FRIEND
SANS Internet Storm Center
YARA-X 1.17.0 Release, (Sun, May 31st)
FOE
Bleeping Computer
WP Maps Pro bug exploited to create admin accounts on WordPress sites
FRIEND
The Hacker News
Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices
FOE
The Intercept (Privacy)
A Gay Palestinian Fled to Israel’s “Safe Haven.” Israel Tried to Exploit Him for Intelligence.
FOE
Bleeping Computer
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
FOE
SecurityWeek
Russian Spies Are Aggressively Seeking Western Technology as Sanctions Bite, Officials Say
FOE
SecurityWeek
Exploit Code Published for Critical Flowise RCE Vulnerability
FOE
Bleeping Computer
New CIFSwitch Linux flaw gives root on multiple distributions
FOE
The Hacker News
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
FOE
CSO Online
Russia-aligned crime group Greyvibe extensively uses AI in attacks
FOE
CSO Online
Microsoft and security researcher’s dueling posts about cybersecurity disclosures get nasty
FOE
The Register (Security)
Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries
FRIEND
Schneier on Security
Friday Squid Blogging: Another Squid
FRIEND
Dark Reading
Name That Toon: Mark of (Cybersecurity) Progress
FOE
EFF Deeplinks
One Step Forward, Two Steps Back: CA's AB 1856 Exempts Open Source But Expands Age-Gating
FOE
The Register (Security)
ICE to keep an eye on your eyes under $25M biometric scanner deal
FOE
Ars Technica (Security)
Botnet of more than 17 million devices dismantled
FOE
The Register (Security)
No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out
FOE
Bleeping Computer
ChatGPT share links abused to host fake outage pages to deliver malware
FOE
Bleeping Computer
California AG sues 23andMe over 2023 breach exposing health data
FOE
The Hacker News
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
FOE
SecurityWeek
In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks
FOE
The Register (Security)
23andMe inherits lawsuit over 'disturbing' DNA data breach
FRIEND
CSO Online
DNS-AID will make AI agents easier to discover, says Linux Foundation
FRIEND
CSO Online
Certifiably random: Swiss researchers claim perfect random number source
FOE
SecurityWeek
Charter Communications Data Breach Could Impact Nearly 5 Million
FOE
The Hacker News
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
FRIEND
Dark Reading
Asia's Cyber Insurance Market Shows Signs of Life
FRIEND
SecurityWeek
MokN Raises $15 Million for Phish-Back Platform
FOE
Bleeping Computer
From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market
FOE
Bleeping Computer
Dutch govt disrupts malware botnet with 17 million infected devices
FOE
Dark Reading
With Complex Cloud Integrations, Small Errors Lead to Major Compromises
FOE
The Register (Security)
Dutch cops wrest 17M devices from mystery botnet's clutches
FOE
SecurityWeek
Gogs Zero-Day Exposes Servers to Remote Code Execution
FRIEND
Bleeping Computer
Google Chrome adds session cookie theft protection for all users
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: It’s all letters and numbers
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
Dark Reading
'The Com' Cyberattacks Support Violence & Sexploitation
FOE
The Register (Security)
ChatGPT blindly trusts browser content, turning the page into a payload
FOE
The Register (Security)
Russia-linked threat group put ChatGPT to work from lure to payload
FOE
The Hacker News
New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks
FOE
SecurityWeek
California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach
FOE
Bleeping Computer
Man sent to prison for selling data of 7 millions elderly Americans
FOE
The Hacker News
What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks
FOE
The Register (Security)
ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak
FOE
SecurityWeek
Chrome 148 Update Patches 151 Vulnerabilities
FOE
Bleeping Computer
US charges Google security engineer with Polymarket insider trading
FOE
The Intercept (Privacy)
The Race to Build AI Data Centers — Before the People Can Protest
FOE
CSO Online
Notepad++ vulnerabilities could enable arbitrary code execution on Windows systems
FOE
The Hacker News
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
FOE
CSO Online
The Gentlemen are coming for your files, and then your network
FRIEND
CSO Online
Cybersecurity trends in SEC filings
FOE
Bleeping Computer
Charter Communications data breach affects 4.9 million accounts
FOE
CSO Online
GDPR set the tone for regulatory action — and the AI fine pushback to come
FOE
The Hacker News
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
FOE
Risky Business News
Risky Bulletin: Dutch police take down giant botnet of 17 million devices
FRIEND
CSO Online
IBM and Red Hat want to become the ‘security clearinghouse’ for open source applications in the enterprise
FOE
CSO Online
Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects
FOE
Bleeping Computer
Anthropic confirms Claude Mythos-class models will roll out to the public
FOE
CISA KEV
CVE-2026-0257: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
FOE
Dark Reading
As Global Powers Explore Humanoid Robots, Cyber-Risk Looms
FOE
Bleeping Computer
GreyVibe hackers use ChatGPT, Gemini to power cyberattacks
FOE
The Register (Security)
Troops’ phones gave away location data to foreign adversaries
FOE
Bleeping Computer
BTMOB Android malware service generates custom phishing payloads
FOE
Ars Technica (Security)
Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code
FOE
The Register (Security)
Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops
FRIEND
The Register (Security)
Snowflake buys Natoma to help freeze out rogue agents
FOE
SANS Internet Storm Center
Analysis of a Year of Files Uploaded to DShield Sensors, (Wed, May 27th)
FOE
Bleeping Computer
FBI warns of fake FIFA websites running World Cup fraud schemes
FOE
Dark Reading
Dutch Raid Fails to Dent Russian Bulletproof Host
FOE
Sophos News
Canvas attack aftermath: What risks come next
FOE
SecurityWeek
Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks
FOE
EPIC
EPIC Urges Vermont Senators to Vote No on Weak ‘Privacy’ Bill
FOE
Bleeping Computer
Hackers exploit FortiClient EMS flaw to push infostealer malware
FOE
The Hacker News
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
FRIEND
SecurityWeek
Geordie Raises $30 Million for AI Security and Governance Platform
FOE
EFF Deeplinks
Age Verification is a Privacy Nightmare
FOE
The Register (Security)
Microsoft tests the 15-character limit of Windows Server admins' patience
FOE
Dark Reading
Agentic AI Isn't Risky; the Way Orgs Deploy It Is
FOE
The Hacker News
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
FRIEND
Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: The story took an odd turn
FOE
SecurityWeek
Carnival Data Breach Exposed 6 Million People
FOE
Bleeping Computer
New Gogs zero-day flaw lets hackers get remote code execution
FRIEND
Bleeping Computer
How SIEM helps MSPs reduce noise and stop threats faster
FOE
The Hacker News
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
FOE
The Hacker News
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More
FOE
SecurityWeek
New BTMOB Android Malware Enables Full Device Takeover
FOE
CSO Online
Indian CERT urges firms to contain exploited internet-facing flaws within 12 hours
FOE
SecurityWeek
Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks
FOE
Bleeping Computer
Romanian gets 5 years in prison for hacking Oregon govt network
FRIEND
SecurityWeek
IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell”
FRIEND
Dark Reading
Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security
FOE
CSO Online
GlassWorm falls, but the repo problem is far from solved
FRIEND
Bleeping Computer
Webinar: Why network incidents take too long to resolve
FOE
The Register (Security)
Carnival confirms ShinyHunters cruised off with 6M customer records after April breach
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: Hand me the doodad
FOE
CISA Alerts
Supply Chain Compromises Impact Nx Console and GitHub Repositories
FOE
CISA Alerts
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
FOE
CISA Alerts
KMW CCTV Security Cameras
FOE
CISA Alerts
Fourth Frontier Frontier X Mobile Application, Frontier X2
FOE
CISA Alerts
CP Plus 8 Ch. Network Video Recorder
FOE
CISA Alerts
ABB Busch-Welcome 2 Wire Door Opener Actuator
FOE
CISA Alerts
XCharge C6
FOE
CISA Alerts
ABB EIBPORT
FOE
CISA Alerts
Schnieider Electric EcoStruxure Machine Expert HVAC
FOE
CISA Alerts
MacGregor Voyage Data Recorder (VDR) G4e
FRIEND
SecurityWeek
New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails
FOE
The Hacker News
New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"
FOE
SecurityWeek
Gitea Vulnerability Exposed 30,000 Deployments to Attacks
FOE
SecurityWeek
Raising the Cybersecurity Stakes: Ante up for the Agentic Era
FOE
Bleeping Computer
Carnival Cruise confirms data breach affecting nearly 6 million people
FOE
CSO Online
The AI governance imperative you can’t afford to ignore
FRIEND
SecurityWeek
Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks
FOE
Bleeping Computer
Sextortionist sentenced to 33 years for targeting 145 children
FOE
Dark Reading
BTMOB RAT Spreads Across Brazil, LatAm via MaaS Model
FOE
CSO Online
What the industrialization of exploitation means for defenders
FOE
Privacy International
How New EU Access to Documents Rules Can Reduce Transparency and Shield Big Tech
FOE
The Hacker News
JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware
FRIEND
Dark Reading
Nordic CISOs Handle Rising Cyber Threats Remarkably Well
FOE
The Register (Security)
Company CEO flooded file share with smut, called for help after he deleted it
FOE
CSO Online
Employees are unknowingly inviting tech support impersonators into firms, says FBI
FOE
Sophos News
Canvas attack aftermath: What risks come next?
FRIEND
Sophos News
Encore Performance: Sophos ranked #1 Overall in Endpoint, EDR, XDR, MDR, and Firewall for the 2nd consecutive time in the G2 Summer 2026 Reports
FOE
CSO Online
Another IT governance headache: AI-enabled sanction evasion
FRIEND
Sophos News
Gartner EPP MQ-17
FRIEND
Professor Messer
Professor Messer’s SY0-701 Security+ Study Group – May 2026
FOE
CSO Online
AI models more vulnerable than claimed when faced with iterative attacks
FOE
Bleeping Computer
GPU mining malware spreads via SEO poisoning, AI chatbots
FOE
SANS Internet Storm Center
Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs, (Wed, May 27th)
FOE
Ars Technica (Security)
Websites have a new way to spy on visitors: analyzing their SSD activity
FOE
Dark Reading
Ransomware Actors Show Up In Person to Steal Law Firm Data
FOE
The Register (Security)
CrowdStrike, Google shatter Glassworm botnet
FOE
SecurityWeek
UK Cyberspying Chief Calls AI ‘an Unstoppable Force’ and Warns About Russia
FOE
The Register (Security)
Bosses blinded by confidence about shadow AI use by workers
FOE
Dark Reading
Latin American Cybercriminals Hoover Up Government Data
FOE
The Register (Security)
FBI: Get to know your IT guy – extortion crews are visiting law firms pretending to be tech support
FOE
Dark Reading
AI-Assisted Exploit Development Outpaces Scanner Detection
FOE
The Hacker News
Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
FOE
The Hacker News
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
FOE
CSO Online
FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework
FOE
SecurityWeek
Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate
FOE
Schneier on Security
FBI’s 2025 Internet Crime Report
FRIEND
Bleeping Computer
Can you enforce strong Active Directory password rules without frustrating users?
FOE
The Register (Security)
India's cyber agency sets clock at 12 hours to tackle exploited bugs as AI turns up the heat
FRIEND
Black Hills Information Security
Bad Habits: An ANTISOC Operation
FOE
Bleeping Computer
Glassworm botnet disrupted after resilient C2 infrastructure takedown
FRIEND
SecurityWeek
SecurityWeek to Host AI Risk Summit August 11-12 at the Ritz-Carlton, Half Moon Bay
FRIEND
Dark Reading
Cybersecurity Evolution: How We Went From Perimeter Defense to AI-Native Security
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Quiz: Sit and stay
FOE
CISA Alerts
CISA Adds Three Known Exploited Vulnerabilities to Catalog
FRIEND
The Register (Security)
How to guarantee a speaker gig: Hack the system. Literally
FRIEND
SecurityWeek
RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries
FOE
Bleeping Computer
FBI warns of in-person data theft attacks from extortion gang
FOE
The Hacker News
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
FRIEND
The Hacker News
3 SOC Steps that Shut Down Incident Risks Early
FOE
SecurityWeek
Romanian Hacker Sentenced to Prison in US for Selling Access to State Network
FOE
The Hacker News
5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
FRIEND
SecurityWeek
Lastwall Raises $11.5 Million for Quantum-Resilient Identity Platform
FOE
SecurityWeek
The Credential Crisis: How Stolen Credentials Defeat Modern Security
FOE
SecurityWeek
‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems
FRIEND
SecurityWeek
GlassWorm Botnet Disrupted
FOE
The Hacker News
Gitea Vulnerability Exposes Private Container Images without Authentication
FOE
Bleeping Computer
CISA gives feds 4 days to patch actively exploited cPanel plugin flaw
FOE
SecurityWeek
LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers
FOE
Bleeping Computer
Dutch police arrests suspect linked to Ajax football club hack
FOE
CSO Online
The NSA, ‘Mythos’ and the quiet emergence of AI cyber doctrine
FRIEND
Bleeping Computer
Windows 11 KB5089573 update released with performance improvements
FOE
SecurityWeek
FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data
FOE
The Hacker News
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
FRIEND
CSO Online
DSPM buyer’s guide: Top 10 data security posture management tools
FOE
SecurityWeek
CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day
FRIEND
SecurityWeek
Anthropic Releases New Claude Sandbox, Security Guidance Plugin
FOE
Risky Business News
Risky Bulletin: BadHost vulnerability bypasses authentication on AI infrastructure
FOE
Sophos News
GitHub internal repositories breached
FOE
CSO Online
Microsoft previews automatic device isolation in Defender for Endpoint
FRIEND
Sophos News
Sophos named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection for the 17th consecutive report
FOE
CISA KEV
CVE-2026-45321: TanStack Unspecified Vulnerability
FOE
CISA KEV
CVE-2026-48027: Nx Console Embedded Malicious Code Vulnerability
FOE
EFF Deeplinks
More License Plate Reader Mission Creep: School Residency Verification, Background Checks, and Noise Complaints
FOE
Bleeping Computer
KnowledgeDeliver flaw exploited as a zero-day to install web shells
FOE
Ars Technica (Security)
Millions of AI agents imperiled by critical vulnerability in open source package
FOE
Dark Reading
Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos
FOE
Bleeping Computer
Charter confirms data breach after ShinyHunters extortion threat
FRIEND
EPIC
EPIC Joins NCLC in Support of FCC Bond Requirement Proposal to Prevent Robocalls
FOE
Dark Reading
State Cyber Leaders Beg Congress for More Funding, Support
FOE
Dark Reading
The Hackers Behind Shai-Hulud: Lucky or Skilled?
FOE
Dark Reading
For Enterprises, Security Remains Agentic AI's Biggest Challenge
FOE
EPIC
The Indian Express: AI firms use same deceptive opt-out tactics as data brokers to confuse users, study finds
FOE
EPIC
iGaming: Roblox Receives FTC Complaint Over Child Safety Claims
FOE
Dark Reading
Microsoft Issues Out-of-Band SharePoint Patch
FOE
The Register (Security)
MyPillow must decide whether to be firm or soft as ransomware crims demand pay
FOE
The Hacker News
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
FOE
Schneier on Security
Identifying People Using Wi-Fi Routers
FRIEND
Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: We need a good map
FOE
CSO Online
GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos
FRIEND
Bleeping Computer
How Varonis Atlas integrates Claude Compliance API for AI governance
FRIEND
SecurityWeek
AppOmni’s Marlin AI Brings Autonomous Investigation to SaaS Security
FOE
SecurityWeek
Iranian APT Targets Aviation, Software Companies With Updated Tools
FRIEND
Bleeping Computer
Microsoft Defender can now automatically isolate hacked endpoints
FRIEND
Bleeping Computer
Webinar: Too many tools are slowing network incident response
FOE
The Register (Security)
Experts pour cold borscht on Farage's Russian hack claim
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: A bit metallic
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
Eppendorf BioFlo 320
FOE
CISA Alerts
ABB AC500 V2
FOE
CISA Alerts
ABB AbilityTM Zenon Remote Transport Vulnerability
FOE
CISA Alerts
ABB LVS MConfig
FOE
CISA Alerts
ABB Terra AC
FOE
CISA Alerts
ABB B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM)
FOE
CISA Alerts
ABB Ability Camera Connect
FRIEND
Dark Reading
Remembering Tim Wilson, Whose Legacy Lives on at Dark Reading
FOE
SecurityWeek
185,000 Likely Impacted by 7-Eleven Data Breach
FRIEND
The Hacker News
[THN Webinar] New AI DDoS Attacks Are Smarter. Learn How to Fight Back
FOE
The Hacker News
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
FRIEND
SecurityWeek
Anthropic Expands Claude’s Enterprise Security Governance With 28 New Integrations
FOE
CSO Online
TrapDoor malware campaign puts developer workstations in CISO spotlight
FOE
SecurityWeek
Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment
FRIEND
SecurityWeek
Watch on Demand: Threat Detection & Incident Response Summit – All Sessions Available
FRIEND
SecurityWeek
Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images
FOE
The Hacker News
MFA Prompt Bombing: Why Your Second Factor Isn't Saving You
FOE
SecurityWeek
Lithuania Suspects Foreign Involvement in Data Leak of Over 600,000 National Register Entries
FOE
SecurityWeek
Admins of Bulletproof Hosting Service Used by Russian Hackers Arrested in Netherlands
FOE
The Hacker News
CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
FOE
CSO Online
Stop treating AI governance as a review layer. Make it release infrastructure
FOE
Bleeping Computer
CISA orders feds to patch actively exploited Drupal vulnerability
FOE
Bleeping Computer
Microsoft: Domain Controller lookup may fail on Windows Server 2016
FOE
The Hacker News
Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning
FOE
Bleeping Computer
7-Eleven data breach exposes personal information of 185,000 people
FOE
CSO Online
Vulnerabilities have become cyber attackers’ No. 1 door to the enterprise
FOE
The Hacker News
KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
FOE
CSO Online
Security experts caution MFA alone can no longer stop threat actors
FRIEND
CSO Online
Project Glasswing has uncovered 10,000 vulnerabilities: Anthropic
FOE
SANS Internet Storm Center
Possible ACR Stealer From Page Impersonating Claude, (Tue, May 26th)
FOE
CISA KEV
CVE-2026-48172: LiteSpeed cPanel Plugin Privilege Escalation Vulnerability
FOE
Bleeping Computer
Anthropic’s restricted Claude Mythos model may be coming to Claude Code
FOE
SANS Internet Storm Center
Microsoft Access VBA, (Mon, May 25th)
FOE
The Hacker News
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
FOE
SecurityWeek
Ghost CMS Vulnerability Exploited to Hack Over 700 Websites
FOE
SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)
FOE
SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)
FOE
Krebs on Security
Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks
FOE
Bleeping Computer
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
FOE
CSO Online
AI security needs a shift from models to systems, researchers argue
FOE
SecurityWeek
Oncology Institute Discloses Data Breach
FOE
The Hacker News
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Welcome to the club
FRIEND
CSO Online
As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free
FRIEND
The Hacker News
The Alert Firehose Finally Meets Its Match
FOE
SecurityWeek
266,000 Affected by Data Breach at Radiology Associates of Richmond
FOE
SecurityWeek
Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects
FOE
SecurityWeek
Laravel-Lang Packages Poisoned for Malware Delivery
FOE
SecurityWeek
DocketWise Data Breach Impacts 143,000
FOE
The Hacker News
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
FOE
SecurityWeek
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack
FOE
The Register (Security)
Anthropic to release Mythos-class models to the public
FOE
CSO Online
To pay, or not to pay: 58% of CISOs say they would pay the ransom for their data
FOE
The Hacker News
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
FOE
Risky Business News
Risky Bulletin: Mythos found thousands of critical bugs
FRIEND
SANS Internet Storm Center
Wireshark 4.6.6 Released, (Sun, May 24th)
FOE
Bleeping Computer
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
FOE
Bleeping Computer
Laravel Lang packages hijacked to deploy credential-stealing malware
FRIEND
The Hacker News
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
FOE
The Hacker News
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
FOE
Bleeping Computer
Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes
FRIEND
The Hacker News
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
FOE
SecurityWeek
‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains
FOE
The Register (Security)
AI eyes scanning for bugs create a worrisome Linux security trend
FOE
The Register (Security)
Dirty Frag, Copy Fail, Fragnesia: The start of a worrisome Linux security trend
FOE
The Hacker News
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
FOE
The Hacker News
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
FOE
The Hacker News
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
FRIEND
SANS Internet Storm Center
An Example of Stack String in High Level Language, (Sat, May 23rd)
FOE
CSO Online
Google leaks details for Chromium bug that can turn browsers into bots
FOE
The Register (Security)
A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets
FOE
The Register (Security)
Megalodon chums the waters in 5.5K+ GitHub repo poisonings
FOE
Ars Technica (Security)
Police boast of hacking VPN where criminals "believed themselves to be safe"
FRIEND
EPIC
NPR: DHS says ICE has ‘no relationship’ with spyware maker Paragon Solutions
FOE
Ars Technica (Security)
Texas AG sues Meta over claims that WhatsApp doesn't provide end-to-end encryption
FOE
CSO Online
FBI warns of Kali Oauth stealers
FOE
The Hacker News
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
FOE
Bleeping Computer
Netherlands seizes 800 servers of hosting firm enabling cyberattacks
FOE
SecurityWeek
Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure
FOE
CSO Online
Police take down VPN service (this time with a good reason)
FOE
Krebs on Security
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
FOE
The Hacker News
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
FRIEND
CSO Online
Microsoft says it’s making AI ‘safe for work’ in your browser
FRIEND
Dark Reading
Akamai Joins Growing Chorus of Vendors Betting Big on Secure Enterprise Browsers
FOE
Bleeping Computer
Former US execs plead guilty to aiding tech support scammers
FOE
SecurityWeek
In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking
FOE
Schneier on Security
CISA Security Leak
FOE
Bleeping Computer
Trend Micro warns of Apex One zero-day exploited in the wild
FOE
Dark Reading
Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks
FOE
Bleeping Computer
Drupal: Critical SQL injection flaw now targeted in attacks
FOE
Bleeping Computer
Why Chargebacks are Just One Piece of the Fraud Puzzle
FOE
SecurityWeek
Canadian Man Arrested for Operating Kimwolf Botnet
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: Bright colors are making a comeback
FOE
Bleeping Computer
Ubiquiti patches three max severity UniFi OS vulnerabilities
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
The Hacker News
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
FOE
The Hacker News
Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective
FOE
The Register (Security)
Techie claims Trump Mobile website was leaking thousands of people's data
FOE
Ars Technica (Security)
A hacker group is poisoning open source code at an unprecedented scale
FOE
The Intercept (Privacy)
AIPAC, AI, Crypto and Gambling Are Hiding Their Big Election Spends
FOE
CSO Online
Why your AI strategy stops where the PLC starts: Hard lessons from the OT frontlines
FOE
SecurityWeek
‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested
FOE
Bleeping Computer
US and Canada arrest and charge suspected Kimwolf botnet admin
FOE
CSO Online
Identity as the primary attack surface: What modern breaches are really exploiting
FOE
The Hacker News
Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks
FOE
SecurityWeek
TrendAI Patches Apex One Zero-Day Exploited in the Wild
FOE
SecurityWeek
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
FRIEND
CSO Online
Google folds CodeMender into agent ecosystem amid push for AI-led AppSec
FOE
Dark Reading
China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.
FOE
SANS Internet Storm Center
Cross-Platform NPM Stealer, (Fri, May 22nd)
FOE
The Hacker News
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
FRIEND
The Register (Security)
Cisco used AI to write security incident reports, with mixed results
FOE
The Hacker News
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
FRIEND
Risky Business News
Risky Bulletin: Microsoft ends SMS MFA for personal accounts
FOE
CISA KEV
CVE-2026-9082: Drupal Core SQL Injection Vulnerability
FOE
The Register (Security)
Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund'
FOE
CSO Online
Critical vulnerability in Cisco Secure Workload rated at maximum severity
FOE
CSO Online
Microsoft patches two zero-day flaws in Defender
FOE
Krebs on Security
Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada
FRIEND
EPIC
EPIC Submits Comments to FTC Urging the Agency to Prioritize Privacy in Potential Antitrust Guidelines
FOE
CSO Online
Unpatched ChromaDB flaw leaves servers open to remote code execution
FOE
Dark Reading
How CISOs Should Prep for Agentic-Ready AI BOMs
FOE
The Register (Security)
Threat hunters find Google API keys still usable 23 minutes after deletion
FOE
Dark Reading
Google API Keys Remain Active After Deletion
FOE
The Register (Security)
HackerOne takes an axe to its bug bounty rewards
FOE
EPIC
Biometric Update: Texas AG opens investigation into Meta glasses over privacy, biometric concerns
FOE
EPIC
NPR: What we know about how the U.S. government uses spyware (and what we don’t)
FOE
Bleeping Computer
Google accidentally exposed details of unfixed Chromium flaw
FOE
Schneier on Security
macOS Kernel Memory Corruption Exploit
FOE
Dark Reading
AI Agents Are Shifting Identity Security Budget Dynamics
FOE
Bleeping Computer
Apple blocked over $11 billion in App Store fraud in 6 years
FRIEND
Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: A forest of data
FOE
The Hacker News
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
FOE
BrightTALK InfoSec
Securing AI-Driven Supply Chains Before the Next Breach
FOE
Bleeping Computer
Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet
FOE
Dark Reading
Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
FOE
Bleeping Computer
Chinese hackers target telcos with new Linux, Windows malware
FOE
Bleeping Computer
Max severity Cisco Secure Workload flaw gives Site Admin privileges
FRIEND
SANS Internet Storm Center
Selective HTTP Proxying in Linux, (Thu, May 21st)
FOE
Bleeping Computer
Police seize “First VPN” service used in ransomware, data theft attacks
FOE
Dark Reading
Content Delivery Exploit Opens Websites to Brand Hijacking
FOE
The Register (Security)
Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach
FOE
SecurityWeek
Cisco Patches Critical Vulnerability in Secure Workload
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: We need more light
FOE
CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
FOE
CISA Alerts
ABB B&R Automation Runtime
FOE
CISA Alerts
Hitachi Energy GMS600
FOE
CISA Alerts
ABB Terra AC Wallbox
FOE
CISA Alerts
ABB B&R PCs
FOE
CISA Alerts
ABB B&R Automation Studio
FOE
The Hacker News
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
FRIEND
SecurityWeek
Ocean Emerges From Stealth With $28M for Agentic Email Security Platform
FOE
The Register (Security)
Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw
FRIEND
SecurityWeek
Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention
FRIEND
Bleeping Computer
Flipper One project needs community help to build open Linux platform
FOE
SecurityWeek
Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
FOE
The Hacker News
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
FRIEND
SecurityWeek
Socket Raises $60 Million at $1 Billion Valuation
FRIEND
The Register (Security)
Microsoft storms RAMPART, adds Clarity to agentic AI safety
FOE
The Hacker News
When Identity is the Attack Path
FRIEND
CSO Online
Microsoft releases open-source tools to operationalize AI agent safety
FOE
BrightTALK InfoSec
From Tools to Teammates: Governing AI Agents as Enterprise Workers
FOE
SecurityWeek
Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
FRIEND
SecurityWeek
Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI
FOE
SecurityWeek
Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility
FOE
Bleeping Computer
Microsoft warns of new Defender zero-days exploited in attacks
FOE
The Hacker News
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
FOE
The Register (Security)
Zombie user account let hackers control the city’s water
FRIEND
CSO Online
AI becoming an SOC imperative for curtailing emerging cyber threats
FOE
Bleeping Computer
GitHub links repo breach to TanStack npm supply-chain attack
FOE
Risky Business News
Srsly Risky Biz: Politicians to Ditch Signal for Homegrown Apps
FOE
The Hacker News
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
FOE
The Hacker News
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
FOE
CSO Online
Microsoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fix
FOE
CISA KEV
CVE-2026-34926: Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
FOE
CISA KEV
CVE-2025-34291: Langflow Origin Validation Error Vulnerability
FOE
CSO Online
Drupal admins rushing to patch maximum severity SQL injection vulnerability
FOE
Bleeping Computer
Ukraine identifies infostealer operator tied to 28,000 stolen accounts
FOE
Bleeping Computer
Hackers bypass SonicWall VPN MFA due to incomplete patching
FOE
EPIC
EPIC, Coalition Urge Congress to Ban Flock Automatic License Plate Readers
FOE
Dark Reading
Cyber Pros Can't Decide If AI Is a Good or a Bad Thing
FOE
Dark Reading
GitHub Confirms Breach, 4K Internal Repos Stolen
FOE
Dark Reading
Fake Android Apps Commit Carrier Billing Fraud for Premium Svcs.
FOE
The Register (Security)
Even Claude agrees: hole in its sandbox was real and dangerous
FOE
Ars Technica (Security)
Google publishes exploit code threatening millions of Chromium users
FOE
EPIC
EPIC, Coalition Call on FTC to Investigate Roblox’s Manipulative Design Harms
FRIEND
TCM Security Blog
TCM Academy Course Release: Introduction to Windows Forensics
FOE
Dark Reading
Processes and Culture Top Reasons Behind Data Breaches
FOE
Sophos News
Sophos Firewall and Synchronized Security
FRIEND
The Hacker News
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
FRIEND
EPIC
EPIC Encourages CalPrivacy to Prohibit Dark Patterns in Privacy Policies
FOE
Dark Reading
Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control
FOE
CSO Online
GitHub admits major source code leak after 3,800 internal repositories breached
FOE
Bleeping Computer
Grafana breach caused by missed token rotation after TanStack attack
FRIEND
SecurityWeek
Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution
FOE
SecurityWeek
Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass
FRIEND
EFF Deeplinks
🔒 A Win for Encrypted Messaging | EFFector 38.10
FOE
SecurityWeek
AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop
FOE
The Hacker News
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
FOE
Schneier on Security
On AI Security
FOE
Bleeping Computer
Identity Alone Isn't Enough: Why Device Security Has to Share the Load
FRIEND
Dark Reading
Infosecurity Europe
FRIEND
Black Hills Information Security
Same Problem, Different Angles: When Red Team and Blue Team Actually Talk to Each Other
FRIEND
SecurityWeek
1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials
FOE
SecurityWeek
Anthropic Silently Patches Claude Code Sandbox Bypass
FOE
Bleeping Computer
Drupal critical update to fix bug with high exploitation risk
FOE
The Hacker News
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: The screen can’t be large enough
FOE
CISA Alerts
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
FOE
The Hacker News
Agent AI is Coming. Are You Ready?
FOE
CSO Online
SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain
FOE
SecurityWeek
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
FOE
SecurityWeek
Caught Off Guard: Securing AI After It Hits Production
FOE
Bleeping Computer
Exploit released for new PinTheft Arch Linux root escalation flaw
FOE
The Hacker News
Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem
FOE
The Register (Security)
GitHub says internal repos exfiltrated after poisoned VS Code extension attack
FRIEND
SecurityWeek
Real-World ICS Security Tales From the Trenches
FRIEND
SecurityWeek
Virtual Event Today: Threat Detection & Incident Response Summit
FOE
SecurityWeek
GitHub Confirms Hack Impacting 3,800 Internal Repositories
FOE
EPIC
PRESS RELEASE: EPIC Releases New Report on Manipulative Design Patterns in Opt-Out Processes
FOE
CSO Online
Why some security fixes never reach your vulnerability dashboard
FOE
The Register (Security)
London's police asked Big Tech for comms data over 700,000 times last year
FOE
The Hacker News
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
FOE
Bleeping Computer
GitHub confirms breach of 3,800 repos via malicious VSCode extension
FOE
Bleeping Computer
Microsoft shares mitigation for YellowKey Windows zero-day
FRIEND
Dark Reading
Interpol's 'Operation Ramz' Pioneers Cross-Region Collabs in Middle East
FOE
The Hacker News
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
FOE
Bleeping Computer
GitHub investigates internal repositories breach claimed by TeamPCP
FOE
The Hacker News
GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
FRIEND
Dark Reading
What It'll Take to Make AI BOMs Usable in a Modern Security Program
FOE
Risky Business News
Risky Bulletin: Microsoft takes down MSaaS used by ransomware gangs
FOE
CSO Online
Microsoft disrupts malware code-signing service used by ransomware gangs
FOE
SecurityWeek
Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector
FRIEND
Sophos News
Sophos Firewall and Synchronized Security
FOE
Sophos News
GitHub internal repositories breached
FOE
CISA KEV
CVE-2026-45498: Microsoft Defender Denial of Service Vulnerability
FOE
CISA KEV
CVE-2026-41091: Microsoft Defender Link Following Vulnerability
FOE
CISA KEV
CVE-2009-3459: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
FOE
CISA KEV
CVE-2009-1537: Microsoft DirectX NULL Byte Overwrite Vulnerability
FOE
CISA KEV
CVE-2008-4250: Microsoft Windows Buffer Overflow Vulnerability
FOE
CISA KEV
CVE-2010-0806: Microsoft Internet Explorer Use-After-Free Vulnerability
FOE
Bleeping Computer
Max-severity flaw in ChromaDB for AI apps allows server hijacking
FRIEND
Dark Reading
What Will Make AI BOMs Real?
FOE
The Register (Security)
Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware
FOE
Dark Reading
Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut
FOE
Bleeping Computer
Cybercrime service disrupted for abusing Microsoft platform to sign malware
FOE
Dark Reading
Windows Zero-Day Barrage Continues After Patch Tuesday
FOE
EFF Deeplinks
Microsoft Took a Step Toward Human Rights Accountability. Google and Amazon (and Others) Should Pay Attention!
FOE
CSO Online
Contractor’s public GitHub account exposed GovCloud and CISA credentials
FRIEND
Bleeping Computer
Discord rolls out end-to-end encryption on voice, video calls
FRIEND
Dark Reading
[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You
FOE
Dark Reading
CISA Exposes Secrets, Credentials in 'Private' Repo
FOE
Dark Reading
Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS
FOE
Bleeping Computer
FBI: Americans lost over $388 million to scams using crypto ATMs in 2025
FOE
Bleeping Computer
Microsoft Self-Service Password Reset abused in Azure data theft attacks
FOE
CSO Online
AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks
FOE
Ars Technica (Security)
In stunning display of stupid, secret CISA credentials found in public GitHub repo
FOE
BrightTALK InfoSec
AI Did It: Who is Liable for AI Failures in Cybersecurity?
FOE
The Register (Security)
America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames
FOE
The Register (Security)
America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames
FOE
The Hacker News
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
FRIEND
Bleeping Computer
Microsoft plans to improve Windows 11 driver quality in 2026
FOE
SecurityWeek
Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation
FOE
EPIC
EPIC Joins Bipartisan Coalition Calling on State AGs to Hold Apple, Google Accountable for Platforming ‘Nudify’ Apps
FOE
Bleeping Computer
Microsoft blames macOS update for undismissible Teams location prompts
FOE
SecurityWeek
Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’
FOE
The Register (Security)
Clear your calendar, Drupal user: You have a critically urgent patch to install
FOE
The Register (Security)
Clear your calendar, Drupal user: You have a critically urgent patch to install
FRIEND
CSO Online
GitHub scales back bug bounties, reminds users security is their responsibility too
FOE
EFF Deeplinks
Your Privacy Shouldn't Be A Corporate Decision
FRIEND
Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: It comes in many different colors
FOE
The Hacker News
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
FOE
Bleeping Computer
New Shai-Hulud malware wave compromises 600 npm packages
FOE
Bleeping Computer
7-Eleven confirms data breach claimed by the ShinyHunters gang
FOE
Bleeping Computer
Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation
FOE
Dark Reading
Looking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber Evolution
FOE
Sophos News
WantToCry ransomware remotely encrypts files
FOE
SecurityWeek
Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks
FOE
CSO Online
Internet Explorer may be dead, but its ghost still runs malware
FOE
SecurityWeek
Unpatched ChromaDB Vulnerability Can Lead to Server Takeover
FRIEND
Bleeping Computer
Webinar: The hidden bottlenecks in network incident response
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Trailers for sale or rent
FOE
CISA Alerts
ZKTeco CCTV Cameras
FOE
CISA Alerts
Siemens RUGGEDCOM APE1808 Devices
FOE
CISA Alerts
Kieback & Peter DDC Building Controllers
FOE
CISA Alerts
ABB CoreSense HM and CoreSense M10
FOE
CISA Alerts
ScadaBR
FOE
SecurityWeek
B1ack’s Stash Marketplace Gives Away 4.6 Million Stolen Credit Cards
FOE
The Hacker News
The New Phishing Click: How OAuth Consent Bypasses MFA
FRIEND
SecurityWeek
Cyber Resilience is the New Business Continuity Plan
FOE
Bleeping Computer
Microsoft confirms patching issues in restricted Windows networks
FRIEND
Schneier on Security
Laurie Anderson Is Quoting Me
FOE
The Hacker News
Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
FRIEND
SecurityWeek
201 Arrested in Crackdown on Cybercrime in Middle East, North Africa
FOE
SecurityWeek
PoC Released for DirtyDecrypt Linux Kernel Vulnerability
FOE
The Hacker News
SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access
FRIEND
CSO Online
7 tips for accelerating cyber incident recovery
FOE
The Hacker News
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
FOE
SecurityWeek
Critical Vulnerability Exposes Industrial Robot Fleets to Hacking
FOE
The Hacker News
GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
FOE
The Hacker News
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
FRIEND
CSO Online
Schwachstellen managen: Die besten Vulnerability-Management-Tools
FRIEND
CSO Online
Security-Infotainment: Die besten Hacker-Dokus
FOE
Sophos News
WantToCry ransomware remotely encrypts files
FOE
The Register (Security)
Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them
FOE
Bleeping Computer
INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers
FOE
The Register (Security)
Shai-Hulud copycat worm infects yet another npm package
FRIEND
Dark Reading
Is 2026 the Year AI Bills of Materials Get Real?
FOE
Dark Reading
Microsoft Exchange Zero-Day Under Attack, No Patch Available
FOE
Bleeping Computer
SHub macOS infostealer variant spoofs Apple security updates
FOE
Dark Reading
'Claw Chain' Vulnerabilities Threaten OpenClaw Deployments
FOE
Krebs on Security
CISA Admin Leaked AWS GovCloud Keys on Github
FOE
CSO Online
Microsoft May security patch fails for some due to boot partition size glitch
FOE
SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th)
FRIEND
BrightTALK InfoSec
Transform SBOM from Compliance Burden to Strategic Security Intelligence
FOE
Dark Reading
Shai-Hulud Worm Clones Spread After Code Release
FOE
Bleeping Computer
5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
FRIEND
EFF Deeplinks
We Updated Our Privacy Policy. Here's What Changed and Why.
FRIEND
BrightTALK InfoSec
From Axios to Trivy: Stopping the Next Ecosystem-Scale Supply Chain Breach
FOE
Bleeping Computer
Leaked Shai-Hulud malware fuels new npm infostealer campaign
FRIEND
The Hacker News
INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests
FOE
EFF Deeplinks
We Must Not Normalize Digital Surveillance Abuses. EFF’s New Guide Underlines Concrete Steps to Fight Back.
