It's hard to stop a signal jammer if you can't locate the source, say Rice University researchers

In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of...

Officials said they dismantled nine organized crime groups and removed more than 27,000 URLs hosting live sports and other copyrighted media during a seven-month operation. The post European...

Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named...

A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the...

Broadcom VMware security advisory (AV26-548)

Cisco security advisory (AV26-547)

Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI...

Four people suing Elon Musk's AI firm under pseudonyms due to the risks of being identified may face a difficult choice: Reveal your real names, or drop the lawsuit.

Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token. "Just by clicking a link, it's...

A Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. [...]

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of...

Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race....

The U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to terrorist activities. [...]

Researchers follow in Nightmare Eclipse’s footsteps, flipping off Redmond in favor of insta-leaks

CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel...

Common Sense Media’s new Youth AI Safety Institute is beginning work on what it hopes will become a crash-test-style model for artificial intelligence products used by children: independent...

[Control Systems] Phoenix Contact Security Advisory (AV26-546)

Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted...

A new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds. [...]

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The...

In Brazil, Nota Fiscal eletrônica (NF-e) is the everyday name for an official electronic invoice. Real ones often arrive as a ZIP whose long number looks like paperwork. Criminals reused that...

[Control systems] ABB security advisory (AV26-545)

150 new organizations inducted to cyber’s Soho House, including the first outside the US

Google Chrome security advisory (AV26-544)

U.S. President Donald J. Trump signed an executive order aimed at strengthening the cybersecurity posture of government and... The post Trump signs executive order advancing AI innovation,...

CERT Polska has received a report about 2 vulnerabilities (CVE-2026-47324 and CVE-2026-47325) found in school-management-system software.

Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems. The Minecraft-focused...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. [...]

Researchers are using machine learning algorithms to decrypt historical pencil-and-paper ciphers.

A two-week penetration test can leave roughly 345 days of real-world exposure unvalidated. Sprocket Security explores why continuous testing is becoming critical as attack surfaces constantly change. [...]

Unknown attackers stole a senior executive's Outlook mailbox in incremental batches, exfiltrating through Dropbox and OneDrive Personal to keep the traffic indistinguishable from legitimate activity.

The U.S. Department of Homeland Security (DHS), through the Cybersecurity and Infrastructure Security Agency (CISA), moved forward with... The post CISA advances ChemLock information request to...

Growing connectivity across industrial operations, supply chains and public infrastructure is changing the way cyber risk spreads, making... The post Industrial cyber risk demands new governance...

Kaspersky researchers analyze new Argamal RAT distributed via infected hentai games and allowing the attacker to control the target machine.

Tenable CTO Vlad Korsunsky talks about participating in the World Economic Forum’s Annual Meeting on Cybersecurity and Tenable’s EXPOSURE 2026 conference, where he talked with global leaders about...

Protecting industrial crown jewels from espionage begins with recognizing a hard truth that in modern OT (operational technology)... The post Cyber adversaries shift from data theft to operational...

Acer is working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers. [...]

This morning, the City of Thorold identified a cybersecurity incident involving certain systems within our network. Upon discovery of the incident, we immediately activated our incident response...

European and international law enforcement agencies have dismantled nine organized crime groups and arrested 29 suspects in a major crackdown on illegal streaming operations. [...]

Google is introducing a new Android security feature that will detect and flag phone calls in which scammers use artificial intelligence to impersonate a user's personal contacts. [...]

A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into...

Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component...

What Happened:On 3 May 2026, ShinyHunters, the English-speaking adolescent cybercrime collective, claimed they breached Instructure by listing them on their Tor data leak site.Instructure is a...