8Critical105Important0Moderate0LowMicrosoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild.Microsoft patched 113 CVEs in...

Git server flaw that attackers have been abusing for months has now caught the attention of US cyber cops CISA has ordered federal agencies to stop using Gogs or lock it down immediately after a...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited...

AuraInspector automates the most common abuses and generates fixes for customers Mandiant has released an open source tool to help Salesforce admins detect misconfigurations that could expose...

Dutchman fails to convince judges his trial was unfair because cops read his encrypted chats A Dutch appeals court has kept a seven-year prison sentence in place for a man who hacked port IT...

Forty years ago, The Mentor—Loyd Blankenship—published “The Conscience of a Hacker” in Phrack. You bet your ass we’re all alike… we’ve been spoon-fed baby food at school when we hungered for...

We identified remote code execution vulnerabilities in open-source AI/ML libraries published by Apple, Salesforce and NVIDIA. The post Remote Code Execution With Modern AI/ML Formats and Libraries...

With federal agents storming the streets of American communities, there’s no single right way to approach this dangerous moment. But there are steps you can take to stay safe—and have an impact.

Project Nightfall aims to deliver a UK-built long-range strike capability at speed The British government is asking defense firms to rapidly produce a new ground-launched ballistic missile to aid...

If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do.

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the...

Phishing attacks and cyber fraud have overtaken ransomware as the top cybersecurity concern of business leaders, according to the World Economic Forum’s (WEF) Global Cybersecurity Outlook for 2026.

Executive Summary deVixor is an actively developed Android banking malware campaign operating at scale, targeting Iranian users through phishing websites that masquerade as legitimate automotive...

Government is fed up with bad actors using digi-cash to fund dodgy deeds India’s government has updated the regulations it imposes on cryptocurrency services providers, as part of its efforts to...

CVE-2025-52691 (an unauthenticated arbitrary file upload weakness enabling remote code execution on SmarterTools SmarterMail Email Gateways) landed on December 28, 2025, carrying a CVSS score of...

December 2025 witnessed a dramatic 120% increase in high-impact vulnerabilities, with Recorded Future's Insikt Group® identifying 22 vulnerabilities requiring immediate remediation, up from 10 in...

Stop ransomware before encryption begins. Learn how intelligence-driven detection tools can help identify precursor behaviors and reduce false positives for faster response.

The criminal organization specialized in business email compromise scams and generated billions of dollars in criminal proceeds annually from many small-scale operations, officials said. The post...

The state of Minnesota, along with the Twin Cities, have sued the US government and several officials to halt the flood of agents carrying out an Immigration and Customs Enforcement operation.

In SEC filings, Fortinet and Palo Alto show shrinking product margins taking hold. PCs and datacenters aren't the only devices that need DRAM. The global memory shortage is roiling the...

Gang members 'systematically exploited children and young people,' cops say A 21-year-old Swedish man accused of being a key organizer of violence-as-a-service linked to the Foxtrot criminal...

The testimony also calls into question whether Ross failed to follow his training during the incident in which he reportedly shot and killed Minnesota citizen Renee Good.

Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform to steal developers' OAuth...

Several internet access monitors tracking the situation said the government has continued the total internet shutdown and plans to implement a whitelist of limited, approved sites, indicating the...

The IoT OWASP top 10 includes Insecure Default Settings. To the author, this means a configuration that is insecure by default, a setting that the user must explicitly change, or a setting that is...

This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry points once basic safeguards were ignored. Attackers didn’t...

The failure of the penetration testing market is framed as a technical problem. According to this author, they feel that it's an economic incentives problem. It rewards the appearance of security...

The fundraiser for the ICE agent in the Renee Good killing has stayed online in seeming breach of GoFundMe’s own terms of service, prompting questions about selective enforcement.

Survey finds security checks nearly doubled in a year as leaders wise up The number of organizations that have implemented methods for identifying security risks in the AI tools they use has...

Solana forking doesn't really exist. This is an amazing innovation for writing proof of concepts locally.