FOE
CSO Online
AI cyberattackers are getting better faster
FOE
The Register (Security)
Linux kernel flaw opens root-only files to unprivileged users
FOE
Dark Reading
Fuel Tank Breaches Expand Scope of Iran's Cyber Offensive
FOE
The Register (Security)
TanStack weighs invitation-only pull requests after supply chain attack
FOE
The Hacker News
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
FOE
Bleeping Computer
Grafana says stolen GitHub token let hackers steal codebase
FOE
Ars Technica (Security)
Bug bounty businesses bombarded with AI slop
FOE
The Register (Security)
NGINX Rift attackers waste no time targeting exposed servers
FOE
The Hacker News
How to Reduce Phishing Exposure Before It Turns into Business Disruption
FOE
SecurityWeek
Millions Impacted Across Several US Healthcare Data Breaches
FOE
CSO Online
New image-based prompt injection attack targets multimodal AI models
FOE
The Register (Security)
Poland directs officials to ditch Signal in favor of 'secure' state-developed alternative
FOE
SecurityWeek
‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery
FOE
CSO Online
‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploit
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: I can see it much better
FOE
Dark Reading
Boulevard of Broken Dreams: 2 Decades of Cyber Fails
FOE
SecurityWeek
7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand
FOE
The Hacker News
Developer Workstations Are Now Part of the Software Supply Chain
FOE
Schneier on Security
Zero-Day Exploit Against Windows BitLocker
FOE
The Hacker News
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
FOE
SecurityWeek
Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE
FOE
The Register (Security)
Mozilla warns UK: Breaking VPNs will not magically fix Britain's age-check mess
FOE
SecurityWeek
First Shai-Hulud Worm Clones Emerge
FRIEND
CSO Online
Why the best security investment a board can make in 2026 isn’t another tool
FOE
CSO Online
AI coding is fueling a secrets-sprawl crisis few CISOs are containing
FOE
The Hacker News
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
FOE
SecurityWeek
Grafana Confirms Breach After Hackers Claim They Stole Data
FOE
Bleeping Computer
Microsoft confirms Windows 11 security update install issues
FOE
SecurityWeek
Exploitation of Critical NGINX Vulnerability Begins
FOE
Bleeping Computer
Exploit available for new DirtyDecrypt Linux root escalation flaw
FOE
The Hacker News
Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations
FOE
The Register (Security)
Grafana Labs admits all its codebase are belong to someone who popped its GitHub account
FOE
Bleeping Computer
Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
FOE
Risky Business News
Risky Bulletin: Indonesia emerges as a new hub for cyber scams
FOE
The Hacker News
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
FOE
SecurityWeek
Hackers Earn $1.3 Million at Pwn2Own Berlin 2026
FOE
Dark Reading
Can Laws Stop Deepfakes? South Korea Aims to Find Out
FOE
The Register (Security)
Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’
FOE
Bleeping Computer
New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released
FOE
Bleeping Computer
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
FOE
The Hacker News
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
FOE
The Hacker News
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
FOE
Bleeping Computer
Microsoft rejects critical Azure vulnerability report, no CVE issued
FOE
The Hacker News
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
FOE
Bleeping Computer
Russian hackers turn Kazuar backdoor into modular P2P botnet
FOE
SecurityWeek
PoC Code Published for Critical NGINX Vulnerability
FOE
Dark Reading
The Boring Stuff is Dangerous Now
FOE
CSO Online
Expired domain leads to supply chain attack on node-ipc npm package
FOE
CSO Online
Exchange Server zero-day vulnerability can be triggered by opening a malicious email
FOE
Bleeping Computer
Funnel Builder WordPress plugin bug exploited to steal credit cards
FOE
Bleeping Computer
Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own
FOE
Bleeping Computer
Popular node-ipc npm package compromised to steal credentials
FOE
The Hacker News
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
FOE
EPIC
EPIC Testifies in Support of Bill to Protect New Jersey Consumers From Surveillance Pricing
FOE
Bleeping Computer
Avada Builder WordPress plugin flaws allow site credential theft
FOE
SecurityWeek
In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws
FRIEND
Bleeping Computer
Microsoft backpedals: Edge to stop loading passwords into memory
FOE
Bleeping Computer
Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution
FOE
BrightTALK InfoSec
Beyond the Air Gap: Securing Industrial Systems Against Invisible AI Threats
FOE
The Hacker News
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
FRIEND
Bleeping Computer
Microsoft to automatically roll back faulty Windows drivers
FOE
Privacy International
Privacy International’s submission to the UN High Commissioner for Human Rights on the protection of human rights defenders in the digital age
FOE
SecurityWeek
Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Almost time for shift change
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FRIEND
Dark Reading
Cyber Pioneers Ponder Past as Prologue
FOE
CSO Online
Cisco warns of an actively exploited SD-WAN flaw with max severity
FOE
The Intercept (Privacy)
How Trump’s New Counterterrorism Strategy Puts You at Risk
FOE
SecurityWeek
American Lending Center Data Breach Affects 123,000 Individuals
FOE
Schneier on Security
Bypassing On-Camera Age-Verification Checks
FOE
The Hacker News
What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface
FOE
The Hacker News
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
FOE
Privacy International
Collateral Damage: Grok AI and the Human Cost of Generative AI
FOE
SecurityWeek
OpenAI Hit by TanStack Supply Chain Attack
FOE
The Register (Security)
OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
FOE
CSO Online
Autonomous systems are finally working. Security is next
FOE
SecurityWeek
TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code
FOE
Bleeping Computer
Microsoft warns of Exchange zero-day flaw exploited in attacks
FOE
CSO Online
EU’s Cyber Resiliency Act will put IT leaders to the test
FOE
CSO Online
The economics of ransomware 3.0
FOE
The Register (Security)
MPs want social media treated more like unsafe toys than harmless apps
FOE
SecurityWeek
Chrome 148 Update Patches Critical Vulnerabilities
FOE
SANS Internet Storm Center
[Guest Diary] New Malware Libraries means New Signatures, (Fri, May 15th)
FOE
SecurityWeek
Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026
FOE
The Hacker News
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
FOE
The Hacker News
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
FOE
Risky Business News
Risky Bulletin: Shai-Hulud goes open-source
FOE
Dark Reading
Taiwan Incident Highlights Cybersecurity Gaps in Rail Systems
FOE
CISA KEV
CVE-2026-42897: Microsoft Exchange Server Cross-Site Scripting Vulnerability
FOE
CSO Online
AI agent finds 18-year-old remote code execution flaw in Nginx
FOE
Bleeping Computer
TeamPCP hackers advertise Mistral AI code repos for sale
FOE
The Register (Security)
Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data
FOE
Bleeping Computer
Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin
FRIEND
Dark Reading
SecurityScorecard Snags Driftnet to Level Up Threat Intelligence
FOE
CSO Online
Meet Fragnesia, the third Linux kernel vulnerability in a month
FOE
Dark Reading
Maximum Severity Cisco SD-WAN Bug Exploited in the Wild
FOE
Dark Reading
Congress Puts Heat on Instructure After Canvas Outage
FOE
Bleeping Computer
Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
FOE
EPIC
Colorado Legislature Again Amends Landmark AI Law
FOE
Bleeping Computer
OpenAI confirms security breach in TanStack supply chain attack
FOE
Bleeping Computer
Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026
FOE
Ars Technica (Security)
Zero-day exploit completely defeats default Windows 11 BitLocker protections
FOE
The Hacker News
Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
FOE
The Hacker News
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
FOE
Dark Reading
'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine
FOE
The Hacker News
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
FRIEND
Schneier on Security
Upcoming Speaking Engagements
FOE
Bleeping Computer
18-year-old NGINX vulnerability allows DoS, potential RCE
FOE
Bleeping Computer
Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight
FRIEND
Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: A lottery ticket and some gum
FOE
The Hacker News
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
FRIEND
SecurityWeek
Enhancing Data Center Security Without Sacrificing Performance
FOE
SecurityWeek
New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation
FOE
Dark Reading
AI Drives Cybersecurity Investments, Widening 'Valley of Death'
FRIEND
SecurityWeek
Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere
FOE
CSO Online
FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses
FRIEND
SecurityWeek
Akamai to Acquire AI and Browser Security Firm LayerX for $205 Million
FOE
Bleeping Computer
KongTuke hackers now use Microsoft Teams for corporate breaches
FOE
SecurityWeek
Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: We could use an upgrade
FOE
CISA Alerts
Siemens Ruggedcom Rox
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
Siemens Ruggedcom Rox
FOE
CISA Alerts
Siemens Ruggedcom Rox
FOE
CISA Alerts
Siemens SIMATIC
FOE
CISA Alerts
Universal Robots Polyscope 5
FOE
CISA Alerts
Siemens Simcenter Femap
FOE
CISA Alerts
Siemens gWAP
FOE
CISA Alerts
Siemens SENTRON 7KT PAC1261 Data Manager
FOE
CISA Alerts
Siemens Siemens ROS#
FOE
CISA Alerts
Siemens Opcenter RDnL
FOE
CISA Alerts
Siemens Solid Edge
FOE
CISA Alerts
Siemens Teamcenter
FOE
CISA Alerts
Siemens SIPROTEC 5
FOE
CISA Alerts
Siemens Industrial Devices
FOE
CISA Alerts
Siemens SIMATIC S7 PLC Web Server
FOE
CISA Alerts
Siemens Ruggedcom Rox
FOE
CISA Alerts
Siemens SIMATIC
FOE
Dark Reading
Foxconn Attack Highlights Manufacturing's Cyber Crisis
FOE
The Hacker News
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
FOE
CSO Online
PraisonAI vulnerability gets scanned within 4 hours of disclosure
FOE
The Hacker News
How AI Hallucinations Are Creating Real Security Risks
FOE
The Register (Security)
Cops arrest man suspected of being Dream Market kingpin
FRIEND
SecurityWeek
G7 Countries Release AI SBOM Guidance
FOE
Schneier on Security
How Dangerous Is Anthropic’s Mythos AI?
FOE
SecurityWeek
F5 Patches Over 50 Vulnerabilities
FOE
Bleeping Computer
Dell confirms its SupportAssist software causes Windows BSOD crashes
FOE
The Register (Security)
Dirty Frag gets a sequel as Fragnesia hands Linux attackers root-level access
FOE
SecurityWeek
Hackers Targeted PraisonAI Vulnerability Hours After Disclosure
FOE
The Hacker News
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
FRIEND
CSO Online
What CISOs need to land a board role
FOE
Bleeping Computer
US charges suspected Dream Market admin arrested in Germany
FOE
SecurityWeek
High-Severity Vulnerability Patched in VMware Fusion
FOE
Bleeping Computer
New Fragnesia Linux flaw lets attackers gain root privileges
FOE
SecurityWeek
Researcher Drops YellowKey, GreenPlasma Windows Zero-Days
FOE
The Hacker News
New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
FOE
The Register (Security)
To gain root access at this company, all an intruder had to do was ask nicely
FOE
The Register (Security)
To gain root access at this company, all an intruder had to do was ask nicely
FOE
The Register (Security)
AI models are getting better at replacing cybersecurity pros on certain tasks
FRIEND
SANS Internet Storm Center
Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)
FOE
The Hacker News
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
FOE
Risky Business News
Srsly Risky Biz: The AI Regulation Knife Fight
FRIEND
The Register (Security)
Cisco to fire 4,000 staff and generously give them free training – on Cisco
FOE
CISA KEV
CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
FOE
Sophos News
Why AMOS matters: The macOS malware stealing data at scale
FOE
The Register (Security)
Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits
FOE
CSO Online
Fired employee sought AI help to hide deletion of hosting firm’s customer data
FOE
The Register (Security)
AWS to Quick admins: The access control didn't work, but you weren't using it anyway, so what's the problem?
FOE
The Register (Security)
AWS to Quick admins: The access control didn't work, but you weren't using it anyway, so what's the problem?
FOE
Bleeping Computer
West Pharmaceutical says hackers stole data, encrypted systems
FRIEND
Professor Messer
Professor Messer’s N10-009 Network+ Study Group – May 2026
FOE
Bleeping Computer
Iranian hackers targeted major South Korean electronics maker
FOE
Dark Reading
Checkbox Assessments Aren't Fit to Measure to Risk
FOE
Sophos News
May’s Patch Tuesday hauls out 132 CVEs
FOE
Dark Reading
Attackers Weaponize RubyGems for Data Dead Drops
FOE
CSO Online
Fortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandbox
FOE
Dark Reading
Tables Turn on 'The Gentlemen' RaaS Gang With Data Leak
FOE
Bleeping Computer
New critical Exim mailer flaw allows remote code execution
FOE
The Register (Security)
Bug hunter tracks down three massive MCP flaws and one vendor won't fix theirs
FRIEND
Dark Reading
Dark Reading Celebrates 20 Years as a Leading Authority on Cybersecurity, Highlighting the People, Events, Ideas, and Technologies Shaping the Modern Risk Landscape
FOE
SecurityWeek
Foxconn Confirms North American Factories Hit by Cyberattack
FRIEND
EFF Deeplinks
Help EFF Solve an Issue That's Bigger than Creepy Ads
FOE
Bleeping Computer
Windows BitLocker zero-day gives access to protected drives, PoC released
FOE
The Register (Security)
Mystery Microsoft bug leaker keeps the zero-days coming
FRIEND
SecurityWeek
Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code
FRIEND
Bleeping Computer
Webinar tomorrow: Why security alone won't stop modern attacks
FOE
Bleeping Computer
Microsoft fixes BitLocker recovery issue only for Windows 11 users
FRIEND
SecurityWeek
Sweet Security Launches Agentic AI Red Teaming to Counter ‘Mythos Moment’
FOE
Bleeping Computer
Microsoft fixes Windows Autopatch bug installing restricted drivers
FOE
Black Hills Information Security
How to Identify and Exploit New Vulnerabilities
FRIEND
The Hacker News
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
FOE
CSO Online
What happens when China’s AI catches up to Mythos?
FRIEND
SecurityWeek
Webinar Today: ROI for Cyber-Physical Security Programs
FOE
Dark Reading
LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly
FOE
Dark Reading
China's 'FamousSparrow' APT Nests in South Caucasus Energy Firm
FOE
The Hacker News
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
FOE
Bleeping Computer
Foxconn confirms cyberattack claimed by Nitrogen ransomware gang
FOE
Bleeping Computer
73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation
FRIEND
CSO Online
Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs
FOE
SecurityWeek
Government to Scrutinize Instructure Over Canvas Disruption, Data Breach
FRIEND
CSO Online
Palo Alto bets on identity security for autonomous AI with Idira launch
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: I need my clipboard
FOE
Bleeping Computer
Microsoft says some users can't install Office on Windows 365 devices
FRIEND
The Hacker News
[Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It)
FOE
CSO Online
ClickFix finds a backup plan in PySoxy proxy chains
FOE
The Hacker News
Most Remediation Programs Never Confirm the Fix Actually Worked
FOE
SecurityWeek
716,000 Impacted by OpenLoop Health Data Breach
FOE
Schneier on Security
OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities
FRIEND
CSO Online
CISA’s AI SBOM guidance pushes software supply-chain oversight into new territory
FOE
The Hacker News
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
FOE
SecurityWeek
Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises
FOE
SecurityWeek
Fortinet, Ivanti Patch Critical Vulnerabilities
FRIEND
CSO Online
2026 CSO Award winners showcase business-enabling cyber innovation
FOE
SecurityWeek
Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities
FOE
The Hacker News
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
FOE
CSO Online
Google entdeckt erstmals KI-basierten Zero-Day-Exploit
FOE
SecurityWeek
Hundreds of Malicious Packages Force RubyGems to Suspend Registrations
FRIEND
OWASP Blog
Juice Shop v20.0.0 — a fresh squeeze of features, now with AI
FOE
Google Project Zero
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
FRIEND
The Hacker News
Android Adds Intrusion Logging for Sophisticated Spyware Forensics
FOE
SecurityWeek
ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA
FOE
SANS Internet Storm Center
[GUEST DIARY] Tearing apart website fraud to see how it works., (Wed, May 13th)
FOE
The Register (Security)
Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub
FOE
Risky Business News
Risky Bulletin: RubyGems disables sign-ups after attack on staff
FRIEND
CSO Online
Der Kaufratgeber für Breach & Attack Simulation Tools
FRIEND
The Register (Security)
Vietnam to develop domestic cloud so it can ditch risky overseas operators for government workloads
FRIEND
SANS Internet Storm Center
Proxying the Unproxyable? Sending EXE traffic to a Proxy, (Wed, May 13th)
FOE
CSO Online
May Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANA
FOE
Sophos News
May’s Patch Tuesday hauls out 132 CVEs
FOE
The Register (Security)
Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs
FOE
Bleeping Computer
US govt seeks Instructure testimony on massive Canvas cyberattack
FOE
EFF Deeplinks
Broken Promises: RIP Instagram’s End-to-End Encrypted DMs
FOE
The Register (Security)
Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files
FRIEND
Krebs on Security
Patch Tuesday, May 2026 Edition
FRIEND
Dark Reading
It's Patch Tuesday for Microsoft and Not a Zero-Day In Sight
FOE
Bleeping Computer
UK fines water supplier $1.3M for exposing data of 664k customers
FRIEND
Bleeping Computer
Webinar: Fixing the gaps in network incident response
FRIEND
Bleeping Computer
Signal adds security warnings for social engineering, phishing attacks
FRIEND
Bleeping Computer
Microsoft releases Windows 10 KB5087544 extended security update
FRIEND
SANS Internet Storm Center
Microsoft May 2026 Patch Tuesday, (Tue, May 12th)
FOE
Bleeping Computer
Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator
FRIEND
Bleeping Computer
Windows 11 KB5089549 & KB5087420 cumulative updates released
FRIEND
Bleeping Computer
Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
FOE
SecurityWeek
Microsoft Patches 137 Vulnerabilities
FOE
Sophos News
Inside the lethal trifecta: Blast radius reduction in AI agent deployments
FRIEND
SecurityWeek
Exaforce Raises $125 Million for Agentic SOC Platform
FOE
CSO Online
Mistral AI SDK, TanStack Router hit in npm software supply chain attack
FOE
Bleeping Computer
Škoda warns of customer data breach after online shop hack
FRIEND
Bleeping Computer
Android 17 to expand banking scam call and privacy protections
FRIEND
EFF Deeplinks
Victory! End-to-End Encrypted RCS Comes to Apple and Android Chats
FOE
SecurityWeek
Adobe Patches 52 Vulnerabilities in 10 Products
FOE
The Hacker News
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
FOE
EFF Deeplinks
EFF Launches New Offline Campaign for Saudi Wikipedian Osama Khalid
FRIEND
BrightTALK InfoSec
Closing the Resilience Gap: Security Architecture for Modern Threats
FRIEND
BrightTALK InfoSec
Red Teaming AI: A CISO's Guide to Proactive Defense
FOE
EFF Deeplinks
A Hackers Guide to Circumventing Internet Shutdowns
FRIEND
SecurityWeek
White Circle Raises $11 Million for AI Control Platform
FRIEND
Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: I’m looking for something in chartreuse
FOE
The Register (Security)
US bank reports itself after slinging customer data at 'unauthorized AI app'
FOE
The Hacker News
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
FOE
SecurityWeek
BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months
FOE
Dark Reading
Hugging Face Packages Weaponized With a Single File Tweak
FOE
SecurityWeek
Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware
FOE
SecurityWeek
Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform
FRIEND
CSO Online
OpenAI introduces Daybreak cyber platform, takes on Anthropic Mythos
FRIEND
Sophos News
Sophos Leader KuppingerCole MDR 2026
FOE
Sophos News
Sophos ChatGPT Cyber
FOE
SecurityWeek
West Pharmaceutical Services Hit by Disruptive Ransomware Attack
FOE
The Hacker News
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
FOE
SecurityWeek
Apple Patches Dozens of Vulnerabilities in macOS, iOS
FOE
SecurityWeek
SAP Patches Critical S/4HANA, Commerce Vulnerabilities
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: The clarity could be improved
FOE
CISA Alerts
Fuji Electric Tellus
FOE
CISA Alerts
ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
FOE
CISA Alerts
ABB Automation Builder Gateway for Windows
FOE
CISA Alerts
Subnet Solutions PowerSYSTEM Center
FOE
CISA Alerts
ABB AC500 V3 Multiple Vulnerabilities
FOE
CISA Alerts
ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities
FRIEND
CISA Alerts
Software Bill of Materials for AI - Minimum Elements
FOE
The Register (Security)
Cache-poisoning caper turns TanStack npm packages toxic
FRIEND
Dark Reading
20 Leaders Who Built the CISO Era: 2 Decades of Change
FOE
The Hacker News
Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help
FOE
CSO Online
Fake Claude Code takes the IElevator to your browser secrets
FOE
Bleeping Computer
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
FRIEND
SecurityWeek
Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means
FOE
Dark Reading
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
FOE
Schneier on Security
Copy.Fail Linux Vulnerability
FOE
Bleeping Computer
SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA
FOE
SecurityWeek
Is The SOC Obsolete, And We Just Haven’t Admitted It Yet?
FOE
The Hacker News
Why Agentic AI Is Security's Next Blind Spot
FOE
CSO Online
cPanel flaw exposes enterprises to hosting supply-chain risks
FOE
SecurityWeek
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
FOE
CSO Online
Developer workstations are the new beachhead
FRIEND
The Register (Security)
Apple, Google drag cross-platform texting into the encrypted age
FOE
Bleeping Computer
Instructure reaches 'agreement' with ShinyHunters to stop data leak
FRIEND
CSO Online
CISOs step into the AI spotlight
FOE
CSO Online
Why patching SLAs should be the floor, not the strategy
FOE
The Hacker News
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
FOE
The Hacker News
Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
FRIEND
The Hacker News
OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
FOE
The Register (Security)
Japan’s PM orders cybersecurity review to stop Mythos going full CyberZilla
FRIEND
The Hacker News
iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android
FRIEND
CSO Online
Cybersicherheitsvorschriften: So erfüllen Sie Ihre Compliance-Anforderungen
FRIEND
CSO Online
Customer Identity & Access Management: Die besten CIAM-Tools
FRIEND
CSO Online
Linux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patched
FRIEND
Professor Messer
Professor Messer’s CompTIA A+ 220-1202 Study Group – May 2026
FOE
Sophos News
Inside the lethal trifecta: Blast radius reduction in AI agent deployments
FRIEND
Sophos News
Sophos Endpoint in action: Blocking a novel supply chain attack
FOE
Sophos News
The State of Identity Security 2026: Identity is the new perimeter
FOE
The Register (Security)
Double Canvas breach acknowledged as ShinyHunters sets new pay-or-leak deadline
FRIEND
Bleeping Computer
GM agrees to $12.75M California settlement over sale of drivers’ data
FOE
Ars Technica (Security)
Linux bitten by second severe vulnerability in as many weeks
FRIEND
SANS Internet Storm Center
Apple Patches Everything, (Mon, May 11th)
FOE
Bleeping Computer
Official CheckMarx Jenkins package compromised with infostealer
FOE
Bleeping Computer
New GhostLock tool abuses Windows API to block file access
FOE
Dark Reading
FCC Softens Ban on Foreign-Made Routers
FOE
The Register (Security)
Cookie thieves caught stealing dev secrets via fake Claude Code installers
FOE
Sophos News
Sophos State of Identity Security 2026
FOE
EFF Deeplinks
Canada’s Bill C-22 Is a Repackaged Version of Last Year’s Surveillance Nightmare
FOE
EFF Deeplinks
EFF to Fourth Circuit: Electronic Device Searches at the Border Require a Warrant
FRIEND
BrightTALK InfoSec
The CISO's Playbook: Turning AI Governance Into Boardroom Currency
FRIEND
Dark Reading
Tech Can't Stop These Threats — Your People Can
FOE
The Hacker News
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
FOE
The Hacker News
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
FOE
EFF Deeplinks
EFF Stands in Solidarity With RightsCon and the Global Digital Rights Community
FRIEND
SecurityWeek
Frame Security Emerges From Stealth With $50M for Awareness and Training Platform
FOE
The Register (Security)
Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator
FRIEND
CSO Online
Entries now open for the 2026 CSO30 Australia Awards
FOE
The Hacker News
Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
FOE
Bleeping Computer
Instructure confirms hackers used Canvas flaw to deface portals
FOE
Dark Reading
'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros
FOE
Sophos News
Why AMOS matters: The macOS malware stealing data at scale
FOE
The Register (Security)
BWH Hotels guests warned after reservation data checks out with cybercrooks
FRIEND
SANS Internet Storm Center
Why we use CAPTCHAs, (Mon, May 11th)
FRIEND
SecurityWeek
Build Application Firewalls Aim to Stop the Next Supply Chain Attack
FRIEND
Sophos News
Sophos Ransomware AI
FOE
Bleeping Computer
Why Changing Passwords Doesn’t End an Active Directory Breach
FRIEND
CSO Online
Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program
FOE
SecurityWeek
Google Detects First AI-Generated Zero-Day Exploit
FOE
Bleeping Computer
Google: Hackers used AI to develop zero-day exploit for web admin tool
FOE
Dark Reading
Hackers Use AI for Exploit Development, Attack Automation
FOE
CSO Online
Google discovers weaponized zero-day exploits created with AI
FOE
The Hacker News
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
FRIEND
Bleeping Computer
Webinar this week: Prevention alone is not enough against modern attacks
FOE
CSO Online
Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads
FOE
The Register (Security)
Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged
FOE
CSO Online
New ‘Dirty Frag’ exploit targets Linux kernel for root access
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Don’t sneak off
FOE
Dark Reading
Cyber Espionage Group Targets Aviation Firms to Steal Map Data
FOE
SecurityWeek
Skoda Data Breach Hits Online Shop Customers
FRIEND
The Hacker News
Your Purple Team Isn't Purple — It's Just Red and Blue in the Same Room
FRIEND
SecurityWeek
Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring
FOE
Schneier on Security
LLMs and Text-in-Text Steganography
FOE
SecurityWeek
SailPoint Discloses GitHub Repository Hack
FOE
CSO Online
AI security is repeating endpoint security’s biggest mistake
FOE
SecurityWeek
Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack
FOE
Bleeping Computer
TrickMo Android banker adopts TON blockchain for covert comms
FRIEND
CSO Online
8 guiding principles for reskilling the SOC for agentic AI
FOE
CSO Online
1,800+ MCP servers exposed without authentication: How zero trust can secure the AI agent revolution
FOE
SecurityWeek
Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools
FOE
The Register (Security)
Taiwan's train cyber-trauma reveals a global system that’s coming off the tracks
FOE
SecurityWeek
New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks
FOE
SecurityWeek
Resurrected ‘Crimenetwork’ Marketplace Taken Down, Administrator Arrested
FOE
The Hacker News
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
FRIEND
OWASP Blog
Welcome to the Google Summer of Code 2026!
FOE
SecurityWeek
Over 500 Organizations Hit in Years-Long Phishing Campaign
FOE
Risky Business News
Risky Bulletin: FCC relaxes foreign router ban to allow for security updates
FOE
Sophos News
Ransomware: AI changes the writer. It doesn't change the math.
FRIEND
Sophos News
GPT-5.5-Cyber is here. What it means for defenders operating at the frontier.
FRIEND
SANS Internet Storm Center
YARA-X 1.16.0 Release, (Sun, May 10th)
FOE
Bleeping Computer
Hackers abuse Google ads, Claude.ai chats to push Mac malware
FOE
Bleeping Computer
Police shut down reboot of Crimenetwork marketplace, arrest admin
FOE
The Hacker News
Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
FOE
Bleeping Computer
JDownloader site hacked to replace installers with Python RAT malware
FOE
Bleeping Computer
Fake OpenAI repository on Hugging Face pushes infostealer malware
FOE
The Hacker News
cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
FOE
EFF Deeplinks
Congress Narrowed the GUARD Act, But Serious Problems Remain
FRIEND
Professor Messer
Professor Messer’s 220-1201 CompTIA A+ Study Group – May 2026
FOE
CSO Online
Five new holes, one exploited, found in Ivanti Endpoint Manager Mobile
FOE
Dark Reading
ShinyHunters Claims Second Attack Against Instructure
FOE
Ars Technica (Security)
Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
FOE
The Hacker News
TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
FOE
The Register (Security)
Worm rubs out competitor's malware, then takes control
FRIEND
EFF Deeplinks
Free Signal Guide
FOE
Bleeping Computer
NVIDIA confirms GeForce NOW data breach affecting Armenian users
FRIEND
BrightTALK InfoSec
Harmonizing AI Governance and Cybersecurity Operations
FOE
The Hacker News
Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
FOE
SecurityWeek
In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
FRIEND
Bleeping Computer
Why More Analysts Won’t Solve Your SOC’s Alert Problem
FOE
The Register (Security)
'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit
FOE
Bleeping Computer
Trellix source code breach claimed by RansomHouse hackers
FOE
The Register (Security)
Meta U-turns on encryption push for Instagram as DMs go plaintext
FOE
Bleeping Computer
CISA gives feds four days to patch Ivanti flaw exploited as zero-day
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: Or any other color
FOE
Dark Reading
Shifting Budget Dynamics for Identity Security and AI Agents
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
SecurityWeek
Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
FOE
CSO Online
Claude in Chrome is taking orders from the wrong extensions
FOE
SecurityWeek
AI Firm Braintrust Prompts API Key Rotation After Data Breach
FOE
The Hacker News
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
FOE
The Register (Security)
Hackers ate my homework: Educational SaaS Canvas down after cyberattack
FOE
SecurityWeek
Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom
FOE
Bleeping Computer
Zara data breach exposed personal information of 197,000 people
FOE
The Hacker News
One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk
FOE
CSO Online
Your CTEM program is probably ignoring MCP. Here’s how to fix it
FOE
CSO Online
Pen tests show AI security flaws far more severe than legacy software bugs
FOE
CSO Online
Your refresh plan has a CVE blind spot
FOE
Bleeping Computer
Former govt contractor convicted for wiping dozens of federal databases
FOE
The Hacker News
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
FOE
SecurityWeek
‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials
FOE
SecurityWeek
Ransomware Group Takes Credit for Trellix Hack
FOE
SANS Internet Storm Center
Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
FOE
Bleeping Computer
New Linux 'Dirty Frag' zero-day gives root on all major distros
FOE
SecurityWeek
Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
FOE
SecurityWeek
Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks
FOE
The Hacker News
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
FOE
Krebs on Security
Canvas Breach Disrupts Schools & Colleges Nationwide
FOE
Risky Business News
Risky Bulletin: Google patches Android remote takeover bug
FOE
CSO Online
Palo Alto Networks firewall flaw has been exploited for several weeks
FRIEND
CSO Online
Become a millionaire by bug hunting on Android
FOE
CSO Online
13 new critical holes in JavaScript sandbox allow execution of arbitrary code
FRIEND
Sophos News
Sophos named a Leader in the KuppingerCole Analysts Leadership Compass for Managed Detection and Response 2026
FOE
CISA KEV
CVE-2026-42208: BerriAI LiteLLM SQL Injection Vulnerability
FRIEND
The Register (Security)
Mozilla boasts Mythos boosted Firefox bug cull
FOE
Bleeping Computer
Canvas login portals hacked in mass ShinyHunters extortion campaign
FOE
Bleeping Computer
New TCLBanker malware self-spreads over WhatsApp and Outlook
FOE
CSO Online
Ollama vulnerability highlights danger of AI frameworks with unrestricted access
FOE
Dark Reading
After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
FOE
CSO Online
LinkedIn illegally blocking free accounts from seeing ‘who’s viewed your profile’ data, group alleges
FOE
The Register (Security)
Anthropic response to 1-click pwn: Shouldn't have clicked 'ok'
FRIEND
Ars Technica (Security)
Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
FOE
SecurityWeek
Worries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s Leaders
FOE
Bleeping Computer
New PCPJack worm steals credentials, cleans TeamPCP infections
FOE
Bleeping Computer
Australia warns of ClickFix attacks pushing Vidar Stealer malware
FOE
The Hacker News
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
FOE
The Hacker News
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
FRIEND
Dark Reading
Has CISA Finally Found Its New Leader in Tom Parker?
FOE
The Register (Security)
60% of MD5 password hashes are crackable in under an hour
FRIEND
BrightTALK InfoSec
Application Security for the New Age: From Reactive to Proactive
FRIEND
BrightTALK InfoSec
The Autonomous Pipeline: Embedding Zero-Trust Guardrails with Kyverno
FRIEND
EPIC
EPIC Encourages CalPrivacy to Enact Independent Testing and Inspection Requirements for Data Broker Audits
FOE
SecurityWeek
Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking
FOE
Bleeping Computer
Ivanti warns of new EPMM flaw exploited in zero-day attacks
FRIEND
Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: What could go wrong
FRIEND
SecurityWeek
Boost Security Raises $4 Million for SDLC Defense Platform
FOE
SecurityWeek
Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking
FRIEND
SecurityWeek
Chrome 148 Rolls Out With 127 Security Fixes
FOE
Bleeping Computer
The Browser Is Breaking Your DLP: How Data Slips Past Modern Controls
FRIEND
The Hacker News
One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches
FOE
SecurityWeek
Attackers Could Exploit AI Vision Models Using Imperceptible Image Changes
FOE
Bleeping Computer
Americans sentenced for running 'laptop farms' for North Korea
FOE
The Hacker News
PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
FOE
SecurityWeek
Vendor Says Daemon Tools Supply Chain Attack Contained
FRIEND
Dark Reading
World's First AI-Driven Cyberattack Couldn't Breach OT Systems
FOE
Dark Reading
'TrustFall' Convention Exposes Claude Code Execution Risk
FOE
SecurityWeek
AI Coding Agents Could Fuel Next Supply Chain Crisis
FOE
Bleeping Computer
Crypto gang member gets 6.5 years for role in $230 million heist
FRIEND
CSO Online
Bots in translation: Can AI really fix SIEM rule sprawl across vendors?
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: It’s a 50,000 mile network
FRIEND
Bleeping Computer
Webinar: Why modern attacks require both security and recovery
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
MAXHUB Pivot Client Application
FRIEND
SecurityWeek
Webinar Today: Securing Identity Across Humans, Machines and AI
FOE
The Hacker News
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
FOE
SecurityWeek
Cisco Patches High-Severity Vulnerabilities in Enterprise Products
FOE
CSO Online
Critical Palo Alto Networks software bug hits exposed firewalls
FOE
Schneier on Security
Smart Glasses for the Authorities
FOE
Bleeping Computer
Palo Alto Networks firewall zero-day exploited for nearly a month
FOE
The Hacker News
Day Zero Readiness: The Operational Gaps That Break Incident Response
FOE
SecurityWeek
Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack
FOE
Bleeping Computer
Fake Claude AI website delivers new 'Beagle' Windows malware
FOE
The Hacker News
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
FRIEND
CSO Online
CISOs: Align cyber risk communication with boardroom psychology
FOE
SecurityWeek
Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion
FRIEND
CSO Online
Ten years later, has the GDPR fulfilled its purpose?
FOE
The Hacker News
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
FOE
Risky Business News
Srsly Risky Biz: After Mythos, US Government Weighs AI Model Regulation
FRIEND
CSO Online
US government agency to safety test frontier AI models before release
FRIEND
SANS Internet Storm Center
An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)
FOE
CISA KEV
CVE-2026-6973: Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
FRIEND
Sophos News
How AI-accelerated threat discovery is reshaping network security
FOE
Sophos News
Donuts and Beagles: Fake Claude site spreads backdoor
FRIEND
EFF Deeplinks
Milestone 1.0.0 Release of APK Downloader `apkeep` Powers Research on Android Apps
FOE
Bleeping Computer
Hackers abuse Google ads for GoDaddy ManageWP login phishing
FOE
Dark Reading
Yet Another Way to Bypass Google Chrome's Encryption Protection
FOE
Dark Reading
Instructure Breach Exposes Schools' Vendor Dependence
FOE
The Hacker News
Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks
FOE
Bleeping Computer
Critical vm2 sandbox bug lets attackers execute code on hosts
FOE
The Register (Security)
Arctic Wolf kicks 250 employees out of the pack to save money for AI
FOE
Bleeping Computer
New Cisco DoS flaw requires manual reboot to revive devices
FOE
The Register (Security)
1 in 8 employees totally cool with selling work credentials
FOE
CSO Online
Iranian state-backed spies pose as ransomware slingers in false flag attacks
FOE
Bleeping Computer
DAEMON Tools devs confirm breach, release malware-free version
FOE
EPIC
EPIC, CDT Urge HUD to Abandon Proposed AI Tool That Would Use Sensitive Data
FOE
EFF Deeplinks
👎 California's Terrible, No Good, Very Bad Social Media Ban | EFFector 38.9
FOE
The Register (Security)
Iran cybersnoops still LARPing as ransomware crooks in espionage ops
FOE
SecurityWeek
Autonomous Offensive Security Firm XBOW Raises $35 Million
FOE
EFF Deeplinks
The SECURE Data Act is Not a Serious Piece of Privacy Legislation
FOE
Bleeping Computer
Why ransomware attacks succeed even when backups exist
FRIEND
Black Hills Information Security
Swapper – A Pure Regex Match/Replace Burp Extension
FRIEND
SecurityWeek
Herd Security Raises $3 Million for AI-Powered Training Platform
FRIEND
TCM Security Blog
AI Tools and Certification Exams: What’s Changing and Why
FOE
The Register (Security)
UK age-gating plans risk breaking the internet, privacy groups warn
FOE
Bleeping Computer
MuddyWater hackers use Chaos ransomware as a decoy in attacks
FOE
The Hacker News
MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
FOE
SecurityWeek
Iranian APT Intrusion Masquerades as Chaos Ransomware Attack
FRIEND
Bleeping Computer
Webinar: Why network incidents escalate and how to fix response gaps
FRIEND
The Hacker News
The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: It’s not that private
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
Dark Reading
From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber
FOE
SecurityWeek
Romanian Extradited to US for Role in Hacking Scheme 17 Years Ago
FOE
CSO Online
New malware turns Linux systems into P2P attack networks
FOE
The Hacker News
Your AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?
FOE
Schneier on Security
Rowhammer Attack Against NVIDIA Chips
FOE
Dark Reading
Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA
FRIEND
SecurityWeek
CISA: Critical Infrastructure Must Master Isolation, Recovery
FOE
SecurityWeek
Sophisticated Quasar Linux RAT Targets Software Developers
FOE
Bleeping Computer
Palo Alto Networks warns of firewall RCE zero-day exploited in attacks
FRIEND
The Hacker News
Google's Android Apps Get Public Verification to Stop Supply Chain Attacks
FOE
CSO Online
Poisoned truth: The quiet security threat inside enterprise AI
FRIEND
CSO Online
Train like you fight: Why cyber operations teams need no-notice drills
FOE
The Hacker News
Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs
FOE
SecurityWeek
Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack
FRIEND
SecurityWeek
Oracle Debuts Monthly Critical Security Patch Updates
FOE
Risky Business News
Risky Bulletin: Extremely targeted supply chain attack hits DAEMON Tools
FOE
The Hacker News
Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
FOE
Dark Reading
Middle East Cyber Battle Field Broadens — Especially in UAE
FOE
SecurityWeek
Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls
FRIEND
CSO Online
Die besten DAST- & SAST-Tools
FOE
The Register (Security)
India orders infosec red alert in case Mythos sparks crime spree
FOE
The Register (Security)
India orders infosec red alert in case Mythos sparks crime spree
FOE
CISA KEV
CVE-2026-0300: Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
FOE
Bleeping Computer
New stealthy Quasar Linux malware targets software developers
FOE
Bleeping Computer
Instructure hacker claims data theft from 8,800 schools, universities
FOE
CSO Online
Supply-chain attacks take aim at your AI coding agents
FOE
Dark Reading
Trellix Source Code Breach Highlights Growing Supply Chain Threats
FRIEND
Dark Reading
Research Hub Bridges Cybersecurity Gap for Under-Resourced Organizations
FOE
CSO Online
Edge browser leaves passwords exposed in plain text, says researcher
FOE
Ars Technica (Security)
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
FOE
CSO Online
CISA mulls new three-day remediation deadline for critical flaws
FOE
Bleeping Computer
DAEMON Tools trojanized in supply-chain attack to deploy backdoor
FRIEND
Dark Reading
Why Security Leadership Makes or Breaks a Pen Test
FOE
Bleeping Computer
Student hacked Taiwan high-speed rail to trigger emergency brakes
FRIEND
CSO Online
CISA pushes critical infrastructure operators to prepare to work in isolation
FRIEND
The Register (Security)
ServiceNow clears agents for landing with new AI control tower
FOE
The Hacker News
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
FOE
The Hacker News
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
FRIEND
CSO Online
Oracle will patch more often to counter AI cybersecurity threat
FOE
The Register (Security)
Attackers are cashing in on fresh 'CopyFail' Linux flaw
FOE
The Register (Security)
Attackers are cashing in on fresh 'CopyFail' Linux flaw
FRIEND
Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: That one clashes with the metal
FOE
Dark Reading
Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk
FOE
SecurityWeek
Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations
FRIEND
Bleeping Computer
FTC to ban data broker Kochava from selling Americans’ location data
FOE
The Hacker News
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
FOE
Privacy International
From Big Oil to Big Algorithm: Public Money in Private Models
FRIEND
Bleeping Computer
The EOL Blind Spot in Your CVE Feed: What SCA Tools Miss
FOE
Bleeping Computer
The EOL Blind Spot in Your CVE Feed: What SCA Tools Don't Check.
FRIEND
EPIC
EPIC Urges Support for Chatbot Provider Liability Framework in Illinois
FOE
The Register (Security)
Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking
FOE
The Register (Security)
Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking
FOE
SecurityWeek
Hacker Conversations: Joey Melo on Hacking AI
FOE
Bleeping Computer
Vimeo data breach exposes personal information of 119,000 people
FOE
SecurityWeek
Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft
FOE
The Register (Security)
ShinyHunters claims dump puts 119K Vimeo emails in the wild
FOE
The Register (Security)
ShinyHunters claims dump puts 119K Vimeo emails in the wild
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: It might be the new glasses
FOE
CISA Alerts
ABB B&R Automation Studio
FOE
CISA Alerts
Johnson Controls CEM AC2000
FOE
CISA Alerts
ABB B&R PVI
FOE
CISA Alerts
Hitachi Energy PCM600
FOE
CISA Alerts
ABB B&R Automation Runtime
FOE
SecurityWeek
Critical Remote Code Execution Vulnerability Patched in Android
FOE
The Hacker News
The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
FRIEND
Dark Reading
How the Story of a USB Penetration Test Went Viral
FOE
Dark Reading
How the Story of a USB Penetration Test Went Viral
FOE
The Hacker News
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
FOE
CSO Online
AI finds 20-year-old bugs in PostgreSQL and MariaDB
FOE
The Register (Security)
Romance scammers turn sweet talk into £102M payday
FOE
The Register (Security)
Romance scammers turn sweet talk into £102M payday
FRIEND
SANS Internet Storm Center
SSL.com rotates their root certificate today, (Tue, May 5th)
FOE
SANS Internet Storm Center
Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)
FRIEND
Bleeping Computer
Google now offers up to $1.5 million for some Android exploits
FOE
SecurityWeek
Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server
FOE
CSO Online
Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs
FOE
SecurityWeek
Karakurt Ransomware Negotiator Sentenced to Prison
FOE
Schneier on Security
DarkSword Malware
FOE
EFF Deeplinks
EFF and 18 Organizations Urge UK Policymakers to Prioritize Addressing the Roots of Online Harm
FOE
The Hacker News
We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is
FOE
Bleeping Computer
Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison
FOE
Bleeping Computer
CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs
FOE
SecurityWeek
MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs
FOE
The Register (Security)
NHS to close-source hundreds of GitHub repos over AI, security concerns
FOE
The Hacker News
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
FOE
Bleeping Computer
ScarCruft hackers push BirdCall Android malware via game platform
FOE
SecurityWeek
WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities
FRIEND
CSO Online
CISOs step up to the security workforce challenge
FOE
The Intercept (Privacy)
Maker of AI Targeting System for Drones Faces Protests for Shipments to Israeli Military
FOE
CSO Online
Why most zero-trust architectures fail at the traffic layer
FOE
The Register (Security)
Microsoft's bad obsession is showing up in shabby services and slipshod software. Here's proof
FRIEND
Sophos News
Sophos Endpoint Mythos AI
FOE
Sophos News
AI Zero Days Sophos Endpoint
FOE
The Hacker News
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
FOE
EFF Deeplinks
Shut Down Turnkey Totalitarianism
FRIEND
OWASP Blog
OWASP Foundation Unveils Its Strategic Plan for a World Without Insecure Software
FOE
The Hacker News
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
FRIEND
CSO Online
10 Anzeichen für einen schlechten CSO
FRIEND
The Register (Security)
Singapore boffins get diverse SIEMs singing in harmony with agentic rule translation
FRIEND
The Register (Security)
Singapore boffins get diverse SIEMs singing in harmony with agentic rule translation
FOE
CSO Online
Anthropic Mythos spurs White House to weigh pre-release reviews for high-risk AI models
FRIEND
Sophos News
Introducing the Sophos Security Services Retainer
FOE
Bleeping Computer
Weaver E-cology critical bug exploited in attacks since March
FOE
Dark Reading
Physical Cargo Theft Gets a Boost From Cybercriminals
FOE
Dark Reading
RMM Tools Fuel Stealthy Phishing Campaign
FOE
The Register (Security)
Kids say they can beat age checks by drawing on a fake mustache
FOE
Bleeping Computer
Researchers report Amazon SES abused in phishing to evade detection
FOE
Bleeping Computer
Amazon SES increasingly abused in phishing to evade detection
FOE
EPIC
America needs a strong privacy law. The SECURE Data Act isn’t it.
