A data breach involving Rumpke Waste & Recycling was reported in January 2026. See incident details, impact on customers, and recommended security measures.

In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom, alleging they had obtained access to 343GB of data. In January 2026, customer data...

A data breach involving Rumpke Waste & Recycling was reported in January 2026. See incident details, impact on customers, and recommended security measures.

A data breach involving Microsoft was reported in January 2026. See incident details, impact on customers, and recommended security measures.

Maintainer hopes hackers send bug reports anyway, will keep shaming ‘silly ones’ The maintainer of popular open-source data transfer tool cURL has ended the project’s bug bounty program after...

A data breach involving Agricultural University of Athens was reported in January 2026. See incident details, impact on customers, and security measures.

The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver...

ACME validation had a challenge-request hole Cloudflare has fixed a flaw in its web application firewall (WAF) that allowed attackers to bypass security rules and directly access origin servers,...

Chasing Shadows, the best-selling book by Citizen Lab director Ron Deibert, is now out in paperback form on the one-year anniversary of its launch. This edition includes a new afterword describing...

Learn how we are using the newly released GitHub Security Lab Taskflow Agent to triage categories of vulnerabilities in GitHub Actions and JavaScript projects. The post AI-supported vulnerability...

A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or...

Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access...

Internal ICE planning documents propose spending up to $50 million on a privately run network capable of shipping immigrants in custody hundreds of miles across the Upper Midwest.

AI + skilled malware developers = security threat VoidLink, the newly spotted Linux malware that targets victims' clouds with 37 evil plugins, was generated "almost entirely by artificial...

The Problem: The Identities Left Behind As organizations grow and evolve, employees, contractors, services, and systems come and go - but their accounts often remain. These abandoned or “orphan”...

We've identified an aspect of Azure’s Private Endpoint architecture that could expose Azure resources to denial of service (DoS) attacks. The post DNS OverDoS: Are Private Endpoints Too Private?...

Introducing new-era DLP with an eye for secure visibility

Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual...

Oracle addresses 158 CVEs in its first quarterly update of 2026 with 337 patches, including 27 critical updates.Key takeaways:The first Critical Patch Update (CPU) for 2026, contains fixes for 158...

Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment (ACME) validation logic that made it possible to bypass security controls and access...

Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked at what traditional...

Senior researcher Noura Aljizawi speaks with Nalah Ayed from CBC Ideas about her personal experience of returning to Syria to grieve for the first time in 13 years following the fall of the...

Tenable Research has discovered a server-side request forgery (SSRF) vulnerability in Java’s handling of client certificates during a TLS handshake. In certain configurations, this can be abused...

Picture this: You’re a utility executive. It’s August 2029. A heat wave grips 10% of the country, and your regional transmission organization is red-lining. Community concerns around rolling...

The United States’ attack on Venezuela has raised questions about domestic checks on power and signaled a challenge to international law and longstanding norms of sovereignty and the use of force....

Transport Canberra has launched a new investigation into its fleet of Chinese-made electric buses amid growing cybersecurity concerns. British media have reported that the UK’s National Cyber...

Uptake by European Union member countries of a measure intended to beef up continental cybersecurity has hardly been enthusiastic. 15 months after EU nation-states were supposed to have...

The Department of Homeland Security would need to follow stricter guidelines when using mobile biometric applications under legislation introduced Thursday by the ranking member of the...

The Wiz JetBrains IDE plugin is now generally available, enabling developers to fix risks before code leaves their local environment.

Update Chainlit to the latest version ASAP Two "easy-to-exploit" vulnerabilities in the popular open-source AI framework Chainlit put major enterprises' cloud environments at risk of leaking data...