Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket...

Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The...

Plus, the payload references 'TeamPCP/LiteLLM method' Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as it moves through...

Marc Rogers and Silas Cutler expose how cheap smart home devices conceal a shadow supply chain of shell companies, firmware flaws, and foreign data routing.

And that unauthorized access? 'A nothing burger,' hacking startup CEO tells El Reg Anthropic's Mythos model is purportedly so good at finding vulnerabilities that the Claude-maker is afraid to...

The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. "The malware uses the...

Apple security advisory (AV26-381)

Senior researcher Noura Aljizawi spoke to WIRED about a hack that revealed Syria’s fragile cybersecurity. The post The Hack That Exposed Syria’s Sweeping Security Failures appeared first on The...

n8n security advisory (AV26-379)

Oracle security advisory – April 2026 quarterly rollup (AV26-380)

Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notifications marked for deletion to remain stored on the device. [...]

Learn how SentinelOne has stopped three recent zero-day supply chain attacks with AI-driven defense built for machine-speed threats.

[Control Systems] Phoenix Contact Security Advisory (AV26-378)

Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026. Dubbed Lotus Wiper,...

On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens...

The U.K.’s National Cyber Security Centre (NCSC) is warning that organizations delivering critical services must urgently prepare for... The post NCSC flags widening gap between cyber threats and...

New ZeroFox data from the first quarter of this year paints a picture of a threat landscape that... The post ZeroFox data shows ransomware stabilizing at scale, with manufacturing absorbing nearly...

A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. [...]

New research from Forescout Technologies uncovers 22 previously unknown vulnerabilities in serial-to-IP converters, with thousands of exposed devices... The post BRIDGE:BREAK reveals 22...

One group of hackers used AI for everything from vibe coding their malware to creating fake company websites—and stole as much as $12 million in three months.

Australia’s Cyber and Infrastructure Security Centre (CISC) outlined how regulatory obligations under the Security of Critical Infrastructure Act... The post Australia’s CISC tightens cyber...

ServiceNow completed its acquisition of Armis, a cyber exposure management and security company, delivering a comprehensive AI-powered solution... The post ServiceNow closes Armis deal to extend...

Somewhere in the United States right now, a water treatment facility is running control systems that a quantum computer will eventually be able to compromise, and there is no federal deadline...

Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372,...

A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption. [...]

Key Takeaways We identified an exposed server that provided unusual visibility into a large-scale, multi-victim exploitation and collection operation. Artifacts on the host showed that Claude Code...

Cybersecurity teams spend a lot of time trying to find vulnerabilities before an adversary does. In a recent episode ofCyber Focus, Preston Golson argues that companies should start doing the same...

May 7, 2026, I will be presenting at Sensors Converge in Santa Clara, CA: “Process Sensor Monitoring for Cybersecurity, Reliability, and Safety.” (https://www.sensorsconverge.com/). The...

Microsoft security advisory (AV26-377)

GitLab security advisory (AV26-376)