In December 2019, the now defunct gaming website Unigame (maker of Hunter Online) suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 844k...
An unknown threat actor has stolen the sensitive personal, financial, and health information of nearly 870,000 Columbia University current and former students and employees after breaching the...
Posted by Jann Horn, Google Project ZeroIntroduction In early June, I was reviewing a new Linux kernel feature when I learned about the MSG_OOB feature supported by stream-oriented UNIX domain...
The U.S. Department of Homeland Security (DHS) says the cybercrime gang behind the Royal and BlackSuit ransomware operations had breached hundreds of U.S. companies before their infrastructure was...
A vulnerability has been discovered in SonicWall SonicOS Management Access and SSLVPN, which could allow for unauthorized resource access and in specific conditions, causing the firewall to crash....
The future of industrial alarms lies in their transformation from basic alert mechanisms into intelligent, integrated components of a larger operational ecosystem.
Introduction In early June, I was reviewing a new Linux kernel feature when I learned about the MSG_OOB feature supported by stream-oriented UNIX domain sockets. I reviewed the implementation of...
Following on from our preview, here's Ben Gelman and Sean Bergeron's research on enhancing command line classification with benign anomalous data
SentinelOne's AI-powered FORGE evolves detection rules to stop modern cyber threats with speed, precision, and minimal false positives.
The plaintiffs argued that a 2017 rules change enabling law enforcement to use spyware to eavesdrop on encrypted chats and messaging platforms could unfairly expose communications belonging to...
The Department of Homeland Security said the Russian cybercrime collective received at least $370 million in ransom payments, based on current cryptocurrency valuations. The post BlackSuit, Royal...
Can AI really write safer code? Martin dusts off his software engineer skills to put it it to the test. Find out what AI code failed at, and what it was surprisingly good at. Also, we discuss new...
Two malicious NPM packages posing as WhatsApp development tools have been discovered deploying destructive data-wiping code that recursively deletes files on a developer's computers. [...]
CISA has issued an emergency directive ordering all Federal Civilian Executive Branch (FCEB) agencies to mitigate a critical Microsoft Exchange hybrid vulnerability tracked as CVE-2025-53786 by...
Who’s to blame when the AI tool managing a company’s compliance status gets it wrong?
The public disclosure and advisories came late Wednesday during Black Hat, but Microsoft said the timing was coordinated. The post CISA, Microsoft warn organizations of high-severity Microsoft...
After a long wait, GPT-5 is finally rolling out. It's available for free, Plus, Pro and Team users today. This means everyone gets to try GPT-5 today, but paid users get higher limits. [...]
A strategic guide to layered Defense in Depth in a Zero Trust world
Success in cybersecurity is when nothing happens, plus other standout themes from two of the event’s keynotes
A new Endpoint Detection and Response (EDR) killer that is considered to be the evolution of 'EDRKillShifter,' developed by RansomHub, has been observed in attacks by eight different ransomware...
Wiz Sensor Workload Scanner brings runtime visibility and context to hybrid environments—cloud, on-prem, and edge—all in a single platform.
Bouygues Telecom warns it suffered a data breach after the personal information of 6.4 million customers was exposed in a cyberattack. [...]
Organizations with on-premises Microsoft Exchange servers are being urged to take steps to reduce exposure to a vulnerability recently reported by a researcher.
Incorrect Authorization vulnerability (CVE-2025-8533) has been found in Flexibits Fantastical software.
SonicWall says that recent Akira ransomware attacks exploiting Gen 7 firewalls with SSLVPN enabled are exploiting an older vulnerability rather than a zero-day flaw. [...]
A malicious campaign dubbed 'GreedyBear' has snuck onto the Mozilla add-ons store, targeting Firefox users with 150 malicious extensions and stealing an estimated $1,000,000 from unsuspecting...
The founders of the Samourai Wallet (Samourai) cryptocurrency mixer have pleaded guilty to laundering over $200 million for criminals. [...]
The Alliance for Creativity and Entertainment (ACE) announced the shutdown of Rare Breed TV, a major illegal IPTV service provider, after reaching a financial settlement with its operators. [...]
Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers. [...]
Prosecutors accuse Chukwuemeka Victor Amachukwu, who was arrested in France, of multiple fraud schemes, including tax refund fraud and identity theft. The post Nigerian accused of hacking tax...