For years, the service, known as ‘First VPN’, was promoted on Russian-speaking cybercrime forums as a trusted tool for remaining beyond the reach of law enforcement. It offered users anonymous...
Mission-critical facilities operate under a different standard. Utilities, data centers, transportation hubs, and water treatment facilities cannot afford blind spots or tolerate downtime. As...
Health officials are rushing to contain a deadly Ebola outbreak in what is already one of the most dangerous corners of the world. In the two days since the World Health Organization declared the...
A single remote-controlled Ukrainian ground combat vehicle defended a “key intersection under constant adversary attack” for 45 days last summer, according to a 3rd Army Corps spokesperson who...
A highly critical SQL injection vulnerability in Drupal core's database abstraction layer affects sites running PostgreSQL.Key TakeawaysCVE-2026-9082 is a highly critical SQL injection...
As electricity demand continues to rise and the resource mix changes, the North American grid is being called on to adapt in real time. NERC’s 2026 Summer Reliability Assessment finds that record...
Congress wants answers from the Cybersecurity and Infrastructure Security Agency about the reported public exposure of sensitive agency credential data on GitHub in an incident that the security...
Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or...
A 2018 law generally prohibits executive agencies from procuring telecommunications and video surveillance equipment produced by certain companies, or their subsidiaries and affiliates, linked to...
A virtual private network service called 'First VPN,' used in ransomware and data theft attacks, has been taken offline in a joint international law enforcement operation. [...]
Executive summary Financially motivated eCrime actors will likely continue to expand opportunistic campaigns by impersonating AI platforms. These campaigns generate direct supply chain risk for...
Major U.S. telecommunications companies launched a new information sharing group on Tuesday in a bid to redouble their collective efforts to combat AI-powered cyberattacks, state-sponsored...
Failing to disable a former employee’s account was a huge mistake
GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
Iranian hackers said today that they have detected “preparations for the renewed outbreak of military conflict in the coming days” and would respond to U.S. and Israeli actions with “devastating”...
The days of rigid, vendor-locked security stacks are over. The Tenable One Open Connector amplifies Tenable One’s extensive capacity to ingest and consolidate third-party security data, giving you...
Flipper Devices, the maker of the Flipper Zero pentesting tool, is asking the community to help build Flipper One, an open Linux platform for connected devices. [...]
France is already moving on from Zoom and Microsoft Teams in favor of homegrown alternatives. Other countries are quickly following suit.
In December 2025, the European Dragonica private server Dragonica Lunaris suffered a data breach. The incident exposed 126k email addresses, usernames, dates of birth and bcrypt password hashes....
On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. [...]
In January 2021, the parody site Windows93 suffered a data breach of the Myspace93 sub-site after a beta application was exploited to download server files. The compromised data was later leaked...
GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain...
Learn how intelligence-led programs address the "vulnerability flood" and win the board conversation by prioritizing and fixing what actually matters.
Boards are asking about AI-driven vulnerability discovery. The leaders who answer that question well will come out with more credibility and more resources. Here's how to be one of them.
Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk...
Another day, another AI bug silently fixed with no CVE and no public disclosure
One line tucked into a federal highway bill would strip funds from cities and states unless they kill their automated plate tracking programs—effectively banning the tech for all but toll collection.
Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and...
Splunk security advisory (AV26-493)
Walter Haydock, founder of AI security and governance company StackAware, says the rush to govern artificial intelligence risks repeating a familiar cybersecurity mistake: treating business risk...