Officials accused three Russian nationals, Media Land and ML.Cloud of supporting cyberattacks spanning 21 U.S. states and other countries, resulting in losses surpassing $62 million. The post...
Ask an AI agent to summarize the reviews on a product page, and a single planted review can make it click "Buy Now" instead. Ask a coding assistant to apply a maintainer's fix from a GitHub...
An advanced malware previously attributed to a China-linked threat actor has resurfaced after more than four years within a Taiwan manufacturing firm, along with a previously unreported backdoor...
“Age checks are a cornerstone of the UK’s online safety laws,” said Ofcom’s Chief Executive, Melanie Dawes. “Too many services have no or inadequate age checks in place, which is not good enough.”
Artificial intelligence (AI) is changing offensive security, but it has not changed the standard that matters most: a finding has to be proven before it becomes useful. AI-assisted tools can read...
JetBrains security advisory (AV26-709)
Pull the certificate off the flash of a Shark RV2320EDUS robot vacuum, and you can run root commands on other people's Shark vacuums across the same AWS region: watch the camera, drive the robot,...
Sentencing bookends the biggest cybercrime conviction in UK history
In recent months, mounting opposition to AI has given rise to a surge of violent rhetoric, threats against people and property, and a serious attempt at harm. The phenomenon has executives at tech...
Daniel Solove argues in the Wall Street Journal (alternate link) that giving people control of their personal data is not an effective way to regulate privacy in this era. Instead, we need to hold...
The Air Force for the first time successfully fired an air-to-air missile from a new jet-powered combat drone built by defense company Anduril. The recent test, the Air Force said, is an important...
The ability of the United States to fight in and through space has disproportionately magnified the effectiveness of U.S. military forces. However, this advantage has been eroding as China ramps...
Cyber weapons have long been described as strategic instruments of statecraft. In practice, they have almost always been tactical in their application. Attackers have struggled to predict the...
OpenAI has disclosed details of GPT-Red, an internal automated red-teaming model that scales prompt injection vulnerability discovery with an aim to fix issues before the tools are deployed...
Chinese analysts have closely followed Russia’s cyber offensive against Ukraine, drawing a series of lessons about how the People’s Republic of China (PRC) can better prepare for cyber warfare....
Written by: Jules Czarniak Introduction As highlighted in the Mandiant M-Trends 2026 report, the mean time-to-exploit (TTE) has dropped to -7 days, meaning vulnerabilities are often exploited a...
Rather than verifying they are human, the CAPTCHA users are instructed to copy and paste a PowerShell command into their Windows computers.
Splunk security advisory (AV26-708)
You're browsing a legitimate small business website. Before the page loads, a familiar Cloudflare box appears: "Verify you are human." It asks you to open Terminal, paste a code, and press Enter....
One in six machines still run the old OS as migration stalls and patch deadlines creep closer
We identified targeted infection attempts against large Russian organizations using the ViPNet update system (a software suite for creating secure networks).
Zoom security advisory (AV26-707)
Zoom has released security updates for a critical security flaw impacting Zoom Workplace for Windows that could facilitate account takeover. The vulnerability, tracked as CVE-2026-53412 (CVSS...
t.me borked for a day until platform proved it had no ties to service favored by cybercriminals
Two-phase attacks with the GoSerpent backdoor, Stowaway RAT, ThumbcacheService and other tools aim to steal data from government entities in Southeast Asia.
Four Microsoft SharePoint Server vulnerabilities are under active exploitation, prompting CISA to issue a hardening alert. An additional high-severity flaw recently patched adds pressure for...
Cyber threats no longer stop at the network perimeter. Today, attackers target brands wherever they have a digital presence, websites, social media, mobile apps, email, cloud platforms, and even...
Humans can no longer keep up with the volume and velocity of security data on their own, but AI can't be fully trusted. David discusses the merits of both and muses on what the future might look like.
Cisco Talos is disclosing UAT-11795, a sophisticated, Russian-speaking, financially motivated adversary that has been conducting a malicious campaign targeting users in the U.S. and Europe since...
Attack using previously unseen ransomware payload occurred in June 2026. The skill of its operators suggests wider campaigns may follow.