Cisco security advisory (AV26-491)
Drupal security advisory (AV26-492)
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for...
The Ukrainian cyberpolice, working in conjunction with U.S. law enforcement, has identified an 18-year-old man from Odesa suspected of running an infostealer malware operation targeting users of...
ISC BIND security advisory (AV26-490)
New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, "identity dark matter" (the unseen,...
Microsoft security advisory (AV26-489)
Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks. [...]
The move comes as other major social media platforms are killing end-to-end encryption for messaging. In recent months, Instagram and TikTok both announced they will no longer offer the feature.
Attorney John Scola is representing a police officer who is suing over injuries allegedly sustained while working security at an MSG property in 2025.
AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here's why your current stack can't see them, and what detection actually requires....
cPanel security advisory (AV26-488)
Google Chrome security advisory (AV26-486)
HPE security advisory (AV26-487)
F5 security advisory (AV26-485)
FreePBX security advisory (AV26-484)
GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the...
Good report: Executive Summary: Let’s say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, because benchmarks don’t...
There is a certain kind of conversation that doesn’t get written up in a post-mortem, doesn’t generate a ticket, and never makes it into an end-of-quarter report. It happens on the margins—at a...
Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries...
Sentinels League 2026 brings global threat hunters together to battle across AI, Endpoint, Cloud, and SIEM surfaces for $100K in prizes and more.
Sentinels League 2026 brings global threat hunters together to battle across AI, Endpoint, Cloud, and SIEM surfaces for $100K in prizes and more.
New data from Verizon 2026 Data Breach Investigations Report (DBIR) underscores growing cyber risk for critical infrastructure and... The post Verizon DBIR finds vulnerability exploitation...
Initial assessment says customer data spared while users wonder what else may have slipped out
The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. [...]
Threat actors are actively exploiting a critical authentication bypass flaw in Four-Faith F3x36 industrial cellular routers, with security... The post CrowdSec flags rising exploitation of...
Table of Contents: · Introduction: · Key Targets: · Infection Chain: · Initial Findings about Campaign: · Analysis of Decoys & Spear phishing Email: · Technical Analysis: · Stage1: Analysis of LNK...
Eight major U.S. communications providers, including AT&T, Charter Communications, Comcast, Cox Communications, Lumen Technologies, T-Mobile, Verizon and Zayo,... The post US telecom giants launch...
Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is...
A Freedom of Information Act request shows the extent of the surveillance