Broadcom VMware security advisory (AV26-536)

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. [...]

Oracle security advisory – July 2024 quarterly rollup (AV24-401) - Update 1

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware,...

The Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity Institute...

A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent. According to...

Three years ago, the practical question for an MSP building a cybersecurity practice was which "vCISO platform" to buy. The term was good shorthand for the work at the time: assessments, advisory,...

New article: “Responsible Disclosure in the Age of AI: A Call for Urgent Action,” by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally reshaping the balance between...

A database containing 64,000 user records was published to GitHub after an attacker claimed to have compromised all Atlas systems

Xage Security announced support for new and enhanced NVIDIA DOCA security capabilities and NVIDIA Vera BlueField-4 STX, also... The post Xage integrates with NVIDIA DOCA security to deliver...

Industrial cybersecurity firm Dragos announced on Monday that it has acquired Phosphorus, extending the Dragos Platform to protect... The post Dragos acquires Phosphorus to expand cybersecurity...

Plesk security advisory (AV26-534)

Wiz API SPM is now GA, enabling customers to discover APIs, assess APIs for exploitability, and prioritize remediation to mitigate the risk of an API-related breach.

Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named...

Ivanti security advisory (AV26-533)

A House subcommittee will hold an open hearing next week on how frontier artificial intelligence models are shaping the cybersecurity landscape, for good and for ill. The June 4 hearing will be...

Developing capabilities for operations in cislunar space, including offensive space control, is among the top new science and technology (S&T) priorities for U.S. Space Command (SPACECOM),...

Multiple Dashlane users have been locked out of their accounts following brute-force attacks that attempted logins from distant locations and unknown devices. [...]

Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market, to create malicious...

Rapid7: Attackers exploit authentication bypass flaw in the wild, meaning more emergency patching for PAN-OS users

If you ask Google what Al Jazeera is, the answer you receive draws heavily on Wikipedia. The same is true if you ask ChatGPT, Perplexity or many other large language models. Wikipedia has become...

Iran-linked hackers have launched a destructive cyber campaign that wipes IT, backup, and recovery systems at multiple organizations in the Middle East and beyond, severely undermining victims’...

Chatter in Brussels about an ominous “China shock 2.0” is increasing. In late May, five EU member states circulated a joint “non-paper” calling for stricter protection against “unfair trade...

Use of Hard-coded Credentials vulnerability (CVE-2026-42251) has been found in KS-SOMED software.

The Trump administration is approaching hurricane season with the smallest disaster workforce since 2021, a huge backlog of state aid requests and 15 vacancies in top emergency management jobs....

Instagram is facing scrutiny after a critical vulnerability in its Meta AI-powered support system allegedly allowed attackers to take over user accounts by abusing the password recovery process....

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant’s implicit trust in Markdown links and images to...

Mozilla security advisory (AV26-532)

When ransomware struck St. Paul, Minn., last July, Chief Information Officer Jaime Wascalus turned to the city’s Emergency Management Department as IT teams began shutting down portions of the...

Hackers are abusing Signal’s in‑app messaging to trick users into giving up their backup recovery keys, allowing attackers to unlock years of supposedly private conversations in a new phishing...