New findings from Microsoft show that the threat actor Storm-1175 is intensifying high-tempo ransomware operations by aggressively targeting... The post Storm-1175 exploits web-facing systems to...
New data from Cyfirma threat landscape report disclosed that Malaysia’s cyber threat landscape is undergoing a structural shift,... The post Malaysia’s digital growth and geopolitics widen cyber...
Finite State, a vendor of product security and software supply chain risk management, announced the appointment of Ann... The post Finite State appoints Ann Miller to scale product security and...
Android security advisory – April 2026 monthly rollup (AV26-314)
Davey Winder reports: Usually, when I report zero-day exploits, it’s because attacks by threat actors are already underway or a vendor has released a patch after becoming aware of the...
The Trump administration’s Golden Dome missile defense system might get $17.5 billion in fiscal 2027 after receiving a $23 billion down payment through a reconciliation bill passed last summer....
The U.S. Secret Service is pushing to onboard tech talent to help personnel better use artificial intelligence capabilities, according to the agency’s IT and AI lead. In an interview with...
A North Korean cyberattack that last Monday briefly hijacked one of the most widely used open source projects on the web took weeks to carry out as part of a long-running campaign to target the...
New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even...
CERT Polska has received a report about 2 vulnerabilities (CVE-2026-33865, CVE-2026-33866) found in Mlflow software.
Noma Security researchers used indirect prompt injection to turn Grafana's own AI into an unwitting courier for sensitive corporate data. The post ‘GrafanaGhost’ bypasses Grafana’s AI defenses...
Rising concern over the source and destination of chips, and the components within them, is driving a global effort to tag them in a way that is permanent, immutable, and unclonable. While these...
Brockton Hospital is diverting ambulances and canceling some services as it responds to a cybersecurity incident that began impacting its information systems on Monday. Chemotherapy infusion...
The discovery of explosives near a major gas pipeline in northern Serbia — part of the TurkStream/Balkan Stream system supplying Russian gas to Hungary — is a highly politicized and strategically...
Jones Day has suffered a cyber security attack after hackers accessed files linked to a number of client matters. In a statement, the US firm said it had experienced a phishing attack in which “an...
In October 2022, Unitree Robotics joined Boston Dynamics, Agility Robotics, and three other firms in signing an open letter pledging not to weaponize their machines and to review customers’...
Maine looks poised to become the first state to freeze building of new data centers with legislation that could pass this spring, but community backlash against these properties is spreading...
Americans lost nearly $800 million last year from scammers pretending to be U.S. government officials, according to a new report from the Federal Bureau of Investigation’s Internet Crime Complaint...
Negotiators are pessimistic Iran will bend to meet President Trump’s demand to reopen the Strait of Hormuz before his Tuesday-night deadline, paving the way for the U.S. to target Iranian bridges...
Anthropic said late last year that state-sponsored Chinese hackers had used its artificial intelligence technology in an effort to infiltrate the computer systems of roughly 30 companies and...
Fortinet security advisory (AV26-313)
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks...
In this episode of Talos Takes, Amy and Pierre Cadieux unpack the ransomware and vulnerability trends that defined 2025.
CERT Polska has received a report about a Stored Cross-site Scripting vulnerability found in Bludit software.
An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link...
Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck. The vulnerability in...
New analysis from the Center for Strategic and International Studies (CSIS) identified that Iran’s approach to cyber conflict... The post CSIS flags Iran’s shift from episodic cyberattacks to...
As connected systems spread across residential, industrial and commercial environments, the need for independently verified cybersecurity assurance is... The post Microchip secures IEC 62443-4-1...
Automated pentesting tools deliver strong early results, then quickly plateau. Picus Security explains how the "PoC cliff" leaves major attack surfaces untested and creates a dangerous validation...
Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails.