OpenAI is working on yet another AI model, reportedly called GPT-4.1, a successor to GPT-4o. [...]
Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion...
Plus: The Department of Homeland Security begins surveilling immigrants' social media, President Donald Trump targets former CISA director who refuted his claims of 2020 election fraud, and more.
A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for coding and the model's tendency to "hallucinate" non-existent package names. [...]
Here are the biggest warning signs that your phone may be compromised and the secret codes that can tell you all about it.
transmute converts between types in unsafe code by reinterpretting the bytes in Rust and forgets the original reference. It effectively disables Rusts built-in type checker by design. While as...
Discord created a new end to end encryption protocol they call DAVE. This will be used on DMs, group DMs, voice channels and live streams on Discord in the future. For key exchange, they use the...
Sec-Gemini is an experimental AI model focused on cybersecurity. The model has been proven to do very well on cybersecurity-specific topics - better than other models on similar concepts. Pretty neat!
One fantastic hacker is better than five good ones. We can make all of the checklists that we want and this will always be the case. Most bugs are not just items from a checklist - they are broken...
Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched....
The top Democrat on a cybersecurity subcommittee says the “drastic reorganization” obligates CISA’s acting director to discuss its plans with lawmakers. The post Rep. Swalwell demands Hill...
The lack of proper equipment disposal is horrible not only for the environment but also for cybersecurity. Businesses and MSPs can securely dispose of outdated IT assets by following a proper procedure.
As organizations increasingly rely on SaaS applications to run their operations, securing them has become a necessity. Without…
The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul. The activity, which took place between July and December...
Russian APT group Storm-2372 employs device code phishing to bypass Multi-Factor Authentication (MFA). Targets include government, technology, finance,…
TL;DR: A critical deserialization vulnerability (CVSS 9.8 – CVE-2025-27520) in BentoML (v1.3.8–1.4.2) lets attackers execute remote code without…
In today’s digital age, online payment platforms like PayPal have become essential tools for our everyday transactions. Unfortunately, they’ve also... The post Stolen with a Click: The Booming...
What are IABs? Initial Access Brokers (IABs) specialize in gaining unauthorized entry into computer systems and networks, then selling that access to other cybercriminals. This division of labor...
Word on the street is that SASE (Secure Access Service Edge) is here to replace MPLS VPN (multiprotocol label switching virtual private network), like streaming services made cable TV less...
Microsoft is testing a new Defender for Endpoint capability that will block traffic to and from undiscovered endpoints to thwart attackers' lateral network movement attempts. [...]
The NVD program manager has announced undergoing process improvements to catch up with its growing vulnerability backlog
Here’s why you deserve better, stronger multi-factor authentication
The breach affecting Laboratory Services Cooperative involves sensitive information about medical care, as well as bank account details.
If it feels like your entire cybersecurity program is once again operating on a geopolitical fault line, you're not imagining things.The intersection of global politics and cybersecurity has grown...
Palo Alto Networks has revealed that it's observing brute-force login attempts against PAN-OS GlobalProtect gateways, days after threat actors warned of a surge in suspicious login scanning...
Cybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware called SpyNote. These bogus websites...
The U.S. Cyberspace Solarium Commission (CSC) 2.0 observed in its latest report that the growing frequency and sophistication... The post New CSC 2.0 report outlines roadmap to strengthen aviation...
Do passcodes really protect you more from warrantless phone searches than biometrics? It's complicated.
Microsoft is gradually rolling out the AI-powered Windows Recall feature to Insiders in the Release Preview channel before making it generally available to all Windows users with Copilot+ PCs. [...]
Police arrest SmokeLoader malware customers, AkiraBot abuses AI to bypass CAPTCHAs, and Gamaredon delivers GammaSteel via infected drives.