Two Russian nationals stand trial in Paris in a case emblematic of the wave of ransomware attacks that France has seen for more than six years. The trial opening Wednesday, February 11, before the...
Acquisition of AI security innovator positions Proofpoint as the first cybersecurity platform to comprehensively address agentic workspace protection at the intersections of humans, data, and AI
Meanwhile, IP-stealing 'distillation attacks' on the rise A Chinese government hacking group that has been sanctioned for targeting America's critical infrastructure used Google's AI chatbot,...
The Dordrecht native was detained on Tuesday by police in East Brabant on accusations he distributed a bot called JokerOTP, which is used widely by cybercriminals to intercept the codes delivered...
Google Threat Intelligence Group (GTIG) has published a new report warning about AI model extraction/distillation attacks, in which private-sector firms and researchers use legitimate API access...
Businesses are embedding prompts that produce content they want you to read, not the stuff AI makes if left to its own devices Amid its ongoing promotion of AI’s wonders, Microsoft has warned...
Download Recorded Future's 2026 State of Security report which provides comprehensive threat intelligence on geopolitical fragmentation, state-sponsored operations, ransomware evolution, and...
The global threat landscape didn't simplify in 2025 — it shattered. The 2026 State of Security report represents Insikt Group's most comprehensive threat intelligence analysis to date, drawing on...
Bypassing Administrator Protection by Abusing UI Access In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC...
Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security,...
Unit 42 reveals new infrastructure associated with the Notepad++ attack. This expands understanding of threat actor operations and malware delivery. The post Nation-State Actors Exploit Notepad++...
Most signs suggest the group is running a massive hoax by claiming hundreds of initial victims, but at least some of the threat 0APT poses is grounded in truth backed by proven capabilities. The...
Apple security advisory (AV26-122)
Axelar is a cross-chain protocol similar to Wormhole and Layer Zero. Normally, with finalization, the Axelar network sends a message to the core contract. Then, the calling contracts checks to see...
Drupal security advisory (AV26-121)
Petitions demanding people get the chance to be released from ICE custody have overwhelmed courts throughout the US.
Add-ons with 37M installs leak visited URLs to 30+ recipients, researcher says They know where you've been and they're going to share it. A security researcher has identified 287 Chrome extensions...
The repository contains a set of Claude Skills for Solidity smart contract vulnerabilities. They range from authorization on tx.origin to more nuanced/contextualized things like access control...
The ERC4337 (Account Abstraction) implementation assumes that UserOperation binds the protocol to run the user's transaction only by the intended user. In particular, being sent directly to the...
Starknet is an L1 that utilizes a ZK prover. The blockifier is the creator of the blocks and proofs. I imagine that they have a centralized sequencer, but I'm not sure. Recently, they experienced...
Commvault security advisory (AV26-120)
[Control systems] Schneider Electric security advisory (AV26-119)
HPE security advisory (AV26-117)
Palo Alto Networks security advisory (AV26-118)
Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans...
Ticket Tricking is a technique to get OTPs or verification emails sent to a public forum so that you can "prove" you have access to a domain when you really don't. Google Groups have this risk and...
Apple has released security updates to fix a zero-day vulnerability that was exploited in an "extremely sophisticated attack" targeting specific individuals. [...]
Agentic browsing appears to be the future of Chrome and other web browsers. Unlike other types of attacks, prompt injection is not something that can be fully "solved" in the traditional sense....
Google Chrome security advisory (AV26-116)
It's Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services. Microsoft issued fixes for 59 flaws,...