dark web following a supply chain attack.
Privacy professionals
fromTheregister
2 days ago

Burglar alarm biz gets burgled, ShinyHunters pursues ransom

ADT confirmed a cyber intrusion by ShinyHunters, claiming over 10 million records were stolen, while ADT reported a limited data breach.
more#data-breach
UK politics
fromwww.independent.co.uk
1 day ago

MP's website sees cyberattack traceable to China', sending users to gambling pages

The Independent provides critical journalism on various issues, emphasizing the importance of donations to support unbiased reporting without paywalls.
Marketing tech
fromThedrum
1 day ago

White Bullet appoints Stuart Dickinson as Director of Advertising Operations and Client Success

Stuart Dickinson joins White Bullet as Director of Advertising Operations to enhance adtech partnerships and programmatic integrations.
Cryptocurrency
fromFuturism
2 days ago

Bitcoin Developers Are Debating a Move That Could Send Crypto Markets Into a Tailspin

Quantum computers pose a significant cybersecurity threat, prompting proposals to freeze dormant Bitcoins to protect them.
#malware
Information security
fromThe Hacker News
5 days ago

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

A federal agency's Cisco Firepower device was compromised by the FIRESTARTER malware, enabling remote access and control through exploited vulnerabilities.
Information security
fromThe Hacker News
2 days ago

Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More

New malware fast16 predates Stuxnet, targeting high-precision software to subtly alter calculations, potentially causing significant failures.
Information security
fromThe Hacker News
2 days ago

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Dozens of malicious VS Code extensions linked to the GlassWorm campaign have been identified, posing risks to developers through cloned versions of legitimate tools.
Information security
fromThe Hacker News
4 days ago

Researchers Uncover Pre-Stuxnet 'fast16' Malware Targeting Engineering Software

A new Lua-based malware, fast16, predates Stuxnet and targets high-precision calculation software for cyber sabotage.
Information security
fromThe Hacker News
5 days ago

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

A federal agency's Cisco Firepower device was compromised by the FIRESTARTER malware, enabling remote access and control through exploited vulnerabilities.
more#malware
Information security
from24/7 Wall St.
2 days ago

Mizuho Upgrades CrowdStrike With a $520 Price Target: Is AI Security the Next Mega-Trade?

Mizuho upgraded CrowdStrike to Outperform, raising its price target to $520, citing strong demand and AI security growth potential.
UK politics
fromBusiness Matters
2 days ago

Ministers urge British boardrooms to sign cyber-resilience pledge as AI threat escalates

Ministers urge UK companies to enhance cyber-defenses amid AI threats, promoting a new cyber-resilience pledge for board-level responsibility.
Privacy professionals
fromTechCrunch
2 days ago

Critical infrastructure giant Itron says it was hacked | TechCrunch

Itron confirmed a cyberattack in April, with hackers accessing some systems but no signs of further intrusions detected.
Information security
fromSecurityWeek
2 days ago

OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years

OpenSSH versions have a vulnerability allowing root access via certificate misconfiguration, undetectable by log-based systems.
Information security
fromTheregister
2 days ago

Cybersecurity professional getting more work and less pay

Cybersecurity professionals faced significant pay stagnation in 2025, with 77% in the UK receiving no salary increase despite high demand for their roles.
#phishing
Information security
fromSecurityWeek
2 days ago

UNC6692 Uses Email Bombing, Social Engineering to Deploy 'Snow' Malware

A threat actor, UNC6692, impersonates IT support to deploy malware through phishing emails and malicious browser extensions.
fromThe Local Germany
4 days ago
Germany politics

Germany launches spying probe into Signal attacks targeting MPs

German prosecutors investigate phishing attacks on lawmakers, linked to Russia, highlighting the need for vigilance against espionage threats.
Information security
fromSecurityWeek
2 days ago

UNC6692 Uses Email Bombing, Social Engineering to Deploy 'Snow' Malware

A threat actor, UNC6692, impersonates IT support to deploy malware through phishing emails and malicious browser extensions.
Germany politics
fromThe Local Germany
4 days ago

Germany launches spying probe into Signal attacks targeting MPs

German prosecutors investigate phishing attacks on lawmakers, linked to Russia, highlighting the need for vigilance against espionage threats.
more#phishing
Information security
fromThe Hacker News
2 days ago

Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud

Telecommunications fraud campaign uses fake CAPTCHA to trick users into sending costly international text messages, generating illicit revenue for fraudsters.
Information security
fromZDNET
2 days ago

Nearly half of cybersecurity pros want to quit - here's why

There's a significant mismatch between demand and rewards in cybersecurity, leading to dissatisfaction among professionals.
Privacy technologies
fromThe Local Germany
3 days ago

As phishing attacks hit Germany - how secure is Signal messenging app?

Signal, a secure messaging app, faces phishing attacks linked to Russian groups, raising concerns about its security despite its end-to-end encryption.
Careers
fromEntrepreneur
4 days ago

How to Know Where Your Security Threat Is Before It's Too Late

Organizations winning the security talent war operationalize key questions to prevent knowledge loss and enhance cybersecurity resilience.
fromTechCrunch
4 days ago

Why Tokyo is the most important tech destination of 2026 | TechCrunch

Sessions featuring Howard Wright (Nvidia), Rob Chu (AWS), and Eric Benhamou (Benhamou Global Ventures) cut through the noise to examine where AI is genuinely deployed at scale and where the real risks lie.
London startup
Information security
fromSecurityWeek
4 days ago

China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks

GopherWhisper is a newly identified APT using legitimate services for command-and-control communication and data exfiltration, primarily targeting a Mongolian government entity.
Privacy professionals
fromArs Technica
5 days ago

Why are top university websites serving porn? It comes down to shoddy housekeeping.

Universities often neglect DNS record maintenance, leading to hijacked subdomains that can appear in search results.
Information security
from24/7 Wall St.
5 days ago

Cybersecurity ETFs Face a Reckoning: Which 3 Will Weather the Downturn

Cybersecurity spending is essential for corporations, leading to increased investment in thematic ETFs focused on security budgets post-breach.
DevOps
fromTechRepublic
2 years ago

What is Cloud Security? Fundamental Guide

Cloud security requires specialized processes and technologies to protect assets and data from evolving threats in a dynamic environment.
Europe news
fromSecuritymagazine
5 days ago

Netherlands Faces Greatest National Security Threat Since World War Two

The Netherlands faces its greatest national security threat since World War Two, primarily from Russia and China.
fromThe Hacker News
5 days ago

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

"For years, NASA employees and research collaborators thought they were simply sharing software with colleagues. Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers."
Privacy professionals
Information security
fromComputerWeekly.com
5 days ago

BT has now blocked over a billion clicks to malicious websites, says NCSC | Computer Weekly

BT and EE have blocked over a billion clicks to malicious websites using intelligence from the UK's National Cyber Security Centre.
Privacy professionals
fromTheregister
5 days ago

ShinyHunters claim they have cruise giant Carnival's booty

Carnival Corporation faces a significant data breach involving 7.5 million email addresses linked to its Mariner Society loyalty program.
[ Load more ]