FOE
Dark Reading
Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability
FRIEND
SecurityWeek
Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks
FOE
CSO Online
The Winter Games effect: When gold meets DDoS
FOE
EFF Deeplinks
EFF Submission to UK Consultation on Digital ID
FOE
The Hacker News
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
FOE
SecurityWeek
Trellix Source Code Repository Breached
FOE
Bleeping Computer
Backdoored PyTorch Lightning package drops credential stealer
FOE
SANS Internet Storm Center
TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)
FOE
CSO Online
How orphaned applications are quietly fueling your shadow IT problem
FOE
The Hacker News
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
FOE
Bleeping Computer
Trellix discloses data breach after source code repository hack
FOE
The Register (Security)
Shadow IT has given way to shadow AI. Enter AI-BOMs
FRIEND
The Register (Security)
Shadow IT has given way to shadow AI. Enter AI-BOMs
FOE
Dark Reading
Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia
FRIEND
SANS Internet Storm Center
DShield Honeypot Update, (Mon, May 4th)
FOE
The Hacker News
⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
FOE
Bleeping Computer
They don’t hack, they borrow: How fraudsters target credit unions
FRIEND
SecurityWeek
Cybersecurity M&A Roundup: 33 Deals Announced in April 2026
FOE
SecurityWeek
DigiCert Revokes Certificates After Support Portal Hack
FOE
Bleeping Computer
Progress warns of critical MOVEit Automation auth bypass flaw
FRIEND
Bleeping Computer
Webinar: Why MSPs must rethink security and backup strategies
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: Too many emojis
FRIEND
EFF Deeplinks
Getting Digital Fairness Right: EFF's Recommendations for the EU's Digital Fairness Act
FOE
The Hacker News
2026: The Year of AI-Assisted Attacks
FOE
The Hacker News
Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia
FOE
CSO Online
Security agencies draw red lines around agentic AI deployments
FOE
Bleeping Computer
CISA says ‘Copy Fail’ flaw now exploited to root Linux systems
FOE
SecurityWeek
Exploitation of ‘Copy Fail’ Linux Vulnerability Begins
FOE
Bleeping Computer
Microsoft confirms April Windows updates cause backup failures
FRIEND
EFF Deeplinks
Getting Digital Fairness Right: EFF's Recommendations for the EU's Digital Fairness Act
FOE
Schneier on Security
Hacking Polymarket
FRIEND
SecurityWeek
OpenAI Rolls Out Advanced Security for ChatGPT Accounts
FOE
The Hacker News
Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
FOE
The Register (Security)
If the vote you rocked, your personal info can be grokked
FOE
The Register (Security)
If the vote you rocked, your personal info can be grokked
FOE
CSO Online
The fake IT worker problem CISOs can’t ignore
FRIEND
CSO Online
How CISOs should utilize data security posture management to inform risk
FOE
SecurityWeek
Over 40,000 Servers Compromised in Ongoing cPanel Exploitation
FOE
SecurityWeek
Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats
FOE
The Hacker News
Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M
FOE
Risky Business News
Risky Bulletin: DigiCert hacked with a malicious screensaver file
FOE
CSO Online
Was ist ein Botnet?
FOE
The Register (Security)
Five Eyes spook shops warn rapid rollouts of agentic AI are too risky
FOE
The Register (Security)
Five Eyes spook shops warn agentic is too wonky for rapid rollout
FOE
Bleeping Computer
Instructure confirms data breach, ShinyHunters claims attack
FOE
Bleeping Computer
Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha
FRIEND
SANS Internet Storm Center
Wireshark 4.6.5 Released, (Sun, May 3rd)
FOE
SecurityWeek
US Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified Systems
FOE
Bleeping Computer
Telegram Mini Apps abused for crypto scams, Android malware delivery
FOE
The Hacker News
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV
FOE
Bleeping Computer
Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks
FOE
Bleeping Computer
ConsentFix v3 attacks target Azure with automated OAuth abuse
FOE
SecurityWeek
New Bluekit Phishing Kit Features AI Assistant
FOE
The Register (Security)
Brace for the patch tsunami: AI is unearthing decades of buried code debt
FOE
The Register (Security)
Brace for the patch tsunami: AI is unearthing decades of buried code debt
FOE
The Hacker News
Trellix Confirms Source Code Breach With Unauthorized Repository Access
FOE
Bleeping Computer
Edu tech firm Instructure discloses cyber incident, probes impact
FOE
CSO Online
AI agents can bypass guardrails and put credentials at risk, Okta study finds
FOE
EPIC
EPIC Urges Representatives to Vote NO on Privacy Invasions at Treasury
FOE
Dark Reading
76% of All Crypto Stolen in 2026 Is Now in North Korea
FOE
CSO Online
Windows shell spoofing vulnerability puts sensitive data at risk
FOE
Ars Technica (Security)
Ubuntu infrastructure has been down for more than a day
FOE
SANS Internet Storm Center
Malicious Ad for Homebrew Leads to MacSync Stealer, (Fri, May 1st)
FOE
The Hacker News
30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
FOE
Bleeping Computer
15-year-old detained over French govt agency data breach
FOE
Bleeping Computer
Story retracted
FOE
The Intercept (Privacy)
Musk Warns of Killer AI — While He and the Rest of Silicon Valley Cash In on AI That Kills
FOE
Ars Technica (Security)
GPT-5.5 matches heavily hyped Mythos Preview in new cybersecurity tests
FOE
SecurityWeek
In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability
FRIEND
EFF Deeplinks
A Bridge to Somewhere: How to Link Your Mastodon, Bluesky, or Other Federated Accounts
FOE
Dark Reading
If AI's So Smart, Why Does It Keep Deleting Production Databases?
FRIEND
SecurityWeek
Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge
FOE
The Hacker News
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
FRIEND
Bleeping Computer
Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations
FOE
The Hacker News
China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists
FOE
The Register (Security)
First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed
FOE
The Register (Security)
First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed
FRIEND
Bleeping Computer
Microsoft fixes Remote Desktop warnings displaying incorrectly
FRIEND
Dark Reading
Name That Toon: Mark of (Security) Progress
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: I just saw him at the coffee machine
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FRIEND
CISA Alerts
Careful Adoption of Agentic AI Services
FRIEND
Dark Reading
20 Years in Cyber: Dark Reading Marks Milestone With Month of Special Coverage
FOE
The Register (Security)
OpenAI locks GPT-5.5-Cyber behind velvet rope despite slamming Anthropic for doing exactly that
FRIEND
The Register (Security)
OpenAI locks GPT-5.5-Cyber behind velvet rope despite slamming Anthropic for doing exactly that
FOE
SecurityWeek
Two US Security Experts Sentenced to Prison for Helping Ransomware Gang
FOE
Schneier on Security
A Ransomware Negotiator Was Working for a Ransomware Gang
FRIEND
Bleeping Computer
Microsoft now lets admins choose pre-installed Store apps to uninstall
FOE
SecurityWeek
Sophisticated Deep#Door Backdoor Enables Espionage, Disruption
FOE
The Register (Security)
Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down
FOE
The Register (Security)
Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down
FRIEND
The Hacker News
Top Five Sales Challenges Costing MSPs Cybersecurity Revenue
FRIEND
SecurityWeek
Cisco Releases Open Source Tool for AI Model Provenance
FRIEND
Bleeping Computer
Windows 11 KB5083631 update released with 34 changes and fixes
FOE
CSO Online
Human-centric failures: Why BEC continues to work despite MFA
FOE
The Hacker News
Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks
FOE
The Hacker News
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
FRIEND
CSO Online
Just 34% of cyber pros plan to stick with their current employer
FRIEND
CSO Online
Enterprise Spotlight: Transforming software development with AI
FOE
CSO Online
Managing OT risk at scale: Why OT cyber decisions are leadership decisions
FOE
SecurityWeek
Hugging Face, ClawHub Abused for Malware Distribution
FOE
SecurityWeek
FBI Warns of Surge in Hacker-Enabled Cargo Theft
FOE
Bleeping Computer
US ransomware negotiators get 4 years in prison over BlackCat attacks
FOE
SecurityWeek
1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom
FOE
Risky Business News
Risky Bulletin: The mysterious hack of Moldova's healthcare database
FOE
CSO Online
‘Trivial’ exploit can give attackers root access to Linux kernel
FOE
Sophos News
AI finds the vulnerabilities, but exploiting them is a different problem.
FOE
Sophos News
AI just became the world's most dangerous exploit writer. Here's why Sophos Endpoint is built to stop it.
FOE
Sophos News
Proof-of-concept exploit available for Linux 'Copy Fail' vulnerability (CVE-2026-31431)
FOE
CISA KEV
CVE-2026-31431: Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability
FOE
CSO Online
Bank regulator sounds warning over cybersecurity threat posed by AI models
FOE
EFF Deeplinks
Utah’s New Law Targeting VPNs Goes Into Effect Next Week
FOE
The Register (Security)
The never-ending supply chain attacks worm into SAP npm packages, other dev tools
FOE
The Register (Security)
The never-ending supply chain attacks worm into SAP npm packages, other dev tools
FOE
Dark Reading
TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack
FOE
Dark Reading
Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug
FOE
The Register (Security)
Bot her emails: most modern phishing campaigns are AI-enabled
FOE
The Register (Security)
Bot her emails: most modern phishing campaigns are AI-enabled
FOE
Ars Technica (Security)
The most severe Linux threat to surface in years catches the world flat-footed
FOE
The Intercept (Privacy)
Ron Wyden Is Pissing Off the NSA’s Biggest Backers. Tom Cotton Warns There Will Be “Consequences.”
FOE
The Register (Security)
FBI cyber boss: China's hacker-for-hire ecosystem 'out of control'
FOE
The Register (Security)
FBI cyber boss: China's hacker-for-hire ecosystem 'out of control'
FOE
Dark Reading
Anthropic's Mythos Has Landed: Here's What Comes Next for Cyber
FOE
Bleeping Computer
New Bluekit phishing service includes an AI assistant, 40 templates
FOE
SecurityWeek
Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge
FOE
SecurityWeek
AI Fuels ‘Industrial’ Cybercrime as Time-to-Exploit Shrinks to Hours
FRIEND
BrightTALK InfoSec
Mastering Resilience in Modern Security
FOE
Bleeping Computer
Romanian leader of online swatting ring gets 4 years in prison
FRIEND
EPIC
To protect kids online, don’t ban them from social media. Regulate design.
FOE
The Register (Security)
Google's fix for critical Gemini CLI bug might break your CI/CD pipelines
FOE
The Register (Security)
Google's fix for critical Gemini CLI bug might break your CI/CD pipelines
FOE
EFF Deeplinks
Open Records Laws Reveal ALPRs’ Sprawling Surveillance. Now States Want to Block What the Public Sees.
FOE
The Register (Security)
French prosecutors link 15-year-old to mega-breach at state’s secure document agency
FOE
The Register (Security)
French prosecutors link 15-year-old to mega-breach at state’s secure document agency
FOE
Bleeping Computer
FBI links cybercriminals to sharp surge in cargo theft attacks
FOE
The Hacker News
PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials
FOE
BrightTALK InfoSec
Synthetic Risk, Authentic Trust: Enterprise Security in the Age of AI
FOE
Bleeping Computer
April KB5083769 Windows 11 update causes backup software failures
FRIEND
Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: They’ll never know
FOE
SecurityWeek
SonicWall Urges Immediate Patching of Firewall Vulnerabilities
FOE
SecurityWeek
SAP NPM Packages Targeted in Supply Chain Attack
FOE
Krebs on Security
Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
FOE
Bleeping Computer
What Happens in the First 24 Hours After a New Asset Goes Live
FOE
The Hacker News
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
FOE
Bleeping Computer
New Linux ‘Copy Fail’ flaw gives hackers root on major distros
FRIEND
Dark Reading
Oracle Red Bull Racing Team Revs Up Automation to Boost Security
FOE
The Hacker News
New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
FOE
SecurityWeek
Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks
FOE
CSO Online
Dismantle implicit trust in OT networks, CISA tells critical infrastructure operators
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: That’s what I thought you said
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
ABB Ability OPTIMAX
FOE
CISA Alerts
ABB PCM600
FOE
CISA Alerts
ABB Edgenius Management Portal
FOE
CISA Alerts
ABB AWIN Gateways
FOE
CISA Alerts
ABB System 800xA, Symphony Plus IEC 61850
FOE
CISA Alerts
ABB Ability Symphony Plus Engineering
FOE
SecurityWeek
EnOcean SmartServer Flaws Expose Buildings to Remote Hacking
FOE
Bleeping Computer
Critical cPanel and WHM bug exploited as a zero-day, PoC now available
FOE
The Register (Security)
Nearly half of UK businesses pwned last year as phishing keeps doing the job like it's 2005
FOE
The Register (Security)
Nearly half of UK businesses pwned last year as phishing keeps doing the job like it's 2005
FOE
CSO Online
Max-severity RCE flaw found in Google Gemini CLI
FOE
The Hacker News
EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades
FOE
Bleeping Computer
Police dismantles 9 crypto scam centers, arrests 276 suspects
FOE
SecurityWeek
Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months
FOE
The Register (Security)
What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia
FOE
The Register (Security)
What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia
FOE
Schneier on Security
Fast16 Malware
FOE
The Register (Security)
Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day
FOE
The Register (Security)
Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day
FOE
SecurityWeek
‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover
FOE
CSO Online
SAP npm package attack highlights risks in developer tools and CI/CD pipelines
FOE
The Hacker News
New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions
FOE
CSO Online
Stopping the quiet drift toward excessive agency with re-permissioning
FOE
CSO Online
ODNI to CISOs on threat assessments: You’re on your own
FOE
SecurityWeek
Sandhills Medical Says Ransomware Breach Affects 170,000
FOE
The Register (Security)
Finance company stores DB credentials in helpfully labeled spreadsheet
FOE
The Register (Security)
Finance company stores DB credentials in helpfully labeled spreadsheet
FRIEND
EFF Deeplinks
Digital Hopes, Real Power: From Connection to Collective Action
FOE
The Hacker News
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
FRIEND
CSO Online
10 wichtige Security-Eigenschaften: So setzen Sie die Kraft Ihres IT-Sicherheitstechnik-Teams frei
FOE
Risky Business News
Srsly Risky Biz: US Vows to Fight Distillation Attacks
FOE
CSO Online
Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years
FOE
EPIC
Texas Observer: As License Plate Readers Expand in Texas, Privacy Advocates are Fighting Back
FOE
SANS Internet Storm Center
Danger of Libredtail [Guest Diary], (Wed, Apr 29th)
FOE
The Register (Security)
Linux cryptographic code flaw offers fast route to root
FOE
The Register (Security)
Linux cryptographic code flaw offers fast route to root
FOE
CISA KEV
CVE-2026-41940: WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability
FOE
Dark Reading
Claude Mythos Fears Startle Japan's Financial Services Sector
FRIEND
Professor Messer
Professor Messer’s SY0-701 Security+ Study Group – April 2026
FOE
Bleeping Computer
Official SAP npm packages compromised to steal credentials
FOE
Bleeping Computer
Popular WordPress redirect plugin hid dormant backdoor for years
FOE
The Intercept (Privacy)
Mike Johnson Used Crypto Catnip to Get Freedom Caucus Support for Domestic Spy Law
FOE
EFF Deeplinks
EFF Submission to UN Report on the Role of Media in the Context of Israel’s Policies Toward Palestinians
FOE
Bleeping Computer
Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining
FRIEND
The Register (Security)
Researchers move in the right direction, develop powerful GPS interference alarm
FRIEND
The Register (Security)
Researchers move in the right direction, develop powerful GPS interference alarm
FOE
Dark Reading
Reverse Engineering With AI Unearths High-Severity GitHub Bug
FOE
Dark Reading
AI Finds 38 Security Flaws in Electronic Health Record Platform
FOE
EFF Deeplinks
Former EFF Activism Director's New Book, Transaction Denied, Explores What Happens When Financial Companies Act like Censors
FOE
The Register (Security)
Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack
FOE
The Register (Security)
Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack
FRIEND
The Register (Security)
Legacy TLS tour continues with Exchange Online blocking old versions from July 2026
FRIEND
The Register (Security)
Legacy TLS tour continues with Exchange Online blocking old versions from July 2026
FOE
Bleeping Computer
Hackers arrested for hijacking and selling 610,000 Roblox accounts
FOE
The Register (Security)
Yet another experiment proves it's too damn simple to poison large language models
FOE
The Hacker News
SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
FOE
Bleeping Computer
cPanel, WHM emergency update fixes critical auth bypass bug
FOE
The Register (Security)
CISA flags data-theft bug in NSA-built OT networking tool
FOE
The Register (Security)
CISA flags data-theft bug in NSA-built OT networking tool
FOE
Dark Reading
Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error
FOE
The Hacker News
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
FOE
Bleeping Computer
European police dismantles €50 million crypto investment fraud ring
FOE
Privacy International
Dual-use tech: the BAE Systems example
FRIEND
Black Hills Information Security
A Practical Guide to BloodHound Data Collection
FOE
Privacy International
Dual-use tech: the Lockheed Martin example
FOE
SANS Internet Storm Center
Today's Odd Web Requests, (Wed, Apr 29th)
FOE
Bleeping Computer
Learning from the Vercel breach: Shadow AI & OAuth sprawl
FOE
SecurityWeek
Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure
FRIEND
The Register (Security)
GitHub: Zounds, a genuinely helpful AI-assisted bug report that isn't total slop! Here, Wiz, take this wad of cash
FOE
The Register (Security)
GitHub: Woah, a genuinely helpful AI-assisted bug report that isn't total slop. Here, Wiz, take this wad of cash
FOE
Dark Reading
Lotus Wiper Attack Targets Venezuelan Energy Firms, Utilities
FOE
Bleeping Computer
GitHub fixes RCE flaw that gave access to millions of private repos
FOE
SecurityWeek
Hundreds of Internet-Facing VNC Servers Expose ICS/OT
FRIEND
The Register (Security)
EU waves through open source age-check tool to keep kids safe online
FOE
The Hacker News
Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Ten questions, ten different answers
FRIEND
CISA Alerts
Adapting Zero Trust Principles to Operational Technology
FOE
CSO Online
Critical GitHub RCE bug exposed millions of repositories
FRIEND
The Hacker News
What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)
FOE
SecurityWeek
Checkmarx Confirms Data Stolen in Supply Chain Attack
FOE
Ars Technica (Security)
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
FOE
SecurityWeek
Iranian Cyber Group Handala Targets US Troops in Bahrain
FOE
Bleeping Computer
CISA orders feds to patch Windows flaw exploited as zero-day
FRIEND
Schneier on Security
Claude Mythos Has Found 271 Zero-Days in Firefox
FOE
The Register (Security)
GoDaddy customer claims registrar transferred 27-year-old domain without any security checks
FOE
SecurityWeek
38 Vulnerabilities Found in OpenEMR Medical Software
FOE
The Hacker News
Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately
FRIEND
SecurityWeek
Chrome 147, Firefox 150 Security Updates Rolling Out
FRIEND
CSO Online
AWS leans on prior ingenuity to face future AI and quantum threats
FOE
The Hacker News
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
FOE
Bleeping Computer
Microsoft says backend change broke Teams Free chat and calls
FOE
The Register (Security)
30 ClawHub skills secretly turn AI agents into a crypto swarm
FOE
The Register (Security)
30 ClawHub skills secretly turn AI agents into a crypto swarm
FOE
SecurityWeek
Critical GitHub Vulnerability Exposed Millions of Repositories
FOE
The Hacker News
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
FRIEND
CSO Online
Third Party Risk Management: So vermeiden Sie Compliance-Unheil
FOE
Risky Business News
Risky Bulletin: UK NCSC blasts SOC metrics
FOE
CSO Online
More fake extensions linked to GlassWorm found in Open VSX code marketplace
FOE
EPIC
Federal News Network: GAO report on DOGE payments access ‘just the tip of the iceberg’
FOE
Sophos News
'Mini Shai-Hulud' supply chain attack targets SAP npm packages
FOE
EPIC
CNET: Supreme Court Weighs Arguments Over How Police Request Location Data to Solve Crimes
FOE
Dark Reading
BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures
FOE
Bleeping Computer
Broken VECT 2.0 ransomware acts as a data wiper for large files
FOE
Bleeping Computer
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
FRIEND
EFF Deeplinks
The Open Social Web Needs Section 230 to Survive
FOE
Dark Reading
NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later
FRIEND
EPIC
EPIC Testifies in Support of Bill to Expand Privacy Protections for Vermonters
FRIEND
Dark Reading
Feuding Ransomware Groups Leak Each Other's Data
FOE
Dark Reading
Vidar Rises to Top of Chaotic Infostealer Market
FOE
Bleeping Computer
Video service Vimeo confirms Anodot breach exposed user data
FOE
The Register (Security)
Don't pay Vect a ransom - your data's likely already wiped out
FOE
The Register (Security)
Don't pay Vect a ransom - your data's likely already wiped out
FRIEND
SecurityWeek
Cyber Insurance Data Gives CISOs New Ammo for Budget Talks
FOE
The Hacker News
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
FOE
The Hacker News
Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign
FOE
SecurityWeek
Vimeo Confirms User and Customer Data Breach
FRIEND
BrightTALK InfoSec
Fire, Brimstone and Bad Security Decisions
FOE
BrightTALK InfoSec
Closing the Browser Gap: Defending Against AiTM and Shadow AI
FOE
EPIC
EPIC and Coalition Renew Calls on Congress to Oppose Bad Financial Privacy Bill
FOE
SecurityWeek
The Mythos Moment: Enterprises Must Fight Agents with Agents
FOE
Bleeping Computer
US reportedly charges Scattered Spider hacker arrested in Finland
FRIEND
SecurityWeek
Webinar Today: A Step-by-Step Approach to AI Governance
FRIEND
Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: There’s an empty seat over there
FOE
Dark Reading
Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain
FOE
Bleeping Computer
Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
FOE
SecurityWeek
Robinhood Vulnerability Exploited for Phishing Attacks
FOE
The Register (Security)
Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak
FOE
The Register (Security)
Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak
FOE
EPIC
League of Women Voters, EPIC Renew Call for Court to Protect Privacy and Voting Rights in Case Challenging Illegal SAVE Overhaul
FOE
The Hacker News
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
FOE
BrightTALK InfoSec
Mitigating AI Risks: Understanding and Addressing the Risks of AI Systems
FOE
SecurityWeek
Alleged Chinese State Hacker Extradited to US
FOE
SANS Internet Storm Center
HTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)
FRIEND
Bleeping Computer
Microsoft to deprecate legacy TLS in Exchange Online starting July
FOE
CSO Online
Critical Cursor bug could turn routine Git into RCE
FOE
Bleeping Computer
Inside an OPSEC Playbook: How Threat Actors Evade Detection
FOE
SecurityWeek
Dozens of Open VSX Extension Clones Linked to GlassWorm Malware
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: The problem is reading it
FOE
CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
FOE
CISA Alerts
NSA GRASSMARLIN
FRIEND
SecurityWeek
Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable
FRIEND
NIST Cybersecurity Insights
From DMV to Wallet: Understanding Verifiable Digital Credential Issuance
FOE
The Hacker News
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About
FOE
SecurityWeek
Electric Motorcycles and Scooters Face Hacking Risks to Security and Rider Safety
FOE
SecurityWeek
No Patch for New PhantomRPC Privilege Escalation Technique in Windows
FOE
The Hacker News
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
FOE
Schneier on Security
What Anthropic’s Mythos Means for the Future of Cybersecurity
FOE
SecurityWeek
Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials
FOE
The Hacker News
After Mythos: New Playbooks For a Zero-Window Era
FOE
The Register (Security)
SUSE's sovereignty pitch meets an inconvenient $6 billion question
FOE
CSO Online
Securing RAG pipelines in enterprise SaaS
FOE
Bleeping Computer
Microsoft: New Remote Desktop warnings may display incorrectly
FOE
CSO Online
What CISOs need to get right as identity enters the agentic era
FOE
CSO Online
Stopping AiTM attacks: The defenses that actually work after authentication succeeds
FRIEND
Bleeping Computer
Microsoft asks iPhone users to reauthenticate after Outlook outage
FRIEND
SecurityWeek
Spectrum Security Emerges From Stealth Mode With $19 Million
FOE
The Hacker News
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
FOE
The Hacker News
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
FOE
SecurityWeek
Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak
FOE
The Hacker News
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
FRIEND
CSO Online
EDR-Software – ein Kaufratgeber
FOE
CSO Online
Infected Cisco firewalls need cold start to clear persistent Firestarter backdoor
FRIEND
Recorded Future Blog
The Money Mule Problem Solution: What Every Scam Has in Common
FOE
CISA KEV
CVE-2026-32202: Microsoft Windows Protection Mechanism Failure Vulnerability
FOE
CISA KEV
CVE-2024-1708: ConnectWise ScreenConnect Path Traversal Vulnerability
FOE
Recorded Future Blog
Lazarus Doesn't Need AGI
FOE
The Register (Security)
Ongoing supply-chain attack 'explicitly targeting' security, dev tools
FOE
The Register (Security)
Ongoing supply-chain attack 'explicitly targeting' security, dev tools
FOE
EPIC
The Guardian: US Supreme Court Hears Whether Smartphone Location Data Warrants Infringe Users’ Privacy
FOE
EPIC
CyberScoop: Supreme Court justices skeptically question both sides in geofence surveillance case
FOE
EPIC
PPC Land: Your work apps collect more data than you think, study finds
FOE
EFF Deeplinks
The GUARD Act Isn’t Targeting Dangerous AI—It’s Blocking Everyday Internet Use
FOE
Bleeping Computer
Robinhood account creation flaw abused to send phishing emails
FOE
EFF Deeplinks
Congress Must Reject New Insufficient 702 Reauthorization Bill
FOE
Bleeping Computer
GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions
FOE
The Register (Security)
Cursor-Opus agent snuffs out startup’s production database
FOE
Ars Technica (Security)
Open source package with 1 million monthly downloads stole user credentials
FOE
Dark Reading
UNC6692 Combines Social Engineering, Malware, Cloud Abuse
FOE
Bleeping Computer
Canada arrests three for operating “SMS blaster” device in Toronto
FOE
Bleeping Computer
Alleged Silk Typhoon hacker extradited to US for cyberespionage
FOE
The Register (Security)
Medical and utility tech companies admit digital breakins
FOE
The Register (Security)
Medical and utility tech companies hacked by digital intruders
FRIEND
EFF Deeplinks
The Internet Still Works: SmugMug Powers Online Photography
FOE
Bleeping Computer
FTC: Americans lost over $2.1 billion to social media scams in 2025
FOE
Dark Reading
Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation
FOE
Bleeping Computer
PyPI package with 1.1M monthly downloads hacked to push infostealer
FOE
Bleeping Computer
Home security giant ADT data breach affects 5.5 million people
FRIEND
Bleeping Computer
Webinar: Spotting cyberattacks before they begin
FOE
The Hacker News
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
FOE
SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns, (Mon, Apr 27th)
FOE
Bleeping Computer
Medtronic confirms breach after hackers claim 9 million records theft
FOE
The Hacker News
⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
FOE
Dark Reading
20-Year-Old Malware Rewrites History of Cyber Sabotage
FOE
SecurityWeek
Incomplete Windows Patch Opens Door to Zero-Click Attacks
FOE
Bleeping Computer
Money launderer linked to $230M crypto heist gets 70 months in prison
FOE
Bleeping Computer
Deepfake Voice Attacks are Outpacing Defenses: What Security Leaders Should Know
FOE
Dark Reading
Parsing Agentic Offensive Security's Existential Threat
FOE
CSO Online
Microsoft patched an ‘agent-only’ role that was not
FOE
SecurityWeek
OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years
FOE
The Register (Security)
Cybersec is a thankless job: expanding workload and shrinking pay packet
FOE
The Register (Security)
Cybersec is a thankless job: expanding workload and shrinking pay packet
FOE
SecurityWeek
Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google
FOE
Bleeping Computer
Microsoft says Outlook.com outage is causing sign‑in failures
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Lots of dinging noises
FOE
The Hacker News
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side
FOE
The Hacker News
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
FOE
The Register (Security)
Burglar alarm biz burgled: ADT confirms cyber intrusion after ShinyHunters extortion attempt
FOE
The Register (Security)
Burglar alarm biz burgled: ADT confirms cyber intrusion after ShinyHunters extortion attempt
FOE
The Hacker News
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
FRIEND
The Register (Security)
Microsoft updates the Windows Update Experience: You can hit pause now
FOE
SecurityWeek
Energy and Water Management Firm Itron Hacked
FRIEND
Schneier on Security
Medieval Encrypted Letter Decoded
FOE
SecurityWeek
UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware
FOE
SecurityWeek
Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access
FRIEND
SecurityWeek
US Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian Senator
FRIEND
The Register (Security)
ICO chief John Edwards steps back as workplace probe quietly unfolds
FOE
The Intercept (Privacy)
Meet the Four Democrats Who’ll Decide If Trump Gets His Domestic Spying Law
FRIEND
CSO Online
AI is reshaping DevSecOps to bring security closer to the code
FRIEND
CSO Online
The ‘manager of agents’: How AI evolves the SOC analyst role
FOE
SecurityWeek
Firefox Vulnerability Allows Tor User Fingerprinting
FOE
The Register (Security)
Anthropic's magic code-sniffer: More Swiss cheese than cheddar, for now
FOE
The Register (Security)
Anthropic's magic code-sniffer: More Swiss cheese than cheddar, for now
FRIEND
OWASP Blog
The OWASP Foundation appoints Missie Lindsey as Director of Corporate Relations
FOE
The Hacker News
Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
FRIEND
CSO Online
4 Wege aus der Security-Akronymhölle
FOE
Risky Business News
Risky Bulletin: New fingerprinting technique can track Tor users
FOE
The Register (Security)
Google Cloud Next proves what we suspected: Everything is AI now
FOE
Bleeping Computer
American utility firm Itron discloses breach of internal IT network
FOE
The Register (Security)
AI's not going to kill open source code security
FOE
The Register (Security)
Hot take: AI's not going to kill open source code security
FOE
Bleeping Computer
Threat actor uses Microsoft Teams to deploy new “Snow” malware
FOE
SecurityWeek
China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks
FOE
The Register (Security)
Crime crew impersonates help desk, abuses Microsoft Teams to steal your data
FOE
The Register (Security)
Crime crew impersonates help desk, abuses Microsoft Teams to steal your data
FOE
The Hacker News
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software
FOE
The Hacker News
CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline
FOE
EFF Deeplinks
Act Now to Stop California’s Paternalistic and Privacy-Destroying Social Media Ban
FRIEND
EFF Deeplinks
EFF Challenges Secrecy In Eastern District of Texas Patent Case
FOE
Bleeping Computer
ADT confirms data breach after ShinyHunters leak threat
FOE
Dark Reading
Helping Romance Scam Victims Require a Proactive, Empathic Approach
FOE
Bleeping Computer
Firestarter malware survives Cisco firewall updates, security patches
FOE
CSO Online
New US House privacy bills raise hard questions about enterprise data collection
FRIEND
Bleeping Computer
Windows Update gets new controls to reduce forced restarts
FOE
EFF Deeplinks
California Coastal Community Must Reject CBP's AI-Powered Surveillance Tower
FOE
Ars Technica (Security)
Why are top university websites serving porn? It comes down to shoddy housekeeping.
FOE
CSO Online
Scattered Spider co-conspirator pleads guilty
FOE
Bleeping Computer
New BlackFile extortion group linked to surge of vishing attacks
FOE
CSO Online
CISA last in line for access to Anthropic Mythos
FRIEND
Bleeping Computer
Microsoft to roll out Entra passkeys on Windows in late April
FOE
Bleeping Computer
New ‘Pack2TheRoot’ flaw gives hackers root Linux access
FOE
The Hacker News
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches
FOE
Sophos News
Supply chain attacks hit Checkmarx and Bitwarden developer tools
FOE
Dark Reading
US Busts Myanmar Ring Targeting US Citizens in Financial Fraud
FOE
The Register (Security)
US clarifies mobile hotspots part of foreign router ban despite rarity of American made consumer kit
FOE
The Register (Security)
ShinyHunters claim they have cruise giant Carnival's booty as 7.5M emails surface
FOE
The Register (Security)
ShinyHunters claim they have cruise giant Carnival's booty as 7.5M emails surface
FOE
Dark Reading
Glasswing Secured the Code. The Rest of Your Stack Is Still on You
FOE
The Intercept (Privacy)
Palantir Is Helping Trump’s IRS Conduct “Massive-Scale” Data Mining
FOE
SecurityWeek
Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber Tensions
FOE
The Register (Security)
Governments on high alert after CISA snuffs out Firestarter backdoor on fed network
FOE
The Register (Security)
Governments on high alert after CISA snuffs out Firestarter backdoor on fed network
FOE
SecurityWeek
In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device
FRIEND
The Register (Security)
More ancient Linux device support faces the chop
FOE
The Hacker News
NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
FRIEND
Bleeping Computer
DORA and operational resilience: Credential management as a financial risk control
FOE
Bleeping Computer
Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
FOE
Dark Reading
AI Phishing Is No. 1 With a Bullet for Cyberattackers
FOE
Dark Reading
North Korea's Lazarus Targets macOS Users via ClickFix
FRIEND
The Register (Security)
Intel bets the farm on AI inference to drag CPU back to the top table
FOE
The Register (Security)
Intel bets the farm on AI inference to drag CPU back to the top table
FOE
SecurityWeek
Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents
FRIEND
SecurityWeek
Locked Shields 2026: 41 Nations Strengthen Cyber Resilience in World’s Biggest Exercise
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: It’s not recording
FOE
CISA Alerts
CISA Adds Four Known Exploited Vulnerabilities to Catalog
FOE
The Hacker News
Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine
FOE
The Hacker News
26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases
FOE
The Register (Security)
Microsoft beefs up Remote Desktop security with ... hard-to-read messages
FRIEND
The Register (Security)
It's a myth that you need Mythos to find bugs: Open source models can do it just as well
FRIEND
The Register (Security)
It's a myth that you need Mythos to find bugs: Open source models can do it just as well
FRIEND
Bleeping Computer
Microsoft now lets admins uninstall Copilot on enterprise devices
FOE
SecurityWeek
US Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ Backdoor
FOE
SecurityWeek
Trump Administration Vows Crackdown on Chinese Companies ‘Exploiting’ AI Models Made in US
FOE
Schneier on Security
Hiding Bluetooth Trackers in Mail
FOE
SecurityWeek
Vulnerabilities Patched in CrowdStrike, Tenable Products
FOE
The Hacker News
Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2
FOE
The Register (Security)
UK gov pays public £550 to discuss Digital ID – then bans journalists from the room
FOE
SecurityWeek
Bitwarden NPM Package Hit in Supply Chain Attack
FRIEND
SecurityWeek
Copperhelm Raises $7 Million for Agentic Cloud Security Platform
FOE
The Hacker News
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
FOE
The Register (Security)
Researchers find cyber-sabotage malware that may predate Stuxnet by five years
FOE
The Register (Security)
Researchers find cyber-sabotage malware that may predate Stuxnet by five years
FOE
Risky Business News
Risky Bulletin: There are now SIM-Farm-as-a-Service providers
FOE
The Register (Security)
Weak security means attackers could disable all of a city's public EV chargers
FOE
The Register (Security)
Weak security means attackers could disable all of a city's public EV chargers
FRIEND
CSO Online
Security-KPIs und -KRIs: So messen Sie Cybersicherheit
FOE
Dark Reading
Tropic Trooper APT Takes Aim at Home Routers, Japanese Targets
FOE
Sophos News
Supply chain attacks hit Checkmarx and Bitwarden developer tools
FRIEND
Recorded Future Blog
From Overwhelmed to Autonomous: Rethinking Threat Intelligence in 2026
FOE
CISA KEV
CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability
FOE
CISA KEV
CVE-2024-57728: SimpleHelp Path Traversal Vulnerability
FOE
CISA KEV
CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability
FOE
CSO Online
Bitwarden CLI password manager trojanized in supply chain attack
FRIEND
EFF Deeplinks
EFF to 9th Circuit (Again): App Stores Shouldn’t Be Liable for Processing Payments for User Content
FOE
The Register (Security)
Dev targeted by sophisticated job scam: 'I let my guard down, and ran the freaking code'
FOE
Bleeping Computer
Hackers exploit file upload bug in Breeze Cache WordPress plugin
FOE
Dark Reading
China-Backed Hackers Are Industrializing Botnets
FOE
Ars Technica (Security)
In a first, a ransomware family is confirmed to be quantum-safe
FRIEND
CSO Online
3 practical ways AI threat detection improves enterprise cyber resilience
FOE
CSO Online
The curious case of Sean Plankey’s derailed CISA nomination
FRIEND
EFF Deeplinks
Speaking Freely: Lizzie O'Shea
FOE
The Register (Security)
Chinese attackers are pwning your infrastructure to use in attacks, 10 countries warn
FOE
Bleeping Computer
Bitwarden CLI npm package compromised to steal developer credentials
FOE
Bleeping Computer
Trigona ransomware attacks use custom exfiltration tool to steal data
FOE
The Hacker News
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware
FOE
The Register (Security)
Age checks could turn internet into an ID checkpoint, complains Proton CEO
FOE
Bleeping Computer
New Checkmarx supply-chain breach affects KICS analysis tool
FOE
Dark Reading
Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia
FRIEND
SecurityWeek
Cloudsmith Raises $72 Million in Series C Funding
FRIEND
Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: Let’s get a soda
FOE
Dark Reading
Bad Memories Still Haunt AI Agents
FOE
Bleeping Computer
Cosmetics giant Rituals discloses data breach affecting customers
FOE
Bleeping Computer
Regular Password Resets Aren’t as Safe as You Think
FOE
The Hacker News
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
FRIEND
The Register (Security)
American farms have a new steward for their safety net, disaster programs... Palantir
FOE
Bleeping Computer
Microsoft: Some Teams users can’t join meetings after Edge update
FOE
The Hacker News
ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories
FRIEND
CSO Online
Offer customers passkeys by default, UK’s NCSC tells enterprises
FOE
SecurityWeek
Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos
FOE
The Register (Security)
Medical data of 500k Biobank volunteers listed for sale on Alibaba, UK minister reveals
FOE
Bleeping Computer
UK warns of Chinese hackers using proxy networks to evade detection
FOE
The Register (Security)
Hybrid clouds have two attack surfaces and you’re not paying enough attention to either
FRIEND
CSO Online
Google drafts AI agents secure systems against AI hackers
FRIEND
CSO Online
Google gets agent-ready for the Mythos age
FOE
Bleeping Computer
New GopherWhisper APT group abuses Outlook, Slack, Discord for comms
FOE
The Hacker News
[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: It’s all chalk drawings
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
Yadea T5 Electric Bicycle
FOE
CISA Alerts
Carlson Software VASCO-B GNSS Receiver
FOE
CISA Alerts
Intrado 911 Emergency Gateway (EGW)
FOE
CISA Alerts
Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera
FOE
CISA Alerts
SpiceJet Online Booking System
FOE
CISA Alerts
Milesight Cameras
FOE
CISA Alerts
FIRESTARTER Backdoor
FOE
CISA Alerts
Defending Against China-Nexus Covert Networks of Compromised Devices
FRIEND
SecurityWeek
Rilian Raises $17.5 Million for AI-Native Security Orchestration
FRIEND
The Hacker News
Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?
FOE
SecurityWeek
The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface
FOE
Bleeping Computer
CISA orders feds to patch BlueHammer flaw exploited as zero-day
FOE
Schneier on Security
FBI Extracts Deleted Signal Messages from iPhone Notification Database
FOE
SecurityWeek
Luxury Cosmetics Giant Rituals Discloses Data Breach
FRIEND
The Register (Security)
If malware via monitor cables is a matter of national security, this might be the gadget for you
FOE
SANS Internet Storm Center
Apple Patches Exploited Notification Flaw, (Thu, Apr 23rd)
FOE
SecurityWeek
AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers
FOE
The Intercept (Privacy)
ChatGPT Confessed to a Crime It Couldn’t Possibly Have Committed
FOE
Dark Reading
'Zealot' Shows What AI's Capable of in Staged Cloud Attack
FOE
The Register (Security)
Sharing isn’t caring if it’s an admin password
FOE
CSO Online
Microsoft taps Anthropic’s Mythos to strengthen secure software development
FOE
The Hacker News
China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors
FOE
SecurityWeek
Apple Patches iOS Flaw Allowing Recovery of Deleted Chats
FOE
The Hacker News
Vercel Finds More Compromised Accounts in Context.ai-Linked Breach
FOE
The Hacker News
Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case
FOE
SecurityWeek
Recent Microsoft Defender Vulnerability Exploited as Zero-Day
FRIEND
The Register (Security)
Pass the key, passwords have passed their sell-by date
FOE
Dark Reading
Africa Relinquishes Cyberattack Lead to Latin America — For Now
FRIEND
CSO Online
CNAPP – ein Kaufratgeber
FOE
Risky Business News
Srsly Risky Biz: Musk Snubs French Authorities
FOE
CSO Online
Riddled with flaws, serial-to-Ethernet converters endanger critical infrastructure
FRIEND
CSO Online
Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox
FOE
CSO Online
Malicious pgserve, automagik developer tools found in npm registry
FOE
CISA KEV
CVE-2026-39987: Marimo Remote Code Execution Vulnerability
FOE
Recorded Future Blog
Critical minerals and cyber operations
FOE
The Register (Security)
Another npm supply chain worm is tearing through dev environments
FOE
Ars Technica (Security)
Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage
FRIEND
The Register (Security)
Anthropic's super-scary bug hunting model Mythos is shaping up to be a nothingburger
FOE
Bleeping Computer
Apple fixes iOS bug that retained deleted notification data
FOE
Dark Reading
'The Gentlemen' Rapidly Rises to Ransomware Prominence
FRIEND
TCM Security Blog
11 Types of Ethical Hacking: The Definitive Guide for 2026
FOE
Bleeping Computer
New Mirai campaign exploits RCE flaw in EoL D-Link routers
FRIEND
Sophos News
Strengthening authentication with passkeys: A CISO playbook
FOE
EPIC
EPIC’s statement on the House GOP SECURE Data Act and GUARD Financial Data Act
FOE
Ars Technica (Security)
Microsoft issues emergency update for macOS and Linux ASP.NET threat
FOE
Bleeping Computer
Kyber ransomware gang toys with post-quantum encryption on Windows
FOE
CSO Online
Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core
FOE
EFF Deeplinks
📁 How ICE Got My Data | EFFector 38.8
FOE
The Hacker News
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
FOE
EPIC
PRESS RELEASE: EPIC and civil rights groups sue Alaska Division of Elections for sharing unredacted voter registration list
FRIEND
EPIC
EPIC Joins Coalition Comment to FTC Supporting Swift Restoration of Click-to-Cancel Protections
FOE
The Hacker News
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
FRIEND
EPIC
EPIC Urges Sixth Circuit to Protect Voter Privacy and Refuse to Enforce DOJ’s Voter Roll Demand
FOE
EFF Deeplinks
EFF Sues DHS and ICE For Records on Subpoenas Seeking to Unmask Online Critics
FRIEND
Black Hills Information Security
Network Engineering Basics
FOE
The Hacker News
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
FRIEND
Bleeping Computer
Spain dismantles major $4.7M manga piracy platform, arrests four
FOE
Dark Reading
DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'
FOE
SecurityWeek
After Bluesky, Mastodon Targeted in DDoS Attack
FOE
Dark Reading
Electricity Is a Growing Area of Cyber Risk
FOE
Bleeping Computer
Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process
FOE
Bleeping Computer
New npm supply-chain attack self-spreads to steal auth tokens
FOE
SecurityWeek
Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says
FOE
SecurityWeek
New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention
FRIEND
The Register (Security)
Google unleashes even more AI security agents to fight the baddies
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
SecurityWeek
Mirai Botnet Targets Flaw in Discontinued D-Link Routers
FOE
CSO Online
NFC tap-to-pay gets tapped by hackers
FOE
The Register (Security)
France's 'Secure' ID agency probes breach as crooks claim 19M records
FOE
SecurityWeek
Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data
FOE
SecurityWeek
Claude Mythos Finds 271 Firefox Vulnerabilities
FOE
The Register (Security)
Scotland Yard can keep using live facial recognition on Londoners, say judges
FOE
Schneier on Security
ICE Uses Graphite Spyware
FOE
The Hacker News
Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack
FOE
SecurityWeek
North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks
FOE
The Hacker News
Toxic Combinations: When Cross-App Permissions Stack into Risk
FOE
Bleeping Computer
Microsoft traces Universal Print issues to Graph API code change
FOE
Bleeping Computer
New GoGra malware for Linux uses Microsoft Graph API for comms
FOE
SecurityWeek
Google Antigravity in Crosshairs of Security Researchers, Cybercriminals
FOE
The Hacker News
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
FOE
CSO Online
Anthropic bets on EPSS for the coming bug surge
FOE
SecurityWeek
Oracle Patches 450 Vulnerabilities With April 2026 CPU
FRIEND
The Register (Security)
Oil crisis? What oil crisis? IT spending de-coupled from wider war shock
FOE
Bleeping Computer
Microsoft releases emergency patches for critical ASP.NET flaw
FOE
The Hacker News
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
FOE
The Hacker News
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
FOE
Bleeping Computer
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
FOE
Risky Business News
Risky Bulletin: Former FBI official calls for terrorism designations for ransomware groups that target hospitals and critical infrastructure
FRIEND
The Register (Security)
Mythos found 271 Firefox flaws – but none a human couldn’t spot
FRIEND
CSO Online
SBOM erklärt: Was ist eine Software Bill of Materials?
