Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74...

Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet...

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. [...]

Plus: Major data breaches at a gym chain and hotel giant, a disruptive DDoS attack against Bluesky, dubious ICE hires, and more.

Microsoft is warning that a recent Microsoft Edge browser update introduced a bug that breaks right-click paste in chats in the Microsoft Teams desktop client. [...]

NAKIVO Inc. announced the general availability of NAKIVO Backup & Replication v11.2, focused on fast, reliable, and proactive data protection. [...]

Pretty fantastic video from Japan of a giant squid eating another squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog...

Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the...

A newly disclosed zero-day vulnerability, dubbed RedSun, is raising fresh concerns for organizations relying on Microsoft Defender as a core layer of endpoint protection. Early indicators suggest...

Bug hiding in plain sight for over a decade lands on KEV list CISA is sounding the alarm on a newly-exploited Apache ActiveMQ bug, ordering federal agencies to patch within two weeks as attackers...

Or, how public information and a €5 tracker exposed an avoidable opsec lapse Militaries around the world spend countless hours training, developing policies, and implementing best operational...

Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8.3 billion ads globally...

The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. [...]

As AI applications introduce a new class of infrastructure resources, visibility into what your IaC creates, where it runs, and whether it has drifted has never been more critical.

CERT Polska has received a report about 2 vulnerabilities (CVE-2026-40458, CVE-2026-40459) found in PAC4J software.

White House Office of Management and Budget (OMB) Director Russell Vought told senators at a Budget Committee hearing Thursday that the Department of Homeland Security (DHS) is “disintegrating”...

Florida legislators have sent the governor a bill to formalize state cybersecurity support for municipalities, and it is currently awaiting action following the close of the 2026 legislative...

Sweden’s announcement this week marks an important shift in how the country publicly frames the threat from Russia. Cyber intrusions against Swedish targets are not new, but for the first time,...

The exchange of bombs and missiles in the Middle East between Iran and its foes has been paused for more than a week now. Iran’s hackers, however, have remained active on the digital battlefield....

Ten years ago, the emerging conventional wisdom among many defense planners was that the United States Army would not serve a meaningful role in a potential conflict with China — that there would...

A post-midnight revolt in the House sank the White House's efforts to extend Section 702—a spy program the FBI has used to look into members of Congress, protesters, and political donors.

A company wakes up to a news story claiming it has suffered a major data breach. The details are specific, technical and convincing. But the breach didn’t happen. No systems were compromised. No...

Drupal security advisory (AV26-359)

Nginx UI security advisory (AV26-360)

HPE security advisory (AV26-361)

Microsoft Edge security advisory (AV26-362)

HashiCorp security advisory (AV26-363)

JetBrains security advisory (AV26-364)

Security researchers recently spent a month getting a first-hand look at the activity of cybercriminals targeting the trucking and logistics industry. The researchers, from cybersecurity firm...

A security researcher named Morpheuskafka has found that thousands of private files from the Tel Aviv-based gig-work website Fiverr were left open for anyone to view online. The leaked data...