Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw. [...]

Missed flights and more means something has got to give at the border Greece is taking a flexible approach to introducing the European Union's biometric Entry/Exit System (EES), after some British...

A breach claims the systems as well as the confidence that was, in retrospect, a major vulnerability

FAST16 could be the first cyberweapon, and its effects could be with us today

Nothing says 'We want honest opinions' like a 36,000-letter mailshot with no awkward questions allowed Members of the UK government’s People’s Panel on Digital ID will spend two weekends in...

The Outpost24 Threat Intelligence team research Handala Hack Team, the group claiming responsibility for several high-profile cyber-attacks. The post Handala Hack Team: Threat Actor Profile...

Kaspersky researcher discovered a vulnerability in RPC architecture that enables an attacker to create a fake RPC server and escalate their privileges.

Microsoft says IT administrators can now uninstall the AI-powered Copilot digital assistant from enterprise devices using a new policy setting, which has become broadly available after the April...

FAST16 could be the first cyberweapon, and its effects could be with us today Black Hat Asia Infosec outfit SentinelOne found malware that tries to induce errors in engineering and physics...

Global cybersecurity agencies sounded the alarm on Chinese government-linked hackers quietly building and maintaining hidden networks of hijacked... The post Cybersecurity agencies flags use of...

Demonstrated in China, probably applicable elsewhere

Cato Networks researchers have uncovered a coordinated global campaign targeting internet-exposed PLCs (programmable logic controllers) using the Modbus/TCP... The post Cato traces large-scale...

Industrial cybersecurity firm Dragos on Thursday pushed back against alarm over ZionSiphon, a piece of malware purportedly designed... The post Dragos dismisses ZionSiphon narrative, says code...

Demonstrated in China, probably applicable elsewhere Black Hat Asia Developers of rented internet of things infrastructure – stuff like public EV chargers and shared e-bikes – are prioritizing...

In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the...

For most security teams today, volume and access to intelligence isn’t the problem. It’s the speed at which they can turn that intelligence into action. .

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised...

The company said it found more evidence of compromise across its customer base. Exposure, which has yet to be defined, poses significant downstream risk. The post Vercel attack fallout expands to...

A previously unknown 2005 cyber sabotage framework patches high-precision calculation software in memory to silently corrupt results.

Researchers have finally cracked Fast16, mysterious code capable of silently tampering with calculation and simulation software. It was created in 2005—and likely deployed by the US or an ally.

Legit-looking website, camera-on interviews, jokes about backdoors ... it worked EXCLUSIVE It all started with a LinkedIn message, as so many employment scams do these days.…

What are the next steps for security leaders in this new age of frontier AI? We answer the top 10 questions customers are asking. The post Frontier AI and the Future of Defense: Your Top Questions...

Investigators found the malware, dubbed Firestarter, on a federal agency's network in a campaign dating back to at least September 2025. The post US, UK agencies warn hackers were hiding on Cisco...

Tenable security advisory (AV26-387)

Spring security advisory (AV26-386)

All the Typhoons, everywhere, all at once A majority of China-linked threat actors are using compromised routers and IoT devices worldwide, turning this gear into proxy networks to carry out...

Researchers said it’s the first-ever mapping of attack traffic to mobile operator signalling infrastructure. The post Surveillance campaigns use commercial surveillance tools to exploit long-known...

Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from Socket. "The affected package version appears to be...

You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is...

AL25-012 - Vulnerabilities impacting Cisco ASA and FTD devices – CVE-2025-20333, CVE-2025-20362 and CVE-2025-20363 – Update 1