The United Kingdom's National Cyber Security Centre (NCSC-UK) and international partners warned that China-nexus hackers are increasingly using large-scale proxy networks of hijacked consumer...

A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate services like Microsoft 365 Outlook, Slack, and Discord in attacks against...

NCSC passes judgment: passkeys pass muster, passwords fail The UK's National Cyber Security Centre (NCSC) has officially endorsed passkeys as the default authentication standard, marking the first...

CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has been exploited in zero-day attacks. [...]

In this article, I’ll walk you through the basics of Kerberos, how to use Titanis for the different parts, and how to mitigate some problems.Titanis SetupI use Titanis tools throughout this...

How better intelligence and collaboration can unlock new opportunities for growth and greater financial health for more people.

Learn how critical minerals and rare earth elements (REEs) are evolving from commodities into strategic flashpoints. Explore the geopolitical risks of China’s refining dominance, the race for...

How better intelligence and collaboration can unlock new opportunities for growth and greater financial health for more people.

The compromise originated from a GitHub Actions script injection vulnerability in a workflow that improperly handled untrusted input from pull request comments. An attacker exploited this flaw to...

Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket...

Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The...

Plus, the payload references 'TeamPCP/LiteLLM method' Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as it moves through...

Marc Rogers and Silas Cutler expose how cheap smart home devices conceal a shadow supply chain of shell companies, firmware flaws, and foreign data routing.

And that unauthorized access? 'A nothing burger,' hacking startup CEO tells El Reg Anthropic's Mythos model is purportedly so good at finding vulnerabilities that the Claude-maker is afraid to...

The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. "The malware uses the...

Apple security advisory (AV26-381)

Senior researcher Noura Aljizawi spoke to WIRED about a hack that revealed Syria’s fragile cybersecurity. The post The Hack That Exposed Syria’s Sweeping Security Failures appeared first on The...

n8n security advisory (AV26-379)

Oracle security advisory – April 2026 quarterly rollup (AV26-380)

Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notifications marked for deletion to remain stored on the device. [...]

Learn how SentinelOne has stopped three recent zero-day supply chain attacks with AI-driven defense built for machine-speed threats.

[Control Systems] Phoenix Contact Security Advisory (AV26-378)

Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026. Dubbed Lotus Wiper,...

On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens...

The U.K.’s National Cyber Security Centre (NCSC) is warning that organizations delivering critical services must urgently prepare for... The post NCSC flags widening gap between cyber threats and...

New ZeroFox data from the first quarter of this year paints a picture of a threat landscape that... The post ZeroFox data shows ransomware stabilizing at scale, with manufacturing absorbing nearly...

A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. [...]

New research from Forescout Technologies uncovers 22 previously unknown vulnerabilities in serial-to-IP converters, with thousands of exposed devices... The post BRIDGE:BREAK reveals 22...

One group of hackers used AI for everything from vibe coding their malware to creating fake company websites—and stole as much as $12 million in three months.

Australia’s Cyber and Infrastructure Security Centre (CISC) outlined how regulatory obligations under the Security of Critical Infrastructure Act... The post Australia’s CISC tightens cyber...