The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of services across the...

US border patrol is asking companies to submit plans to turn standard 4x4 trucks into AI-powered watchtowers—combining radar, cameras, and autonomous tracking to extend surveillance on demand.

Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available...

Bridge the gap between Platform and Security teams with unified inventory and network visibility across Kubernetes clusters.

There is a new cigar named “El Pulpo The Squid.” Yes, that means “The Octopus The Squid.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t...

A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT. The activity,...

Redmond says it's fixed this particular indirect prompt injection vuln updated Microsoft fixed a security hole in Microsoft 365 Copilot that allowed attackers to trick the AI assistant into...

House Oversight Committee Chairman James Comer wants the developer of the controversial dating-safety app TeaOnHer to explain if its privacy and content moderation practices adhere to federal law.

Does your organization suffer from a cybersecurity perception gap? Findings from the Bitdefender 2025 Cybersecurity Assessment suggest the answer is probably “yes” — and many leaders may not even...

Europol disrupts SIM-box fraudsters, Jingle Thief exploits cloud identities for gift card theft, and PhantomCaptcha targets Ukrainian NGOs.

A malicious network of YouTube accounts has been observed publishing and promoting videos that lead to malware downloads, essentially abusing the popularity and trust associated with the video...

A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote...

A vulnerability has been discovered in Microsoft Windows Server Update Services (WSUS) which could allow for remote code execution. WSUS is a tool that helps organizations manage and distribute...

Despite major changes in the leading ransomware groups, ransomware attacks have surged 50% in 2025, as cybercriminals have proven adept at finding new opportunities and exploiting vulnerabilities....

The next cybersecurity arms race is already here, but it's not too late to get a head start

Introduction In August 2025, a Telegram channel named “Scattered LAPSUS$ Hunters” surfaced, linking itself to notorious cybercrime groups: Scattered Spider, ShinyHunters, and LAPSUS$. The group...

Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace,...

Attackers are now exploiting a critical-severity Windows Server Update Service (WSUS) vulnerability, which already has publicly available proof-of-concept exploit code. [...]

You didn't have plans, did you? Microsoft has released an out-of-band update to patch a critical vulnerability in Windows Server Update Services (WSUS).…

SQL Injection vulnerability (CVE-2025-8536) has been found in Studio Fabryka DobryCMS software.

Shadow IT leaves organizations exposed to cyberattacks and raises the risk of data loss and compliance failures

Microsoft has released an urgent out-of-band security update to address a severe remote code execution (RCE) vulnerability in Windows Server Update Services (WSUS). The flaw, tracked as...

Amazon says a major DNS failure was behind a massive AWS (Amazon Web Services) outage that took down many websites and online services on Monday. [...]

Starmer rebrands unpopular scheme as convenience tool after backlash UK Prime Minister Keir Starmer has relaunched his digital ID scheme as something that will make people's lives easier, less...

Two people found the solution. They used the power of research, not cryptanalysis, finding clues amongst the Sanborn papers at the Smithsonian’s Archives of American Art. This comes as an awkward...

LastPass is warning customers of a phishing campaign sending emails with an access request to the password vault as part of a legacy inheritance process. [...]

Password resets account for nearly 40% of IT help desk calls, costing orgs time and money. Specops Software's uReset lets users securely reset passwords with flexible MFA options like Duo, Okta,...

We’ve relied on passwords for years to protect our online accounts, but they’ve also become one of the easiest ways attackers get in. Cisco Duo helps clear up some of the biggest passwordless myths.

Starting next month, Mozilla will require Firefox extension developers to disclose whether their add-ons collect or share user data with third parties. [...]

As organizations eagerly adopt AI, cybersecurity teams are racing to protect these new systems. In this special edition of the Cybersecurity Snapshot, we round up some of the best recent guidance...