The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs)...

Just what FOSS developers need – a flood of AI-discovered vulnerabilities Opinion Anthropic describes Project Glasswing as a coalition of tech giants committing $100 million in AI resources to...

Posted by Jiacheng Lu, Software Engineer, Google Pixel Team Google is continuously advancing the security of Pixel devices. We have been focusing on hardening the cellular baseband modem against...

Four-week call for evidence intended to help shape laws aimed at devices linked to crime The UK government is seeking views on radiofrequency jammers as it prepares legislation to ban the...

Claude is actually pretty good on the issues.

Analysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most critical flaws are exploited before defenders can patch them. [...]

Building management systems are rapidly becoming a high-risk entry point into critical infrastructure networks as organizations connect previously... The post Claroty says CEA-852 adoption...

New research from Comparitech underscores how exposed ICS (industrial control systems) continue to present a tangible risk to... The post Internet-exposed ICS devices running insecure Modbus leave...

Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. [...]

If you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse.

See how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply chain attack. Learn how easy it is to automate configuration of scans, identify impacted...

Cut through the noise and understand the real risks, responsibilities, and responses shaping enterprise AI today. Webinar Promo 2025 was the year of AI experimentation. In 2026, the bills are...

A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. [...]

Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. [...]

Executives and high-privilege users are prime targets for credential theft — and standard monitoring often misses them. Learn how VIP Credential Monitoring in Recorded Future Identity Intelligence...

Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of...

A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to...

Censys researchers warned that thousands of devices are exposed to the Iranian government’s campaign targeting energy, water, and U.S. government services and facilities. The post Iranian attacks...

KEY OBSERVATIONS Malicious Package Versions Identified: Malicious versions of the Axios npm package ([email protected] and [email protected]) were observed within a customer’s environment, indicating...

Tenable security advisory (AV26-336)

Qualcomm security advisory – April 2026 monthly rollup (AV26-335)

Juniper Networks security advisory (AV26-334)

HPE security advisory (AV26-333)

Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even...

Cops bust latest scam, return $12m to bilked victims US, UK, and Canadian law enforcement Thursday said that they disrupted a $45 million global cryptocurrency scam, freezing $12 million in stolen...

A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. [...]

Bill discusses why obsessing over strategy games is actually a secret weapon to outsmart threat actors.

Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials of C-suite executives across multiple industries. [...]

Possible link to Mr. Raccoon's claimed Adobe break-in A new extortion crew has targeted “several dozen high-value” corporations through phishing and helpdesk social-engineering, according to Google.…

As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in...