Long after CVEs issued and open source flaws fixed Last fall, Jakub Ciolek reported two denial-of-service bugs in Argo CD, a popular Kubernetes controller, via HackerOne's Internet Bug Bounty...

Insikt Group reveals how GRU-linked BlueDelta evolved credential-harvesting campaigns targeting government, energy, and research organizations across Europe and Eurasia.

Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations alongside browsing data to...

The regulations, put in place after President Joe Biden’s voice was cloned, imposes $10,000 fines on telecoms that file false or late caller information. The post FCC finalizes new penalties for...

When React2Shell happened, the Vercel WAF needed to block all of these exploits. To incentivize the discovery of these, they offered a $50K bounty for each unique bypass technique. This led to 156...

Paid tools that “strip” clothes from photos have been available on the darker corners of the internet for years. Elon Musk's X is now removing barriers to entry—and making the results public.

The React Flight protocol is used to encode inputs/outputs for React Server Functions and Server Components (RSC). This is a Backend For Frontend, similar to GraphQL. When requirements for complex...

The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote authenticated attacker to gain...

Crimson Collective claims 'sophisticated attack' that allows them to 'disconnect every user from their mobile service' Internet service provider Brightspeed confirmed that it's investigating...

Xspeeder is a networking vendor that makes routers, SD-WAN appliances, and more. Their core firmware, SXZOS, powers a line of SD-WAN devices that are especially prevalent across remote industrial...

Citizen Lab senior legal advisor Siena Anstis co-authored an article with Jillian Sprenger (McGill University) in the International Journal of Human Rights on the ways that members of civil...

Source: Securonix Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix-style lures to display fixes for fake blue screen of death (BSoD)...

In an interview with the MIT Technology Review, Citizen Lab director Ron Deibert discusses the Lab’s impact, and his views on the deteriorating political situation in the United States.. He notes...

In an interview with the MIT Technology Review, Citizen Lab director Ron Deibert discusses the Lab’s impact, and his views on the deteriorating political situation in the United States. He notes...

Discover the patterns that defined the cyber threat landscape in 2025 and what they mean for security in 2026. The post KrakenLabs Research Highlights 2025: The Shifts That Redefined the Threat...

The Invisible Half of the Identity Universe Identity used to live in one place - an LDAP directory, an HR system, a single IAM portal. Not anymore. Today, identity is fragmented across SaaS,...

Popular artificial intelligence (AI)-powered Microsoft Visual Studio Code (VS Code) forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend extensions that are...

We don’t have many details: President Donald Trump suggested Saturday that the U.S. used cyberattacks or other technical capabilities to cut power off in Caracas during strikes on the Venezuelan...

From ransomware repurposed for espionage to increased exploitation of cloud platforms, learn about the key trends from SentinelLABS research in 2025.

January 2026

January 2026

Phishers posing as Booking.com use panic-inducing blue screens to bypass security controls Russia-linked hackers are sneaking malware into European hotels and other hospitality outfits by tricking...

New research from the University of Denver shows that adolescent users of artificial intelligence chatbots prefer technology that uses an intimate tone, such as that of a best friend. So-called...

Learn how AI coding assistants managing dependencies via plugins are now creating a new supply-chain risk when automation is compromised.

Wiz is proud to be the only vendor recognized as a Customers’ Choice for two consecutive years.

The European Commission is “very seriously” looking into taking action against the social media platform X following an incident in which its artificial intelligence tool Grok was used to create...

Russia-linked threat actor UAC-0184 (aka Hive0156) is targeting Ukrainian military and government entities, using Viber messages to deliver malicious ZIP files as part of ongoing...

ICS/OT cybersecurity consulting firm Ampyx Cyber outlined that the Volt Typhoon threats represent a real and present strategic risk to electric utilities, even in the absence of visible...

On December 18, 2025, Anthropic released the beta version of its Claude Chrome extension, a tool that lets the AI browse and interact with websites on your behalf. While convenient, a new analysis...

Meta has started addressing WhatsApp vulnerabilities that expose user metadata, specifically targeting flaws that allow adversaries to ‘fingerprint’ a device’s operating system. However, fully...