Detecting a vulnerability is easy. Finding the person responsible for fixing it is where remediation programs often break down. See how Tenable Hexa AI uses MCP to connect your exposure data to...

Microsoft has fixed a known issue causing newly introduced Windows security warnings to display incorrectly when opening Remote Desktop (.rdp) files. [...]

New research from Forescout Technologies highlights scale and risk of insecure remote access across industrial and enterprise environments,... The post Forescout finds 3.4 million RDP and VNC...

New research from Nozomi Networks Labs reveals that attackers can chain multiple vulnerabilities in the widely used CODESYS... The post Chained vulnerabilities in CODESYS runtime could allow...

The U.S. House Committee on Homeland Security and the House Select Committee on China launched a joint investigation... The post Lawmakers open inquiry into cybersecurity risks posed by PRC-origin...

The International Society of Automation (ISA), a professional society for automation, announced that Palindrome Technologies has received full... The post ISA names Palindrome Technologies as...

Exposure management company Tenable announced new flexible pricing and packaging for new customers of the Tenable One Exposure... The post Tenable updates Tenable One platform with simplified...

TXOne Networks announced the Sennin product family, a purpose-built line of assessment and enterprise orchestration tools designed to... The post TXOne Networks unveils Sennin platform to bridge...

ABS, through its affiliate ABSG Consulting Inc. (ABS Consulting), announced this week the acquisition of RMC Global (RMC),... The post ABS Consulting acquires RMC Global to deepen critical...

Microsoft has updated a Windows 11 in-box app removal policy introduced in October to include a dynamic list that lets IT admins choose which preinstalled Store apps to uninstall. [...]

Microsoft has released the KB5083631 optional cumulative update for Windows 11, which includes 34 changes, such as a new Xbox mode for Windows PCs, enhanced security and performance for batch...

Two former employees of cybersecurity incident response companies Sygnia and DigitalMint were sentenced to four years in prison each for targeting U.S. companies in BlackCat (ALPHV) ransomware...

In April 2026, the ultra-luxury hotel brand Aman was named by ShinyHunters as the target of a "pay or leak" extortion campaign, with the data allegedly obtained from their Salesforce CRM. The data...

Mini Shai-Hulud caught spreading credential-stealing malware

Ryan Goldberg and Kevin Martin attacked five companies in 2023 and extorted nearly $1.3 million from one of their victims. The post Former incident responders sentenced to 4 years in prison for...

Mini Shai-Hulud caught spreading credential-stealing malware The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom npm...

KnowBe4 says 86% of phishing it tracked used AI, and inboxes are only the start

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to...

Unit 42 uncovers high-risk AI browser extensions. Disguised as productivity tools, they steal data, intercept prompts, and exfiltrate passwords. Protect your browser. The post That AI Extension...

One alleged cyber contractor was extradited to the US over the weekend

The agency added the flaw to the KEV list days after hosting providers confirmed active, ongoing attacks. The post cPanel’s authentication bypass bug is being exploited in the wild, CISA warns...

KnowBe4 says 86% of phishing it tracked used AI, and inboxes are only the start Give a man a phishing kit and he might get lucky a couple of times; teach an AI to phish and it'll change the...

Senior research fellow Jon Penney spoke with Michael Geist on the Law Bytes podcast about his new book. The post Chilling Effects in the Digital Age appeared first on The Citizen Lab.

Progress security advisory (AV26-410)

Mozilla security advisory (AV26-409)

HPE security advisory (AV26-408)

One alleged cyber contractor was extradited to the US over the weekend China's "hacker-for-hire ecosystem has gotten out of control," according to Brett Leatherman, assistant director of the FBI's...

The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools that peek into...

This CVSS 10.0 RCE vuln has been patched, automatically for some, so better check those workflows

AL26-009 - Vulnerability Affecting Linux - CVE-2026-31431