InfoSec has a bad habit of acting like history started this morning. Something new lands, the industry loses its mind for a week, vendors start talking like the old rules no longer apply, and half...
Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least...
Kejia Wang and Zhenxing Wang established shell companies and hosted laptop farms to help operatives obtain jobs at more than 100 U.S. companies. The post US nationals sentenced for aiding North...
Bug or feature? A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into Anthropic's official Model Context Protocol (MCP) puts as many...
CVE-2023-33538 allows for command injection in TP-Link routers. We discuss exploitation attempts with payloads characteristic of Mirai botnet malware. The post A Deep Dive Into Attempted...
As OpenAI and Anthropic advance frontier AI, SentinelOne delivers AI-native, machine-speed cyber defense at global scale.
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities.The vulnerabilities mentioned in this blog post...
Available for free to any company that wants to use it, the “completely anonymous” app puts the pressure on porn sites and social media platforms to start blocking access by minors.
You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you...
The latest wave of "Operation PowerOFF," on April 13, 2026, targeted the distributed denial-of-service (DDoS) ecosystem and its users across 21 countries. [...]
Social engineering: 'low-cost, hard to patch, and scales well' North Korean criminals set on stealing Apple users' credentials and cryptocurrency are using a combination of social engineering and...
A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environments to sabotage their operations. [...]
Thor provides an overview of the Q1 2026 vulnerability statistics, highlighting key trends in legacy CVEs and the evolving impact of AI on the threat landscape.
Operation PowerOFF’s latest globally coordinated action identified more than 75,000 alleged cybercriminals. Officials warned each of them to stop jamming up traffic. The post Officials seize 53...
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every...
Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to...
Losses from cargo theft in North America rose to $6.6 billion in 2025, driven largely by digital attacks, according to the fleet management company Geotab.
A researcher known as "Chaotic Eclipse" has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed "RedSun," in the past two weeks, protesting how the company works...
A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows...
Fortune 500 companies and one US defense contractor got taken for $5m in four-year scam Two Americans have been jailed for a combined 200 months for helping North Korea generate $5 million through...
A new analysis from the Foundation for Defense of Democracies (FDD) warns that Chinese-produced cellular modules, embedded across... The post Hidden risks in Chinese cellular modules grow across...
Asset intelligence platform for unified security operations and exposure management vendor Axonius announced on Wednesday a major expansion... The post Axonius brings AI-driven exposure management...
See how Tenable Hexa AI custom agents empower you to counter machine-speed threats by automating vulnerability remediation. Learn how the Model Context Protocol (MCP) automates execution of...
Exposure management company Tenable announced a new OT asset discovery engine that enables security teams to quickly bring... The post Tenable embeds native OT visibility into Tenable One to...
Introduction Advances in AI model-powered exploitation have demonstrated that general-purpose AI models can excel at vulnerability discovery, even without being purpose-built for the task....
Extending the Wiz AI APP into the code layer to detect AI-specific risks at inception, validate exploitability at runtime, and orchestrate remediation with agents that understand your codebase
Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. [...]
Forged metadata made AI reviewer treat hostile changes as though they came from known maintainer Security boffins say Anthropic's Claude can be tricked into approving malicious code with just two...
AI companies like OpenAI and Anthropic should play a bigger role in software vulnerability disclosures in the future, according to a leader of the world’s largest vulnerability disclosure scheme....
Your biggest risk may be a vendor you trust. How can SMBs map their third-party blind spots and build operational resilience?