Cybersecurity
Vercel Breach Exposes Dangers of OAuth Integration Risk
A single third-party OAuth integration can become a direct path into your environment. Push explains how the Vercel breach shows a compromised OAuth app can lea
#security
174 articles
Cybersecurity
GitHub Patches Critical RCE Vulnerability Affecting Private Repos
In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private re
Cybersecurity
Chinese Hackers Target Users With Trojanized PDF Reader
Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitati
Cybersecurity
New Threat Group UNC6692 Exploits Teams for Malware Distribution
A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custo
Cybersecurity
Supply Chain Vulnerabilities Persist as Attackers Exploit Familiar Flaws
You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Sa
Cybersecurity
AI Bug Hunter: Anthropic Delays Release to Patch Vulnerabilities
Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of post
Cybersecurity
US Charges Scattered Spider Member Arrested in Finland
A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member
Cybersecurity
Bitwarden CLI Targeted in Major Supply Chain Security Breach
Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from Socket. "The affe
Cybersecurity
Checkmarx Confirms LAPSUS$ Group Leaked Stolen Source Code
Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. [...]
Science & Tech
Apple Fixes Bug That Exposed Signal Chat Data to Law Enforcement
Signal “very happy” Apple fixed bug storing private chats after app was deleted.
Cybersecurity
Vercel Uncovers Additional Compromised Accounts in Security Breach
Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled una
Gadgets
Bluesky Hit by Sophisticated DDoS Attack
Bluesky is once again having a wobble. The platform said some of its systems are down and that it’s “investigating an incident with service in one of our regino
Cybersecurity
China-Linked Hackers Target Mongolia Government with Go Backdoors
Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (APT) group tracked as Goph
Cybersecurity
Apple Fixes iOS Flaw That Retained Deleted Notifications
Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The
Cybersecurity
Malicious Docker Images Target Checkmarx KICS Supply Chain
Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software s
Cybersecurity
Self-Propagating Worm Targets npm Packages, Steals Developer Tokens
Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through
Cybersecurity
Harvester's Linux GoGra Backdoor Targets South Asia
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in So
Cybersecurity
73 Malicious Extensions Hide in OpenVSX Ecosystem
A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious after an update. [...]
Cybersecurity
Canadian Police Bust SMS Blaster Ring in Toronto
Canadian authorities have arrested three men for operating an "SMS blaster" device that pretends to be a cellular tower to send phishing texts to nearby phones.
Cybersecurity
Microsoft Releases Emergency Patch for Critical ASP.NET Core Flaw
Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerab
Cybersecurity
Lotus Wiper Malware Strikes Venezuelan Energy Infrastructure
Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the
Cybersecurity
Critical Terrarium Sandbox Flaw Allows Root Code Execution
A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability
Cybersecurity
Popular Python Package Compromised in Data Theft Attack
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency w
Science & Tech
Microsoft Releases Emergency Patch for ASP.NET Flaw on macOS and Linux
When authentication fails, things can go very, very wrong.
Cybersecurity
22 Critical Flaws Found in Serial-to-IP Converters
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited t
Cybersecurity
Medtronic Confirms Major Security Breach Affecting Millions
Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in "certain corporate IT systems." [...]
Cybersecurity
Ransomware Negotiator Guilty in BlackCat Attack Scheme
A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023. Angelo Martin
Cybersecurity
ADT Data Breach Compromises 5.5 Million Customer Records
The ShinyHunters extortion group stole the personal information of 5.5 million individuals after breaching the systems of home security giant ADT earlier this m
Cybersecurity
Why Your SOC's Response Time Lags Behind Industry Leaders
Security teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the environment is an hour of potential
Cybersecurity
Stolen Credentials: Why Attackers Skip Exploits
The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. H
Science & Tech
FBI Launches Investigation Into Missing Scientists With Government Access
FBI suspects foreign spies may be targeting scientists with access to government secrets.
Cybersecurity
Itron Reports Unauthorized Access to Internal IT Systems
Itron, Inc. has disclosed, via an 8-K filing with the U.S. Securities and Exchange Commission (SEC), a cybersecurity incident in which an unauthorized third par
Science & Tech
Two Americans Sentenced for North Korea IT Worker Scheme
The U.S. Department of Justice announced that two Americans were sentenced to years in prison for helping the North Korean government place fake IT workers in U
Cybersecurity
Google Fixes Critical Prompt Injection Flaw in Antigravity IDE
Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to
Cybersecurity
CISA Adds 8 Critical Exploited Vulnerabilities to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog,
Cybersecurity
Microsoft Teams Exploited to Distribute Custom Snow Malware
A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named 'Snow' which includes a browser extension, a tunneler, and
Cybersecurity
ADT Confirms Data Breach Following ShinyHunters Extortion Threat
Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. [...]
Cybersecurity
Attackers Exploit Trusted Tools to Breach Systems
Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefl
Cybersecurity
BlackFile Extortion Group Escalates Vishing Campaign
A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks against retail and hospitality orga
Cybersecurity
Firestarter Malware Persists Despite Cisco Security Patches
Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco Firepower and Secure Firewall devices runn
Cybersecurity
ZionSiphon Malware Targets Israeli Water Infrastructure
Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalinati
Cybersecurity
Critical Design Flaw in Model Context Protocol Risks AI Supply Chain
Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote
Cybersecurity
Microsoft Brings Passkey Authentication to Windows Entra
Microsoft will roll out passkey support for phishing-resistant passwordless authentication to Microsoft Entra‑protected resources from Windows devices starting
Science & Tech
Firefox 150 Audit Reveals 271 Security Flaws Using AI
CTO says new AI model is "every bit as capable" as world's best security researchers.
Cybersecurity
Sanctioned Crypto Exchange Grinex Shuts Down After $13.74M Hack
Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western
Science & Tech
Express Fashion Retailer Exposed Customer Data Online
Retail giant Express was publicly spilling customer information to the open web. The bug is now fixed after TechCrunch alerted Express, but the company would no
Cybersecurity
10,000+ Zimbra Servers Face Active XSS Attack Threat
Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw. [
AI & ML
OpenAI and AARP Team Up to Protect Seniors Online
OpenAI and AARP are partnering to help older adults stay safe online with new AI training, scam-spotting tools, and nationwide programs through OpenAI Academy a
Cybersecurity
Microsoft Defender Zero-Days Under Active Attack
Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised s
Cybersecurity
Google Blocks 8.3B Ads, Overhauls Android Privacy
Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or r