BellSoft survey finds 48% prefer pre‑hardened images over managing vulnerabilities themselves Java developers still struggle to secure containers, with nearly half (48 percent) saying they'd...

A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence (AI) deployment has created a vast "unmanaged, publicly accessible layer...

In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-54529) and a double-free vulnerability...

The call is coming from inside the house opinion Maybe everything is all about timing, like the time (this week) America's lead cyber-defense agency sounded the alarm on insider threats after it...

Russia's current isolation from the Olympics may lead to increased cyberthreats targeting the 2026 Winter Games. We discuss the potential threat picture. The post Understanding the Russian...

The internet domain registration system is a major weakness that malicious hackers can exploit, but is often being overlooked, a senior Secret Service official said Thursday. “It is staggering to...

The new feature will not prevent location sharing with emergency responders and does not limit the location data users choose to share with apps, the company said.

An overview of coordinated influence operation campaigns terminated on our platforms in Q4 2025.

Hazel reflects on how to find balance while staying informed, then delivers practical updates and insights on the latest cybersecurity threats.

This week’s updates show how small changes can create real problems. Not loud incidents, but quiet shifts that are easy to miss until they add up. The kind that affects systems people rely on...

WIRED asked an active military officer to break down immigration enforcement actions in Minneapolis and elsewhere.

Wiz Research teamed up with Irregular, a frontier AI security lab, to settle this once and for all.

Say hello to a unified platform that brings identity security and cloud‑native infrastructure together

A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology (OT) networks of substations, power plants, and control centers worldwide. Drawing on data from more...

AI chat toy company Bondu left its web console almost entirely unprotected. Researchers who accessed it found nearly all the conversations children had had with the company's stuffed animals.

The Chocolate Factory strikes again, targeting the infrastructure attackers use to stay anonymous Crims love to make it look like their traffic is actually coming from legit homes and businesses,...

eScan lawyers up after Morphisec claimed 'critical supply-chain compromise' A spat has erupted between antivirus vendor eScan and threat intelligence outfit Morphisec over who spotted an update...

TA584's current attack chain begins with emails sent from compromised accounts via SendGrid and Amazon SES.

The right habits change everything Sponsored Post Security teams are under pressure from every direction: supply chain threats are rising, regulatory expectations are tightening, and development...

Beyond the direct impact of cyberattacks, enterprises suffer from a secondary but potentially even more costly risk: operational downtime, any amount of which translates into very real damage....

The Space Development Agency (SDA) is developing space- and ground-based systems to detect and track potential missile threats in low Earth orbit. SDA aims to rapidly deliver capability and...

On January 20, Kaspersky solutions detected malware used in eScan antivirus supply chain attack. In this article we provide available information on the threat: indicators of compromise, threat...

Extortion crew says it's found love in someone else's info as Match Group plays down the impact ShinyHunters has added a fresh notch to its breach belt, claiming it has pinched more than 10...

Sorry for the wait!! You might, but most likely might not, recall that in September I penned this blog Rogue AI Agents In Your SOCs and SIEMs – Indirect Prompt Injection via Log Files.

Britain risks leaving itself exposed to cyberattacks and hybrid forms of warfare unless it exercises an ability to impose costs on hostile states, ministers were warned during a parliamentary...

Microsoft has published three out-of-band (OOB) updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has...

Senior officials at the Defense Department say the Pentagon’s new cyber force generation model will help the military boot out Chinese threats from America’s critical infrastructure networks. A...

Google has aimed a knockout blow at a massive cyber weapon that researchers say is running silently on millions of devices in the homes of consumers. On Wednesday, Google used a federal court...

SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in...

The Cybersecurity and Infrastructure Security Agency (CISA) is calling on critical infrastructure organizations to take decisive action against insider threats. To support this effort, CISA has...