FOE
SANS Internet Storm Center
[Guest Diary] Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident, (Wed, Apr 22nd)
FOE
Recorded Future Blog
Evolution of Chinese-Language Guarantee Telegram Marketplaces
FRIEND
Sophos News
Strengthening authentication with passkeys: A CISO playbook
FOE
CISA KEV
CVE-2026-33825: Microsoft Defender Insufficient Granularity of Access Control Vulnerability
FRIEND
Recorded Future Blog
AI Hype vs. Reality: Is AI Really Rewriting the Vulnerability Equation?
FOE
Bleeping Computer
French govt agency confirms breach as hacker offers to sell data
FOE
Ars Technica (Security)
Mozilla: Anthropic's Mythos found 271 zero-day vulnerabilities in Firefox 150
FOE
The Register (Security)
Nation-states want to cause harm, not just steal cash - stop handing your cyber defenses to the cheapest contractor
FOE
Dark Reading
Ransomware Negotiator Pleads Guilty to BlackCat Scheme
FOE
CSO Online
Thousands of Apache ActiveMQ instances still unpatched, weeks after an actively exploited hole discovered
FOE
The Register (Security)
Murder, she wrote: Ex-FBI chief wants some ransomware crims charged with homicide
FOE
Dark Reading
Exploits Turn Windows Defender into Attacker Tool
FOE
Bleeping Computer
New Lotus data wiper used against Venezuelan energy, utility firms
FRIEND
EFF Deeplinks
Copyright and DMCA Best Practices for Fediverse Operators
FOE
The Hacker News
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
FOE
The Register (Security)
More Cisco SD-WAN bugs battered in attacks
FOE
The Register (Security)
macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets
FOE
The Hacker News
22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters
FOE
Dark Reading
Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk
FOE
Dark Reading
Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool
FOE
Krebs on Security
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
FOE
SecurityWeek
Third US Security Expert Admits Helping Ransomware Gang
FOE
The Hacker News
Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023
FOE
The Register (Security)
Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords
FOE
SecurityWeek
Dozens of Malicious Crypto Apps Land in Apple App Store
FRIEND
Bleeping Computer
Stopping Fraud at Each Stage of the Customer Journey Without Adding Friction
FOE
Bleeping Computer
UK probes Telegram, teen chat sites over CSAM sharing concerns
FRIEND
The Hacker News
5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time
FOE
SecurityWeek
Unsecured Perforce Servers Expose Sensitive Data From Major Orgs
FOE
CSO Online
Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations
FRIEND
Ars Technica (Security)
Contrary to popular superstition, AES 128 is just fine in a post-quantum world
FOE
Bleeping Computer
CISA flags new SD-WAN flaw as actively exploited in attacks
FOE
The Register (Security)
AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account
FOE
CSO Online
Prompt injection turned Google’s Antigravity file search into RCE
FOE
SecurityWeek
Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster
FOE
CISA Alerts
Siemens SINEC NMS
FOE
CISA Alerts
Zero Motorcycles Firmware
FOE
CISA Alerts
Siemens SINEC NMS
FOE
CISA Alerts
Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary
FOE
CISA Alerts
Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC)
FOE
CISA Alerts
Siemens Industrial Edge Management
FOE
CISA Alerts
Hardy Barth Salia EV Charge Controller
FOE
CISA Alerts
Siemens Analytics Toolkit
FOE
CISA Alerts
Siemens TPM 2.0
FOE
CISA Alerts
SenseLive X3050
FOE
CISA Alerts
Silex Technology SD-330AC and AMC Manager
FOE
CISA Alerts
Siemens SCALANCE
FOE
Dark Reading
Chinese APT Targets Indian Banks, Korean Policy Circles
FOE
The Register (Security)
Crook claims to leak 'video surveillance footage' of companies
FOE
The Hacker News
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
FOE
SecurityWeek
Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities
FOE
Bleeping Computer
Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
FOE
Schneier on Security
Mexican Surveillance Company
FOE
SecurityWeek
Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000
FOE
The Register (Security)
Met police trials snoop tech platform in push to cuff more London shoplifters
FOE
The Hacker News
NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
FOE
The Hacker News
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
FOE
Bleeping Computer
Former ransomware negotiator pleads guilty to BlackCat attacks
FOE
SecurityWeek
$290 Million Kelp DAO Crypto Heist Blamed on North Korea
FRIEND
CSO Online
Why identity is the driving force behind digital transformation
FOE
CSO Online
Top techniques attackers use to infiltrate your systems today
FOE
Bleeping Computer
NGate Android malware uses HandyPay NFC app to steal card data
FOE
CSO Online
The thin gray line: Handala, CyberAv3ngers and Iran’s proxy ops
FOE
The Register (Security)
Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul
FRIEND
The Register (Security)
Panasonic creates device-locked QR codes to speed facial biometric capture
FOE
SANS Internet Storm Center
A .WAV With A Payload, (Tue, Apr 21st)
FOE
The Hacker News
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
FOE
The Register (Security)
Iran claims US used backdoors to knock out networking equipment during war
FOE
EFF Deeplinks
Palantir Has a Human Rights Policy. Its ICE Work Tells a Different Story
FOE
Recorded Future Blog
Emerging Enterprise Security Risks of AI
FOE
The Register (Security)
Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus
FOE
EPIC
FTC’s New Strategic Plan Falls Short for Consumers
FOE
Bleeping Computer
KelpDAO suffers $290 million heist tied to Lazarus hackers
FOE
Bleeping Computer
China's Apple App Store infiltrated by crypto-stealing wallet apps
FRIEND
EFF Deeplinks
The Internet Still Works: Reddit Empowers Community Moderation
FOE
Dark Reading
Vercel Employee's AI Tool Access Led to Data Breach
FOE
Bleeping Computer
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
FOE
Dark Reading
Serial-to-IP Devices Hide Thousands of Old and New Bugs
FOE
The Register (Security)
Claude Desktop changes app access settings for browsers you don't even have installed yet
FOE
Bleeping Computer
Seiko USA website defaced as hacker claims customer data theft
FOE
The Register (Security)
Scot becomes second Scattered Spider-linked crook to plead guilty in US
FOE
The Hacker News
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
FRIEND
Sophos News
Sophos Firewall v22 MR1 is now available
FOE
SecurityWeek
Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
FOE
Bleeping Computer
Microsoft: Teams increasingly abused in helpdesk impersonation attacks
FOE
Dark Reading
WhatsApp Leaks User Metadata to Attackers
FOE
EPIC
EPIC Files Amicus Brief Arguing City’s Use of Flock ALPRs Violated Fourth Amendment
FRIEND
Bleeping Computer
The backup myth that is putting businesses at risk
FOE
The Hacker News
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
FOE
Bleeping Computer
British Scattered Spider hacker pleads guilty to crypto theft charges
FOE
The Register (Security)
Microsoft releases Windows Server update fix to fix its April update fixes
FOE
The Intercept (Privacy)
LAPD Deployed Drones to Spy on No Kings Protest
FOE
CSO Online
Attackers abuse Microsoft Teams to impersonate the IT helpdesk in a new enterprise intrusion playbook
FOE
SecurityWeek
British Scattered Spider Hacker Pleads Guilty in the US
FOE
CSO Online
Hackers exploit Vercel’s trust in AI integration
FOE
CISA Alerts
CISA Adds Eight Known Exploited Vulnerabilities to Catalog
FOE
CISA Alerts
Supply Chain Compromise Impacts Axios Node Package Manager
FOE
SecurityWeek
Hackers Abuse QEMU for Defense Evasion
FOE
The Hacker News
Why Most AI Deployments Stall After the Demo
FOE
Schneier on Security
Is “Satoshi Nakamoto” Really Adam Back?
FOE
SecurityWeek
Bluesky Disrupted by Sophisticated DDoS Attack
FOE
The Hacker News
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
FOE
SecurityWeek
Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House
FRIEND
CSO Online
CISOs reshape their roles as business risk strategists
FOE
SecurityWeek
Half of the 6 Million Internet-Facing FTP Servers Lack Encryption
FRIEND
Bleeping Computer
Microsoft pulls service update causing Teams launch failures
FOE
CSO Online
Copilot & Agentforce offen für Prompt-Injection-Tricks
FOE
CSO Online
Claude Mythos – ist der Hype gerechtfertigt?
FOE
Bleeping Computer
Microsoft releases emergency updates to fix Windows Server issues
FOE
SecurityWeek
Next.js Creator Vercel Hacked
FRIEND
SecurityWeek
Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers
FOE
The Hacker News
Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems
FOE
The Register (Security)
Next.js developer Vercel warns of customer credential compromise
FRIEND
SANS Internet Storm Center
Handling the CVE Flood With EPSS, (Mon, Apr 20th)
FRIEND
Risky Business News
Risky Bulletin: New malware tries to sabotage Israel's water system but fails because it's buggy
FRIEND
CSO Online
Für Cyberattacken gewappnet – Krisenkommunikation nach Plan
FOE
The Hacker News
Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials
FOE
CISA KEV
CVE-2024-27199: JetBrains TeamCity Relative Path Traversal Vulnerability
FOE
CISA KEV
CVE-2025-2749: Kentico Xperience Path Traversal Vulnerability
FOE
CISA KEV
CVE-2023-27351: PaperCut NG/MF Improper Authentication Vulnerability
FOE
CISA KEV
CVE-2025-32975: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
FOE
CISA KEV
CVE-2025-48700: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
FOE
CISA KEV
CVE-2026-20133: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
FOE
CISA KEV
CVE-2026-20128: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
FOE
CISA KEV
CVE-2026-20122: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
FRIEND
Sophos News
Sophos Firewall v22 MR1 is now available
FOE
The Register (Security)
Just like phishing for gullible humans, prompt injecting AIs is here to stay
FOE
Bleeping Computer
Vercel confirms breach as hackers claim to be selling stolen data
FOE
Bleeping Computer
Apple account change alerts abused to send phishing emails
FOE
Bleeping Computer
NIST to stop rating non-priority flaws due to volume increase
FOE
The Register (Security)
I meant to do that! AI vendors shrug off responsibility for vulns
FOE
Bleeping Computer
Critical flaw in Protobuf library enables JavaScript code execution
FRIEND
Bleeping Computer
NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support
FOE
SecurityWeek
Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks
FOE
The Hacker News
$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims
FOE
The Hacker News
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
FOE
CSO Online
Critical sandbox bypass fixed in popular Thymeleaf Java template engine
FOE
Ars Technica (Security)
US-sanctioned currency exchange says $15 million heist done by "unfriendly states"
FRIEND
Schneier on Security
Friday Squid Blogging: New Giant Squid Video
FOE
CSO Online
Flawed Cisco update threatens to stop APs from getting further patches
FOE
Dark Reading
How NIST's Cutback of CVE Handling Impacts Cyber Teams
FRIEND
EFF Deeplinks
Keep Pushing: We Get 10 More Days to Reform Section 702
FOE
Bleeping Computer
Payouts King ransomware uses QEMU VMs to bypass endpoint security
FOE
Dark Reading
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
FRIEND
SecurityWeek
White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology
FOE
The Register (Security)
CISA tells feds to patch 13-year-old Apache ActiveMQ bug under active attack
FOE
The Register (Security)
Opsec oopsie: Dutch navy frigate location outed by mailing it a Bluetooth tracker
FOE
Bleeping Computer
Grinex exchange blames "Western intelligence" for $13.7M crypto hack
FRIEND
SecurityWeek
CoChat Launches AI Collaboration Platform to Combat Shadow AI
FOE
Dark Reading
Every Old Vulnerability Is Now an AI Vulnerability
FOE
Bleeping Computer
Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
FOE
The Hacker News
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
FRIEND
Dark Reading
Coast Guard's New Cybersecurity Rules Offers Lessons for CISOs
FOE
CSO Online
White House moves to give federal agencies access to Anthropic’s Claude Mythos
FOE
Bleeping Computer
Webinar: From phishing to fallout — Why MSPs must rethink both security and recovery
FOE
SecurityWeek
In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested
FOE
CSO Online
Caught, Quarantined, Re-installed: RedSun turns Microsoft Defender on itself
FOE
Schneier on Security
Mythos and Cybersecurity
FRIEND
Ars Technica (Security)
Recent advances push Big Tech closer to the Q-Day danger zone
FRIEND
The Hacker News
Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul
FOE
SecurityWeek
Another DraftKings Hacker Sentenced to Prison
FOE
SecurityWeek
Lawmakers Gathered Quietly to Talk About AI. Angst and Fears of ‘Destruction’ Followed
FRIEND
CSO Online
Palo Alto’s Helmut Reisinger sees a cyber sea change ahead as AI advances
FOE
The Register (Security)
Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug
FOE
SecurityWeek
Recent Apache ActiveMQ Vulnerability Exploited in the Wild
FOE
Bleeping Computer
CISA flags Apache ActiveMQ flaw as actively exploited in attacks
FOE
Privacy International
Voter Disenfranchisement: A Privacy Issue
FOE
SecurityWeek
Two North Korean IT Worker Scheme Facilitators Jailed in the US
FOE
SecurityWeek
ZionSiphon Malware Targets ICS in Water Facilities
FOE
Bleeping Computer
Microsoft: Some Windows servers enter reboot loops after April patches
FOE
SecurityWeek
Cursor AI Vulnerability Exposed Developer Devices
FOE
The Hacker News
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
FOE
Bleeping Computer
Man gets 30 months for selling thousands of hacked DraftKings accounts
FOE
The Register (Security)
Claude Opus wrote a Chrome exploit for $2,283
FRIEND
SecurityWeek
53 DDoS Domains Taken Down by Law Enforcement
FOE
Bleeping Computer
Recently leaked Windows zero-days now exploited in attacks
FRIEND
The Hacker News
Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts
FRIEND
CSO Online
Positiv denken für Sicherheitsentscheider: 6 Mindsets, die Sie sofort ablegen sollten
FOE
Risky Business News
Risky Bulletin: NIST gives up enriching most CVEs
FOE
The Hacker News
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation
FOE
SANS Internet Storm Center
Lumma Stealer infection with Sectop RAT (ArechClient2), (Fri, Apr 17th)
FOE
Sophos News
Microsoft addresses 163 CVEs, 88 advisories for April Patch Tuesday
FOE
The Register (Security)
Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researcher says
FOE
CSO Online
Cisco Systems issues three advisories for critical vulnerabilities in Webex, ISE
FRIEND
Bleeping Computer
Operation PowerOFF identifies 75k DDoS users, takes down 53 domains
FOE
CSO Online
RCE by design: MCP architectural choice haunts AI agent ecosystem
FOE
Bleeping Computer
ZionSiphon malware designed to sabotage water treatment systems
FOE
CSO Online
NIST cuts down CVE analysis amid vulnerability overload
FRIEND
Dark Reading
NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities
FOE
EFF Deeplinks
Stop New York's Attack on 3D Printing
FOE
Bleeping Computer
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
FOE
Dark Reading
North Korea Uses ClickFix to Target macOS Users' Data
FOE
Dark Reading
'Harmless' Global Adware Transforms Into an AV Killer
FOE
The Register (Security)
North Korea targets macOS users in latest heist
FRIEND
EPIC
EPIC, U.S. Civil Society Groups, Call on EU Leaders to Stand Up for Digital Rights
FOE
The Hacker News
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
FRIEND
SecurityWeek
Government Can’t Win the Cyber War Without the Private Sector
FOE
Bleeping Computer
Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
FOE
EFF Deeplinks
How Push Notifications Can Betray Your Privacy (and What to Do About It)
FRIEND
TCM Security Blog
TCM Academy Course Release: Securing AI Applications
FRIEND
Dark Reading
Two-Factor Authentication Breaks Free from the Desktop
FRIEND
Bleeping Computer
Google expands Gemini AI use to fight malicious ads on its platform
FOE
Dark Reading
Microsoft's Original Windows Secure Boot Certificate Is Expiring
FOE
The Register (Security)
Americans who masterminded Nork IT worker fraud sentenced to 200 months behind bars
FRIEND
SecurityWeek
OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal
FOE
Bleeping Computer
New ATHR vishing platform uses AI voice agents for automated attacks
FOE
Bleeping Computer
Most "AI SOCs" Are Just Faster Triage. That's Not Enough.
FOE
Privacy International
What is digital fingerprinting: Is my device ever truly anonymous?
FOE
The Hacker News
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
FOE
The Register (Security)
Git identity spoof fools Claude into giving bad code the nod
FOE
SecurityWeek
Data Breach at Tennessee Hospital Affects 337,000
FRIEND
SecurityWeek
Artemis Emerges From Stealth With $70 Million in Funding
FOE
CSO Online
Microsoft’s Windows Recall still allows silent data extraction
FOE
Bleeping Computer
Cisco says critical Webex Services flaw requires customer action
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
Horner Automation Cscape and XL4, XL7 PLC
FOE
CISA Alerts
Delta Electronics ASDA-Soft
FOE
CISA Alerts
AVEVA Pipeline Simulation
FOE
CISA Alerts
Anviz Multiple Products
FOE
The Hacker News
[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment
FOE
CSO Online
Behind the Mythos hype, Glasswing has just one confirmed CVE
FOE
SecurityWeek
Splunk Enterprise Update Patches Code Execution Vulnerability
FOE
The Register (Security)
Textbook titan McGraw Hill on ransomware crew's reading list after 13.5M records exposed
FOE
The Hacker News
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
FRIEND
SecurityWeek
Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest
FOE
The Hacker News
Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks
FRIEND
SecurityWeek
NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software
FOE
Bleeping Computer
Data breach at edtech giant McGraw Hill affects 13.5 million accounts
FOE
The Hacker News
Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu
FOE
SecurityWeek
Cisco Patches Critical Vulnerabilities in Webex, ISE
FOE
The Register (Security)
Microsoft announces product it doesn't want you to buy: Extended security updates for old Exchange, and Skype for Biz
FOE
CSO Online
Insurance carriers quietly back away from covering AI outputs
FOE
Schneier on Security
Human Trust of AI Agents
FOE
SecurityWeek
Ransomware Hits Automotive Data Expert Autovista
FRIEND
CSO Online
The endless CISO reporting line debate — and what it says about cybersecurity leadership
FOE
SecurityWeek
Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments
FOE
Bleeping Computer
US nationals behind DPRK IT worker 'laptop farm' sent to prison
FOE
The Register (Security)
Server-room lock was nothing but a crock
FOE
Bleeping Computer
Microsoft: April Windows Server 2025 update may fail to install
FOE
The Hacker News
UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign
FOE
Dark Reading
6-Year Ransomware Campaign Targets Turkish Homes & SMBs
FOE
Risky Business News
Srsly Risky Biz: It Is Time to Ban Sale of Precise Geolocation
FOE
CSO Online
Was bei der Cloud-Konfiguration schiefläuft – und wie es besser geht
FOE
The Register (Security)
Google Chrome lacks protection against one of the most basic and common ways to track users online
FOE
Recorded Future Blog
From Bazooka to Fake Nikes
FOE
CISA KEV
CVE-2026-34197: Apache ActiveMQ Improper Input Validation Vulnerability
FOE
Sophos News
QEMU abused to evade detection and enable ransomware delivery
FOE
SANS Internet Storm Center
[Guest Diary] Compromised DVRs and Finding Them in the Wild, (Thu, Apr 16th)
FOE
Sophos News
QEMU abused to evade detection and enable ransomware delivery
FOE
Bleeping Computer
Critical Nginx UI auth bypass flaw now actively exploited in the wild
FOE
Bleeping Computer
New AgingFly malware used in attacks on Ukraine govt, hospitals
FOE
Dark Reading
Critical MCP Integration Flaw Puts NGINX at Risk
FOE
The Register (Security)
Anthropic's Project Glasswing CVE tally is still anyone's guess
FOE
CSO Online
Critical nginx UI tool vulnerability opens web servers to full compromise
FOE
Ars Technica (Security)
"TotalRecall Reloaded" tool finds a side entrance to Windows 11's Recall database
FOE
Bleeping Computer
WordPress plugin suite hacked to push malware to thousands of sites
FOE
EPIC
Maine Legislature Fails to Enact Maine Online Data Privacy Act
FOE
EPIC
EPIC Supports South Carolina Bills to Rein in Chatbot Harms
FOE
Dark Reading
Navigating the Unique Security Risks of Asia's Digital Supply Chain
FOE
Bleeping Computer
Signed software abused to deploy antivirus-killing scripts
FOE
The Register (Security)
Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP
FOE
The Hacker News
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
FOE
SecurityWeek
Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure
FRIEND
Bleeping Computer
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
FOE
The Register (Security)
Automotive data biz Autovista blames ransomware for service disruption
FOE
Dark Reading
Prepping for 'Q-Day': Why Quantum Risk Management Should Start Now
FOE
EFF Deeplinks
EFF Calls on Kuwait to Release Journalist Ahmed Shihab-Eldin
FOE
Bleeping Computer
CISA flags Windows Task Host vulnerability as exploited in attacks
FOE
SecurityWeek
Exploited Vulnerability Exposes Nginx Servers to Hacking
FOE
Dark Reading
Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests
FOE
Bleeping Computer
Rolling Networks: Securing the Transportation Sector
FOE
Black Hills Information Security
Signed, Trusted, and Abused: Proxy Execution via WebView2
FRIEND
SecurityWeek
Capsule Security Emerges From Stealth With $7 Million in Funding
FOE
SecurityWeek
‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks
FOE
The Register (Security)
French cops free mother and son after 20-hour crypto kidnap ordeal
FOE
SecurityWeek
100 Chrome Extensions Steal User Data, Create Backdoor
FOE
SecurityWeek
CISO Conversations: Ross McKerchar, CISO at Sophos
FOE
The Hacker News
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
FRIEND
The Hacker News
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
FOE
SecurityWeek
Mirax RAT Targeting Android Users in Europe
FOE
CSO Online
Copilot and Agentforce fall to form-based prompt injection tricks
FOE
Dark Reading
Microsoft, Salesforce Patch AI Agent Data Leak Flaws
FOE
The Register (Security)
Ancient Excel bug comes out of retirement for active attacks
FOE
Bleeping Computer
Microsoft: April updates trigger BitLocker key prompts on some servers
FOE
EFF Deeplinks
Digital Hopes, Real Power: The Rise of Network Shutdowns
FOE
SecurityWeek
Two Vulnerabilities Patched in Ivanti Neurons for ITSM
FRIEND
The Register (Security)
Raspberry Pi OS ends open-door policy for sudo
FOE
The Hacker News
Deterministic + Agentic AI: The Architecture Exposure Validation Requires
FOE
SecurityWeek
$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks
FRIEND
Schneier on Security
Defense in Depth, Medieval Style
FOE
SecurityWeek
Trump Urges Extending Foreign Surveillance Program as Some Lawmakers Push for US Privacy Protections
FRIEND
Bleeping Computer
Microsoft fixes bug behind Windows Server 2025 automatic upgrades
FOE
The Register (Security)
UK told its Big Tech habit is now a national security risk
FOE
CSO Online
The deepfake dilemma: From financial fraud to reputational crisis
FOE
SecurityWeek
Fortinet Patches Critical FortiSandbox Vulnerabilities
FOE
CSO Online
7 biggest healthcare security threats
FOE
CSO Online
The need for a board-level definition of cyber resilience
FOE
The Hacker News
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
FOE
The Register (Security)
Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users
FOE
SecurityWeek
ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories
FRIEND
OWASP Blog
Bridging the Gap in Product Lifecycle Management: How OpenEoX and CLE Work Together
FRIEND
CSO Online
Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action
FOE
Risky Business News
Risky Bulletin: Malicious LLM proxy routers found in the wild
FRIEND
The Hacker News
OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams
FOE
CSO Online
Curity looks to reinvent IAM with runtime authorization for AI agents
FOE
CSO Online
April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs
FOE
SANS Internet Storm Center
Scanning for AI Models, (Tue, Apr 14th)
FRIEND
Dark Reading
Microsoft Bets $10 Billion to Boost Japan's AI, Cybersecurity
FRIEND
Recorded Future Blog
4 Essential Integration Workflows for Operationalizing Threat Intelligence Recorded Future
FRIEND
Sophos News
Secure by Design: Building cybersecurity into the foundation
FOE
Recorded Future Blog
Your Supply Chain Breach Is Someone Else's Payday
FRIEND
Bleeping Computer
Microsoft adds Windows protections for malicious Remote Desktop files
FOE
Bleeping Computer
Crypto-exchange Kraken extorted by hackers after insider breach
FOE
Krebs on Security
Patch Tuesday, April 2026 Edition
FOE
Dark Reading
Privilege Elevation Dominates Massive Microsoft Patch Update
FRIEND
The Register (Security)
Commvault has a Ctrl+Z for rogue AI agents
FOE
The Register (Security)
Microsoft's massive Patch Tuesday: It's raining bugs
FOE
Bleeping Computer
Over 100 Chrome extensions in Web Store target users accounts and data
FRIEND
CSO Online
4 questions to ask before outsourcing MDR
FOE
Dark Reading
EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses
FOE
CSO Online
5 trends defining the future of AI-powered cybersecurity
FOE
The Intercept (Privacy)
Dem Leaders Aren’t Even Bothering to Rally Caucus Against Trump Domestic Spying Powers
FRIEND
Ars Technica (Security)
UK gov's Mythos AI tests help separate cybersecurity threat from hype
FOE
SecurityWeek
Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities
FRIEND
Bleeping Computer
Microsoft releases Windows 10 KB5082200 extended security update
FOE
Bleeping Computer
McGraw-Hill confirms data breach following extortion threat
FRIEND
Bleeping Computer
Windows 11 cumulative updates KB5083769 & KB5082052 released
FRIEND
SANS Internet Storm Center
Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
FOE
Bleeping Computer
Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
FOE
SecurityWeek
Adobe Patches 55 Vulnerabilities Across 11 Products
FOE
Bleeping Computer
Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto
FOE
CSO Online
EU regulators largely denied access to Anthropic Mythos
FOE
Dark Reading
Wargame Exercise Demonstrates How Social Media Manipulation Works
FOE
EFF Deeplinks
Google Broke Its Promise to Me. Now ICE Has My Data.
FRIEND
Schneier on Security
Upcoming Speaking Engagements
FOE
EFF Deeplinks
EFF to State AGs: Investigate Google's Broken Promise to Users Targeted by the Government
FOE
BrightTALK InfoSec
Learning from Mistakes: Hard Lessons in Building Cyber Defenses
FOE
BrightTALK InfoSec
AI Agents Unleashed: Governing the Invisible Workforce
FOE
The Hacker News
New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released
FRIEND
Bleeping Computer
Microsoft rolls out fast-track to reinstate Windows hardware dev accounts
FRIEND
The Hacker News
Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security
FRIEND
EPIC
Virginia Governor Signs Bill Banning Sale of Precise Location Data
FOE
The Hacker News
AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
FOE
EPIC
Government AI Is Coming for Your Data
FRIEND
Bleeping Computer
5 Ways Zero Trust Maximizes Identity Security
FOE
BrightTALK InfoSec
The Pitfalls of Cybersecurity, Privacy and AI Law in 2026
FOE
The Register (Security)
No honor among thieves as 0APT threatens rival ransomware gang Krybit
FOE
SecurityWeek
‘Mythos-Ready’ Security: CSA Urges CISOs to Prepare for Accelerated AI Threats
FOE
SecurityWeek
Europe’s Largest Gym Chain Says Data Breach Impacts 1 Million Members
FOE
CSO Online
China-linked cloud credential heist runs on typos and SMTP
FOE
CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
FOE
SecurityWeek
SAP Patches Critical ABAP Vulnerability
FOE
SecurityWeek
Triad Nexus Evades Sanctions to Fuel Cybercrime
FOE
Schneier on Security
How Hackers Are Thinking About AI
FRIEND
SecurityWeek
Google Adds Rust DNS Parser to Pixel Phones for Better Security
FOE
The Hacker News
Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads
FOE
The Hacker News
Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
FOE
SecurityWeek
Nightclub Giant RCI Hospitality Reports Data Breach
FRIEND
CSO Online
How AI is transforming threat detection
FOE
CSO Online
The AI inflection point: What security leaders must do now
FOE
SecurityWeek
Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities
FOE
The Hacker News
108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
FOE
CSO Online
Cyber-Inspekteur: Hybride Attacken nehmen weiter zu
FOE
The Hacker News
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
FOE
The Hacker News
CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
FRIEND
Recorded Future Blog
A New Way to Buy Recorded Future: Solutions and Packages Built for the 2026 Threat Landscape
FRIEND
Recorded Future Blog
A New Way to Buy Recorded Future: Solutions and Packages Built for the 2026 Threat Landscape
FOE
CSO Online
Anthropic’s Mythos signals a structural cybersecurity shift
FOE
EFF Deeplinks
The Dangers of California’s Legislation to Censor 3D Printing
FOE
Bleeping Computer
European Gym giant Basic-Fit data breach affects 1 million members
FOE
Dark Reading
Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads
FOE
The Register (Security)
Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum
FOE
Dark Reading
CSA: CISOs Should Prepare for Post-Mythos Exploit Storm
FOE
Dark Reading
Adobe Patches Actively Exploited Zero-Day That Lingered for Months
FOE
Bleeping Computer
Stolen Rockstar Games analytics data leaked by extortion gang
FOE
EPIC
EPIC joins ACLU’s ‘Eyewear, Not Spyware!’ campaign to fight Meta’s surveillance glasses
FOE
Bleeping Computer
Critical flaw in wolfSSL library enables forged certificate use
FRIEND
EPIC
EPIC Files Amicus Brief Countering Big Tech Claim that Surveillance-Based Feeds Are Protected by the First Amendment
FRIEND
EFF Deeplinks
EFF 🤝 HOPE: Join Us This August!
FOE
Dark Reading
Empty Attestations: OT Lacks the Tools for Cryptographic Readiness
FOE
Bleeping Computer
FBI takedown of W3LL phishing service leads to developer arrest
FOE
The Register (Security)
Fake Linux leader using Slack to con devs into giving up their secrets
FOE
Bleeping Computer
OpenAI rotates macOS certs after Axios attack hit code-signing workflow
FOE
EFF Deeplinks
Hot Off the Press: EFF's Updated Guide to Tech at the US-Mexico Border
FOE
Bleeping Computer
New Booking.com data breach forces reservation PIN resets
FOE
The Hacker News
JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025
FRIEND
Schneier on Security
On Anthropic’s Mythos Preview and Project Glasswing
FRIEND
EFF Deeplinks
Speaking Freely: Dr. Jean Linis-Dinco
FOE
Bleeping Computer
Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw
FOE
EFF Deeplinks
War as a Pretext: Gulf States Are Tightening the Screws on Speech—Again
FOE
Dark Reading
APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials
FOE
The Hacker News
FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts
FOE
The Register (Security)
Booking.com warns reservation data may have checked out with intruders
FOE
SecurityWeek
Booking.com Says Hackers Accessed User Information
FOE
Bleeping Computer
The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
FOE
SecurityWeek
BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings
FOE
Privacy International
Moving Goalposts: Football, Facial Recognition and the Expansion of Surveillance
FOE
SANS Internet Storm Center
Scans for EncystPHP Webshell, (Mon, Apr 13th)
FOE
The Hacker News
⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
FOE
CSO Online
Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure
FOE
SecurityWeek
OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack
FOE
CISA Alerts
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
FOE
CSO Online
Seven IBM WebSphere Liberty flaws can be chained into full takeover
FOE
The Hacker News
Your MTTD Looks Great. Your Post-Alert Gap Doesn't
FRIEND
SecurityWeek
International Operation Targets Multimillion-Dollar Crypto Theft Schemes
FOE
The Register (Security)
Gym giant Basic-Fit confirms data on a million members stolen in cyberattack
FOE
SecurityWeek
CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads
FOE
The Register (Security)
Rockstar Games gets a taste of grand theft data amid ShinyHunters threat of 'Pay or leak'
FOE
Schneier on Security
AI Chatbots and Trust
FOE
SecurityWeek
Fake Claude Website Distributes PlugX RAT
FRIEND
The Register (Security)
NHS pays £46K to prep next Microsoft licensing round
FOE
The Hacker News
North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
FOE
CSO Online
CISOs tackle the AI visibility gap
FRIEND
SecurityWeek
Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users
FOE
The Hacker News
OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
FRIEND
CSO Online
Was ist Federated Identity Management?
FRIEND
Risky Business News
Risky Bulletin: France takes first steps to ditch Windows for Linux
FOE
The Register (Security)
China wants AI to prepare school lessons and mark homework
FOE
Recorded Future Blog
March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day
FOE
The Register (Security)
Anthropic's mysterious Mythos AI threatens to upend the infosec world
FOE
Bleeping Computer
Critical Marimo pre-auth RCE flaw now under active exploitation
FOE
SecurityWeek
Adobe Patches Reader Zero-Day Exploited for Months
FOE
The Hacker News
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
FOE
The Hacker News
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
FOE
Bleeping Computer
Over 20,000 crypto fraud victims identified in international crackdown
FOE
The Register (Security)
Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise
FOE
The Register (Security)
Hungarian government creds left in the safe hands of 'FrankLampard'
FOE
The Hacker News
Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
FOE
Bleeping Computer
ChatGPT rolls out new $100 Pro subscription to challenge Claude
FRIEND
CSO Online
Google adds end-to-end Gmail encryption to Android, iOS devices for enterprises
FOE
EPIC
Oklahoma, Alabama enact weak privacy laws
FOE
Dark Reading
Hims Breach Exposes the Most Sensitive Kinds of PHI
FOE
Dark Reading
Your Next Breach Will Look Like Business as Usual
FOE
CSO Online
Old Docker authorization bypass pops up despite previous patch
FOE
EPIC
Massachusetts Supreme Judicial Court Recognizes Section 230 Is No Bar to Social Media Design Claims
FOE
Bleeping Computer
Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
FRIEND
Dark Reading
FINRA Launches Financial Intelligence Fusion Center to Combat Cybersecurity and Fraud Threats
FRIEND
Dark Reading
Orange Business Reimagines Enterprise Voice Communications With Trust and AI
FOE
SecurityWeek
In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack
FOE
CSO Online
Hacker Unknown now known, named on Europol’s most-wanted list
FOE
Bleeping Computer
Analysis of one billion CISA KEV remediation records exposes limits of human-scale security
FOE
EFF Deeplinks
We Need You: Our Privacy Cannot Afford a Clean Extension of Section 702
FOE
SecurityWeek
Juniper Networks Patches Dozens of Junos OS Vulnerabilities
FOE
Dark Reading
Industrial Controllers Still Vulnerable As Conflicts Move to Cyber
FOE
The Hacker News
GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
FOE
CSO Online
Hungarian government email passwords exposed ahead of election
FOE
Bleeping Computer
Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor
FOE
Dark Reading
Can Anthropic Keep Its Exploit-Writing AI Out of the Wrong Hands?
FOE
The Register (Security)
CPUID site hijacked to serve malware instead of HWMonitor downloads
FOE
SecurityWeek
Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday
FOE
Bleeping Computer
Microsoft: Canadian employees targeted in payroll pirate attacks
FOE
SecurityWeek
Orthanc DICOM Vulnerabilities Lead to Crashes, RCE
FOE
CSO Online
Claude uncovers a 13‑year‑old ActiveMQ RCE bug within minutes
FRIEND
The Register (Security)
Project Glasswing and open source software: The good, the bad, and the ugly
FRIEND
The Register (Security)
Britain seeks views before it drops the hammer on signal jammers
FOE
The Hacker News
Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
FOE
SecurityWeek
Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000
FRIEND
Bleeping Computer
Google rolls out Gmail end-to-end encryption on mobile devices
FRIEND
Schneier on Security
Sen. Sanders Talks to Claude About AI and Privacy
FOE
Privacy International
Dangerous data
FOE
CSO Online
Why most zero-trust architectures fail at the traffic layer
FRIEND
SecurityWeek
MITRE Releases Fight Fraud Framework
FOE
SecurityWeek
Critical Marimo Flaw Exploited Hours After Public Disclosure
FOE
CSO Online
The cyber winners and losers in Trump’s 2027 budget
FOE
CSO Online
CMMC compliance in the age of AI
FOE
The Register (Security)
Unpacking AI security in 2026 from experimentation to the agentic era
FOE
The Intercept (Privacy)
A Redditor Criticized ICE. Trump Is Trying to Unmask Them by Dragging the Company to a Secret Grand Jury.
FRIEND
The Hacker News
Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
FRIEND
SecurityWeek
Google Rolls Out Cookie Theft Protections in Chrome
FOE
The Hacker News
Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
FOE
SecurityWeek
Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users
FOE
SANS Internet Storm Center
Obfuscated JavaScript or Nothing, (Thu, Apr 9th)
FOE
The Hacker News
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
FOE
Risky Business News
Risky Bulletin: FBI extracted Signal chats from iPhone notifications logs
FOE
CSO Online
Was CISOs von Moschusochsen lernen können
FOE
Recorded Future Blog
VIP Credential Monitoring Blog
FOE
CSO Online
Hackers have been exploiting an unpatched Adobe Reader vulnerability for months
FOE
Bleeping Computer
New ‘LucidRook’ malware used in targeted attacks on NGOs, universities
FOE
Bleeping Computer
New VENOM phishing attacks steal senior executives' Microsoft logins
FOE
EFF Deeplinks
Yikes, Encryption’s Y2K Moment is Coming Years Early
FOE
Dark Reading
Russia's 'Fancy Bear' APT Continues Its Global Onslaught
FOE
Dark Reading
'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues
FOE
Bleeping Computer
Healthcare IT solutions provider ChipSoft hit by ransomware attack
FRIEND
EPIC
EPIC Testifies in Support of Rhode Island Age-Appropriate Design Code Approach
FOE
CSO Online
Cloudflare ‘actively adjusting’ quantum priorities in wake of Google warning
FRIEND
Bleeping Computer
Google Chrome adds infostealer protection against session cookie theft
FOE
The Register (Security)
Crypto? Huh. Good gawd y'all, what is it good for? $45M in this case
FRIEND
EPIC
EPIC Endorses Youth AI Privacy Act to Protect Minors from Chatbot Harms
FOE
Dark Reading
Do Ceasefires Slow Cyberattacks? History Suggests Not
FOE
The Hacker News
EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets
FOE
EFF Deeplinks
Comparison Shopping Is Not a (Computer) Crime
FOE
The Register (Security)
'Several dozen' high-value corporations hit by new extortion crew in helpdesk phishing spree
FOE
EFF Deeplinks
EFF is Leaving X
FOE
The Hacker News
UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns
FOE
Bleeping Computer
Smart Slider updates hijacked to push malicious WordPress, Joomla versions
FOE
The Register (Security)
Chevin pulls the handbrake on FleetWave software after security scare
FOE
The Register (Security)
Months-old Adobe Reader zero-day uses PDFs to size up targets
FOE
Bleeping Computer
When attackers already have the keys, MFA is just another door to open
FOE
The Register (Security)
Microsoft locks out VeraCrypt and WireGuard devs, blames verification process
FOE
SecurityWeek
Apple Intelligence AI Guardrails Bypassed in New Attack
FOE
SecurityWeek
Can we Trust AI? No – But Eventually We Must
FOE
The Register (Security)
Security researchers tricked Apple Intelligence into cursing at users. It could have been a lot worse
FOE
The Hacker News
ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
FOE
Sophos News
We let OpenClaw loose on an internal network. Here’s what it found
FOE
Sophos News
The vulnerability flood is here. Here’s what it means – and how to prepare
FOE
CSO Online
Weak at the seams
FOE
SecurityWeek
Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access
FRIEND
Bleeping Computer
Webinar: From noise to signal - What threat actors are targeting next
FOE
CISA Alerts
Contemporary Controls BASC 20T
FOE
CISA Alerts
GPL Odorizers GPL750
FOE
SecurityWeek
Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities
FOE
CSO Online
New ClickFix variant bypasses Apple safeguards with one‑click script execution
FOE
The Register (Security)
Zephyr Energy loses £700K in cyber hit that rerouted contractor payment
FOE
The Hacker News
The Hidden Security Risks of Shadow AI in Enterprises
FOE
The Hacker News
Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
FRIEND
SecurityWeek
The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security
FOE
Schneier on Security
On Microsoft’s Lousy Cloud Security
FOE
The Hacker News
Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
FOE
Bleeping Computer
Eurail says December data breach impacts 300,000 individuals
FOE
SecurityWeek
Google Warns of New Campaign Targeting BPOs to Steal Corporate Data
FOE
Bleeping Computer
Hackers exploiting Acrobat Reader zero-day flaw since December
FOE
CSO Online
Patch windows collapse as time-to-exploit accelerates
FOE
CSO Online
Weak at the seams
FOE
SecurityWeek
Adobe Reader Zero-Day Exploited for Months: Researcher
FOE
SecurityWeek
300,000 People Impacted by Eurail Data Breach
FOE
The Register (Security)
Sticky-note security turned gym into hall of '80s horrors
FOE
Bleeping Computer
Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot
FOE
The Register (Security)
Cryptographers place $5,000 bet whether quantum will matter
FOE
Bleeping Computer
Microsoft suspends dev accounts for high-profile open source projects
FOE
SecurityWeek
$3.6 Million Stolen in Bitcoin Depot Hack
FRIEND
CSO Online
So geht Post-Incident Review
FRIEND
Risky Business News
Srsly Risky Biz: American Diplomats to Fight Propaganda… on X
FOE
SecurityWeek
Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long
FOE
CSO Online
Questions raised about how LinkedIn uses the petabytes of data it collects
FOE
Dark Reading
Russia's Forest Blizzard Nabs Rafts of Logins Via SOHO Routers
FOE
SANS Internet Storm Center
Number Usage in Passwords: Take Two, (Thu, Apr 9th)
FOE
Sophos News
Adobe Reader zero-day vulnerability in active exploitation
FOE
Sophos News
We let OpenClaw loose on an internal network. Here’s what it found
FRIEND
Recorded Future Blog
Third-Party Risk Is an Intelligence Operation. It's Time We Treated It Like One.
