Drug kingpin Nemesio “El Mencho” Oseguera Cervantes may be dead, but the Jalisco cartel he ran for years will likely outlive him—thanks, in part, to the criminal group’s embrace of technology.
Approximately 229,226 Australian driver licences have reportedly been exposed by hackers who breached security at YouX, a popular software platform used by automakers and dealers for new-vehicle...
The United States has intensified its response to zero-day exploits theft, announcing new sanctions against a Russia-linked cyber tools network accused of stealing sensitive U.S. trade secrets and...
In October 2025, retailer Canadian Tire was the victim of a data breach that exposed almost 42M records. The data contained 38M unique email addresses along with names, phone numbers and physical...
And they're being stressed by geopolitical concerns that threaten to slow important data-sharing efforts Researchers from Georgia Tech have found that the supply chain for threat intelligence data...
A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial...
The US Justice Department disclosures give fresh clues about how tech companies handle government inquiries about your data.
Jai Vijayan reports: In 2025, cybercriminals needed less time to move from break-in to lateral movement across a network than it takes to watch a typical sitcom. An analysis by CrowdStrike of...
Discovery is getting cheaper. Validation and patching aren’t What good is finding a hole if you can't fix it? Anthropic last week talked up Claude Code's improved ability to find software...
SolarWinds security advisory (AV26-165)
HPE security advisory (AV26-164)
[Control systems] ABB security advisory (AV26-163)
SolarWinds + file transfer software = what attackers' dreams are made of If you run SolarWinds’ Serv-U, you should patch promptly. Four critical vulnerabilities in the file transfer software can...
A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft,...
VMware security advisory (AV26-162)
New ransomware of choice, same critical targets North Korea’s Lazarus Group appears to have added another tool to its kit. It has begun using Medusa ransomware in extortion attacks targeting at...
“Do not do any of these things. Especially do not cover your face and destroy the many, and largely unprotected, power stations and cell towers. Electricity is a ghost, but one you can catch and...
Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being...
The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new...
Bring Wiz cloud security insights into your Notion workspace with Custom Agents — enabling automated reporting, investigation, and security workflows where teams already work.
SonicWall security advisory (AV26-161)
Mozilla security advisory (AV26-160)
When a one-line fix triggers thousands of PRs, something's off A Go library maintainer has urged developers to turn off GitHub's Dependabot, arguing that false positives from the...
Tenable Research investigated a malicious npm package with around 50,000 downloads in the public registry. We observed various detection-evasion techniques and saw it deploy multiple powerful...
Greater Pittsburgh Orthopaedic Associates (GPOA) recently began notifying patients of a breach that occurred on or about August 10, 2025. Although their notification letter to patients does not...
Use of Hard-coded Credentials vulnerability (CVE-2025-13776) has been found in Finka-FK, Finka-KPR, Finka-Płace, Finka-Faktura, Finka-Magazyn, Finka-STW applications.
"Reddit was using children’s data unlawfully, potentially exposing them to inappropriate and harmful content,” British regulators said in announcing a fine against the platform.
The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi...
If you have worked in enterprise IT for long enough, you have lived through the same movie more than once. A new capability arrives, it spreads faster than policy, and the first formal governance...
Spanish authorities have arrested four alleged members of a hacktivist group believed to have carried out cyberattacks targeting government ministries, political parties and various public...