The binding operational directive will focus in part on “vulnerability alleviation and vulnerability management,” Andersen said in remarks delivered at the TechNet Cyber conference in Baltimore.

It was far too easy for a hacker to get the information

A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's connected...

Those backup plans need backup testing

It's hard to stop a signal jammer if you can't locate the source, say Rice University researchers

In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of...

Officials said they dismantled nine organized crime groups and removed more than 27,000 URLs hosting live sports and other copyrighted media during a seven-month operation. The post European...

Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named...

A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the...

Broadcom VMware security advisory (AV26-548)

Cisco security advisory (AV26-547)

Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI...

Four people suing Elon Musk's AI firm under pseudonyms due to the risks of being identified may face a difficult choice: Reveal your real names, or drop the lawsuit.

Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token. "Just by clicking a link, it's...

A Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. [...]

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of...

Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race....

The U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to terrorist activities. [...]

Researchers follow in Nightmare Eclipse’s footsteps, flipping off Redmond in favor of insta-leaks

CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel...

Common Sense Media’s new Youth AI Safety Institute is beginning work on what it hopes will become a crash-test-style model for artificial intelligence products used by children: independent...

[Control Systems] Phoenix Contact Security Advisory (AV26-546)

Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted...

A new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds. [...]

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The...

In Brazil, Nota Fiscal eletrônica (NF-e) is the everyday name for an official electronic invoice. Real ones often arrive as a ZIP whose long number looks like paperwork. Criminals reused that...

[Control systems] ABB security advisory (AV26-545)

150 new organizations inducted to cyber’s Soho House, including the first outside the US

Google Chrome security advisory (AV26-544)

U.S. President Donald J. Trump signed an executive order aimed at strengthening the cybersecurity posture of government and... The post Trump signs executive order advancing AI innovation,...