FOE
Sophos News
The vulnerability flood is here. Here’s what it means – and how to prepare
FOE
Sophos News
We let OpenClaw loose on an internal network. Here’s what it found
FOE
Bleeping Computer
Hackers use pixel-large SVG trick to hide credit card stealer
FOE
Bleeping Computer
Google: New UNC6783 hackers steal corporate Zendesk support tickets
FOE
The Register (Security)
Criminal wannabes even more dangerous than the pros, says ex-FBI cyber chief
FOE
Ars Technica (Security)
Iran-linked hackers disrupt operations at US critical infrastructure sites
FOE
Dark Reading
Threat Actors Get Crafty With Emojis to Escape Detection
FOE
Dark Reading
AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
FOE
EFF Deeplinks
Banning New Foreign Routers Mistargets Products to Fix Real Problem
FOE
Bleeping Computer
New macOS stealer campaign uses Script Editor in ClickFix attack
FOE
Bleeping Computer
CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday
FRIEND
CSO Online
Arelion employs NETSCOUT Arbor DDoS protection products
FRIEND
CSO Online
6 Winter 2026 G2 Leader Badges prove this DDoS protection stands out
FOE
The Hacker News
New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
FOE
CSO Online
How botnet-driven DDoS attacks evolved in 2H 2025
FOE
Bleeping Computer
13-year-old bug in ActiveMQ lets hackers remotely execute commands
FOE
SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)
FOE
The Hacker News
Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices
FOE
EFF Deeplinks
👁 Selling Mass Surveillance | EFFector 38.7
FOE
Dark Reading
Fraud Rockets Higher in Mobile-First Latin America
FRIEND
CSO Online
Yael Nardi joins Minimus as Chief Business Officer to drive hyper-growth
FRIEND
SecurityWeek
Data Leakage Vulnerability Patched in OpenSSL
FRIEND
Dark Reading
Full Sail University to Open IBM Cyber Defense Range Powered by AWS and Cloud Range on Campus
FOE
SecurityWeek
RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years
FOE
SANS Internet Storm Center
More Honeypot Fingerprinting Scans, (Wed, Apr 8th)
FRIEND
Dark Reading
Niobium Introduces The Fog
FRIEND
Dark Reading
Pluralsight Launches SecureReady to Help Organizations Build Job-Ready Cybersecurity Teams
FOE
Bleeping Computer
Is a $30,000 GPU Good at Password Cracking?
FRIEND
Black Hills Information Security
Getting Started In Pentesting – Advice From The BHIS Pentest Lead
FOE
The Hacker News
APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
FOE
Dark Reading
Iranian Threat Actors Disrupt US Critical Infrastructure Via Exposed PLCs
FOE
Sophos News
Is compliance complexity outpacing IT capacity?
FOE
SecurityWeek
FBI: Cybercrime Losses Neared $21 Billion in 2025
FOE
SecurityWeek
Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption
FOE
CSO Online
Hackers exploit a critical Flowise flaw affecting thousands of AI workflows
FOE
CSO Online
Iran‑linked PLC attacks cause real‑world disruption at critical US infra sites
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
SecurityWeek
Evasive Masjesu DDoS Botnet Targets IoT Devices
FOE
The Register (Security)
Dutch healthcare software vendor goes dark after ransomware attack
FRIEND
The Hacker News
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
FOE
SecurityWeek
Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover
FOE
Ars Technica (Security)
Thousands of consumer routers hacked by Russia's military
FOE
CSO Online
LLM-generated passwords are indefensible. Your codebase may already prove it
FOE
SecurityWeek
US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking
FOE
CSO Online
Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions
FOE
Schneier on Security
Python Supply-Chain Compromise
FOE
The Register (Security)
NHS Scotland-linked domains caught serving pr0n and dodgy sports streams
FOE
CSO Online
The zero-day timeline just collapsed. Here’s what security leaders do next
FRIEND
CSO Online
Microsoft’s new Agent Governance Toolkit targets top OWASP risks for AI agents
FRIEND
The Hacker News
Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems
FRIEND
CSO Online
The tabletop exercise grows up
FOE
EFF Deeplinks
Digital Hopes, Real Power: How the Arab Spring Fueled a Global Surveillance Boom
FOE
The Hacker News
N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust
FRIEND
Bleeping Computer
Microsoft rolls out fix for broken Windows Start Menu search
FOE
The Register (Security)
Microsoft hints at bit bunkers for war zones
FOE
Risky Business News
Risky Bulletin: Cybercrime losses passed $20 billion last year
FOE
The Hacker News
Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
FOE
CSO Online
Tipps für CISOs, die die Branche wechseln wollen
FOE
SecurityWeek
Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks
FOE
Sophos News
Is compliance complexity outpacing IT capacity?
FOE
Sophos News
Is compliance complexity outpacing IT capacity?
FOE
The Register (Security)
Anthropic: All your zero-days are belong to Mythos
FOE
The Register (Security)
Iran cyber actors disrupting US water, energy facilities, FBI warns
FRIEND
CSO Online
What Anthropic Glasswing reveals about the future of vulnerability discovery
FOE
Bleeping Computer
Hackers exploit critical flaw in Ninja Forms WordPress plugin
FOE
Bleeping Computer
FBI: Americans lost a record $21 billion to cybercrime last year
FOE
CSO Online
Fortinet releases emergency hotfix for FortiClient EMS zero-day flaw
FOE
The Register (Security)
Hundreds of orgs compromised daily in Microsoft device code phishing attacks
FOE
Dark Reading
Storm-1175 Deploys Medusa Ransomware at 'High Velocity'
FOE
Dark Reading
Grafana Patches AI Bug That Could Have Leaked User Data
FOE
Bleeping Computer
Snowflake customers hit in data theft attacks after SaaS integrator breach
FRIEND
EFF Deeplinks
EU Parliament Blocks Mass-Scanning of Our Chats—What's Next?
FRIEND
CSO Online
5 practical steps to strengthen attack resilience with attack surface management
FOE
CSO Online
5 steps to strengthen supply chain security and improve cyber resilience
FRIEND
CSO Online
5 ways to strengthen identity security and improve attack resilience
FOE
SecurityWeek
Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks
FOE
SANS Internet Storm Center
A Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)
FOE
Bleeping Computer
US warns of Iranian hackers targeting critical infrastructure
FOE
The Register (Security)
US cybercrime losses pass $20B for first time as AI boosts online fraud
FRIEND
Schneier on Security
Cybersecurity in the Age of Instant Software
FOE
Krebs on Security
Russia Hacked Routers to Steal Microsoft Office Tokens
FOE
Bleeping Computer
Max severity Flowise RCE vulnerability now exploited in attacks
FOE
The Register (Security)
Russia's Fancy Bear still attacking routers to boost fake sites, NCSC warns
FOE
The Hacker News
Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
FOE
SecurityWeek
The New Rules of Engagement: Matching Agentic Attack Speed
FRIEND
SecurityWeek
Trent AI Emerges From Stealth With $13 Million in Funding
FRIEND
Bleeping Computer
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
FOE
SecurityWeek
Critical Flowise Vulnerability in Attacker Crosshairs
FOE
The Hacker News
Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
FOE
Dark Reading
RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever
FOE
Dark Reading
Human vs AI: Debates Shape RSAC 2026 Cybersecurity Trends
FOE
Dark Reading
Lies, Damned Lies, and Cybersecurity Metrics
FRIEND
SecurityWeek
Severe StrongBox Vulnerability Patched in Android
FOE
Bleeping Computer
Why Your Automated Pentesting Tool Just Hit a Wall
FOE
SecurityWeek
GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data
FRIEND
SecurityWeek
Webinar Today: Why Automated Pentesting Alone Is Not Enough
FRIEND
Dark Reading
Focusing on the People in Cybersecurity at RSAC 2026 Conference
FOE
CSO Online
Zero‑click Grafana AI attack can enable enterprise data exfiltration
FOE
The Hacker News
Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
FOE
The Hacker News
[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk
FOE
CISA Alerts
Mitsubishi Electric GENESIS64 and ICONICS Suite products
FOE
CISA Alerts
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
FOE
SecurityWeek
GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack
FOE
The Hacker News
The Hidden Cost of Recurring Credential Incidents
FOE
SecurityWeek
Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems
FOE
CSO Online
Microsoft says Medusa-linked Storm-1175 is speeding ransomware attacks
FOE
CSO Online
Supply chain security is now a board-level issue: Here’s what CSOs need to know
FOE
Schneier on Security
Hong Kong Police Can Force You to Reveal Your Encryption Keys
FRIEND
SecurityWeek
German Police Unmask REvil Ransomware Leader
FOE
CSO Online
The rise of proactive cyber: Why defense is no longer enough
FOE
CSO Online
The noisy tenants: Engineering fairness in multi-tenant SIEM solutions
FOE
The Hacker News
New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips
FOE
SecurityWeek
White House Seeks to Slash CISA Funding by $707 Million
FOE
The Hacker News
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
FOE
SecurityWeek
Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack
FOE
The Hacker News
Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
FRIEND
The Register (Security)
Yahoo<i>!</i> Japan’s owner consolidating 164 OpenStack clusters into one
FOE
Bleeping Computer
German authorities identify REvil and GangCrab ransomware bosses
FOE
The Register (Security)
AI agents found vulns in this popular Linux and Unix print server
FOE
Bleeping Computer
New GPUBreach attack enables system takeover via GPU rowhammer
FOE
Dark Reading
AI-Assisted Supply Chain Attack Targets GitHub
FOE
Dark Reading
Axios Attack Shows Social Complex Engineering Is Industrialized
FOE
Dark Reading
Fortinet Issues Emergency Patch for FortiClient Zero-Day
FOE
Bleeping Computer
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
FRIEND
Bleeping Computer
Microsoft fixes Classic Outlook bug causing email delivery issues
FOE
Schneier on Security
New Mexico’s Meta Ruling and Encryption
FOE
The Hacker News
Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
FRIEND
TCM Security Blog
What is Ethical Hacking
FOE
The Register (Security)
Attackers exploited this critical FortiClient EMS bug as a 0-day
FOE
Bleeping Computer
Microsoft removes Support and Recovery Assistant from Windows
FOE
Bleeping Computer
Microsoft links Medusa ransomware affiliate to zero-day attacks
FOE
Bleeping Computer
Drift $280M crypto theft linked to 6-month in-person operation
FOE
The Hacker News
DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
FOE
Bleeping Computer
CISA orders feds to patch exploited Fortinet EMS flaw by Friday
FOE
SecurityWeek
Google DeepMind Researchers Map Web Attacks Against AI Agents
FOE
Dark Reading
Automated Credential Harvesting Campaign Exploits React2Shell Flaw
FOE
Dark Reading
Shadow AI in Healthcare Is Here to Stay
FOE
Bleeping Computer
Why Simple Breach Monitoring is No Longer Enough
FRIEND
Dark Reading
OWASP GenAI Security Project Gets Update, New Tools Matrix
FOE
The Hacker News
Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps
FOE
The Hacker News
⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
FOE
CSO Online
North Korean hackers abuse LNKs and GitHub repos in ongoing campaign
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
The Hacker News
How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
FOE
SecurityWeek
Guardarian Users Targeted With Malicious Strapi NPM Packages
FOE
SecurityWeek
North Korean Hackers Target High-Profile Node.js Maintainers
FRIEND
Schneier on Security
Google Wants to Transition to Post-Quantum Cryptography by 2029
FOE
The Hacker News
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
FOE
CSO Online
Authentication is broken: Here’s how security leaders can actually fix it
FOE
SecurityWeek
Fortinet Rushes Emergency Fixes for Exploited Zero-Day
FOE
CSO Online
6 ways attackers abuse AI services to hack your business
FOE
CSO Online
Escaping the COTS trap
FOE
SANS Internet Storm Center
How often are redirects used in phishing in 2026?, (Mon, Apr 6th)
FOE
The Hacker News
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
FOE
Risky Business News
Risky Bulletin: New Cambodian law will put scam compound operators in prison for life
FOE
Krebs on Security
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
FOE
The Register (Security)
Anthropic sure has a mess on its hands thanks to that Claude Code source leak
FOE
Bleeping Computer
Traffic violation scams switch to QR codes in new phishing texts
FOE
Bleeping Computer
New FortiClient EMS flaw exploited in attacks, emergency patch released
FOE
The Hacker News
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
FOE
Bleeping Computer
Hackers exploit React2Shell in automated credential theft campaign
FOE
The Register (Security)
Researchers didn’t want to glamorize cybercrims. So they roasted them
FOE
Ars Technica (Security)
CBP facility codes sure seem to have leaked via online flashcards
FOE
The Hacker News
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
FOE
The Hacker News
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
FOE
Bleeping Computer
Axios npm hack used fake Teams error fix to hijack maintainer account
FOE
Bleeping Computer
Device code phishing attacks surge 37x as new kits spread online
FOE
SecurityWeek
European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
FRIEND
EFF Deeplinks
Triple Header for Privacy’s Defender in New York
FOE
The Register (Security)
Trump wants to take a battle axe to CISA again and slash $707M from budget
FOE
EFF Deeplinks
The FAA’s “Temporary” Flight Restriction for Drones is a Blatant Attempt to Criminalize Filming ICE
FRIEND
Schneier on Security
Friday Squid Blogging: Jurassic Fish Chokes on Squid
FOE
Dark Reading
Inconsistent Privacy Labels Don't Tell Users What They Are Getting
FOE
Bleeping Computer
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
FOE
Bleeping Computer
LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
FOE
Ars Technica (Security)
OpenClaw gives users yet another reason to be freaked out about security
FOE
CSO Online
Security lapse lets researchers view React2Shell hackers’ dashboard
FOE
CSO Online
A core infrastructure engineer pleads guilty to federal charges in insider attack
FOE
Bleeping Computer
Hims & Hers warns of data breach after Zendesk support ticket breach
FOE
EFF Deeplinks
Tech Nonprofits to Feds: Don’t Weaponize Procurement to Undermine AI Trust and Safety
FOE
The Hacker News
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
FOE
CSO Online
Google patches fourth Chrome zero-day so far this year
FOE
CSO Online
Internet Bug Bounty program hits pause on payouts
FRIEND
Dark Reading
Apple Breaks Precedent, Patches DarkSword for iOS 18
FOE
CSO Online
Claude Code is still vulnerable to an attack Anthropic has already fixed
FOE
Bleeping Computer
Die Linke German political party confirms data stolen by Qilin ransomware
FOE
CSO Online
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
FOE
The Register (Security)
Hybrid work, expanded risk: what needs to change
FRIEND
EFF Deeplinks
Double Shot of Privacy's Defender in D.C.
FOE
The Hacker News
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
FOE
EPIC
New EPIC Resource Calls on Congress to Close the Data Broker Loophole
FOE
Dark Reading
Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
FOE
Bleeping Computer
Evolution of Ransomware: Multi-Extortion Ransomware Attacks
FRIEND
Sophos News
Sophos Gartner Peer Insights MDR
FRIEND
Dark Reading
Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication
FOE
SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)
FOE
Dark Reading
Source Code Leaks Highlight Lack of Supply Chain Oversight
FRIEND
Dark Reading
Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain
FOE
SecurityWeek
TrueConf Zero-Day Exploited in Asian Government Attacks
FOE
SecurityWeek
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
FOE
SecurityWeek
Critical ShareFile Flaws Lead to Unauthenticated RCE
FRIEND
Dark Reading
CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry
FOE
Bleeping Computer
Microsoft still working to fix Exchange Online mailbox access issues
FOE
Schneier on Security
Company that Secretly Records and Publishes Zoom Meetings
FOE
The Hacker News
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
FOE
The Hacker News
Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture
FOE
SecurityWeek
Mobile Attack Surface Expands as Enterprises Lose Control
FOE
SecurityWeek
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
FOE
SecurityWeek
T-Mobile Sets the Record Straight on Latest Data Breach Filing
FOE
SecurityWeek
North Korean Hackers Drain $285 Million From Drift in 10 Seconds
FOE
The Hacker News
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
FOE
Bleeping Computer
Man admits to locking thousands of Windows devices in extortion plot
FRIEND
CSO Online
12 cyber industry trends revealed at RSAC 2026
FOE
The Hacker News
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
FRIEND
Bleeping Computer
Microsoft now force upgrades unmanaged Windows 11 24H2 PCs
FOE
Bleeping Computer
CERT-EU: European Commission hack exposes data of 30 EU entities
FRIEND
CSO Online
Die besten XDR-Tools
FRIEND
CSO Online
Cloudflare’s new CMS is not a WordPress killer, it’s a WordPress alternative
FOE
Risky Business News
Risky Bulletin: Russia will revoke licenses for unruly ISPs
FRIEND
Recorded Future Blog
Day in the Life: Product Manager at Recorded Future
FRIEND
Sophos News
Sophos named a 2026 Gartner® Peer Insights™ Customers' Choice for Managed Detection and Response
FRIEND
EFF Deeplinks
Weakening Speech Protections Will Punish All of Us—Not Just Meta
FOE
CSO Online
Cisco fixes critical IMC auth bypass present in many products
FRIEND
EFF Deeplinks
A Baseless Copyright Claim Against a Web Host—and Why It Failed
FOE
Bleeping Computer
Claude Code leak used to push infostealer malware on GitHub
FOE
Dark Reading
Not Toying Around: Hasbro Attack May Take 'Weeks' to Remediate
FOE
The Hacker News
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
FRIEND
Dark Reading
Security Bosses Are All-In on AI. Here's Why
FOE
Bleeping Computer
Drift loses $280 million North Korean hackers seize Security Council powers
FOE
Bleeping Computer
Drift loses $280 million as hackers seize Security Council powers
FOE
SecurityWeek
Critical Vulnerability in Claude Code Emerges Days After Source Leak
FOE
EFF Deeplinks
Print Blocking Won't Work - Permission to Print Part 2
FOE
EFF Deeplinks
Print Blocking is Anti-Consumer - Permission to Print Part 1
FOE
The Register (Security)
They thought they were downloading Claude Code source. They got a nasty dose of malware instead
FRIEND
Schneier on Security
US Bans All Foreign-Made Consumer Routers
FOE
Ars Technica (Security)
New Rowhammer attacks give complete control of machines running Nvidia GPUs
FRIEND
SecurityWeek
Apple Rolls Out DarkSword Exploit Protection to More Devices
FOE
Dark Reading
Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026
FOE
Dark Reading
RSAC 2026: AI Dominates, But Community Remains Key to Security
FOE
Bleeping Computer
Residential proxies evaded IP reputation checks in 78% of 4B sessions
FOE
The Hacker News
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
FOE
EFF Deeplinks
Google and Amazon: Acknowledged Risks, And Ignored Responsibilities
FOE
SANS Internet Storm Center
Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)
FRIEND
SecurityWeek
Cybersecurity M&A Roundup: 38 Deals Announced in March 2026
FOE
EPIC
EPIC Joins Coalition Call to Halt Meta’s Plans for Facial Recognition ‘Smart’ Glasses
FOE
Bleeping Computer
Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
FOE
Bleeping Computer
New Progress ShareFile flaws can be chained in pre-auth RCE attacks
FOE
Bleeping Computer
Medtech giant Stryker fully operational after data-wiping attack
FOE
Dark Reading
Bank Trojan 'Casbaneiro' Worms Through Latin America
FOE
The Hacker News
ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
FOE
CSO Online
EvilTokens abuses Microsoft device code flow for account takeovers
FOE
SecurityWeek
Cisco Patches Critical and High-Severity Vulnerabilities
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
Yokogawa CENTUM VP
FOE
CISA Alerts
Hitachi Energy Ellipse
FOE
CISA Alerts
Siemens SICAM 8 Products
FOE
SecurityWeek
250,000 Affected by Data Breach at Nacogdoches Memorial Hospital
FOE
The Hacker News
Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
FOE
The Hacker News
The State of Trusted Open Source Report
FOE
EFF Deeplinks
EFF’s Submission to the UN OHCHR on Protection of Human Rights Defenders in the Digital Age
FOE
Bleeping Computer
Critical Cisco IMC auth bypass gives attackers Admin access
FOE
SecurityWeek
Mercor Hit by LiteLLM Supply Chain Attack
FOE
Schneier on Security
Possible US Government iPhone Hacking Tool Leaked
FOE
SecurityWeek
Sophisticated CrystalX RAT Emerges
FOE
The Hacker News
WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
FOE
Bleeping Computer
Microsoft links Classic Outlook issue to email delivery problems
FRIEND
CSO Online
Cybersecurity in the age of instant software
FOE
Bleeping Computer
Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks
FRIEND
SecurityWeek
Variance Raises $21.5M for Compliance Investigation Platform Powered by AI Agents
FOE
The Register (Security)
The company's biggest security hole lived in the breakroom
FRIEND
The Hacker News
Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit
FRIEND
SecurityWeek
Linx Security Raises $50 Million for Identity Security and Governance
FOE
CSO Online
Tools, um MCP-Server abzusichern
FOE
Risky Business News
Srsly Risky Biz: America's Next Top (Cyber) Model
FOE
The Register (Security)
AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack
FOE
Recorded Future Blog
Cybercrime Outlook in Latin America and the Caribbean [ES]
FOE
Recorded Future Blog
Panorama del cibercrimen en América Latina y el Caribe
FOE
Recorded Future Blog
Panorama del cibercrimen en América Latina y el Caribe
FRIEND
Sophos News
Amazon GuardDuty enhances detection efficacy with Sophos threat intelligence
FOE
Recorded Future Blog
Latin America and the Caribbean Cybercrime Landscape
FOE
Bleeping Computer
New CrystalRAT malware adds RAT, stealer and prankware features
FOE
Dark Reading
Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense
FRIEND
Bleeping Computer
Apple expands iOS 18 updates to more iPhones to block DarkSword attacks
FOE
Bleeping Computer
Hackers exploit TrueConf zero-day to push malicious software updates
FRIEND
The Register (Security)
Amazon security boss: AI makes pentesting 40% more efficient
FOE
Bleeping Computer
New EvilTokens service fuels Microsoft device code phishing attacks
FRIEND
CSO Online
7 ways to improve your business resilience with backup and recovery
FRIEND
CSO Online
5 Steps to break free from alert fatigue and build resilient security operations
FRIEND
CSO Online
5 essential steps to bulletproof your endpoint security (and avoid the biggest mistakes)
FRIEND
CSO Online
6 critical mistakes that undermine cyber resilience (and how to fix them)
FRIEND
CSO Online
6 metrics IT leaders can’t afford to ignore for business resilience
FRIEND
CSO Online
5 critical steps to achieve business resilience in cybersecurity
FRIEND
Dark Reading
LatAm's Self-Taught Cyber Talent Overlooked Amid Cyberattack Glut
FOE
Bleeping Computer
'NoVoice' Android malware on Google Play infected 2.3 million devices
FOE
CSO Online
Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both
FOE
Schneier on Security
Is “Hackback” Official US Cybersecurity Strategy?
FOE
Dark Reading
Cyberattacks Intensify Pressure on Latin American Governments
FRIEND
SecurityWeek
Depthfirst Raises $80 Million in Series B Funding
FOE
The Hacker News
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
FOE
SecurityWeek
Toy Giant Hasbro Hit by Cyberattack
FOE
SecurityWeek
New DeepLoad Malware Dropped in ClickFix Attacks
FOE
Dark Reading
Venom Stealer MaaS Platform Commoditizes ClickFix Attacks
FOE
SecurityWeek
Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome
FOE
The Register (Security)
'People's Panel' to check if UK wants controversial Digital ID will cost £630K
FOE
Bleeping Computer
Routine Access Is Powering Modern Intrusions, a New Threat Report Finds
FRIEND
Black Hills Information Security
Cloud Security: Tips and Resources for Securing the Cloud
FOE
SecurityWeek
FBI Warns of Data Security Risks From China-Made Mobile Apps
FOE
SecurityWeek
US Charges Uranium Crypto Exchange Hacker
FOE
SecurityWeek
Webinar Today: Agentic AI vs. Identity’s Last Mile Problem
FOE
SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Update 005 - First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows, (Wed, Apr 1st)
FRIEND
The Hacker News
Block the Prompt, Not the Work: The End of "Doctor No"
FOE
The Hacker News
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
The Hacker News
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
FOE
The Hacker News
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
FOE
Bleeping Computer
FBI warns against using Chinese mobile apps due to privacy risks
FOE
CSO Online
WhatsApp malware campaign uses malicious VBS files to gain persistent access
FOE
The Hacker News
3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
FOE
CSO Online
Hacker zielen auf Exilportal Iranwire
FOE
SANS Internet Storm Center
Malicious Script That Gets Rid of ADS, (Wed, Apr 1st)
FOE
Dark Reading
Are We Training AI Too Late?
FOE
Bleeping Computer
Google fixes fourth Chrome zero-day exploited in attacks in 2026
FOE
Schneier on Security
A Taxonomy of Cognitive Security
FOE
CSO Online
9 ways CISOs can combat AI hallucinations
FOE
CSO Online
Security awareness is not a control: Rethinking human risk in enterprise security
FOE
SecurityWeek
Axios NPM Package Breached in North Korean Supply Chain Attack
FOE
The Register (Security)
UK manufacturers under cyber fire with 80% reporting attacks
FOE
The Hacker News
Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
FOE
SecurityWeek
Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents
FRIEND
CSO Online
Im Fokus: IT-Leadership
FRIEND
Bleeping Computer
Google Drive ransomware detection now on by default for paying users
FOE
The Hacker News
Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
FOE
Risky Business News
Risky Bulletin: Iranian password sprays came first, then came the missiles
FRIEND
Bleeping Computer
New Windows 11 emergency update fixes preview update install issues
FRIEND
CSO Online
Attack Surface Management – ein Kaufratgeber
FOE
CSO Online
Anthropic employee error exposes Claude Code source
FOE
Bleeping Computer
Claude Code source code accidentally leaked in NPM package
FRIEND
Recorded Future Blog
Industrialization of the Fraud Ecosystem Blog
FRIEND
Bleeping Computer
Proton launches new "Meet" privacy-focused conferencing platform
FOE
Bleeping Computer
GIGABYTE Control Center vulnerable to arbitrary file write flaw
FOE
Dark Reading
The Forgotten Endpoint: Security Risks of Dormant Devices
FOE
Bleeping Computer
Claude AI finds Vim, Emacs RCE bugs that trigger on file open
FOE
The Register (Security)
Don't open that WhatsApp message, Microsoft warns
FOE
Dark Reading
Axios NPM Package Compromised in Precision Attack
FOE
CSO Online
Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack
FOE
Dark Reading
Google's Vertex AI Has an Over-Privileged Problem
FOE
Dark Reading
TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials
FOE
The Register (Security)
Iran targets M365 accounts with password-spraying attacks
FOE
CSO Online
5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild
FRIEND
The Hacker News
Android Developer Verification Rollout Begins Ahead of September Enforcement
FOE
Ars Technica (Security)
Quantum computers need vastly fewer resources than thought to break vital encryption
FOE
Bleeping Computer
Cisco source code stolen in Trivy-linked dev environment breach
FOE
The Hacker News
TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
FRIEND
Dark Reading
Black Hat USA
FRIEND
SecurityWeek
Censys Raises $70 Million for Internet Intelligence Platform
FRIEND
Dark Reading
Rethinking Vulnerability Management Strategies for Mid-Market Security
FOE
SecurityWeek
The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust
FOE
Dark Reading
AI and Quantum Are Forcing a Rethink of Digital Trust
FOE
SecurityWeek
Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks
FOE
SecurityWeek
Venom Stealer Raises Stakes With Continuous Credential Harvesting
FOE
Privacy International
Challenging the militarisation of tech: a visual explainer
FOE
Bleeping Computer
How to Categorize AI Agents and Prioritize Risk
FOE
Bleeping Computer
Hackers compromise Axios npm package to drop cross-platform malware
FOE
SecurityWeek
TeamPCP Moves From OSS to AWS Environments
FOE
Ars Technica (Security)
Iran's hackers are on the offensive against the US and Israel
FOE
SecurityWeek
CrewAI Vulnerabilities Expose Devices to Hacking
FOE
Dark Reading
Iran Deploys 'Pseudo-Ransomware,' Revives Pay2Key Operations
FOE
The Hacker News
Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts
FOE
CSO Online
OpenAI patches twin leaks as Codex slips and ChatGPT spills
FRIEND
Bleeping Computer
Microsoft fixes Outlook Classic crashes caused by Teams Meeting add-in
FOE
CISA Alerts
Anritsu Remote Spectrum Monitor
FOE
CISA Alerts
PX4 Autopilot
FOE
SecurityWeek
Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption
FOE
The Hacker News
The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority
FOE
The Hacker News
Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains
FOE
SecurityWeek
Exploitation of Critical Fortinet FortiClient EMS Flaw Begins
FRIEND
Schneier on Security
Inventors of Quantum Cryptography Win Turing Award
FOE
The Register (Security)
Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines
FOE
SecurityWeek
StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs
FOE
SecurityWeek
Lloyds Data Security Incident Impacts 450,000 Individuals
FOE
Bleeping Computer
Hacker charged with stealing $53 million from Uranium crypto exchange
FRIEND
CSO Online
8 ways to bolster your security posture on the cheap
FOE
CSO Online
The external pressures redefining cybersecurity risk
FOE
CSO Online
6 key takeaways from RSA Conference 2026
FOE
Bleeping Computer
Dutch Finance Ministry takes treasury banking portal offline after breach
FOE
SANS Internet Storm Center
Application Control Bypass for Data Exfiltration, (Tue, Mar 31st)
FOE
CSO Online
Fahndung nach Cyberkriminellen – 130 Firmen attackiert
FOE
Bleeping Computer
CISA orders feds to patch actively exploited Citrix flaw by Thursday
FOE
SecurityWeek
Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise
FOE
The Hacker News
Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
FOE
Sophos News
Axios npm package compromised to deploy malware
FOE
Sophos News
The High Cost of Low Trust: Our Commitment to Radical Transparency
FOE
Sophos News
The Cybersecurity Trust Reality in 2026
FOE
CSO Online
Fortinet hit by another exploited cybersecurity flaw
FOE
Bleeping Computer
Healthcare tech firm CareCloud says hackers stole patient data
FOE
Dark Reading
AI-Powered 'DeepLoad' Malware Steals Credentials, Evades Detection
FOE
Bleeping Computer
New RoadK1ll WebSocket implant used to pivot on breached networks
FOE
The Intercept (Privacy)
What Would We All Say If Iran Razed MIT Because of Military-Related Research?
FOE
The Register (Security)
OpenAI patches ChatGPT flaw that smuggled data over DNS
FRIEND
EFF Deeplinks
Welcome, Daily Show Viewers! Learn More About EFF and Privacy's Defender
FRIEND
EPIC
Biometric Update: FTC can do better on age assurance, say privacy rights’ groups
FOE
Dark Reading
AI-Driven Code Surge Is Forcing a Rethink of AppSec
FOE
Bleeping Computer
Critical Citrix NetScaler memory flaw actively exploited in attacks
FOE
Dark Reading
F5 BIG-IP Vulnerability Reclassified as RCE, Under Exploitation
FOE
Dark Reading
F5 BIG-IP Vulnerability Reclassified as RCE, Under Exploitation
FOE
The Hacker News
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
FOE
The Register (Security)
Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach
FOE
Dark Reading
Manufacturing and Healthcare Share Struggles with Passwords
FOE
The Hacker News
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
FRIEND
EFF Deeplinks
EFF's Cindy Cohn on The Daily Show! Tonight Monday, March 30
FOE
Dark Reading
Storm Brews Over Critical, No-Click Telegram Flaw
FOE
SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released, (Mon, Mar 30th)
FRIEND
Bleeping Computer
Apple adds macOS Terminal warning to block ClickFix attacks
FOE
SecurityWeek
Healthcare IT Platform CareCloud Probing Potential Data Breach
FOE
SecurityWeek
Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control
FRIEND
Bleeping Computer
How to Evaluate AI SOC Agents: 7 Questions Gartner Says You Should Be Asking
FOE
The Hacker News
⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More
FOE
The Register (Security)
Citrix NetScaler bug exploited in days, may be multiple flaws in a trench coat
FRIEND
The Hacker News
3 SOC Process Fixes That Unlock Tier 1 Productivity
FRIEND
SecurityWeek
Huskeys Emerges From Stealth With $8 Million in Funding
FOE
CSO Online
LangChain path traversal bug adds to input validation woes in AI pipelines
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
SecurityWeek
Russian APT Star Blizzard Adopts DarkSword iOS Exploit Kit
FOE
CSO Online
Leak reveals Anthropic’s ‘Mythos,’ a powerful AI model aimed at cybersecurity use cases
FOE
The Hacker News
The State of Secrets Sprawl 2026: 9 Takeaways for CISOs
FOE
SecurityWeek
European Commission Reports Cyber Intrusion and Data Theft
FOE
SecurityWeek
Hacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in Warfare
FRIEND
Schneier on Security
Apple’s Camera Indicator Lights
FOE
Bleeping Computer
Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now
FOE
SecurityWeek
Telnyx Targeted in Growing TeamPCP Supply Chain Attack
FOE
The Register (Security)
European Commission admits attackers broke into public web systems, but says little else
FOE
CSO Online
APIs are the new perimeter: Here’s how CISOs are securing them
FOE
The Hacker News
Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
FOE
Bleeping Computer
Microsoft pulls KB5079391 Windows update over install issues
FOE
SecurityWeek
Exploitation of Fresh Citrix NetScaler Vulnerability Begins
FOE
CSO Online
Why Kubernetes controllers are the perfect backdoor
FOE
SecurityWeek
FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers
FOE
Bleeping Computer
Critical Fortinet Forticlient EMS flaw now exploited in attacks
FOE
The Register (Security)
Security contractor blew the whistle on support crew's viral indifference
FOE
SecurityWeek
F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild
FOE
The Hacker News
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
FOE
Bleeping Computer
European Commission confirms data breach after Europa.eu hack
FOE
The Register (Security)
US foreign router ban criticized for being ‘industrial policy disguised as cybersecurity’
FRIEND
Risky Business News
Risky Bulletin: Apple adds ClickFix warning to macOS terminal
FRIEND
CSO Online
Data Security Posture Management: Die besten DSPM-Tools
FRIEND
SANS Internet Storm Center
DShield (Cowrie) Honeypot Stats and When Sessions Disconnect, (Mon, Mar 30th)
FRIEND
Sophos News
Where AI in the SOC is actually delivering — and where it isn’t
FOE
Sophos News
Incident responders, s'il vous plait: Invites lead to odd malware events
FOE
Bleeping Computer
FBI confirms hack of Director Patel's personal email inbox
FOE
Bleeping Computer
File read flaw in Smart Slider plugin impacts 500K WordPress sites
FOE
The Hacker News
Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
FOE
SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Update 003 - Operational Tempo Shift as Campaign Enters Monetization Phase With No New Compromises in 48 Hours, (Sat, Mar 28th)
FOE
Bleeping Computer
New Infinity Stealer malware grabs macOS data via ClickFix lures
FOE
SecurityWeek
Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs
FOE
The Intercept (Privacy)
ICE at Airports Trains Us to Accept Being Terrorized in Our Daily Lives
FOE
The Hacker News
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
FOE
The Hacker News
TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
FOE
The Hacker News
CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
FOE
EFF Deeplinks
US Tech Companies Must be Accountable in US Courts for Facilitating Persecution and Torture Abroad, EFF Urges US Supreme Court
FOE
Sophos News
Incident responders, s'il vous plait: Invites lead to odd malware events
FOE
Bleeping Computer
Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
FOE
CSO Online
European Commission data stolen in a cyberattack on the infrastructure hosting its web sites
FRIEND
EPIC
EPIC Joins Amicus Brief Urging SCOTUS to Hold Wireless Carriers Accountable for Selling Customers’ Location Data
FRIEND
EPIC
Reason Magazine: Trump Backs Section 702 Reauthorization After Once Calling To ‘KILL FISA’
FOE
CSO Online
Lloyds Bank reveals how IT bug exposed transaction data
FRIEND
The Hacker News
Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits
FOE
The Hacker News
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
FOE
Bleeping Computer
Fake VS Code alerts on GitHub spread malware to developers
FOE
Dark Reading
China Upgrades the Backdoor It Uses to Spy on Telcos Globally
FOE
SecurityWeek
Pro-Iranian Hacking Group Claims Credit for Hack of FBI Director Kash Patel’s Personal Account
FRIEND
EPIC
EPIC Urges Amendments to Maryland Chatbots Bill
FRIEND
Privacy International
Are IP addresses personal data?
FOE
Dark Reading
Wartime Usage of Compromised IP Cameras Highlight Their Danger
FOE
SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Update 002 - Telnyx PyPI Compromise, Vect Ransomware Mass Affiliate Program, and First Named Victim Claim, (Fri, Mar 27th)
FOE
SecurityWeek
In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline
FRIEND
Bleeping Computer
Agentic GRC: Teams Get the Tech. The Mindset Shift Is What's Missing.
FOE
The Hacker News
Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
FRIEND
SecurityWeek
OpenAI Launches Bug Bounty Program for Abuse and Safety Risks
FOE
The Register (Security)
AFC Ajax drops ball as flaws let hackers play admin with tickets and bans
FOE
Bleeping Computer
European Commission investigating breach after Amazon cloud account hack
FOE
Bleeping Computer
European Commission investigating breach after Amazon cloud hack
FOE
CSO Online
Attackers exploit critical Langflow RCE within hours as CISA sounds alarm
FOE
The Hacker News
AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
FRIEND
Dark Reading
Google Sets 2029 Deadline for Quantum-Safe Cryptography
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
SecurityWeek
TP-Link Patches High-Severity Router Vulnerabilities
FOE
The Register (Security)
Iran war drives urgent need to counter underwater attack drones
FOE
The Hacker News
We Are At War
FOE
CSO Online
Cyberangriff auf die Linke
FOE
SecurityWeek
RSAC 2026 Conference Announcements Summary (Days 3-4)
FRIEND
Bleeping Computer
Anti-piracy coalition takes down AnimePlay app with 5 million users
FOE
SecurityWeek
Coruna iOS Exploit Kit Likely an Update to Operation Triangulation
FOE
The Hacker News
Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware
FRIEND
CSO Online
8 steps CISOs can take to empower their teams
FOE
SecurityWeek
CISA Flags Critical PTC Vulnerability That Had German Police Mobilized
FRIEND
Bleeping Computer
Windows 11 KB5079391 update rolls out Smart App Control improvements
FOE
Bleeping Computer
Dutch Police discloses security breach after phishing attack
FOE
The Hacker News
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
FOE
The Register (Security)
Security boffins scoured the web and found hundreds of valid API keys
FOE
CSO Online
Was ist Social Engineering?
FOE
Risky Business News
Risky Bulletin: Russia to use custom crypto-algorithm for its 5G network
FOE
CSO Online
Google: The quantum apocalypse is coming sooner than we thought
FOE
Ars Technica (Security)
Internet Yiff Machine: We hacked 93GB of "anonymous" crime tips
FOE
Bleeping Computer
Ajax football club hack exposed fan data, enabled ticket hijack
FRIEND
Dark Reading
Infrastructure Attacks With Physical Consequences Down 25%
FOE
EFF Deeplinks
Traffic Violation! License Plate Reader Mission Creep Is Already Here
FOE
Dark Reading
Coruna, DarkSword & Democratizing Nation-State Exploit Kits
FOE
Dark Reading
Is the FCC's Router Ban the Wrong Fix?
