What are the main risks for container environments: vulnerabilities, supply chain attacks, configuration errors; how to improve container security and how Kaspersky Container Security with the...

Authors: Dixit Panchal & Vaibhav Krushna Billade Table of Contents: Introduction: Key Targets: Infection Chain: Initial Findings about Campaign: Analysis of Decoy: Technical Analysis: Stage 1:...

A Google security engineer was charged with insider trading after winning $1.2 million using confidential company data to place bets on the cryptocurrency-based Polymarket decentralized prediction...

The ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking the U.S. telecom giant Charter Communications in early April, according to data breach...

Lawmakers push DoD to tighten smartphone controls after adversaries exploited commercial tracking data

Oracle addresses 35 CVEs in its May 2026 Critical Security Patch Update with 35 patches, including 11 critical updates.Key TakeawaysThe May 2026 Critical Security Patch Update (CSPU) contains...

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions....

Six 0-days, three under active exploitation, more to come on July 14?

It is the database titan’s sixth acquisition announcement since June 2025

It is the database titan’s sixth acquisition announcement since June 2025

Cyber-physical systems (CPS) protection company Claroty announced it is launching Claroty Claire, a first-of-its-kind, CPS-native AI security agent... The post Claroty launches Claire, a...

Dispel announced the general availability of Dispel Compliance, a new governance, risk, and compliance capability within the Dispel... The post Dispel Compliance launches to automate OT audit...

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. "The...

Anthropic has confirmed that it plans to bring Mythos-class models to the general public after delaying the rollout due to security risks to public and private software. [...]

In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters group in a "pay or...

Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better...

Mitel security advisory (AV26-524)

Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering...

May security update trips over hostnames of a very specific length

A likely Russian threat cluster tracked as GreyVibe has been targeting Ukrainian entities with AI-generated lures and a rich set of custom malware tools. [...]

Michele Spagnuolo allegedly placed multiple trades on the prediction marketplace, abusing internal access to Google’s nonpublic data on the most searched people in 2025. The post Google security...

In this newsletter, Thor breaks down why you should stop relying solely on CVSS and start using EPSS and GCVE to focus your patching efforts on the threats that actually matter.

Tanium security advisory (AV26-523)

Erlang security advisory (AV26-522)

An Android remote access trojan named BTMOB is offered to cybercriminals with a builder interface for generating malware payloads tailored to phishing lures. [...]

State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don't understand where their AI exposure...

The US military has long known that cheap fixes could stop location data from exposing its troops. It adopted almost none—and now says adversaries are using the data to target soldiers during a war.

Microsoft Threat Intelligence tracks the operators behind the ransomware as Storm-2697, a financially motivated threat actor that manages the RaaS platform known as “The Gentlemen” while...

The FBI is warning of fake websites impersonating FIFA ahead of the 2026 World Cup, to steal personal and financial information, sell fake tickets and hospitality packages, and push other fraud...

Authentication Bypass vulnerability (CVE-2026-8990) has been found in Kidsview software.