Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and...
Two novel Windows zero-day vulnerabilities dubbed YellowKey, which bypasses BitLocker drive encryption, and GreenPlasma, a local privilege escalation bug that targets a trusted Windows process...
Prompt for Agentic AI Security empowers organizations with proactive governance, meaning security teams can deploy agents with confidence.
Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace. The extension in question is...
Wiz Runtime Sensor support for Google Cloud Run Containers is now generally available, giving teams real-time threat detection and response for their serverless container workloads.
The main risk from hospital cyber incidents is no longer data breaches or IT disruption – it’s direct threats to care delivery. According to a Black Book Research survey of 284 European hospital...
A first-of-its-kind cybercrime operation in the MENA region has led to the arrest of 201 individuals, with a further 382 suspects identified. Thirteen countries from the Middle East and North...
The head of the World Health Organization said on Tuesday that he was “deeply concerned about the scale and speed” of the Ebola outbreak spreading in the Democratic Republic of Congo and Uganda,...
Bitdefender security researchers have discovered that attackers continue to exploit Microsoft HTML Application Host (MSHTA), a legacy utility available by default on Windows systems that can...
Iran did not improvise the Hormuz crisis. The mine stockpiles, the Islamic Revolutionary Guards Corps’ fast-boat fleet, and the Houthi program at Bab al-Mandab are a coordinated architecture...
A recent audit by the Defense Department’s (DOD) Inspector General found that the Office of the Chief Digital and Artificial Intelligence Officer (OCDAO) failed to implement several required...
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS...
The only thing growing faster than the artificial-intelligence industry may be Americans’ negative feelings about it — as former Google Chief Executive Eric Schmidt saw on Friday. Delivering a...
Anthropic said on Monday it is revising its earlier position to allow users of its Mythos cybersecurity model to share information about cyber threats with others who may be exposed to similar...
Microsoft plans to raise the quality bar of Windows 11 drivers, as drivers "sit at the heart of every Windows experience" and connect the OS to the "silicon, components, and peripherals." [...]
Microsoft has confirmed user reports that the Teams team collaboration app is displaying non-dismissible location prompts on some macOS systems. [...]
ESET researchers identified renewed activity from FrostyNeighbor, a long-running cyberespionage actor apparently aligned with Belarusian interests, targeting Ukrainian... The post Belarus-aligned...
Artificial intelligence is rapidly becoming both a defensive necessity and a strategic risk factor for critical infrastructure operators... The post AI-powered cyber threats overwhelm human...
Not by name, but Laurie Anderson quotes me in one of the tracks of her new album: My favorite quote is from a cryptologist who said “If you think technology will solve your problems, you don’t...
In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive...
CERT Polska has received a report about 5 vulnerabilities (from CVE-2026-42096 to CVE-2026-42100) found in Sparx Systems products: Pro Cloud Server and Enterprise Architect.
Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign. [...]
Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini...
Convenience store chain giant 7-Eleven confirmed that its systems were breached in a cyberattack claimed by the ShinyHunters extortion group last month. [...]
Cisco Talos has uncovered a BadIIS variant — identifiable by its embedded "demo.pdb" strings — that functions as commodity malware, likely sold or shared among multiple Chinese-speaking cyber...
Microsoft's total vulnerability count stayed steady in 2025, but critical flaws surged year over year. BeyondTrust breaks down why attackers are increasingly focused on privilege escalation and...
We completed an investigation of unauthorized activity on our computer network. Upon learning of the activity on January 14, 2026, we took action to contain it, began an investigation, and...
On March 4, 2026, Perrigo detected a cyber security incident targeting two employee email accounts. Upon learning of the incident, we immediately contained and remediated the unauthorized access...
On February 12, 2026, Boston Capital began reviewing a claim involving potential unauthorized access to certain files on its computer network. After receiving this information, Boston Capital had...
Starting May 19, tech platforms in the US will have to start complying with the Take It Down Act. Here's how more than a dozen of the largest platforms are handling takedown demands for your nudes.