FOE
Dark Reading
Automotive Cybersecurity Threats Grow in Era of Connected, Autonomous Vehicles
FOE
Bleeping Computer
CISA: New Langflow flaw actively exploited to hijack AI workflows
FOE
Dark Reading
Critical Flaw in Langflow AI Platform Under Attack
FOE
CSO Online
The CISO’s guide to responding to shadow AI
FOE
EPIC
Yahoo Tech: I Review Routers for a Living. Don’t Buy a Router Right Now
FOE
SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th)
FOE
The Hacker News
China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
FRIEND
Sophos News
The High Cost of Low Trust: Our Commitment to Radical Transparency
FRIEND
EFF Deeplinks
Supreme Court Agrees With EFF: ISPs Don't Have To Be Copyright Enforcers
FOE
Bleeping Computer
UK sanctions Xinbi marketplace linked to Asian scam centers
FRIEND
Dark Reading
How Organizations Can Use Blunders to Level Up Their Security Programs
FOE
Dark Reading
AI-Powered Dependency Decisions Introduce, Ignore Security Bugs
FOE
Bleeping Computer
TikTok for Business accounts targeted in new phishing campaign
FOE
SecurityWeek
Hightower Holding Data Breach Impacts 130,000
FRIEND
Bleeping Computer
WhatsApp rolls out more AI features, iOS multi-account support
FOE
Bleeping Computer
Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers
FOE
SecurityWeek
BIND Updates Patch High-Severity Vulnerabilities
FOE
The Hacker News
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
FOE
Bleeping Computer
Coruna iOS exploit framework linked to Triangulation attacks
FOE
SecurityWeek
Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure
FRIEND
Bleeping Computer
Russia arrests suspected owner of LeakBase cybercrime forum
FRIEND
CSO Online
Databricks pitches Lakewatch as a cheaper SIEM — but is it really?
FOE
SecurityWeek
Cisco Patches Multiple Vulnerabilities in IOS Software
FOE
Dark Reading
Intermediaries Driving Global Spyware Market Expansion
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
OpenCode Systems OC Messaging and USSD Gateway
FOE
CISA Alerts
PTC Windchill Product Lifecycle Management
FOE
CISA Alerts
WAGO GmbH & Co. KG Industrial Managed Switches
FOE
The Hacker News
Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception
FRIEND
Bleeping Computer
Suspected RedLine infostealer malware admin extradited to US
FOE
The Register (Security)
Brit lawmaker targeted by AI deepfake fails to get answers from US Big Tech
FOE
The Hacker News
ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories
FOE
CSO Online
GitHub phishers use fake OpenClaw tokens to drain crypto wallets
FOE
The Hacker News
Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks
FOE
The Hacker News
[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
FOE
Schneier on Security
As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters
FOE
SecurityWeek
Alleged RedLine Malware Administrator Extradited to US
FRIEND
SecurityWeek
Dell and HP Roll Out Quantum-Resistant Device Security and AI-Era Cyber Resilience
FOE
The Hacker News
WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites
FRIEND
CSO Online
10 essenzielle Maßnahmen für physische Sicherheit
FOE
The Register (Security)
Indian government probes CCTV espionage operation linked to Pakistan
FOE
Risky Business News
Srsly Risky Biz: FBI Says Why Get a Warrant When You Have Kash
FOE
CSO Online
New critical Citrix NetScaler hole of similar severity to CitrixBleed2, says expert
FRIEND
Bleeping Computer
GitHub adds AI-powered bug detection to expand security coverage
FRIEND
Dark Reading
At RSAC, the EU Leads While US Officials Are Sidelined
FOE
Bleeping Computer
PolyShell attacks target 56% of all vulnerable Magento stores
FRIEND
SANS Internet Storm Center
Apple Patches (almost) everything again. March 2026 edition., (Wed, Mar 25th)
FOE
The Register (Security)
AI supply chain attacks don’t even require malware…just post poisoned documentation
FOE
The Register (Security)
Scammers have virtual smartphones on speed dial for fraud
FOE
Bleeping Computer
Bubble AI app builder abused to steal Microsoft account credentials
FRIEND
The Register (Security)
Jen Easterly, cybersecurity's 'relentless optimist,' hopes feds come back to RSAC next year
FOE
EPIC
Jury Finds Meta and Google Negligent in Landmark Social Media Addiction Case
FOE
The Register (Security)
Only Trump can decide when cyberwar turns into real war
FOE
Bleeping Computer
New Torg Grabber infostealer malware targets 728 crypto wallets
FOE
CSO Online
Chained vulnerabilities in Cisco Catalyst switches could induce denial-of-service
FOE
EPIC
The 33 Data Brokers Selling US Data to Foreign Actors, According to California
FOE
EPIC
NPR: Your data is everywhere. The government is buying it without a warrant
FRIEND
The Hacker News
LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace
FOE
EFF Deeplinks
EFF Sues for Answers About Medicare's AI Experiment
FOE
Privacy International
PI seeks to inform inquiry of UK Joint Committee on Human Rights on human rights and AI
FOE
Sophos News
The Cybersecurity Trust Reality in 2026
FOE
Dark Reading
Blame Game: Why Public Cyber Attribution Carries Risks
FRIEND
SecurityWeek
Onit Security Raises $11 Million for Exposure Management Platform
FOE
Bleeping Computer
Citrix urges admins to patch NetScaler flaws as soon as possible
FOE
Ars Technica (Security)
Google bumps up Q Day estimate to 2029, far sooner than previously thought
FOE
EFF Deeplinks
👓 Who's Really Watching What Smartglasses See? | EFFector 38.6
FOE
Dark Reading
Phishers Pose as Palo Alto Networks' Recruiters for Months in Job Scam
FOE
Dark Reading
SANS: Top 5 Most Dangerous New Attack Techniques to Watch
FRIEND
SecurityWeek
Russian Cybercriminal Gets 2-Year Prison Sentence in US
FOE
The Hacker News
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
FOE
SecurityWeek
AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link
FRIEND
Dark Reading
Why a 'Near Miss' Database Is Key to Improving Information Sharing
FOE
Bleeping Computer
Paid AI Accounts Are Now a Hot Underground Commodity
FOE
Black Hills Information Security
Lessons From A Chatbot Incident
FRIEND
SecurityWeek
iOS, macOS 26.4 Roll Out With Fresh Security Patches
FRIEND
SecurityWeek
FCC Bans New Routers Made Outside the US Over National Security Risks
FRIEND
Bleeping Computer
Kali Linux 2026.1 released with 8 new tools, new BackTrack mode
FOE
Dark Reading
AI-Native Security Is a Must to Counter AI-Based Attacks
FRIEND
The Intercept (Privacy)
How to Keep ICE Agents Out of Your Devices at Airports
FRIEND
SecurityWeek
RSAC 2026 Conference Announcements Summary (Day 2)
FOE
CSO Online
Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
The Hacker News
The Kill Chain Is Obsolete When Your AI Agent Is the Threat
FOE
Dark Reading
Ex-NSA Directors Discuss 'Red Line' for Offensive Cyberattacks
FOE
SecurityWeek
From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
FOE
The Hacker News
Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks
FOE
The Hacker News
Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
FOE
Bleeping Computer
TP-Link warns users to patch critical router auth bypass flaw
FOE
CSO Online
PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials
FOE
EFF Deeplinks
Digital Hopes, Real Power: Reflecting on the Legacy of the Arab Spring
FOE
Schneier on Security
Sen. Wyden Warns of Another Section 702 Abuse
FOE
Privacy International
Transparency and explainability for algorithmic decisions at work
FRIEND
CSO Online
6 key trends reshaping the IAM market
FOE
SecurityWeek
US Prisons Russian Access Broker for Aiding Ransomware Attacks
FOE
CSO Online
AI is breaking traditional security models — Here’s where they fail first
FRIEND
Bleeping Computer
Manager of botnet used in ransomware attacks gets 2 years in prison
FOE
SecurityWeek
HackerOne Employee Data Exposed in Massive Navia Breach
FRIEND
The Register (Security)
Enterprise PCs are unreliable, unpatched, and unloved compared to Macs
FRIEND
The Hacker News
FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns
FRIEND
Dark Reading
Iran Hacktivists Make Noise but Have Little Impact on War
FRIEND
CSO Online
Empathie trifft IT-Sicherheit: Der Weg zu gelebter Compliance
FOE
Risky Business News
Risky Bulletin: The Intellexa CEO is pissed!!!
FOE
SANS Internet Storm Center
SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2), (Wed, Mar 25th)
FOE
Recorded Future Blog
ClickFix Campaigns Targeting Windows and macOS
FOE
Bleeping Computer
PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug
FRIEND
Dark Reading
CSA Launches CSAI Foundation for AI Security
FOE
Bleeping Computer
Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens
FOE
Dark Reading
Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit
FOE
Dark Reading
How AI Coding Tools Crushed the Endpoint Security Fortress
FRIEND
The Register (Security)
EFF has a new boss to lead the fight against privacy-sucking forces of doom
FRIEND
EFF Deeplinks
Nicole Ozer Named as Electronic Frontier Foundation’s Executive Director
FRIEND
Bleeping Computer
FCC bans new routers made outside the USA over security risks
FOE
The Register (Security)
1K+ cloud environments infected following Trivy supply chain attack
FRIEND
SecurityWeek
DoE Publishes 5-Year Energy Security Plan
FOE
The Register (Security)
LiteLLM loses game of Trivy pursuit, gets compromised
FOE
SecurityWeek
Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw
FOE
The Hacker News
TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise
FOE
SecurityWeek
Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector
FRIEND
Bleeping Computer
Firefox now has a free built-in VPN with 50GB monthly data limit
FOE
The Hacker News
Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR
FOE
The Hacker News
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
FRIEND
The Intercept (Privacy)
Palantir Will No Longer Profit Off of New Yorkers’ Health Data
FRIEND
SecurityWeek
RSAC 2026 Conference Announcements Summary (Day 1)
FRIEND
Bleeping Computer
Microsoft fixes bug causing Classic Outlook sync issues with Gmail
FOE
Dark Reading
GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead
FOE
EFF Deeplinks
Digital Hopes, Real Power: From Revolution to Regulation
FOE
Bleeping Computer
Zero Trust: Bridging the Gap Between Authentication and Trust
FOE
Bleeping Computer
HackerOne discloses employee data breach after Navia hack
FOE
SANS Internet Storm Center
Detecting IP KVMs, (Tue, Mar 24th)
FOE
SecurityWeek
Extortion Group Claims It Hacked AstraZeneca
FOE
Bleeping Computer
Infinite Campus warns of breach after ShinyHunters claims data theft
FOE
CSO Online
DDoS-Angriffe haben sich verdoppelt
FOE
EFF Deeplinks
UK Politicians Continue to Miss the Point in Latest Social Media Ban Proposal
FRIEND
SecurityWeek
Chrome 146 Update Patches High-Severity Vulnerabilities
FRIEND
CSO Online
HP launches TPM Guard to help defeat physical TPM attacks
FOE
The Register (Security)
HackerOne slams supplier for delayed breach notice after staff data exposed
FRIEND
Dark Reading
How a Large Bank Uses AI Digital Twins for Threat Hunting
FOE
Sophos News
The global CISO landscape: A leadership gap too large to ignore
FOE
Bleeping Computer
Yanluowang ransomware access broker gets 81 months in prison
FOE
Ars Technica (Security)
Self-propagating malware poisons open source software and wipes Iran-based machines
FRIEND
SecurityWeek
Webinar Today: Putting CIS Controls and Benchmarks into Practice
FRIEND
Dark Reading
Microsoft Proposes Better Identity, Guardrails for AI Agents
FOE
SecurityWeek
3.1 Million Impacted by QualDerm Data Breach
FRIEND
The Register (Security)
Country that put backdoors into Cisco routers to spy on world bans foreign routers
FOE
SecurityWeek
Iran Built a Vast Camera Network to Control Dissent. Israel Turned It Into a Targeting Tool
FOE
Bleeping Computer
Dutch Ministry of Finance discloses breach affecting employees
FOE
CISA Alerts
Pharos Controls Mosaic Show Controller
FOE
CISA Alerts
Grassroots DICOM (GDCM)
FOE
CISA Alerts
Schneider Electric EcoStruxure Foxboro DCS
FOE
CISA Alerts
Schneider Electric Plant iT/Brewmaxx
FOE
The Hacker News
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
FOE
CSO Online
New ‘StoatWaffle’ malware auto‑executes attacks on developers
FRIEND
The Hacker News
5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents
FOE
The Register (Security)
Russian initial access broker who fed ransomware crews gets 81 months in US prison
FOE
SecurityWeek
Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn
FRIEND
Schneier on Security
Team Mirai and Democracy
FOE
SecurityWeek
Mazda Says Employee, Partner Information Stolen in Cyberattack
FOE
The Hacker News
The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills
FOE
SecurityWeek
Stryker Says Malicious File Found During Probe Into Iran-Linked Attack
FOE
CSO Online
Autonomous AI adoption is on the rise, but it’s risky
FOE
The Hacker News
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
FRIEND
CSO Online
Streamline physical security to enable data center growth in the era of AI
FRIEND
CSO Online
Why CISOs should embrace AI honeypots
FOE
The Hacker News
U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage
FOE
The Hacker News
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
FRIEND
CSO Online
ISO und ISMS: Darum gehen Security-Zertifizierungen schief
FRIEND
CSO Online
Palo Alto updates security platform to discover AI agents
FRIEND
Sophos News
Sophos Firewall ranked the #1 overall firewall solution in G2’s Spring 2026 reports
FRIEND
Sophos News
Cybersecurity for Education – Sophos Protected Classroom
FOE
Bleeping Computer
OpenAI rolls out ChatGPT Library to store your personal files
FRIEND
EPIC
EPIC Testifies in Support of D.C.’s Proposed Personal Health Data Security Amendment Act
FOE
The Register (Security)
Claude attacks were 'Rorschach test' for infosec community, scaring former NSA boss
FOE
Bleeping Computer
Mazda discloses security breach exposing employee and partner data
FOE
Dark Reading
AI in the SOC: What Could Go Wrong?
FRIEND
The Register (Security)
Public-private partnerships vital in disrupting China's Typhoons, says RSA panel with no government speakers
FOE
Bleeping Computer
Tycoon2FA phishing platform returns after recent police disruption
FOE
Dark Reading
Trivy Supply Chain Attack Targets CI/CD Secrets
FOE
Dark Reading
Ransomware's New Era: Moving at AI Speed
FOE
Ars Technica (Security)
After hackers hit an Iowa company, cars around the country failed to start
FOE
The Register (Security)
Lightning-fast exploits make it essential to patch fast, ask questions later
FRIEND
SANS Internet Storm Center
Tool updates: lots of security and logic fixes, (Mon, Mar 23rd)
FRIEND
Dark Reading
CISOs Debate Human Role in AI-Powered Security
FOE
Bleeping Computer
TeamPCP deploys Iran-targeted wiper in Kubernetes attacks
FOE
Bleeping Computer
Crunchyroll probes breach after hacker claims to steal 6.8M users' data
FOE
The Hacker News
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
FOE
EPIC
Portland Press Herald: Portland Sea Dogs, Maine Mariners worry about Democratic legislative priority
FOE
Bleeping Computer
Trivy supply-chain attack spreads to Docker, GitHub repos
FRIEND
SecurityWeek
RSAC 2026 Conference Announcements Summary (Pre-Event)
FOE
Krebs on Security
‘CanisterWorm’ Springs Wiper Attack Targeting Iran
FOE
CSO Online
Faster attacks and ‘recovery denial’ ransomware reshape threat landscape
FOE
Dark Reading
Attackers Hide Infostealer in Copyright Infringement Notices
FRIEND
The Register (Security)
Google unleashes Gemini AI agents on the dark web
FOE
The Register (Security)
Smooth criminals talking their way into cloud environments, Google says
FOE
SecurityWeek
M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds
FOE
SecurityWeek
Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware
FRIEND
Bleeping Computer
Varonis Atlas: Securing AI and the Data That Powers It
FOE
SecurityWeek
Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack
FOE
The Hacker News
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
FOE
The Register (Security)
US chip testing firm shrugged off ransomware hit as minor - then came the data leak
FOE
The Register (Security)
RSAC 2026: Uncle Sam backs out, and AI agents are everywhere
FOE
Bleeping Computer
Microsoft Exchange Online service change causes email access issues
FRIEND
NIST Cybersecurity Insights
Reflections from the Second NIST Cyber AI Profile Workshop
FOE
Sophos News
NICKEL ALLEY strategy: Fake it 'til you make it
FOE
The Hacker News
We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them
FOE
CSO Online
Chrome ABE bypass discovered: New VoidStealer malware steals passwords and cookies
FOE
The Register (Security)
Microsoft fixes broken Windows update days after vowing fewer broken updates
FOE
SecurityWeek
QNAP Patches Four Vulnerabilities Exploited at Pwn2Own
FOE
Schneier on Security
Microsoft Xbox One Hacked
FOE
The Hacker News
Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
FOE
SecurityWeek
Tycoon 2FA Fully Operational Despite Law Enforcement Takedown
FOE
The Register (Security)
The drone swarm is coming, and NATO air defenses are too expensive to cope
FOE
Bleeping Computer
FBI warns of Handala hackers using Telegram in malware attacks
FOE
CSO Online
Behavioral XDR and threat intel nab North Korean fake IT worker within 10 days of hire
FOE
The Intercept (Privacy)
Democrats Might Save Mike Johnson’s Push to Give Trump Domestic Spying Power
FOE
CSO Online
Why US companies must be ready for quantum by 2030: A practical roadmap
FOE
Bleeping Computer
CISA orders feds to patch DarkSword iOS flaws exploited attacks
FOE
The Hacker News
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
FRIEND
Bleeping Computer
New KB5085516 emergency update fixes Microsoft account sign-in
FOE
CSO Online
The insider threat rises again
FOE
The Hacker News
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
FOE
SecurityWeek
Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability
FOE
Risky Business News
Risky Bulletin: GitHub is starting to have a real malware problem
FRIEND
Sophos News
High-Five: Sophos Ranked Number 1 Overall in Endpoint, EDR, XDR, MDR, and Firewall in the G2 Spring 2026 Reports
FOE
Sophos News
Oracle vulnerability (CVE-2026-21992) impacts core products
FOE
Sophos News
NICKEL ALLEY strategy: Fake it ‘til you make it
FOE
The Register (Security)
Russians are posing as Signal support to launch phishing attacks
FOE
Bleeping Computer
VoidStealer malware steals Chrome master key via debugger trick
FRIEND
Dark Reading
AI Dominates RSAC Innovation Sandbox
FOE
Bleeping Computer
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
FRIEND
Bleeping Computer
Google adds ‘Advanced Flow’ for safe APK sideloading on Android
FOE
Bleeping Computer
Microsoft Azure Monitor alerts abused in callback phishing campaigns
FOE
The Hacker News
FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
FOE
SecurityWeek
Critical Quest KACE Vulnerability Potentially Exploited in Attacks
FOE
The Hacker News
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
FOE
The Hacker News
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
FOE
The Hacker News
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
FOE
CSO Online
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
FOE
CSO Online
Are nations ready to be the cybersecurity insurers of last resort?
FOE
EFF Deeplinks
Congress Is Dropping the Ball with a Clean Extension of FISA
FOE
The Register (Security)
Cryptographers engage in war of words over RustSec bug reports and subsequent ban
FRIEND
Schneier on Security
Friday Squid Blogging: Jumbo Flying Squid in the South Pacific
FOE
Ars Technica (Security)
Widely used Trivy scanner compromised in ongoing supply-chain attack
FOE
Bleeping Computer
FBI links Signal phishing attacks to Russian intelligence services
FOE
Dark Reading
Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw
FOE
Bleeping Computer
Oracle pushes emergency fix for critical Identity Manager RCE flaw
FRIEND
CSO Online
Water utilities strengthen cybersecurity through cooperation
FOE
The Hacker News
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
FOE
EPIC
White House AI Framework Protects AI Companies, Not People
FRIEND
Bleeping Computer
Police take down 373,000 fake CSAM sites in Operation Alice
FOE
CSO Online
Stop using AI to submit bug reports, says Google
FOE
Dark Reading
Cyber OpSec Fail: Beast Gang Exposes Ransomware Server
FOE
SecurityWeek
In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting
FOE
The Hacker News
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
FOE
Bleeping Computer
CISA orders feds to patch max-severity Cisco flaw by Sunday
FOE
SecurityWeek
3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China
FOE
Bleeping Computer
How CISOs Can Survive the Era of Geopolitical Cyberattacks
FOE
The Register (Security)
UK police force presses pause on live facial recognition after study finds racial bias
FRIEND
SecurityWeek
Eclypsium Raises $25 Million for Device Supply Chain Security
FRIEND
The Register (Security)
Feds disrupt monster IoT botnets behind record-breaking DDoS attacks
FOE
Dark Reading
Interlock Ransomware Targets Cisco Enterprise Firewalls
FOE
The Register (Security)
Jaguar Land Rover's cyber bailout sets worrying precedent, watchdog warns
FOE
SecurityWeek
US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites
FOE
CISA Alerts
Russian Intelligence Services Target Commercial Messaging Application Accounts
FRIEND
NIST Cybersecurity Insights
All aboard: the NIST Cybersecurity for IoT Program is headed to our next stop! Share your input on where we’re headed during our Future Directions Two-Day Workshop on March 31st.
FOE
CISA Alerts
CISA Adds Five Known Exploited Vulnerabilities to Catalog
FRIEND
CSO Online
DDoS-Attacken: Schlag gegen internationale Cyberkriminelle
FRIEND
SecurityWeek
Cape Raises $100 Million for Protection Against Cellular Security Threats
FOE
Schneier on Security
Proton Mail Shared User Information with the Police
FOE
SecurityWeek
Navia Data Breach Impacts 2.7 Million
FRIEND
The Hacker News
Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
FOE
SecurityWeek
Thousands of Magento Sites Hit in Ongoing Defacement Campaign
FOE
The Register (Security)
Starmer's digital ID reboot raises same old questions as its Blair-era ancestor
FOE
The Hacker News
The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
FOE
Bleeping Computer
Musician admits to $10M streaming royalty fraud using AI bots
FOE
The Hacker News
Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
FRIEND
SecurityWeek
Allure Security Raises $17 Million for Online Brand Protection
FOE
The Intercept (Privacy)
Data Centers Are Military Targets Now
FOE
SANS Internet Storm Center
GSocket Backdoor Delivered Through Bash Script, (Fri, Mar 20th)
FOE
SecurityWeek
Critical Langflow Vulnerability Exploited Hours After Public Disclosure
FRIEND
Bleeping Computer
International joint action disrupts world’s largest DDoS botnets
FOE
Bleeping Computer
Microsoft: March Windows updates break Teams, OneDrive sign-ins
FRIEND
SecurityWeek
Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation
FRIEND
The Register (Security)
While you're here, could you go out of your way to do an impossible job?
FOE
CSO Online
The espionage reality: Your infrastructure is already in the collection path
FOE
Bleeping Computer
Ex-data analyst stole company data in $2.5M extortion scheme
FRIEND
The Hacker News
DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks
FOE
The Hacker News
Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
FRIEND
CSO Online
Die besten IAM-Tools
FRIEND
Risky Business News
Risky Bulletin: AWS kills bucketsquatting
FRIEND
Krebs on Security
Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
FOE
Sophos News
The global CISO landscape: A leadership gap too large to ignore
FOE
CSO Online
CISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian group
FOE
CSO Online
That cheap KVM device could expose your network to remote compromise
FOE
Dark Reading
AI Conundrum: Why MCP Security Can't Be Patched Away
FOE
Bleeping Computer
Navia discloses data breach impacting 2.7 million people
FRIEND
Dark Reading
With Government's Role Uncertain, Businesses Unite to Combat Fraud
FOE
Ars Technica (Security)
Millions of iPhones can be hacked with a new tool found in the wild
FRIEND
Dark Reading
Native Launches With Security Control Plane for Multicloud
FOE
Bleeping Computer
New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores
FOE
The Hacker News
Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers
FOE
The Register (Security)
Unknown attackers exploit yet another critical SharePoint bug
FOE
EPIC
EPIC Endorses Bipartisan Government Surveillance Reform Act to Rein in Runaway Warrantless Surveillance
FOE
The Hacker News
54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security
FRIEND
EPIC
EPIC Urges House Financial Services Committee to Protect Financial Privacy
FOE
The Register (Security)
Google gives Android users a way to install unverified apps if they prove they really, really want to
FOE
CSO Online
Ransomware group exploited Cisco firewall vulnerability as a zero day, weeks before a patch appeared
FRIEND
SecurityWeek
Oasis Security Raises $120 Million for Agentic Access Management
FRIEND
Dark Reading
Post-Quantum Web Could be Safer, Faster
FRIEND
SecurityWeek
1stProtect Emerges From Stealth With $20 Million in Funding
FOE
SecurityWeek
Critical ScreenConnect Vulnerability Exposes Machine Keys
FRIEND
SecurityWeek
Privacy Platform Cloaked Raises $375M to Expand Enterprise Reach
FOE
Ars Technica (Security)
Google details new 24-hour process to sideload unverified Android apps
FOE
Bleeping Computer
Bitrefill blames North Korean Lazarus group for cyberattack
FOE
CSO Online
Beijing wants its own quantum-resistant encryption standards rather than adopt NIST’s
FOE
Sophos News
Android devices ship with firmware-level malware
FOE
Bleeping Computer
FBI seizes Handala data leak site after Stryker cyberattack
FOE
The Register (Security)
Lock down Microsoft Intune, feds warn after Stryker attack
FOE
SecurityWeek
Iran Readied Cyberattack Capabilities for Response Prior to Epic Fury
FOE
SecurityWeek
Marquis Data Breach Affects 672,000 Individuals
FOE
Bleeping Computer
Russian hackers exploit Zimbra flaw in Ukrainian govt attacks
FOE
CSO Online
Telnet vulnerability opens door to remote code execution as root
FOE
The Hacker News
ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More
FOE
SecurityWeek
Security Firm Aura Discloses Data Breach Impacting 900,000 Records
FOE
Bleeping Computer
7 Ways to Prevent Privilege Escalation via Password Resets
FRIEND
SecurityWeek
Hacker Conversations: Ben Harris, from Unintentional Young Hacker to Intentional Adult CEO
FOE
SecurityWeek
Russian APT Exploits Zimbra Vulnerability Against Ukraine
FOE
Bleeping Computer
Max severity Ubiquiti UniFi flaw may allow account takeover
FOE
CSO Online
SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft
FOE
The Hacker News
New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
Schneider Electric EcoStruxure Automation Expert
FOE
CISA Alerts
Schneider Electric Modicon M241, M251, and M262
FOE
CISA Alerts
Mitsubishi Electric CNC Series
FOE
CISA Alerts
CTEK Chargeportal
FOE
CISA Alerts
Automated Logic WebCTRL Premium Server
FOE
CISA Alerts
IGL-Technologies eParking.fi
FOE
CISA Alerts
Schneider Electric EcoStruxure PME and EPO
FOE
CISA Alerts
Schneider Electric Modicon Controllers M241, M251, M258, and LMC058
FOE
Bleeping Computer
CISA urges US orgs to secure Microsoft Intune systems after Stryker breach
FOE
The Hacker News
How Ceros Gives Security Teams Visibility and Control in Claude Code
FRIEND
SecurityWeek
Raven Emerges From Stealth With $20 Million in Funding
FOE
Bleeping Computer
New ‘Perseus’ Android malware checks user notes for secrets
FOE
Bleeping Computer
Critical Microsoft SharePoint flaw now exploited in attacks
FOE
CSO Online
5 key priorities for your RSAC 2026 agenda
FOE
CSO Online
The multi-billion dollar mistake: Why cloud misconfigurations are your biggest security threat
FOE
Schneier on Security
Hacking a Robot Vacuum
FOE
SecurityWeek
CISA Warns of Attacks Exploiting Recent SharePoint Vulnerability
FOE
The Hacker News
DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover
FOE
CSO Online
Your MFA isn’t broken — it’s being bypassed, and your employees can’t tell the difference
FOE
SecurityWeek
Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks
FOE
Dark Reading
EU Sanctions Companies in China, Iran for Cyberattacks
FOE
CSO Online
Anthropic ban heralds new era of supply chain risk — with no clear playbook
FOE
The Hacker News
CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
FRIEND
CSO Online
Cloud Access Security Broker – ein Kaufratgeber
FOE
Risky Business News
Srsly Risky Biz: Successful War Leaves Iran With One Option, Cyber
FOE
SANS Internet Storm Center
Interesting Message Stored in Cowrie Logs, (Wed, Mar 18th)
FOE
Sophos News
Android devices ship with firmware-level malware
FOE
Recorded Future Blog
2025 Year in Review: Malicious, Infrastructure
FRIEND
The Register (Security)
Okta made a nightmare micromanager for your AI agents
FOE
Bleeping Computer
Aura confirms data breach exposing 900,000 marketing contacts
FOE
The Register (Security)
State snoops and spyware vendors planting info-stealing malware on iPhones, Google warns
FOE
Dark Reading
DarkSword: iPhone Exploit Kit Serves Spies & Thieves Alike
FOE
Dark Reading
C2 Implant 'SnappyClient' Targets Crypto Wallets
FOE
Bleeping Computer
CISA orders feds to patch Zimbra XSS flaw exploited in attacks
FOE
SecurityWeek
The Collapse of Predictive Security in the Age of Machine-Speed Attacks
FOE
Bleeping Computer
ConnectWise patches new flaw allowing ScreenConnect hijacking
FRIEND
SecurityWeek
Autonomous Offensive Security Firm XBOW Raises $120M at $1B+ Valuation
FOE
The Register (Security)
Amazon security boss says crims abused max-security Cisco firewall flaw weeks before disclosure
FOE
The Hacker News
OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs
FOE
Bleeping Computer
Ransomware gang exploits Cisco flaw in zero-day attacks since January
FOE
The Hacker News
Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
FRIEND
SecurityWeek
Cloud Security Startup Native Exits Stealth With $42 Million in Funding
FOE
Bleeping Computer
Marquis: Ransomware gang stole data of 672K people in cyberattack
FOE
SecurityWeek
‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors
FOE
Dark Reading
'Claudy Day’ Trio of Flaws Exposes Claude Users to Data Theft
FOE
SecurityWeek
Virtual Summit Today: Supply Chain & Third-Party Risk Summit
FOE
SecurityWeek
EU Sanctions Chinese, Iranian Firms Supporting Hacking Operations
FOE
EPIC
Senators Demand Answers on Meta’s Plans for Facial Recognition ‘Smart’ Glasses, Following NYT Report and EPIC Letters
FOE
Bleeping Computer
The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms
FOE
Bleeping Computer
New “Darksword” iOS exploit used in infostealer attack on iPhones
FRIEND
Black Hills Information Security
How to Lead Effective Tabletops
FOE
SecurityWeek
Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches
FRIEND
SecurityWeek
Manifold Raises $8 Million for AI Detection and Response
FOE
The Register (Security)
North Korea's 100,000-strong fake IT worker army rake in $500M a year for Kim Jong Un
FOE
Bleeping Computer
Nordstrom's email system abused to send crypto scams to customers
FOE
SANS Internet Storm Center
Scans for "adminer", (Wed, Mar 18th)
FOE
Dark Reading
Meta, TikTok Steal Personal & Financial Info When Users Click Ads
FOE
Dark Reading
SideWinder Espionage Campaign Expands Across Southeast Asia
FOE
SecurityWeek
Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach
FRIEND
SecurityWeek
Apple Debuts Background Security Improvements With Fresh WebKit Patches
FRIEND
The Register (Security)
Britain's satellite-watching gap to be plugged with £17.5M eyeball in Cyprus
FOE
CISA Alerts
CISA Urges Endpoint Management System Hardening After Cyberattack Against US Organization
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FRIEND
CSO Online
Reco targets AI agent blind spots with new security capability
FOE
The Hacker News
Claude Code Security and Magecart: Getting the Threat Model Right
FOE
The Hacker News
9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors
FOE
Schneier on Security
Meta’s AI Glasses and Privacy
FOE
SecurityWeek
Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t Patch
FOE
CSO Online
BSI moniert Software-Sicherheit im Gesundheitswesen
FRIEND
The Hacker News
Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels
FRIEND
EPIC
PRESS RELEASE: FTC Should Develop Privacy-Protective Age Assurance Standards, Leading Orgs Say
FOE
CSO Online
Can you prove the person on the other side is real?
FOE
CSO Online
ClickFix treibt neue Infostealer-Kampagnen an
FOE
CSO Online
Cybersecurity and privacy priorities for 2026: The legal risk map
FOE
The Hacker News
Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
FOE
The Register (Security)
Iran's cyberattack against med tech firm is 'just the beginning'
FOE
CSO Online
CISOs rethink their data protection strategies
FRIEND
The Hacker News
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
FOE
The Hacker News
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
FRIEND
The Register (Security)
Linux Foundation kicks off effort to shield FOSS maintainers from AI slop bug reports
FRIEND
CSO Online
Die besten Hacker-Filme
FOE
The Register (Security)
Japan to allow ‘proactive cyber-defense’ from October 1st
FOE
Risky Business News
Risky Bulletin: EU finally imposes more cyber sanctions
FOE
Bleeping Computer
Apple pushes first Background Security Improvements update to fix WebKit flaw
FOE
Dark Reading
More Attackers Are Logging In, Not Breaking In
FOE
Bleeping Computer
GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
FRIEND
Dark Reading
Clear Communication: The Missing Link in Cybersecurity Success
FOE
Dark Reading
Less Lucrative Ransomware Market Makes Attackers Alter Methods
FRIEND
Ars Technica (Security)
How World ID wants to put a unique human identity on every AI agent
FOE
The Register (Security)
World<s>Coin</s>'s newest pitch: Scan your eyeballs to prove AI agents really represent you
FOE
EPIC
EPIC Joins Coalition to Urge OpenAI to Withdraw California AI Safety Ballot Initiative
FOE
Dark Reading
Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish
FRIEND
CSO Online
Nvidia NemoClaw promises to run OpenClaw agents securely
FOE
The Intercept (Privacy)
Trump Wants to Put You in a Massive, Secret Government Database
FOE
Bleeping Computer
Europe sanctions Chinese and Iranian firms for cyberattacks
FOE
Ars Technica (Security)
Researchers disclose vulnerabilities in IP KVMs from four manufacturers
FOE
The Hacker News
AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
FOE
The Register (Security)
EU sanctions Iranian cyber front over election meddling, Charlie Hebdo breach
FRIEND
SecurityWeek
Tech Giants Invest $12.5 Million in Open Source Security
FOE
SecurityWeek
UK Companies House Exposed Details of Millions of Firms
FOE
Dark Reading
Warlock Ransomware Group Augments Post-Exploitation Activities
FOE
The Hacker News
LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
FRIEND
SecurityWeek
Surf AI Raises $57 Million for Agentic Security Operations Platform
FOE
Bleeping Computer
Top 5 Things CISOs Need to Do Today to Secure AI Agents
FOE
Bleeping Computer
New font-rendering trick hides malicious commands from AI tools
FRIEND
Bleeping Computer
Microsoft stops force-installing the Microsoft 365 Copilot app
FOE
SecurityWeek
Robotic Surgery Giant Intuitive Discloses Cyberattack
FOE
CSO Online
Cyber-Attacken fluten Eon-Netz: Angriffe verzehnfacht
FOE
SecurityWeek
174 Vulnerabilities Targeted by RondoDox Botnet
FRIEND
SecurityWeek
Google, Meta, Microsoft Among Signatories of Pact to Combat Scams
FOE
Bleeping Computer
LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
FRIEND
Bleeping Computer
Microsoft shares fix for Windows C: drive access issues on Samsung PCs
FOE
CISA Alerts
Schneider Electric SCADAPack and RemoteConnect
FOE
CISA Alerts
Schneider Electric EcoStruxure Data Center Expert
FOE
CISA Alerts
Siemens SICAM SIAPP SDK
FOE
CISA Alerts
CODESYS in Festo Automation Suite
FRIEND
SecurityWeek
Tracebit Raises $20M for Cloud-Native Deception Technology
FOE
SANS Internet Storm Center
IPv4 Mapped IPv6 Addresses, (Tue, Mar 17th)
FOE
The Hacker News
AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds
FOE
CSO Online
AWS Bedrock’s ‘isolated’ sandbox comes with a DNS escape hatch
FRIEND
Bleeping Computer
New Windows 11 hotpatch fixes Bluetooth device visibility issue
FOE
SecurityWeek
CISA Flags Year-Old Wing FTP Vulnerability as Exploited
FOE
Bleeping Computer
Microsoft: Enabling Teams Meeting add-in breaks Outlook Classic
FOE
SecurityWeek
AI, APIs and DDoS Collide in New Era of Coordinated Cyberattacks
FOE
Schneier on Security
South Korean Police Accidentally Post Cryptocurrency Wallet Password
FOE
The Hacker News
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
FOE
The Register (Security)
Too big to ignore, too small to be served: the midmarket security gap
FRIEND
The Register (Security)
Switzerland built a secure alternative to BGP. The rest of the world hasn't noticed yet
FRIEND
EFF Deeplinks
Bonus Podcast Episode: Privacy’s Defender - Cindy Cohn with Cory Doctorow
FOE
CSO Online
Runtime: The new frontier of AI agent security
FOE
The Hacker News
CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
FOE
The Register (Security)
Gartner suggests Friday afternoon Copilot ban because users may be too lazy to check its mistakes
FRIEND
CSO Online
6 Risk-Assessment-Frameworks im Vergleich
FOE
CSO Online
Was ist ein Keylogger?
FRIEND
The Register (Security)
Bank built its own threat hunting agent because vendors can’t keep pace with new threats
FOE
Dark Reading
China-Nexus Hackers Skulk in Southeast Asian Military Orgs for Years
FOE
Dark Reading
GlassWorm Malware Evolves to Hide in Dependencies
FOE
EPIC
The Associated Press: Tax scams are on the rise. Here’s what to know
FRIEND
Dark Reading
Inside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026
FOE
The Register (Security)
Robotics surgical biz Intuitive discloses phishing attack
FOE
The Hacker News
GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
FRIEND
EPIC
EPIC Testifies in Support of Colorado Bill on Surveillance Pricing and Wages
FOE
EFF Deeplinks
Blocking the Internet Archive Won’t Stop AI, But It Will Erase the Web’s Historical Record
FOE
Bleeping Computer
Stryker attack wiped tens of thousands of devices, no malware needed
FOE
The Register (Security)
Cybercrime has skyrocketed 245% since the start of the Iran war
FOE
Bleeping Computer
CISA flags Wing FTP Server flaw as actively exploited in attacks
FOE
Bleeping Computer
UK’s Companies House confirms security flaw exposed business data
FOE
The Register (Security)
AI finally delivers those elusive productivity gains... for cybercriminals
FOE
Bleeping Computer
Microsoft Exchange Online outage blocks access to mailboxes
FOE
SecurityWeek
Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact
FOE
SecurityWeek
Security Firm Executive Targeted in Sophisticated Phishing Attack
FOE
The Hacker News
⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More
FOE
Dark Reading
Attackers Abuse LiveChat to Phish Credit Card, Personal Data
FOE
Bleeping Computer
Shadow AI is everywhere. Here’s how to find and secure it.
FOE
SANS Internet Storm Center
/proxy/ URL scans with IP addresses, (Mon, Mar 16th)
FOE
SecurityWeek
China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation
FOE
SecurityWeek
Threat Actor Targeting VPN Users in New Credential Theft Campaign
FOE
The Register (Security)
Flaw in UK's corporate registry let directors rummage through rival records
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FRIEND
The Hacker News
Why Security Validation Is Becoming Agentic
FOE
SecurityWeek
ForceMemo: Python Repositories Compromised in GlassWorm Aftermath
FOE
The Hacker News
ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
FOE
CSO Online
Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse
FOE
CSO Online
Nine critical vulnerabilities in Linux AppArmor put over 12M enterprise systems at risk
FOE
Schneier on Security
Possible New Result in Quantum Factorization
FOE
The Hacker News
DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
FOE
SecurityWeek
Hacking Attempt Reported at Poland’s Nuclear Research Center
FRIEND
CSO Online
What it takes to win that CSO role
FOE
CSO Online
ClickFix techniques evolve in new infostealer campaigns
FRIEND
The Hacker News
Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
FRIEND
CSO Online
GenAI-Security als Checkliste
FOE
Risky Business News
Risky Bulletin: Meta disrupts Mexican cartels
FOE
Recorded Future Blog
2025 Identity Threat Landscape Report: Inside the Infostealer Economy: Credential Threats in 2025
FOE
The Register (Security)
Outsourcer Telus admits to attack – may have lost a petabyte of data to ShinyHunters
FRIEND
Bleeping Computer
OpenAI says ChatGPT ads are not rolling out globally for now
FOE
EPIC
The Guardian: Hacked data shines light on homeland security’s AI surveillance ambitions
FOE
EFF Deeplinks
The Foilies 2026
FRIEND
Bleeping Computer
Betterleaks, a new open-source secrets scanner to replace Gitleaks
FOE
SecurityWeek
Loblaw Data Breach Impacts Customer Information
FOE
The Intercept (Privacy)
Crypto Spends Big in Illinois House Races to Say Consumer Rights Supporters Are Corrupt
FRIEND
Bleeping Computer
Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw
FOE
The Hacker News
OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration
FRIEND
Schneier on Security
Upcoming Speaking Engagements
FOE
Bleeping Computer
AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code
FOE
The Hacker News
GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers
FOE
SecurityWeek
Critical HPE AOS-CX Vulnerability Allows Admin Password Resets
FOE
SANS Internet Storm Center
SmartApeSG campaign uses ClickFix page to push Remcos RAT, (Sat, Mar 14th)
FOE
Bleeping Computer
Microsoft: Windows 11 users can't access C: drive on some Samsung PCs
FRIEND
Schneier on Security
Friday Squid Blogging: Increased Squid Population in the Falklands
FOE
Bleeping Computer
FBI seeks victims of Steam games used to spread malware
FOE
Ars Technica (Security)
Supply-chain attack using invisible code hits GitHub and other repositories
FOE
EPIC
League of Women Voters, EPIC Urge Court to Protect Privacy and Voting Rights by Reversing Illegal Overhaul of SAVE System
FOE
CSO Online
Google warns of two actively exploited Chrome zero days
FOE
Dark Reading
Fake PoCs, Misunderstood Risks Cause Cisco SD-WAN Chaos
FRIEND
EPIC
EPIC Testifies in Support of Maryland Chatbots Bill
FRIEND
EFF Deeplinks
EFF Launches New Fight to Free the Law
FOE
Dark Reading
The Data Gap: Why Nonprofit Cyber Incidents Go Underreported
FOE
The Hacker News
Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
FOE
The Register (Security)
Credential-stealing crew spoofs VPN clients from Cisco, Fortinet, and others
FOE
Dark Reading
Cyberattackers Don't Care About Good Causes
FRIEND
Bleeping Computer
Poland's nuclear research centre targeted by cyberattack
FOE
The Hacker News
Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026
FOE
Bleeping Computer
Microsoft investigates classic Outlook sync and connection issues
FOE
EPIC
In McCarthy v. Amazon, Ninth Circuit Allows “Suicide Kit” Lawsuits Against Amazon to Proceed
FOE
Sophos News
Initial access techniques used by Iran-based threat actors
FOE
CSO Online
Cyber criminals too are working from home… your home
FOE
Dark Reading
Will AI Save Consumers From Smartphone-Based Phishing Attacks?
