Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the...

Security biz Adversa AI argues users of AI tools need clearer warnings

Attackers are hitting a frequent target in the network edge space, intruding victim networks through a defect in a widely used mobile endpoint security product. The post Ivanti customers confront...

Chrome users were caught off guard by a 4-GB Google AI model baked into Chrome, sparking privacy concerns. The good news: You can easily uninstall it. The bad? You might not want to.

The hardest part of cybersecurity isn't the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one "Patient...

Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026. The vulnerability in...

Happy World Password Day! Maybe it's finally time to kill this holiday in favor of World No-More-Passwords Day?

The ShinyHunters extortion gang has breached education technology giant Instructure again, this time exploiting another vulnerability to deface Canvas login portals for hundreds of colleges and...

A new trojan named TCLBanker, which targets 59 banking, fintech, and cryptocurrency platforms, uses a trojanized MSI installer for Logitech AI Prompt Builder to infect systems. [...]

Cybersecurity concepts — logs, packets, DNS exfiltration, and more — are usually intangible, and its practitioners are prone to mental fatigue, Amy takes a second to yell at you to go touch grass.

Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord...

Having an incident response retainer, or even a pre-approved external incident response firm, is not the same as being ready for an incident. A retainer means someone will answer the phone....

Ivanti security advisory (AV26-435)

Broadcom VMware security advisory (AV26-434)

Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot...

A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing TeamPCP's access to the systems. [...]

Mozilla security advisory (AV26-433)

Last April, Vladimir Putin visited the campus of Bauman Moscow state technical university, set on the banks of the Yauza River in the east of the city and home to some of the country’s brightest...

The Australian Cyber Security Center (ACSC) is warning organizations of an ongoing malware campaign using the ClickFix social engineering technique to distribute the Vidar Stealer info-stealing...

LevelBlue’s Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for...

VM2 Node.js Library security advisory (AV26-432)

Dragos is reporting an early real-world observation of an adversary using commercial AI tools to identify and prioritize operational technology (OT) infrastructure during an IT intrusion. In late...

The men’s separate schemes impacted almost 70 U.S. companies and generated a combined $1.2 million in revenue for the North Korean regime. The post American duo sentenced for hosting laptop farms...

The Pentagon plans to require service members to complete cybersecurity training once every three years, DefenseScoop has learned, a move that will scrap an annual mandate and is set to upend the...

Spring security advisory (AV26-431)

The rapid proliferation of small, unmanned aircraft systems (UAS) has transformed what was once a limited aviation concern into a persistent challenge for force protection and homeland defense....

Offensive cyber operations would be a part of a suite of counterterrorism responses aimed at groups deemed threats to U.S. interests, according to the Trump administration’s counterterrorism...

Washington and Beijing are weighing the launch of official discussions about artificial intelligence, said people familiar with the matter, as their AI competition threatens to become the arms...

With Wiz in Lovable, every builder can catch and fix risks in real time, keeping apps secure as they’re created

When a critical Linux kernel privilege escalation was publicly disclosed, Cloudflare's security and engineering teams detected, investigated, and mitigated the threat across our global fleet,...