The business social networking site is a vast, publicly accessible database of corporate information. Don’t believe everyone on the site is who they say they are.

A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK,...

Understand the future of threat and vulnerability management (TVM). Learn what TVM is, why traditional tools fail, and how intelligence is essential in today’s landscape.

Facebook uses long-lived device identifiers to reduce friction for returning users to distinguish legitimate vs. illegitimate activity. A device that logs in repeatedly is considered trusted by...

The Meta Conversions API Gateway is a server-side mechanism for businesses to send web events to bypass browser-based tracking methods like the Facebook Pixel. Even if a user has cookies disabled,...

This is a threat to security - and to the weekend for some unlucky netadmins Cisco finally delivered a fix for a maximum-severity bug in AsyncOS that has been under attack for at least a month.…

On January 14, Citizen Lab senior researcher Marcus Michaelsen testified on transnational repression in a hearing of the Human Rights Committee in the German parliament (Bundestag). In a...

What's next for Venezuela? Click on the file and see What policy wonk wouldn't want to click on an attachment promising to unveil US plans for Venezuela? Chinese cyberspies used just such a lure...

Fix landed in July, but OEM firmware updates are required If you use virtual machines, there's reason to feel less-than-Zen about AMD's CPUs. Computer scientists affiliated with the CISPA...

A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack. The vulnerability, tracked as CVE-2026-23550 (CVSS...

Cybersecurity researchers have disclosed details of a new attack method dubbed Reprompt that could allow bad actors to exfiltrate sensitive data from artificial intelligence (AI) chatbots like...

X has placed more restrictions on Grok's ability to generate explicit AI images, but tests show the updates have created a patchwork of limitations that fail to fully address the issue.

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week’s stories show how fast attackers change their tricks, how small mistakes turn into...

Office workers without AI experience warned to watch for prompt injection attacks - good luck with that Anthropic's tendency to wave off prompt-injection risks is rearing its head in the company's...

In this week’s newsletter, Martin examines the evolving landscape for 2026, highlighting key threats, emerging trends like AI-driven risks, and the continued importance of addressing familiar...

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

Over the past decade, US immigration agents have shot and killed more than two dozen people. Not a single agent appears to have faced criminal charges.

As AI copilots and assistants become embedded in daily work, security teams are still focused on protecting the models themselves. But recent incidents suggest the bigger risk lies elsewhere: in...

It’s 2026, yet many SOCs are still operating the way they did years ago, using tools and processes designed for a very different threat landscape. Given the growth in volumes and complexity of...

First spotted in July 2025, the DeadLock group has attacked a wide range of organizations while almost managing to stay under the radar. It abandons the usual double extortion approach in which...

Microsoft on Wednesday announced that it has taken a "coordinated legal action" in the U.S. and the U.K. to disrupt a cybercrime subscription service called RedVDS that has allegedly fueled...

And it's 'not unique to AWS,' researcher tells The Reg A critical misconfiguration in AWS's CodeBuild service allowed complete takeover of the cloud provider's own GitHub repositories and put...

CVE-2026-21858 (Ni8mare) is a maximum-severity vulnerability in self-hosted n8n that can enable unauthenticated instance takeover, leading to remote code execution (RCE) when public webhook or...

CVE-2026-21858 (Ni8mare) is a maximum-severity vulnerability in self-hosted n8n that can enable unauthenticated instance takeover, leading to remote code execution (RCE) when public webhook or...

Wiz Research discovered a critical supply chain vulnerability that abused a CodeBuild misconfiguration to take over key AWS GitHub repositories - including the JavaScript SDK powering the AWS Console.

Understand what happened in the recent Endesa data breach, with expert insight from Outpost24’s threat intelligence team. The post New attack analysis: What you need to know about the Endesa data...

The Department of Homeland Security is finalizing plans for a new body that would replace the functions of the Critical Infrastructure Partnership Advisory Council (CIPAC) and serve as a...

Written by: Nic Losby Introduction Mandiant is publicly releasing a comprehensive dataset of Net-NTLMv1 rainbow tables to underscore the urgency of migrating away from this outdated protocol....

Federal lawmakers next week are expected to revive efforts to renew lapsed cybersecurity legislation aimed at fostering collaboration between Washington and private-sector companies in chasing...

The White House’s top technology and science official on Wednesday defended the Trump administration’s “hard decisions” to gut agency staff last year while simultaneously trumpeting the...