FOE
SecurityWeek
Starbucks Data Breach Impacts Employees
FRIEND
The Hacker News
INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime
FOE
The Intercept (Privacy)
I Wrote a Movie Review. Cops Took It From A Protester’s Home to Make the Case That He’s a Terrorist.
FOE
SecurityWeek
In Other News: N8n Flaw Exploited, Slopoly Malware, Interpol Cybercrime Crackdown
FRIEND
Bleeping Computer
From VMware to what’s next: Protecting data during hypervisor migration
FOE
EPIC
Bloomberg Law: Complying With California Kids Code Is Suddenly More Complicated
FOE
The Hacker News
Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials
FRIEND
Bleeping Computer
Police sinkholes 45,000 IP addresses in cybercrime crackdown
FOE
The Hacker News
Investigating a New Click-Fix Variant
FOE
Bleeping Computer
Fake enterprise VPN downloads used to steal company credentials
FOE
Dark Reading
Most Google Cloud Attacks Start With Bug Exploitation
FOE
Dark Reading
Real-Time Banking Trojan Strikes Brazil's Pix Users
FOE
The Register (Security)
Interpol cybercrime crackdown leads to 94 arrests, 45,000 IP takedowns
FOE
SecurityWeek
Iran-Linked Hackers Take Aim at US and Other Targets, Raising Risk of Cyberattacks During War
FOE
CSO Online
Veeam warns admins to patch now as critical RCE flaws hit Backup & Replication
FOE
CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
FRIEND
The Register (Security)
NanoClaw latches onto Docker Sandboxes for safer AI agents
FRIEND
SecurityWeek
Bold Security Emerges From Stealth With $40 Million in Funding
FOE
The Register (Security)
Google rushes Chrome update fixing two zero-days already under attack
FRIEND
SecurityWeek
Google Paid Out $17 Million in Bug Bounty Rewards in 2025
FOE
Schneier on Security
Academia and the “AI Brain Drain”
FOE
SecurityWeek
Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and Shipping
FOE
SecurityWeek
Onyx Security Launches With $40 Million in Funding
FOE
The Hacker News
Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
FRIEND
CSO Online
Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind
FOE
CSO Online
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
FRIEND
SecurityWeek
Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet
FOE
The Hacker News
Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation
FOE
Bleeping Computer
Starbucks discloses data breach affecting hundreds of employees
FOE
SecurityWeek
Chrome 146 Update Patches Two Exploited Zero-Days
FOE
SANS Internet Storm Center
A React-based phishing page with credential exfiltration via EmailJS, (Fri, Mar 13th)
FOE
CSO Online
The cyber perimeter was never dead. We just abandoned it.
FOE
Bleeping Computer
Google fixes two new Chrome zero-days exploited in attacks
FRIEND
The Hacker News
Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
FOE
The Hacker News
Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution
FRIEND
CSO Online
10 Kennzahlen, die CISOs weiterbringen
FOE
Risky Business News
Risky Bulletin: Another residential proxy provider falls as authorities continue crackdowns
FOE
CSO Online
Telus Digital hit with massive data breach
FRIEND
Sophos News
March Patch Tuesday visits 15 product families
FOE
Sophos News
Initial access techniques used by Iran-based threat actors
FOE
The Register (Security)
Rogue AI agents can work together to hack systems and steal secrets
FRIEND
EPIC
Ninth Circuit Deals Another Blow to Big Tech’s Campaign for Broad Immunity from Regulation, Allows Parts of California’s Design Code to Go into Effect
FOE
Ars Technica (Security)
The who, what, and why of the attack that has shut down Stryker's Windows network"
FRIEND
Dark Reading
Why Post-Quantum Cryptography Can't Wait
FOE
Bleeping Computer
Canadian retail giant Loblaw notifies customers of data breach
FOE
Dark Reading
Iran MOIS Colludes With Criminals to Boost Cyberattacks
FOE
Bleeping Computer
England Hockey investigating ransomware data breach
FOE
Dark Reading
Commercial Spyware Opponents Fear US Policy Shifting
FOE
Bleeping Computer
AI-generated Slopoly malware used in Interlock ransomware attack
FRIEND
Schneier on Security
iPhones and iPads Approved for NATO Classified Data
FOE
EFF Deeplinks
A.B. 1043’s Internet Age Gates Hurt Everyone
FOE
EFF Deeplinks
Rep. Finke Was Right: Age-Gating Isn’t About Kids, It’s About Control
FOE
CSO Online
Medical giant Stryker crippled after Iranian hackers remotely wipe computers
FOE
The Hacker News
Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
FRIEND
Dark Reading
Delinea's StrongDM Acquisition Highlights the Changing Role of PAM
FOE
The Hacker News
Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks
FOE
Bleeping Computer
Veeam warns of critical flaws exposing backup servers to RCE attacks
FOE
Dark Reading
Why Stryker's Outage Is a Disaster Recovery Wake-Up Call
FRIEND
The Register (Security)
Operating Lightning takes down SocksEscort proxy network blamed for tens of millions in fraud
FRIEND
Bleeping Computer
US disrupts SocksEscort proxy network powered by Linux malware
FRIEND
Bleeping Computer
Google paid $17.1 million for vulnerability reports in 2025
FOE
SecurityWeek
Apple Updates Legacy iOS Versions to Patch Coruna Exploits
FOE
Bleeping Computer
Telus Digital confirms breach after hacker claims 1 petabyte data theft
FOE
Dark Reading
What Orgs Can Learn From Olympics, World Cup IR Plans
FOE
Bleeping Computer
Going the Extra Mile: Travel Rewards Turn into Underground Currency.
FRIEND
BrightTALK InfoSec
Building Resilient Cloud Security Architectures for Today’s Threat Landscape
FRIEND
Bleeping Computer
Apple patches older iPhones and iPads against Coruna exploits
FOE
The Register (Security)
CISA warns max-severity n8n bug is being exploited in the wild
FOE
The Hacker News
How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs
FRIEND
SecurityWeek
Meta Launches New Protection Tools as It Helps Disrupt Scam Centers
FOE
The Hacker News
ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More
FOE
EPIC
DOJ Wants Sensitive Voter Data but Can’t Be Bothered to Protect It
FOE
SecurityWeek
Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks
FOE
SecurityWeek
The Human IOC: Why Security Professionals Struggle with Social Vetting
FOE
SecurityWeek
Splunk, Zoom Patch Severe Vulnerabilities
FOE
CISA Alerts
Siemens Heliox EV Chargers
FOE
CISA Alerts
Inductive Automation Ignition Software
FOE
CISA Alerts
Trane Tracer SC, Tracer SC+, and Tracer Concierge
FOE
CISA Alerts
Siemens RUGGEDCOM APE1808 Devices
FOE
CISA Alerts
Siemens SIMATIC
FOE
CISA Alerts
Siemens SIDIS Prime
FOE
CSO Online
PhantomRaven returns to npm with 88 bad packages
FOE
Bleeping Computer
US charges another ransomware negotiator linked to BlackCat attacks
FOE
The Hacker News
Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload
FOE
SecurityWeek
Cisco Patches High-Severity IOS XR Vulnerabilities
FOE
The Hacker News
Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit
FOE
SecurityWeek
Critical N8n Vulnerabilities Allowed Server Takeover
FOE
SecurityWeek
Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea
FOE
CSO Online
North Korean fake IT worker tradecraft exposed
FOE
The Hacker News
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
FOE
CSO Online
AI use is changing how much companies pay for cyber insurance
FOE
CSO Online
“Zombie ZIP”: Neue Angriffstechnik täuscht Virenscanner
FOE
The Hacker News
CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
FRIEND
CSO Online
Wie CISOs schlechte Angebote enttarnen
FOE
Risky Business News
Srsly Risky Biz: Trump's Cyber Strategy… Great, Amazing, The Best Yet
FOE
The Register (Security)
China’s CERT warns OpenClaw can inflict nasty wounds
FOE
SANS Internet Storm Center
When your IoT Device Logs in as Admin, It?s too Late! [Guest Diary], (Wed, Mar 11th)
FRIEND
Recorded Future Blog
February 2026 CVE Landscape: 13 Critical Vulnerabilities Mark 43% Drop from January
FOE
CSO Online
Resumés with malicious ISO attachments are circulating, says Aryaka
FOE
CSO Online
CISA warns of actively exploited Ivanti EPM and Cisco SD-WAN flaws
FRIEND
EFF Deeplinks
Certbot and Let's Encrypt Now Support IP Address Certificates
FOE
The Register (Security)
Iran plots 'infrastructure warfare' against US tech giants
FOE
Dark Reading
A Guy Who Wrote the Code Died in 2005. I Still Have to Secure It
FOE
The Intercept (Privacy)
Trump’s AI-Powered World Wars
FOE
Dark Reading
INC Ransomware Group Holds Healthcare Hostage in Oceania
FOE
Ars Technica (Security)
14,000 routers are infected by malware that's highly resistant to takedowns
FOE
The Register (Security)
Iran-linked cyber crew says they hit US med-tech firm
FOE
Dark Reading
Xygeni GitHub Action Compromised Via Tag Poison
FRIEND
Bleeping Computer
WhatsApp introduces parent-managed accounts for pre-teens
FOE
Bleeping Computer
SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites
FRIEND
SecurityWeek
Senate Confirms Joshua Rudd to Lead NSA and US Cyber Command
FOE
Bleeping Computer
CISA orders feds to patch n8n RCE flaw exploited in attacks
FRIEND
The Register (Security)
Meta, international cops use handcuffs and AI to stop scammers
FOE
Bleeping Computer
Medtech giant Stryker offline after Iran-linked wiper malware attack
FOE
Bleeping Computer
New PhantomRaven NPM attack wave steals dev data via 88 packages
FOE
The Hacker News
Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes
FOE
Krebs on Security
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
FOE
SecurityWeek
MedTech Giant Stryker Crippled by Iran-Linked Hacker Attack
FOE
The Hacker News
Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
FOE
EFF Deeplinks
Government Spying 🤝 Targeted Advertising | EFFector 38.5
FOE
Dark Reading
Chinese Nexus Actors Shift Focus to Qatar Amid Iranian Conflict
FRIEND
SecurityWeek
Wiz Joins Google Cloud as Landmark Acquisition Closes
FOE
The Register (Security)
ICO fines Police Scotland over data-sharing debacle in gross misconduct case
FRIEND
Black Hills Information Security
Understanding GRC: How to Navigate Risks and Compliance Standards
FRIEND
SecurityWeek
CISO Conversations: Aimee Cardwell
FOE
SecurityWeek
238,000 Impacted by Bell Ambulance Data Breach
FRIEND
Bleeping Computer
Meta adds new WhatsApp, Facebook, and Messenger anti-scam tools
FRIEND
SecurityWeek
Scanner Raises $22 Million for AI-Powered Threat Hunting
FRIEND
The Hacker News
Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown
FRIEND
CSO Online
AWS expands Security Hub for multicloud security operations
FOE
The Register (Security)
Swiss e-voting pilot can't count 2,048 ballots after USB keys fail to decrypt them
FOE
The Hacker News
Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
FRIEND
SecurityWeek
OpenAI to Acquire AI Security Startup Promptfoo
FOE
The Register (Security)
Dutch cops bust teen suspected of posing as bank staff to steal cards
FOE
SecurityWeek
Fortinet, Ivanti, Intel Patch High-Severity Vulnerabilities
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FRIEND
SecurityWeek
How to 10x Your Vulnerability Management Program in the Agentic Era
FOE
CSO Online
Overly permissive ‘guest’ settings put Salesforce customers at risk
FOE
The Hacker News
What Boards Must Demand in the Age of AI-Automated Exploitation
FRIEND
The Register (Security)
EU legal eagle says banks should refund cybercrime victims first, argue later
FOE
SecurityWeek
Michelin Confirms Data Breach Linked to Oracle EBS Attack
FOE
Schneier on Security
Canada Needs Nationalized, Public AI
FOE
CSO Online
Why zero trust breaks down in IoT and OT environments
FOE
CSO Online
Did cybersecurity recently have its Gatling gun moment?
FRIEND
SecurityWeek
Quantro Security Emerges From Stealth With $2.5 Million in Funding
FOE
CSO Online
Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentials
FRIEND
CSO Online
CSO Awards 2026 celebrates world-class security strategies
FRIEND
CSO Online
Announcing the 2026 CSO Hall of Fame honorees
FOE
CSO Online
A 5-step approach to taming shadow AI
FOE
SANS Internet Storm Center
Analyzing "Zombie Zip" Files (CVE-2026-0866), (Wed, Mar 11th)
FOE
SecurityWeek
‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload
FOE
The Hacker News
Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
FRIEND
The Register (Security)
Building the UK’s next generation of cyber talent
FOE
Privacy International
Privacy International’s remarks at the side event of the 61st Session of the UN Human Rights Council on the Human Rights Impacts of Using Artificial Intelligence in Countering Terrorism
FRIEND
SecurityWeek
ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Moxa, Mitsubishi Electric
FOE
The Hacker News
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
FOE
CSO Online
12 ways attackers abuse cloud services to hack your enterprise
FOE
The Hacker News
Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
FOE
CSO Online
6 Mittel gegen Security-Tool-Wildwuchs
FOE
CSO Online
Jack & Jill went up the hill — and an AI tried to hack them
FOE
Dark Reading
Middle East Conflict Highlights Cloud Resilience Gaps
FRIEND
Dark Reading
Microsoft Patches 83 CVEs in March Update
FRIEND
Krebs on Security
Microsoft Patch Tuesday, March 2026 Edition
FOE
Sophos News
Evil evolution: ClickFix and macOS infostealers
FOE
CSO Online
March Patch Tuesday: Three high severity holes in Microsoft Office
FOE
EFF Deeplinks
Copyright Bullying vs. Religious Freedom
FOE
Bleeping Computer
New ‘BlackSanta’ EDR killer spotted targeting HR departments
FRIEND
Risky Business News
Risky Bulletin: Gen. Joshua Rudd confirmed as next CyberCom and NSA head
FOE
EPIC
EPIC Leads Group of Law & Technology Scholars in Rebutting Social Media Companies’ Arguments that Surveillance-Based Feeds Are Constitutionally-Protected Speech
FOE
Bleeping Computer
New BeatBanker Android malware poses as Starlink app to hijack devices
FOE
Dark Reading
'Overly Permissive' Salesforce Cloud Configs in the Crosshairs
FOE
EFF Deeplinks
Think Twice Before Buying or Using Meta’s Ray-Bans
FRIEND
EPIC
Maine Senate Passes Strong Privacy Bill
FOE
EFF Deeplinks
The Government Must Not Force Companies to Participate in AI-powered Surveillance
FOE
The Register (Security)
Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack
FOE
Bleeping Computer
New 'Zombie ZIP' technique lets malware slip past security tools
FOE
CSO Online
Threat intelligence by ESET is a game changer
FRIEND
CSO Online
The CSO role is evolving fast with AI in Cyber Defense strategy
FRIEND
SecurityWeek
Microsoft Patches 83 Vulnerabilities
FOE
Dark Reading
Russian Threat Actor Sednit Resurfaces With Sophisticated Toolkit
FOE
The Register (Security)
Cybercrime isn't just a cover for Iran's government goons - it's a key part of their operations
FRIEND
Bleeping Computer
Microsoft releases Windows 10 KB5078885 extended security update
FOE
SecurityWeek
Adobe Patches 80 Vulnerabilities Across Eight Products
FOE
Bleeping Computer
Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws
FRIEND
SecurityWeek
Jazz Emerges From Stealth With $61M in Funding for AI-Powered DLP
FRIEND
Bleeping Computer
Windows 11 KB5079473 & KB5078883 cumulative updates released
FOE
SANS Internet Storm Center
Microsoft Patch Tuesday March 2026, (Tue, Mar 10th)
FOE
Bleeping Computer
HPE warns of critical AOS-CX flaw allowing admin password resets
FOE
The Register (Security)
Crooks compromise WordPress sites to push infostealers via fake CAPTCHA prompts
FOE
The Hacker News
FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
FOE
The Hacker News
KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet
FRIEND
Bleeping Computer
Microsoft brings phishing-resistant Windows sign-ins via Entra passkeys
FRIEND
SecurityWeek
Kai Emerges From Stealth With $125M in Funding for AI Platform Bridging IT and OT Security
FOE
SecurityWeek
Webinar Today: Securing Fragile OT in an Exposed World
FOE
Bleeping Computer
New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network
FOE
Sophos News
Evil evolution: ClickFix and macOS infostealers
FOE
SecurityWeek
SAP Patches Critical FS-QUO, NetWeaver Vulnerabilities
FOE
SecurityWeek
Thousands Affected by Ericsson Data Breach
FOE
EPIC
EPIC Leads Coalition Demanding the Government Reverse Illegal Data Grab… Again
FOE
Bleeping Computer
The New Turing Test: How Threats Use Geometry to Prove 'Humanness'
FOE
The Register (Security)
Fake job applications pack malware that kills EDR before stealing data
FOE
Dark Reading
'BlackSanta' EDR Killer Targets HR Workflows
FRIEND
SecurityWeek
OpenAI Rolls Out Codex Security Vulnerability Scanner
FRIEND
SecurityWeek
Kevin Mandia’s Armadin Launches With $190 Million in Funding
FOE
The Hacker News
New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries
FOE
SecurityWeek
Hundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign
FOE
The Register (Security)
Ericsson blames vendor vishing slip-up for breach exposing thousands of records
FRIEND
The Register (Security)
Protecting democracy means democratizing cybersecurity. Bring on the hackers
FOE
CISA Alerts
Honeywell IQ4x BMS Controller
FOE
CISA Alerts
Ceragon Siklu MultiHaul and EtherHaul Series
FOE
CISA Alerts
Apeman Cameras
FOE
CISA Alerts
Lantronix EDS3000PS and EDS5000
FRIEND
SecurityWeek
Escape Raises $18 Million to Automate Pentesting
FOE
SecurityWeek
Recent Ivanti Endpoint Manager Flaw Exploited in Attacks
FOE
The Hacker News
How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows
FOE
The Register (Security)
Polish cops bust alleged teen DDoS kit sellers – youngest just 12
FOE
Bleeping Computer
CISA: Recently patched Ivanti EPM flaw now actively exploited
FOE
CSO Online
Devs looking for OpenClaw get served a GhostClaw RAT
FOE
SecurityWeek
SIM Swaps Expose a Critical Flaw in Identity Security
FRIEND
The Hacker News
The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction
FOE
The Hacker News
APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military
FRIEND
Bleeping Computer
Microsoft to enable Windows hotpatch security updates by default
FOE
Bleeping Computer
APT28 hackers deploy customized variant of Covenant open-source tool
FOE
CSO Online
The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix
FOE
Schneier on Security
Jailbreaking the F-35 Fighter Jet
FRIEND
CSO Online
OpenAI to acquire Promptfoo to strengthen AI agent security testing
FOE
CSO Online
Why access decisions are becoming the weakest link in identity security
FRIEND
CSO Online
I replaced manual pen tests with automation. Here’s what I learned.
FOE
The Hacker News
Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool
FRIEND
SecurityWeek
Cylake Raises $45 Million to Secure Organizations Barred From Cloud
FOE
CSO Online
When AI safety constrains defenders more than attackers
FOE
The Hacker News
CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited
FOE
CSO Online
Security-Tools für KI-Infrastrukturen – ein Kaufratgeber
FOE
CSO Online
Hacker abusing .arpa domain to evade phishing detection, says Infoblox
FOE
Bleeping Computer
Microsoft Teams phishing targets employees with A0Backdoor malware
FOE
The Register (Security)
AI vs AI: Agent hacked McKinsey's chatbot and gained full read-write access in just two hours
FOE
Bleeping Computer
Google: Cloud attacks exploit flaws more than weak credentials
FOE
Bleeping Computer
Dutch govt warns of Signal, WhatsApp account hijacking attacks
FOE
Dark Reading
White House Cyber Strategy Prioritizes Offense
FOE
Dark Reading
'InstallFix' Attacks Spread Fake Claude Code Sites
FOE
EFF Deeplinks
The SAFE Act is an Imperfect Vehicle for Real Section 702 Reform
FRIEND
EFF Deeplinks
Privacy's Defender: Launch Party in Berkeley
FOE
Bleeping Computer
Ericsson US discloses data breach after service provider hack
FOE
The Hacker News
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
FOE
The Register (Security)
ShinyHunters claims more high-profile victims in latest Salesforce customers data heist
FRIEND
CSO Online
CVE program funding secured, easing fears of repeat crisis
FRIEND
EFF Deeplinks
EFFecting Change: Privacy's Defender
FRIEND
Bleeping Computer
Microsoft Teams will tag third-party bots trying to join meetings
FOE
Bleeping Computer
ShinyHunters claims ongoing Salesforce Aura data theft attacks
FOE
The Register (Security)
EV charger biz ELECQ zapped by ransomware crooks, customer contact data stolen
FRIEND
SecurityWeek
Cybersecurity M&A Roundup: 42 Deals Announced in February 2026
FOE
Bleeping Computer
FBI warns of phishing attacks impersonating US city, county officials
FRIEND
SANS Internet Storm Center
Encrypted Client Hello: Ready for Prime Time?, (Mon, Mar 9th)
FOE
The Hacker News
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
FOE
Bleeping Computer
Why Password Audits Miss the Accounts Attackers Actually Want
FOE
Bleeping Computer
Microsoft still working to fix Windows Explorer white flashes
FOE
The Hacker News
⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware
FOE
The Register (Security)
Dutch cops warn 100 alleged scammers: Turn yourselves in or we tell Grandma
FOE
SecurityWeek
ClickFix Attack Uses Windows Terminal to Evade Detection
FOE
The Register (Security)
Russian cybercrims phish their way into officials' Signal and WhatsApp accounts
FOE
SecurityWeek
Internet Infrastructure TLD .arpa Abused in Phishing Attacks
FOE
Dark Reading
Chinese Cyber Threat Lurks In Critical Asian Sectors for Years
FOE
CISA Alerts
CISA Adds Three Known Exploited Vulnerabilities to Catalog
FOE
The Register (Security)
Microsoft Azure CTO set Claude on his 1986 Apple II code, says it found vulns
FRIEND
CSO Online
OpenAI says Codex Security found 11,000 high-impact bugs in a month
FRIEND
The Hacker News
Can the Security Platform Finally Deliver for the Mid-Market?
FOE
SecurityWeek
Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign
FOE
Schneier on Security
New Attack Against Wi-Fi
FRIEND
CSO Online
NIS-2: Tausende reißen BSI-Frist und riskieren Strafen
FOE
The Hacker News
Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
FOE
The Register (Security)
Royal Navy races to arm ships against drone threat
FOE
CSO Online
Rogues gallery: 15 worst ransomware groups active today
FOE
The Hacker News
Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure
FRIEND
CSO Online
4 ways to prepare your SOC for agentic AI
FOE
CSO Online
PQC roadmap remains hazy as vendors race for early advantage
FOE
CSO Online
Tarnung als Taktik: Warum Ransomware-Angriffe raffinierter werden
FOE
The Register (Security)
Iran is the first out-loud cyberwar the US has fought
FRIEND
Risky Business News
Risky Bulletin: New White House EO prioritizes fight against scams and cybercrime
FOE
Krebs on Security
How AI Assistants are Moving the Security Goalposts
FOE
The Register (Security)
FBI is investigating breach that may have hit its wiretapping tools
FRIEND
Bleeping Computer
EU court adviser says banks must immediately refund phishing victims
FOE
Bleeping Computer
Hackers abuse .arpa DNS and ipv6 to evade phishing defenses
FOE
SecurityWeek
Recent Cisco Catalyst SD-WAN Vulnerability Now Widely Exploited
FOE
The Intercept (Privacy)
OpenAI on Surveillance and Autonomous Killings: You’re Going to Have to Trust Us
FOE
The Register (Security)
AI agents now help attackers, including North Korea, manage their drudge work
FOE
The Intercept (Privacy)
Columbia Flouted Its Own Policies and Let ICE Into University Buildings
FRIEND
The Hacker News
OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues
FOE
Bleeping Computer
Termite ransomware breaches linked to ClickFix CastleRAT attacks
FRIEND
SecurityWeek
US Cyber Strategy Targets Adversaries, Critical Infrastructure, and Emerging Technologies
FOE
Bleeping Computer
Microsoft: Hackers abusing AI at every stage of cyberattacks
FOE
SecurityWeek
Over 100 GitHub Repositories Distributing BoryptGrab Stealer
FOE
SecurityWeek
Pentagon’s Chief Tech Officer Says He Clashed With AI Company Anthropic Over Autonomous Warfare
FOE
Ars Technica (Security)
From Iran to Ukraine, everyone's trying to hack security cameras
FRIEND
The Hacker News
Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
FRIEND
SANS Internet Storm Center
YARA-X 1.14.0 Release, (Sat, Mar 7th)
FOE
SecurityWeek
FBI Investigating ‘Suspicious’ Cyber Activity on System Holding Sensitive Surveillance Information
FRIEND
EFF Deeplinks
Admiring Our Heroes for International Women’s Day: Celebrating Women Who Have Received EFF Awards
FOE
CSO Online
Trump’s cyber strategy emphasizes offensive operations, deregulation, AI
FRIEND
EFF Deeplinks
Admiring Our Heroes for International Women’s Day: Five Women In Tech That EFF Admires
FOE
CSO Online
ClickFix attackers using new tactic to evade detection, says Microsoft
FRIEND
The Register (Security)
Firefox taps Anthropic AI bug hunter, but rancid RAM still flipping bits
FOE
Bleeping Computer
Cognizant TriZetto breach exposes health data of 3.4 million patients
FOE
Ars Technica (Security)
Feds take notice of iOS vulnerabilities exploited under mysterious circumstances
FRIEND
Dark Reading
Cylake Offers AI-Native Security Without Relying on Cloud Services
FOE
The Register (Security)
Spyware disguised as emergency-alert app sent to Israeli smartphones
FOE
The Intercept (Privacy)
Dems Need to Wise Up: ICE Is a Threat to Our Elections
FOE
CSO Online
Only 30 minutes per quarter on cyber risk: Why CISO-board conversations are falling short
FOE
Dark Reading
North Korean APTs Use AI to Enhance IT Worker Scams
FOE
Schneier on Security
Anthropic and the Pentagon
FOE
CSO Online
FBI wiretap system tapped by hackers
FOE
CSO Online
OAuth vulnerability in n8n automation platform could lead to system compromise
FRIEND
SecurityWeek
ArmorCode Raises $16 Million for Exposure Management Platform
FOE
EFF Deeplinks
Weasel Words: OpenAI’s Pentagon Deal Won’t Stop AI‑Powered Surveillance
FOE
EFF Deeplinks
Weasel Words: OpenAI’s Pentagon Deal Won’t Stop AI‑Powered Surveillance
FOE
Bleeping Computer
CISA warns of Apple flaws exploited in spyware, crypto-theft attacks
FOE
SecurityWeek
In Other News: FBI Hacked, US Security Pro Killed in Iran War, Hijacked Cameras Used in Khamenei Strike
FOE
The Hacker News
Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India
FRIEND
Dark Reading
EU Auto Rules Shift Gears on Cybersecurity Standards
FOE
The Register (Security)
Cisco warns of two more SD-WAN bugs under active attack
FRIEND
Bleeping Computer
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
FOE
Bleeping Computer
Fake Claude Code install guides push infostealers in InstallFix attacks
FOE
The Hacker News
Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
FRIEND
Bleeping Computer
Microsoft 365 Backup to add file-level restore for faster recovery
FOE
Privacy International
What does it mean when Big Tech goes to war?
FOE
Dark Reading
Iran's Cyber-Kinetic War Doctrine Takes Shape
FOE
Dark Reading
Cyberattack on Mexico's Gov't Agencies Highlight AI Threat
FOE
The Register (Security)
Microsoft spots ClickFix campaign getting users to self-pwn on Windows Terminal
FOE
CSO Online
Targeted advertising is also targeting malware
FOE
SecurityWeek
CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List
FRIEND
Privacy International
Privacy International & Women on Web - Securing Reproductive Justice: A Guide to Digital Privacy for Sexual and Reproductive Justice Activists
FOE
SecurityWeek
Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks
FOE
The Register (Security)
Son of government contractor arrested after alleged $46M crypto heist from US Marshals
FOE
Schneier on Security
Claude Used to Hack Mexican Government
FRIEND
SecurityWeek
James ‘Aaron’ Bishop Tapped to Serve as New Pentagon CISO
FRIEND
The Register (Security)
Microsoft finally gets around to fixing Windows 10 Recovery Environment after breaking it in October
FOE
SecurityWeek
Iranian APT Hacked US Airport, Bank, Software Company
FRIEND
The Hacker News
The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity
FOE
The Hacker News
Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor
FOE
The Register (Security)
Transport for London says 2024 breach affected 7M customers, not 5,000
FOE
Bleeping Computer
Ghanain man pleads guilty to role in $100 million fraud ring
FRIEND
SecurityWeek
Data Security Firm Evervault Raises $25 Million in Series B Funding
FOE
CSO Online
Teenage hacker myth primed for a middle-age criminal makeover
FOE
Bleeping Computer
FBI investigates breach of surveillance and wiretap systems
FOE
The Hacker News
China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
FOE
CSO Online
Challenges and projects for the CISO in 2026
FOE
CSO Online
Zero-day exploits hit enterprises faster and harder
FOE
The Hacker News
Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer
FOE
The Hacker News
Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog
FOE
CSO Online
Europa im Visier von Cyber-Identitätsdieben
FRIEND
CSO Online
7 Anzeichen für akuten MSSP-Bedarf
FOE
Risky Business News
Risky Bulletin: Iranian hackers are scanning for security cameras to aid missile strikes
FRIEND
CSO Online
LeakBase marketplace unplugged by cops in 14 countries
FOE
The Register (Security)
Google says spyware makers and China-linked groups dominated zero-day attacks last year
FOE
Bleeping Computer
Chinese state hackers target telcos with new malware toolkit
FOE
Bleeping Computer
Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware
FOE
Dark Reading
Nation-State Actor Embraces AI Malware Assembly Line
FOE
Dark Reading
Tycoon 2FA Goes Boom as Europol, Vendors Bust Phishing Platform
FOE
Bleeping Computer
Wikipedia hit by self-propagating JavaScript worm that vandalized pages
FRIEND
EPIC
EPIC Testifies in Support of Three Tech Policy Bills in Maryland
FOE
Dark Reading
Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical
FOE
The Register (Security)
Iran intelligence backdoored US bank, airport, software outfit networks
FOE
Bleeping Computer
WordPress membership plugin bug exploited to create admin accounts
FOE
Bleeping Computer
FBI arrests suspect linked to $46M crypto theft from US Marshals
FRIEND
EPIC
EPIC Testifies in Support of Michigan Kids Code
FOE
Schneier on Security
Israel Hacked Traffic Cameras in Iran
FOE
The Intercept (Privacy)
Congress Is Considering Abolishing Your Right to Be Anonymous Online
FOE
CSO Online
Cisco issues emergency patches for critical firewall vulnerabilities
FOE
Privacy International
Privacy International's response to the UK Home Office consultation on facial recognition technology
FRIEND
Dark Reading
Fig Security Emerges From Stealth to Fix Broken Security Operations
FOE
The Intercept (Privacy)
Nida Allam Concedes to Valerie Foushee With Razor-Thin Loss for Progressives in Key Midterm Primary
FRIEND
Dark Reading
Software Development Practices Help Enterprises Tackle Real-Life Risks
FOE
Privacy International
Privacy International's submission on the impact of digital and AI-assisted surveillance on assembly and association rights
FOE
The Hacker News
Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities
FOE
Bleeping Computer
Google says 90 zero-days were exploited in attacks last year
FOE
Bleeping Computer
2026 Browser Data Reveals Major Enterprise Security Blind Spots
FOE
SecurityWeek
Google: Half of 2025’s 90 Exploited Zero-Days Aimed at Enterprises
FOE
CSO Online
Coruna iOS exploit kit moved from spy tool to mass criminal campaign in under a year
FOE
EFF Deeplinks
The Government Uses Targeted Advertising to Track Your Location. Here's What We Need to Do.
FOE
EFF Deeplinks
The Government Uses Targeted Advertising to Track Your Location. Here's What We Need to Do.
FOE
Dark Reading
LatAm Now Faces 2x More Cyberattacks Than US
FOE
The Hacker News
ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine & More
FRIEND
CSO Online
Europol: Großer Markt für gestohlene Daten geschlossen
FOE
The Hacker News
Preparing for the Quantum Era: Post-Quantum Cryptography Webinar for Security Leaders
FRIEND
SecurityWeek
Russian Ransomware Operator Pleads Guilty in US
FOE
Bleeping Computer
Police dismantles online gambling ring exploiting Ukrainian women
FOE
The Register (Security)
UK watchdog eyes Meta's smart glasses after workers say they 'see everything'
FOE
SecurityWeek
Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the Wild
FOE
The Hacker News
Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware
FOE
CISA Alerts
CISA Adds Five Known Exploited Vulnerabilities to Catalog
FOE
CISA Alerts
Delta Electronics CNCSoft-G2
FRIEND
CSO Online
Europol schließt riesigen Markt für gestohlene Daten
FOE
Schneier on Security
Hacked App Part of US/Israeli Propaganda Campaign Against Iran
FRIEND
SecurityWeek
Reclaim Security Raises $20 Million to Accelerate Remediation
FOE
The Hacker News
Where Multi-Factor Authentication Stops and Credential Abuse Starts
FOE
The Intercept (Privacy)
Federal Agents Are Intimidating Legal Observers at Their Homes: “They Know Where You Live.”
FRIEND
SecurityWeek
LeakBase Cybercrime Forum Shut Down, Suspects Arrested
FOE
Bleeping Computer
Cisco flags more SD-WAN flaws as actively exploited in attacks
FOE
The Hacker News
APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine
FOE
SecurityWeek
Cisco Patches Critical Vulnerabilities in Enterprise Networking Products
FOE
Bleeping Computer
Phobos ransomware admin pleads guilty to wire fraud conspiracy
FRIEND
Google Project Zero
On the Effectiveness of Mutational Grammar Fuzzing
FOE
CSO Online
State-affiliated hackers set up for critical OT attacks that operators may not detect
FOE
The Hacker News
Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks
FRIEND
The Hacker News
FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials
FOE
CSO Online
14 old software bugs that took way too long to squash
FOE
CSO Online
Die besten Cyber-Recovery-Lösungen
FOE
SecurityWeek
Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks
FOE
Risky Business News
Srsly Risky Biz: The Four Hour Cyber War on Iran
FRIEND
CSO Online
Microsoft leads takedown of Tycoon2FA phishing service infrastructure
FRIEND
SANS Internet Storm Center
Differentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary], (Wed, Mar 4th)
FRIEND
Sophos News
Optimize Your Sophos Firewall Security
FOE
The Register (Security)
'Hundreds' of Iranian hacking attempts have hit surveillance cameras since the missile strikes
FRIEND
Bleeping Computer
Bitwarden adds support for passkey login on Windows 11
FRIEND
EPIC
SCOTUS to Hear Case Over Proper Scope of the Video Privacy Protection Act (VPPA)
FOE
Bleeping Computer
Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers
FOE
Dark Reading
VMware Aria Operations Bug Exploited, Cloud Resources at Risk
FRIEND
Bleeping Computer
Windows 10 KB5075039 update fixes broken Recovery Environment
FOE
The Register (Security)
Malware-laced OpenClaw installers get Bing AI search boost
FOE
Bleeping Computer
Fake LastPass support email threads try to steal vault passwords
FRIEND
EPIC
EPIC Urges Virginia Governor to Sign Bill Banning Sale of Location Data
FRIEND
EFF Deeplinks
Speaking Freely: Shin Yang
FRIEND
EFF Deeplinks
Speaking Freely: Shin Yang
FRIEND
CSO Online
Why AI, Zero Trust, and modern security require deep visibility
FRIEND
CSO Online
The 10-hour problem: How visibility gaps are burning out the SOC
FOE
Bleeping Computer
Cisco warns of max severity Secure FMC flaws giving root access
FOE
Bleeping Computer
Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks
FOE
Bleeping Computer
Hacker mass-mails HungerRush extortion emails to restaurant patrons
FRIEND
SecurityWeek
Tycoon 2FA Phishing Platform Dismantled in Global Takedown
FRIEND
Bleeping Computer
FBI seizes LeakBase cybercrime forum, data of 142,000 members
FOE
SecurityWeek
New LexisNexis Data Breach Confirmed After Hackers Leak Files
FOE
The Hacker News
149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict
FRIEND
Dark Reading
Stranger Things Meets Cybersecurity: Lessons from the Hive Mind
FRIEND
Bleeping Computer
Europol-coordinated action disrupts Tycoon2FA phishing platform
FRIEND
Dark Reading
Are We Ready for Auto Remediation With Agentic AI?
FOE
The Register (Security)
LexisNexis confirms data breach at Legal & Professional arm, some customer records affected
FRIEND
SecurityWeek
Zurich Acquires Beazley in $11 Billion Deal to Lead Cyberinsurance
FOE
Bleeping Computer
Mississippi medical center reopens clinics hit by ransomware attack
FOE
Bleeping Computer
How a Brute Force Attack Unmasked a Ransomware Infrastructure Network
FOE
SecurityWeek
Hacker Conversations: Inti De Ceukelaire, Raging Against the Machine Creatively
FRIEND
EPIC
EPIC Tells Supreme Court that Geofence Searches Need a Warrant with Particularized Probable Cause
FOE
The Register (Security)
Kaspersky dismisses claims Coruna iPhone exploit kit is connected to NSA-linked operation
FOE
Black Hills Information Security
The “P” in PAM is for Persistence: Linux Persistence Technique
FOE
The Hacker News
Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1
FOE
CSO Online
Iranian cyberattacks fail to materialize but threat remains acute
FOE
SecurityWeek
How Pirated Software Turns Helpful Employees Into Malware Delivery Agents
FRIEND
SecurityWeek
AI Security Firm JetStream Launches With $34 Million in Seed Funding
FOE
Schneier on Security
Manipulating AI Summarization Features
FOE
SecurityWeek
LastPass Warns of New Phishing Campaign
FRIEND
SecurityWeek
Webinar Today: Designing an OT SOC for Safety, Reliability, and Business Continuity
FOE
SecurityWeek
Google Plans Two-Week Release Schedule for Chrome
FRIEND
The Hacker News
New RFP Template for AI Usage Control and AI Governance
FOE
Dark Reading
China's Silver Dragon Razes Governments in EU, SE Asia
FRIEND
SecurityWeek
Global Coalition Publishes 6G Security and Resilience Principles
FOE
SANS Internet Storm Center
Want More XWorm?, (Wed, Mar 4th)
FOE
The Hacker News
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
FOE
CSO Online
Anthropic AI ultimatums and IP theft: The unspoken risk
FOE
SecurityWeek
Critical FreeScout Vulnerability Leads to Full Server Compromise
FOE
The Hacker News
APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
FOE
SecurityWeek
VMware Aria Operations Vulnerability Exploited in the Wild
FRIEND
CSO Online
How to know you’re a real-deal CSO — and whether that job opening truly seeks one
FOE
The Hacker News
CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog
FOE
CSO Online
AI-powered attack kits go open source, and CyberStrikeAI may be just the beginning
FRIEND
The Register (Security)
Google feels the need for security speed, so will ship Chrome updates every two weeks
FRIEND
Dark Reading
Dark Reading Confidential: This Threat Hunter Helped Cops Bust Up An African Cybercrime Syndicate
FOE
Recorded Future Blog
Ongoing Iran Conflict: What You Need to Know
FRIEND
EFF Deeplinks
EFF to Third Circuit: Electronic Device Searches at the Border Require a Warrant
FRIEND
EFF Deeplinks
EFF to Third Circuit: Electronic Device Searches at the Border Require a Warrant
FOE
Bleeping Computer
CISA flags VMware Aria Operations RCE flaw as exploited in attacks
FOE
The Register (Security)
Dev stunned by $82K Gemini bill after unknown API key thief goes to town
FOE
Risky Business News
Risky Bulletin: Cyber Command conducted cyberattacks ahead of Iran strikes
FOE
Bleeping Computer
Paint maker giant AkzoNobel confirms cyberattack on U.S. site
FOE
Bleeping Computer
Facebook accounts unavailable in worldwide outage
FOE
Dark Reading
Indian APT 'Sloppy Lemming' Targets Defense, Critical Infrastructure
FRIEND
EFF Deeplinks
The Anthropic-DOD Conflict: Privacy Protections Shouldn’t Depend On the Decisions of a Few Powerful People
FRIEND
EFF Deeplinks
The Anthropic-DOD Conflict: Privacy Protections Shouldn’t Depend On the Decisions of a Few Powerful People
FOE
Bleeping Computer
Microsoft: Hackers abuse OAuth error flows to spread malware
FOE
The Register (Security)
Chat at your own risk! Data brokers are selling deeply personal bot transcripts
FOE
Dark Reading
Vehicle Tire Pressure Sensors Enable Silent Tracking
FOE
Dark Reading
Qualcomm Zero-Day Exploited in Targeted Android Attacks
FOE
SecurityWeek
Iranian Strikes on Amazon Data Centers Highlight Industry’s Vulnerability to Physical Disasters
FOE
Sophos News
Hacktivist campaigns increase as United States, Iran, and Israel conflict intensifies
FOE
The Register (Security)
Cyberwarriors elevated to big leagues in US war with Iran
FOE
Dark Reading
Speakeasies to Shadow AI: Banning AI Browsers Will Fail
FOE
The Hacker News
Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
FRIEND
Bleeping Computer
Google Chrome shifts to two-week release cycle for increased stability
FRIEND
SecurityWeek
Fig Security Launches With $38 Million to Bolster SecOps Resilience
FRIEND
EFF Deeplinks
EFF to Supreme Court: Shut Down Unconstitutional Geofence Searches
FRIEND
EFF Deeplinks
EFF to Supreme Court: Shut Down Unconstitutional Geofence Searches
FOE
Bleeping Computer
LexisNexis confirms data breach as hackers leak stolen files
FOE
SecurityWeek
Honeywell, Researcher Clash Over Impact of Building Controller Vulnerability
FOE
The Register (Security)
Turns out most cybercriminals are old enough to know better
FOE
SANS Internet Storm Center
Bruteforce Scans for CrushFTP , (Tue, Mar 3rd)
FOE
Bleeping Computer
Compromised Site Management Panels are a Hot Item in Cybercrime Markets
FRIEND
The Hacker News
Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow
FOE
The Hacker News
Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries
FOE
The Register (Security)
Until last month, attackers could've stolen info from Perplexity Comet users just by sending a calendar invite
FOE
SecurityWeek
Quantum Decryption of RSA is Much Closer than Expected
FOE
SecurityWeek
New ‘AirSnitch’ Attack Shows Wi-Fi Client Isolation Could be a False Sense of Security
FOE
SecurityWeek
1.2 Million Affected by University of Hawaii Cancer Center Data Breach
FOE
CSO Online
OAuth phishers make ‘check where the link points’ advice ineffective
FOE
Dark Reading
AI Agent Overload: How to Solve the Workload Identity Crisis
FOE
CSO Online
Jetzt Staats-CISO werden – für unter 160.000 Euro
FOE
SecurityWeek
Android Update Patches Exploited Qualcomm Zero-Day
FOE
Ars Technica (Security)
LLMs can unmask pseudonymous users at scale with surprising accuracy
FRIEND
SecurityWeek
Iran Cyber Front: Hacktivist Activity Rises, but State-Sponsored Attacks Stay Low
FRIEND
Schneier on Security
On Moltbook
FOE
CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
FOE
CISA Alerts
Hitachi Energy Relion REB500 Product
FOE
CISA Alerts
Portwell Engineering Toolkits
FOE
CISA Alerts
Labkotec LID-3300IP
FOE
CISA Alerts
Everon OCPP Backends
FOE
CISA Alerts
ePower epower.ie
FOE
CISA Alerts
Mobiliti e-mobi.hu
FOE
CISA Alerts
Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP module and Ethernet module
FOE
CISA Alerts
Hitachi Energy RTU500 Product
FOE
Bleeping Computer
Amazon: Drone strikes damaged AWS data centers in Middle East
FOE
The Register (Security)
Chrome Gemini panel became privilege escalator for rogue extensions
FOE
Dark Reading
As War Continues, Pro-Iranian Actors Launch Barrage of Cyberattacks
FOE
The Hacker News
AI Agents: The Next Wave Identity Dark Matter - Powerful, Invisible, and Unmanaged
FOE
The Hacker News
Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
FOE
The Register (Security)
Cybercriminals swipe 15.8M medical records from French doctors ministry
FOE
Bleeping Computer
Star Citizen game dev discloses breach affecting user data
FOE
SecurityWeek
Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise
FOE
CSO Online
Studie: Hacker legen Betrieb bei vielen Unternehmen lahm
FOE
CSO Online
Epic Fury introduces new layer of enterprise risk
FOE
Bleeping Computer
UH Cancer Center data breach affects nearly 1.2 million people
FOE
SecurityWeek
Researchers Uncover Method to Track Cars via Tire Sensors
FOE
The Hacker News
Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets
FOE
Bleeping Computer
Android gets patches for Qualcomm zero-day exploited in attacks
FOE
The Hacker News
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
FOE
CSO Online
7 factors impacting the cyber skills gap
FOE
The Hacker News
SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains
FOE
The Register (Security)
Gamers furious as Brit studio Cloud Imperium quietly admits to data breach
FRIEND
CSO Online
Das gehört in Ihr Security-Toolset
FOE
The Register (Security)
Phish of the day: Microsoft OAuth scams abuse redirects for malware delivery
FOE
Bleeping Computer
CyberStrikeAI tool adopted by hackers for AI-powered attacks
FOE
Sophos News
Hacktivist campaigns increase as United States, Iran, and Israel conflict intensifies
FRIEND
EFF Deeplinks
EFF to Court: Don’t Make Embedding Illegal
FRIEND
EFF Deeplinks
EFF to Court: Don’t Make Embedding Illegal
FOE
Dark Reading
Critical OpenClaw Vulnerability Exposes AI Agent Risks
FOE
Dark Reading
The Tug-of-War Over Firewall Backlogs in the AI-Driven Development Era
FOE
The Register (Security)
Iran's cyberwar has begun
FOE
Dark Reading
30 Alleged Members of 'The Com' Arrested in Project Compass
FOE
Bleeping Computer
Fake Google Security site uses PWA app to steal credentials, MFA codes
FRIEND
EPIC
EPIC Urges HHS to Prioritize Patient Privacy in Clinical Care AI Uses
FRIEND
CSO Online
Vulnerability monitoring service secures public-sector websites faster
FOE
Bleeping Computer
Alabama man pleads guilty to hacking, extorting hundreds of women
FOE
The Register (Security)
UK Businesses told to brace cyber defenses amid Iran conflict risk
FOE
Bleeping Computer
Florida woman imprisoned for massive Microsoft license fraud scheme
FOE
The Hacker News
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
FRIEND
The Hacker News
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
FRIEND
EFF Deeplinks
National Book Tour for Cindy Cohn’s Memoir, ‘Privacy’s Defender’
FRIEND
EFF Deeplinks
National Book Tour for Cindy Cohn’s Memoir, ‘Privacy’s Defender’
FOE
Bleeping Computer
UK warns of Iranian cyberattack risks amid Middle-East conflict
FOE
SecurityWeek
Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant
FOE
Bleeping Computer
How Deepfakes and Injection Attacks Are Breaking Identity Verification
FOE
SecurityWeek
OpenClaw Vulnerability Allowed Websites to Hijack AI Agents
FOE
The Register (Security)
Memory scalpers hunt scarce DRAM with bot blitz
FOE
SecurityWeek
Madison Square Garden Data Breach Confirmed Months After Hacker Attack
FOE
The Register (Security)
Scammers try to SIM-swap Dubai citizens hours after Iranian missile strikes
FOE
The Hacker News
⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More
FRIEND
Dark Reading
Quantum-Resistant Data Diode Secures Sensitive Data on Edge Devices, Critical Systems
FRIEND
SecurityWeek
Nick Andersen Appointed Acting Director of CISA
FRIEND
SecurityWeek
AWS Expands Security Hub Into a Cross-Domain Security Platform
FOE
Bleeping Computer
Anthropic confirms Claude is down in a worldwide outage
FOE
Schneier on Security
LLM-Assisted Deanonymization
FOE
The Hacker News
How to Protect Your SaaS from Bot Attacks with SafeLine WAF
FOE
SecurityWeek
North Korean APT Targets Air-Gapped Systems in Recent Campaign
FRIEND
SecurityWeek
Google Working Towards Quantum-Safe Chrome HTTPS Certificates
FRIEND
SANS Internet Storm Center
Quick Howto: ZIP Files Inside RTF, (Mon, Mar 2nd)
FRIEND
SANS Internet Storm Center
Wireshark 4.6.4 Released, (Mon, Mar 2nd)
FOE
SecurityWeek
US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates
FRIEND
CSO Online
Innovation without exposure: A CISO’s secure-by-design framework for business outcomes
FOE
The Hacker News
APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday
FOE
Dark Reading
Bug in Google's Gemini AI Panel Opens Door to Hijacking
FRIEND
CSO Online
A scorecard for cyber and risk culture
FOE
The Hacker News
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
FRIEND
CSO Online
Hacker erpressen weniger Lösegeld
FRIEND
CSO Online
How CISOs can build a resilient workforce
FRIEND
CSO Online
Im Fokus: RZ-Modernisierung
FRIEND
CSO Online
Im Fokus: RZ-Modernisierung
FOE
CSO Online
Kubernetes Security: Wie Sie Ihre Cluster (besser) absichern
FRIEND
The Register (Security)
UK government's Vulnerability Monitoring System is working - fixes flow far faster
FOE
Risky Business News
Risky Bulletin: LLMs can deanonymize internet users based on their past comments
FOE
The Register (Security)
South Korea’s tax office apologizes for leaking seed phrase to seized crypto
FOE
Recorded Future Blog
Latin America's Cybersecurity Turning Point: From Reactive Defense to Threat Intelligence
FOE
Recorded Future Blog
Ongoing Iran Conflict: What You Need to Know
FOE
Bleeping Computer
ClawJacked attack let malicious websites hijack OpenClaw to steal data
FRIEND
Bleeping Computer
Samsung TVs to stop collecting Texans’ data without express consent
FOE
SecurityWeek
Hackers Weaponize Claude Code in Mexican Government Cyberattack
FOE
Sophos News
Cyber Advisory: Increased Cyber Risk Amid U.S.–Israel–Iran Escalation
FOE
Bleeping Computer
QuickLens Chrome extension steals crypto, shows ClickFix attack
FOE
The Hacker News
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
FOE
Bleeping Computer
$4.8M in crypto stolen after Korean tax agency exposes wallet seed
FOE
Krebs on Security
Who is the Kimwolf Botmaster “Dort”?
FOE
SecurityWeek
Canadian Tire Data Breach Impacts 38 Million Accounts
FRIEND
The Register (Security)
Denizens of DEF CON are 'fed up with government'
FOE
The Hacker News
Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement
FOE
The Hacker News
Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute
FRIEND
Ars Technica (Security)
Google quantum-proofs HTTPS by squeezing 2.5kB of data into 64-byte space
FOE
The Register (Security)
Double whammy: Steaelite RAT bundles data theft, ransomware in one evil tool
FRIEND
EPIC
Connecticut AG Issues Report on How Existing State Law Applies to AI
FRIEND
Schneier on Security
Friday Squid Blogging: Squid Fishing in Peru
FOE
CSO Online
Security hole could let hackers take over Juniper Networks PTX core routers
FOE
SecurityWeek
Trump Orders All Federal Agencies to Phase Out Use of Anthropic Technology
FOE
Dark Reading
Life Mirrors Art: Ransomware Hits Hospitals on TV & IRL
FOE
CSO Online
‘Silent’ Google API key change exposed Gemini AI data
FRIEND
Dark Reading
Cities Hosting Major Events Need More Focus on Wireless, Drone Defense
FOE
Dark Reading
Flaw-Finding AI Assistants Face Criticism for Speed, Accuracy
FRIEND
Bleeping Computer
Microsoft testing Windows 11 batch file security improvements
FOE
The Register (Security)
Suspected Nork digital intruders caught breaking into US healthcare, education orgs
FOE
Bleeping Computer
APT37 hackers use new malware to breach air-gapped networks
FRIEND
Bleeping Computer
Europol-led crackdown on The Com hackers leads to 30 arrests
FRIEND
The Hacker News
DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams
FOE
The Hacker News
900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks
FOE
Dark Reading
The Case for Why Better Breach Transparency Matters
FOE
The Register (Security)
Ransomware payments cratered in 2025, but attacks surged to record highs
FOE
Bleeping Computer
CISA warns that RESURGE malware can be dormant on Ivanti devices
FOE
The Hacker News
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor
FOE
SecurityWeek
In Other News: ATT&CK Advisory Council, Russian Cyberattacks Aid Missile Strikes, Predator Bypasses iOS Indicators
FOE
The Register (Security)
French DIY etailer ManoMano admits customer data stolen
FRIEND
Bleeping Computer
Third-Party Patching and the Business Footprint We All Share
FOE
Privacy International
The Anthropic and US Government conflict is larger than you think
FOE
Dark Reading
Claude Code Security Shows Promise, Not Perfection
FOE
The Register (Security)
Cops back Dutch telco Odido after second wave of ShinyHunters leaks
FOE
SecurityWeek
38 Million Allegedly Impacted by ManoMano Data Breach
FOE
CSO Online
One of the ‘most influential cybersecurity’ roles will pay under $175,000
FOE
SecurityWeek
900 Sangoma FreePBX Instances Infected With Web Shells
FOE
The Hacker News
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
FRIEND
SecurityWeek
Chilean Carding Shop Operator Extradited to US
FRIEND
SecurityWeek
Anthropic Refuses to Bend to Pentagon on AI Safeguards as Dispute Nears Deadline
FOE
Bleeping Computer
Ukrainian man pleads guilty to running AI-powered fake ID site
FOE
SANS Internet Storm Center
Fake Fedex Email Delivers Donuts!, (Fri, Feb 27th)
FOE
Schneier on Security
Why Tehran’s Two-Tiered Internet Is So Dangerous
FOE
Schneier on Security
Phishing Attacks Against People Seeking Programming Jobs
FOE
SecurityWeek
Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience
FOE
CSO Online
Your personal OpenClaw agent may also be taking orders from malicious websites
FRIEND
CSO Online
US authorities punish sellers of malware and spyware
FRIEND
CSO Online
Why application security must start at the load balancer
FOE
SecurityWeek
Juniper Networks PTX Routers Affected by Critical Vulnerability
FOE
The Hacker News
Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms
FRIEND
CSO Online
How to make LLMs a defensive advantage without creating a new attack surface
FRIEND
The Hacker News
Meta Files Lawsuits Against Brazil, China, Vietnam Advertisers Over Celeb-Bait Scams
FOE
SecurityWeek
Critical Flaws Exposed Gardyn Smart Gardens to Remote Hacking
FRIEND
CSO Online
The CSO guide to top security conferences
FOE
CSO Online
Ransomware groups switch to stealthy attacks and long-term access
FRIEND
EFF Deeplinks
Victory! Tenth Circuit Finds Fourth Amendment Doesn’t Support Broad Search of Protesters’ Devices and Digital Data
FRIEND
EFF Deeplinks
Victory! Tenth Circuit Finds Fourth Amendment Doesn’t Support Broad Search of Protesters’ Devices and Digital Data
FOE
Risky Business News
Risky Bulletin: Russian man investigated for extorting Conti ransomware group
FOE
EPIC
The Verge: FTC declines to enforce a kids privacy law for data collected to verify users’ ages
FOE
Dark Reading
Marquis v. SonicWall Lawsuit Ups the Breach Blame Game
FOE
Dark Reading
Cisco SD-WAN Zero-Day Under Exploitation for 3 Years
FOE
Bleeping Computer
Previously harmless Google API keys now expose Gemini AI data
FRIEND
EPIC
EPIC, OTI Urge FTC Not to Ignore Full Scope of Data-Driven Harms
FRIEND
SecurityWeek
Apple iPhone and iPad Cleared for Classified NATO Use
FOE
The Hacker News
Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown
FOE
Bleeping Computer
Trend Micro warns of critical Apex One code execution flaws
FOE
Bleeping Computer
European DYI chain ManoMano data breach impacts 38 million customers
FRIEND
SecurityWeek
Four Risks Boards Cannot Treat as Background Noise
FOE
Bleeping Computer
Critical Juniper Networks PTX flaw allows full router takeover
FOE
The Intercept (Privacy)
Zohran Mamdani Kept Columbia Student in New York — Then Phoned With Trump to Secure Her Release
FOE
Bleeping Computer
Olympique Marseille confirms 'attempted' cyberattack after data leak
FOE
Ars Technica (Security)
New AirSnitch attack breaks Wi-Fi encryption in homes, offices, and enterprises
FOE
The Register (Security)
Rapid AI-driven development makes security unattainable, warns Veracode
FOE
The Hacker News
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
FOE
The Hacker News
ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories
FRIEND
Bleeping Computer
Ransomware payment rate drops to record low as attacks surge
FOE
SecurityWeek
Claude Code Flaws Exposed Developer Devices to Silent Hacking
FRIEND
Bleeping Computer
Microsoft expands Windows restore to more enterprise devices
FRIEND
SecurityWeek
Gambit Security Emerges From Stealth With $61 Million in Funding
FOE
The Register (Security)
Scattered Lapsus$ Hunters auditioning female voices to sharpen social engineering
FOE
CSO Online
Hackers Compromise Networks Faster and Faster [DE]
FOE
SecurityWeek
Zyxel Patches Critical Vulnerability in Many Device Models
FOE
Schneier on Security
LLMs Generate Predictable Passwords
FOE
The Hacker News
Expert Recommends: Prepare for PQC Right Now
FOE
CISA Alerts
Pelco, Inc. Sarix Pro 3 Series IP Cameras
FOE
CISA Alerts
EV2GO ev2go.io
FOE
CISA Alerts
EV Energy ev.energy
FOE
CISA Alerts
Chargemap chargemap.com
FOE
CISA Alerts
Mobility46 mobility46.se
FOE
CISA Alerts
SWITCH EV swtchenergy.com
FOE
CISA Alerts
CloudCharge cloudcharge.se
FOE
CISA Alerts
Yokogawa CENTUM VP R6, R7
FOE
CISA Alerts
Johnson Controls, Inc. Frick Controls Quantum HD
FOE
CISA Alerts
Copeland XWEB and XWEB Pro
FOE
Bleeping Computer
New York sues Valve for promoting illegal gambling via game loot boxes
FOE
The Register (Security)
Five Eyes warn: Patch your Cisco SD-WAN or risk root takeover
FOE
CSO Online
China-linked hackers used Google Sheets to spy on telecoms and governments across 42 countries
FOE
The Intercept (Privacy)
Florida Might Make Its Own Spy Squad. Muslims Think They Have a Pretty Good Idea Who’ll Be Targeted.
FOE
The Hacker News
Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware
FOE
SecurityWeek
US Sanctions Russian Exploit Broker Operation Zero
FOE
The Hacker News
Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens
FOE
CSO Online
The farmers and the mercenaries: Rethinking the ‘human layer’ in security
FRIEND
SecurityWeek
Trend Micro Patches Critical Apex One Vulnerabilities
FOE
SecurityWeek
Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers
FOE
Google Project Zero
A Deep Dive into the GetProcessHandleFromHwnd API
FOE
CSO Online
5 trends that should top CISO’s RSA 2026 agendas
FOE
The Hacker News
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access
FRIEND
CSO Online
9 Essential Open Source Security Tools [DE]
FRIEND
CSO Online
How to Justify Your Security Investments [DE]
FRIEND
SANS Internet Storm Center
Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary], (Tue, Feb 24th)
FOE
Risky Business News
Srsly Risky Biz: Is Claude Too Woke For War?
FOE
The Register (Security)
Claude collaboration tools left the door wide open to remote code execution
FOE
CSO Online
Steaelite RAT combines data theft and ransomware management capability in one tool
FOE
Sophos News
Cisco SD-WAN vulnerabilities (CVE-2026-20127, CVE-2022-20775) in active exploitation
FRIEND
Sophos News
Sophos Workspace Protection is Now Available
FRIEND
Recorded Future Blog
Recorded Future Expands Coverage of Scams and Financial Fraud with Money Mule Intelligence from CYBERA
FOE
Dark Reading
Chinese Police Use ChatGPT to Smear Japan PM Takaichi
FOE
Bleeping Computer
Medical device maker UFP Technologies warns of data stolen in cyberattack
FOE
CSO Online
Five Eyes issue emergency directive on exploited Cisco SD-WAN zero-day
FOE
Dark Reading
Flaws in Claude Code Put Developers' Machines at Risk
FOE
Bleeping Computer
Fake Next.js job interview tests backdoor developer's devices
FRIEND
Dark Reading
RAMP Forum Seizure Fractures Ransomware Ecosystem
FRIEND
SANS Internet Storm Center
The CLAIR Model: A Synthesized Conceptual Framework for Mapping Critical Infrastructure Interdependencies [Guest Diary], (Wed, Feb 25th)
FOE
The Register (Security)
Google catches Beijing spies using Sheets to spread espionage across 4 continents
FOE
Dark Reading
PCI Council Says Threats to Payments Systems Are Speeding Up
FOE
EFF Deeplinks
☺️ Trust Us With Your Face | EFFector 38.4
FOE
EFF Deeplinks
☺️ Trust Us With Your Face | EFFector 38.4
FOE
Bleeping Computer
Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023
FRIEND
The Hacker News
Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries
FRIEND
EFF Deeplinks
How to Pick Your Password Manager
FRIEND
EFF Deeplinks
How to Pick Your Password Manager
FRIEND
EFF Deeplinks
How to Pick Your Password Manager
FOE
Bleeping Computer
Chinese cyberspies breached dozens of telecom firms, govt agencies
FOE
The Hacker News
Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration
FOE
The Register (Security)
Fake 'interview' repos lure Next.js devs into running secret-stealing malware
FOE
Dark Reading
Malicious Next.js Repos Target Developers Via Fake Job Interviews
FOE
SecurityWeek
The Blast Radius Problem: Stolen Credentials Are Weaponizing Agentic AI
FOE
Privacy International
Analysis of the Disclosures following the ICO Enforcement Notice on GPS Tagging of Migrants
FRIEND
SecurityWeek
Google Disrupts Chinese Cyberespionage Campaign Targeting Telecoms, Governments
FOE
Bleeping Computer
Marquis sues SonicWall over backup breach that led to ransomware attack
FOE
SecurityWeek
SolarWinds Patches Four Critical Serv-U Vulnerabilities
FRIEND
Privacy International
Discord pushes back age verification after security risks revealed
FOE
The Hacker News
SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
FRIEND
Bleeping Computer
The OpenClaw Hype: Analysis of Chatter from Open-Source Deep and Dark Web
FOE
The Hacker News
Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It
FOE
Privacy International
Nowhere to Hide? Privacy Risks and Policy Implications of AI Geolocation
FRIEND
Black Hills Information Security
Malware Analysis: How to Analyze and Understand Malware
FOE
Dark Reading
Why 'Call This Number' TOAD Emails Beat Gateways
FOE
The Register (Security)
Ex-L3Harris exec jailed 7 years for selling exploits to Russia
FOE
SecurityWeek
Medical Device Maker UFP Technologies Hit by Cyberattack
FOE
SecurityWeek
Ex-US Defense Contractor Executive Jailed for Selling Exploits to Russia
FOE
Bleeping Computer
Zyxel warns of critical RCE flaw affecting over a dozen routers
FOE
The Hacker News
Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware
FOE
The Register (Security)
Wynn Resorts takes attacker's word for it that stolen staff data was deleted
FOE
SecurityWeek
Over 12 Million Users Impacted by CarGurus Data Breach
FOE
Schneier on Security
Poisoning AI Training Data
FOE
CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
FOE
CISA Alerts
CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems
FRIEND
Dark Reading
'Richter Scale' Model Measures Magnitude of OT Cyber Incidents
FRIEND
SecurityWeek
SecurityWeek Report: 426 Cybersecurity M&A Deals Announced in 2025
FOE
SecurityWeek
Wynn Resorts Confirms Data Breach After Hackers Remove It From Leak Site
FOE
CSO Online
Microsoft warns of job‑themed repo lures targeting developers with multi‑stage backdoors
FOE
The Hacker News
Manual Processes Are Putting National Security at Risk
FRIEND
SecurityWeek
Astelia Raises $35 Million for Exposure Management
FOE
Bleeping Computer
US sanctions Russian broker for buying stolen zero-day exploits
FOE
SecurityWeek
Reddit Hit With $20 Million UK Data Privacy Fine Over Child Safety Failings
FOE
The Register (Security)
OpenAI says Chinese cops used ChatGPT to plan and track smear ops against opponents
FOE
SecurityWeek
Claude’s New AI Vulnerability Scanner Sends Cybersecurity Shares Plunging
FOE
CSO Online
Ukrainian convicted for helping fake North Korean IT workers
FOE
The Hacker News
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
FOE
SecurityWeek
Ad Tech Company Optimizely Targeted in Cyberattack
FOE
Bleeping Computer
Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker
FRIEND
Dark Reading
Operation Red Card 2.0 Leads to 651 Arrests in Africa
FRIEND
Bleeping Computer
Windows 11 KB5077241 update improves BitLocker, adds Sysmon tool
FOE
The Hacker News
SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
FRIEND
CSO Online
Boards don’t need cyber metrics — they need risk signals
FOE
The Register (Security)
Threat intelligence supply chain is full of weak links, researchers find
FOE
The Hacker News
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
FOE
CSO Online
Hacker cracks 600 firewalls in one month - with AI [DE]
FOE
CSO Online
How AI is Changing Your GRC Strategy [DE]
FOE
CSO Online
New Serv-U bugs extend SolarWinds’ run of high-severity disclosures
FOE
CSO Online
Fake Zoom meeting silently installs surveillance software, says Malwarebytes
FOE
Risky Business News
Risky Bulletin: Russia starts criminal probe of Telegram founder Pavel Durov
FOE
CSO Online
VMware fixes command injection flaw in Aria Operations
FOE
Bleeping Computer
Phishing campaign targets freight and logistics orgs in the US, Europe
FOE
EFF Deeplinks
Tech Companies Shouldn’t Be Bullied Into Doing Surveillance
FOE
EFF Deeplinks
Tech Companies Shouldn’t Be Bullied Into Doing Surveillance
FOE
The Register (Security)
AI has gotten good at finding bugs, not so good at swatting them
FOE
CSO Online
What does business email compromise look like?
FOE
CSO Online
What are the types of ransomware attacks?
FOE
Bleeping Computer
Wynn Resorts confirms employee data breach after extortion threat
FOE
CSO Online
Take control: Locking down common endpoint vulnerabilities
FOE
Bleeping Computer
1Campaign platform helps malicious Google ads evade detection
FOE
Dark Reading
Attackers Now Need Just 29 Minutes to Own a Network
FOE
CSO Online
How to prevent business email compromise
FOE
CSO Online
Know the red flags: Business email compromise signs to look out for
FOE
Dark Reading
Lazarus Group Picks a New Poison: Medusa Ransomware
FRIEND
Sophos News
Sophos Workspace Protection is Now Available
FRIEND
EPIC
EPIC Joins Groups Urging FTC to Crack Down on Hidden Surveillance Pricing
FOE
The Register (Security)
Patch these 4 critical, make-me-root SolarWinds bugs ASAP
FRIEND
CSO Online
Cyber defense: From reactive to proactive
FOE
The Hacker News
RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
FOE
The Register (Security)
North Korea's Lazarus Group targets healthcare orgs with Medusa ransomware
FOE
Bleeping Computer
CarGurus data breach exposes information of 12.4 million accounts
FOE
SANS Internet Storm Center
Open Redirects: A Forgotten Vulnerability?, (Tue, Feb 24th)
FRIEND
Bleeping Computer
Microsoft adds Copilot data controls to all storage locations
FOE
The Register (Security)
Go library maintainer brands GitHub's Dependabot a 'noise machine'
FOE
Sophos News
Nowhere, man: The 2026 Active Adversary Report
FOE
SecurityWeek
‘Arkanix Stealer’ Malware Disappears Shortly After Debut
FRIEND
Bleeping Computer
Identity-First AI Security: Why CISOs Must Add Intent to the Equation
FOE
Bleeping Computer
UK fines Reddit $19 million for using children’s data unlawfully
FOE
SecurityWeek
VMware Aria Operations Vulnerability Could Allow Remote Code Execution
FOE
The Hacker News
UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware
FRIEND
SecurityWeek
CISO Conversations: Timothy Youngblood; 4x Fortune 500 CISO/CSO
FOE
SecurityWeek
New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM
FOE
The Register (Security)
UK data watchdog fines Reddit £14.47M for letting kids slip past the gate
FRIEND
Dark Reading
As Cybersecurity Firms Chase AI, VC Market Skyrockets
FOE
Bleeping Computer
Critical SolarWinds Serv-U flaws offer root access to servers
FOE
SecurityWeek
GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
FOE
Schneier on Security
Is AI Good for Democracy?
FOE
SecurityWeek
Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
InSAT MasterSCADA BUK-TS
FOE
CISA Alerts
Gardyn Home Kit
FOE
CISA Alerts
Schneider Electric EcoStruxure Building Operation Workstation
FRIEND
NIST Cybersecurity Insights
Celebrating Two Years of CSF 2.0!
FRIEND
The Hacker News
Identity Prioritization isn't a Backlog Problem - It's a Risk Math Problem
FOE
The Register (Security)
Korean cops charge teens over bike hire breach that exposed data on 4.62M riders
FOE
The Hacker News
Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks
FOE
CSO Online
Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools
FOE
Bleeping Computer
ShinyHunters extortion gang claims Odido breach affecting millions
FOE
Bleeping Computer
North Korean Lazarus group linked to Medusa ransomware attacks
FOE
The Register (Security)
UK tech hit by double trouble: Fewer foreign techies amid skills squeeze
FRIEND
SecurityWeek
Anonymous Fénix Members Arrested in Spain
FOE
The Hacker News
UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors
FRIEND
CSO Online
Billions in Bitcoin from Pirated Content Portal Targeted by Justice System [DE]
FRIEND
The Register (Security)
Euro allies aiming to rapidly build low-cost air defense weapons
FOE
Privacy International
Dual-use tech: the Elbit example
FOE
Privacy International
Dual-use tech: the Skydio example
FOE
Privacy International
Dual-use tech: the Leonardo example
FOE
Privacy International
Dual-use tech: the Thales example
FRIEND
CSO Online
It’s time to rethink CISO reporting lines
FOE
CSO Online
The rise of the evasive adversary
FRIEND
CSO Online
Anthropic’s Claude Code Security rollout is an industry wakeup call
FOE
The Hacker News
Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model
FRIEND
CSO Online
OT-Security: Why it's worth taking a look at Open Source [DE]
FOE
CSO Online
Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon
FOE
Sophos News
The Active Adversary Report: Safety in numbers
FOE
Recorded Future Blog
January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5% Increase, APT28 Exploits Microsoft Office Zero-Day
FOE
Sophos News
The Active Adversary Report: Safety in numbers
FRIEND
Sophos News
Stopping real-world attacks: Lessons for business leaders from the 2026 cyber frontline
FOE
Recorded Future Blog
Preparing for Russia’s New Generation Warfare in Europe
FOE
Bleeping Computer
Android mental health apps with 14.7M installs filled with security flaws
FOE
Dark Reading
Spitting Cash: ATM Jackpotting Attacks Surged in 2025
FRIEND
Dark Reading
More Than Dashboards: AI Decisions Must Be Provable
FOE
Bleeping Computer
Spain arrests suspected hacktivists for DDoSing govt sites
FRIEND
EPIC
EPIC Model Platform Design Legislation Introduced in Kentucky
FOE
Dark Reading
Iran's MuddyWater Targets Orgs With Fresh Malware as Tensions Mount
FRIEND
Dark Reading
Enigma Cipher Device Still Holds Secrets for Cyber Pros
FOE
The Register (Security)
Infosec community panics as Anthropic rolls out Claude code security checker
FOE
The Hacker News
APT28 Targeted European Entities Using Webhook-Based Macro Malware
FRIEND
Bleeping Computer
Microsoft says bug in classic Outlook hides the mouse pointer
FOE
Dark Reading
600+ FortiGate Devices Hacked by AI-Armed Amateur
FRIEND
EPIC
EPIC Testifies in Support of Ban on Sale of Precise Location Data in Virginia
FOE
Bleeping Computer
Ad tech firm Optimizely confirms data breach after vishing attack
FOE
The Hacker News
Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb
FRIEND
Sophos News
Stopping real-world attacks: Lessons for business leaders from the 2026 cyber frontline
FOE
The Intercept (Privacy)
Nonprofit Coalition Asks Courts to Prevent Coercive Federal Investigation Tactics
FOE
The Register (Security)
Global regulators say AI image tools don't get a free pass on privacy rules
FOE
SecurityWeek
US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach
FRIEND
The Register (Security)
Break free of Ring's servers, earn a five-figure bounty
FOE
Bleeping Computer
When identity isn’t the weak link, access still is
FOE
SecurityWeek
Ukrainian Gets 5 Years in US Prison for Aiding North Korean IT Fraud
FOE
SANS Internet Storm Center
Another day, another malicious JPEG, (Mon, Feb 23rd)
FOE
The Hacker News
⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More
FOE
SecurityWeek
Autonomous AI Agents Provide New Class of Supply Chain Attack
FOE
The Register (Security)
Suspected Anonymous members detained in Spain over post-flood DDoS blitz
FOE
Schneier on Security
On the Security of Password Managers
FOE
CSO Online
Hacker steals data from thousands of RTL employees [DE]
FOE
The Hacker News
How Exposed Endpoints Increase Risk Across LLM Infrastructure
FOE
CSO Online
New Arkanix stealer blends rapid Python harvesting with stealthier C++ payloads
FOE
SecurityWeek
Romanian Hacker Pleads Guilty to Selling Access to US State Network
FOE
Bleeping Computer
CISA: Recently patched RoundCube flaws now exploited in attacks
FOE
The Register (Security)
AWS says more than 600 FortiGate firewalls hit in AI-augmented campaign
FOE
SecurityWeek
Hundreds of FortiGate Firewalls Hacked in AI-Powered Attacks: AWS
FOE
SecurityWeek
Recent RoundCube Webmail Vulnerability Exploited in Attacks
FOE
CSO Online
Attackers exploit Ivanti EPMM zero-days to seize control of MDM servers
FOE
SecurityWeek
Mississippi Hospital System Closes All Clinics After Ransomware Attack
FOE
The Hacker News
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
FOE
The Register (Security)
Every day in every way, passwords are getting worse and worse
FOE
SecurityWeek
PayPal Data Breach Led to Fraudulent Transactions
FOE
The Hacker News
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP
FOE
CSO Online
13 ways attackers use generative AI to exploit your systems
FOE
EPIC
The Verge: America desperately needs new privacy laws
FOE
Risky Business News
Risky Bulletin: AI-driven hacking campaign breaches 600+ Fortinet devices
FRIEND
Sophos News
Nowhere, man: The 2026 Active Adversary Report
FRIEND
Sophos News
Sophos Workspace Protection Enables Secure Access for Contractors and Guests
FOE
The Register (Security)
Attacker gets into France's database listing all bank accounts, makes off with 1.2 million records
FOE
Bleeping Computer
Arkanix Stealer pops up as short-lived AI info-stealer experiment
FOE
The Register (Security)
UK council faces data breach claim after mishandling trans complaints
FOE
Bleeping Computer
Predator spyware hooks iOS SpringBoard to hide mic, camera activity
FOE
The Hacker News
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
FOE
Bleeping Computer
Amazon: AI-assisted hacker breached 600 FortiGate firewalls in 5 weeks
FOE
SecurityWeek
Critical Grandstream Phone Vulnerability Exposes Calls to Interception
FRIEND
The Hacker News
Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning
FOE
The Hacker News
CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog
FOE
SANS Internet Storm Center
Japanese-Language Phishing Emails, (Sat, Feb 21st)
FRIEND
The Hacker News
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
FOE
CSO Online
Compromised npm package silently installs OpenClaw on developer machines
FRIEND
EPIC
Law360: State Privacy Watch: 4 Legislative Developments To Know
FOE
EPIC
Biometric Update: FTC asked to investigate Meta facial recognition smart glasses plan
FOE
EPIC
The Verge: Smart glasses in court are a privacy nightmare
FOE
The Register (Security)
PayPal app code error leaked personal info and a 'few' unauthorized transactions
FRIEND
Schneier on Security
Friday Squid Blogging: Squid Cartoon
FOE
Dark Reading
Attackers Use New Tool to Scan for React2Shell Exposure
FOE
The Register (Security)
AI coding assistant Cline compromised to create more OpenClaw chaos
FOE
Krebs on Security
‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
FRIEND
EPIC
EPIC Testifies in Support of New Jersey Age-Appropriate Design Code
FOE
Dark Reading
'God-Like' Attack Machines: AI Agents Ignore Security Policies
FOE
Bleeping Computer
Japanese tech giant Advantest hit by ransomware attack
FOE
The Register (Security)
ShinyHunters demands $1.5M not to leak Vegas casino and resort chain data
FRIEND
Dark Reading
Lessons From AI Hacking: Every Model, Every Layer Is Risky
FOE
Bleeping Computer
CISA: BeyondTrust RCE flaw now exploited in ransomware attacks
FOE
CSO Online
Don’t trust TrustConnect: This fake remote support tool only helps hackers
FOE
Bleeping Computer
Data breach at French bank registry impacts 1.2 million accounts
FRIEND
SecurityWeek
NIST’s Quantum Breakthrough: Single Photons Produced on a Chip
FOE
The Hacker News
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
FOE
SecurityWeek
In Other News: Ransomware Shuts US Clinics, ICS Vulnerability Surge, European Parliament Bans AI
FOE
Bleeping Computer
Why the shift left dream has become a nightmare for security and developers
FOE
The Register (Security)
Ukrainian gets five years for helping North Koreans secure US tech jobs
FOE
The Hacker News
Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems
FOE
The Register (Security)
Founder ditches AWS for Euro stack, finds sovereignty isn't plug-and-play
FOE
Dark Reading
Latin America's Cyber Maturity Lags Threat Landscape
FOE
Bleeping Computer
PayPal discloses data breach that exposed user info for 6 months
FOE
CSO Online
AI and complexity as accelerators for cybercriminals [DE]
FOE
SecurityWeek
BeyondTrust Vulnerability Exploited in Ransomware Attacks
FOE
The Register (Security)
CISA gives federal agencies three days to patch actively exploited Dell bug
FRIEND
Schneier on Security
Ring Cancels Its Partnership with Flock
FOE
CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
FOE
The Hacker News
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT RAT
FOE
Bleeping Computer
Mississippi medical center closes all clinics after ransomware attack
FOE
SecurityWeek
FBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025
FOE
The Register (Security)
Ex-Google engineers accused of helping themselves to chip security secrets
FRIEND
The Hacker News
Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026
FOE
The Register (Security)
Attackers have 16-digit card numbers, expiry dates, but not names. Should org get £500k fine?
FOE
Bleeping Computer
FBI: Over $20 million stolen in surge of ATM malware attacks in 2025
FOE
The Hacker News
Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case
FOE
SecurityWeek
Chip Testing Giant Advantest Hit by Ransomware
FOE
Bleeping Computer
Ukrainian gets 5 years for helping North Koreans infiltrate US firms
FOE
CSO Online
Special Commission Investigates Cyberattack on Dresden Art Collections [DE]
FOE
The Hacker News
FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025
FOE
SecurityWeek
PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
FRIEND
CSO Online
PayPal launches latest struggle to get rid of SMS for MFA
FOE
The Hacker News
Three Former Google Engineers Indicted Over Trade Secret Transfers to Iran
FOE
The Register (Security)
Snyk CEO bails, wants someone with more AI experience to replace him
FRIEND
CSO Online
10 Passwordless Options for Businesses [DE]
FOE
Risky Business News
Risky Bulletin: RPKI infrastructure sits on shaky ground
FOE
The Register (Security)
AI agents abound, unbound by rules or safety disclosures
FRIEND
EFF Deeplinks
EFF’s Policy on LLM-Assisted Contributions to Our Open-Source Projects
FRIEND
EFF Deeplinks
EFF’s Policy on LLM-Assisted Contributions to Our Open-Source Projects
FOE
CSO Online
New phishing campaign tricks employees into bypassing Microsoft 365 MFA
FOE
The Register (Security)
Crims create fake remote management vendor that actually sells a RAT
FOE
Dark Reading
Emerging Chiplet Designs Spark Fresh Cybersecurity Challenges
FOE
Bleeping Computer
PromptSpy is the first known Android malware to use generative AI at runtime
FOE
Dark Reading
Supply Chain Attack Secretly Installs OpenClaw for Cline Users
FOE
Dark Reading
Best-in-Class 'Starkiller' Phishing Kit Bypasses MFA
FOE
CSO Online
US dominance of agentic AI at the heart of new NIST initiative
FOE
EPIC
Washington Supreme Court Allows “Suicide Kit” Lawsuit Against Amazon to Proceed
FRIEND
EPIC
Representative Trahan Drops EPIC-Backed Blueprint for Updating the Privacy Act
FOE
Dark Reading
Abu Dhabi Finance Week Exposed VIP Passport Details
FOE
SANS Internet Storm Center
Under the Hood of DynoWiper, (Thu, Feb 19th)
FRIEND
EPIC
EPIC Testifies in Support of Maryland Bill That Would Ban Surveillance Pricing in Grocery Stores
FOE
The Register (Security)
Crims hit a $20M jackpot via malware-stuffed ATMs
FOE
The Hacker News
PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence
FRIEND
The Hacker News
INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown
FOE
The Hacker News
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center
FOE
Bleeping Computer
Flaw in Grandstream VoIP phones allows stealthy eavesdropping
FRIEND
Bleeping Computer
Google blocked over 1.75 million Play Store app submissions in 2025
FOE
The Register (Security)
Android malware taps Gemini to navigate infected devices
FOE
Bleeping Computer
CISA orders feds to patch actively exploited Dell flaw within 3 days
FOE
Dark Reading
Connected and Compromised: When IoT Devices Turn Into Threats
FOE
Bleeping Computer
How infostealers turn stolen credentials into real identities
FOE
SecurityWeek
French Government Says 1.2 Million Bank Accounts Exposed in Breach
FOE
The Hacker News
ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories
FOE
Bleeping Computer
Nigerian man gets eight years in prison for hacking tax firms
FRIEND
The Register (Security)
DEF CON bans three Epstein-linked men from future events
FOE
SecurityWeek
Nearly 1 Million User Records Compromised in Figure Data Breach
FOE
Bleeping Computer
Texas sues TP-Link over Chinese hacking risks, user deception
FOE
Bleeping Computer
Hackers target Microsoft Entra accounts in device code vishing attacks
FRIEND
SecurityWeek
Venice Security Emerges From Stealth With $33M Funding for Privileged Access Management
FOE
CSO Online
Six flaws found hiding in OpenClaw’s plumbing
FOE
Schneier on Security
Malicious AI
FOE
CISA Alerts
Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller
FOE
CISA Alerts
Valmet DNA Engineering Web Tools
FOE
CISA Alerts
EnOcean SmartServer IoT
FOE
CISA Alerts
Jinan USR IOT Technology Limited (PUSR) USR-W610
FOE
Privacy International
What does Prosus's buyout mean for JustEat drivers?
FOE
SecurityWeek
Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025
FOE
The Hacker News
From Exposure to Exploitation: How AI Collapses Your Response Window
FRIEND
The Register (Security)
UK to demand social platforms take down abusive intimate images within 48 hours
FRIEND
Bleeping Computer
Police arrests 651 suspects in African cybercrime crackdown
FOE
The Register (Security)
Healthcare security: Write login details on whiteboard, hope for the best
FOE
SecurityWeek
OpenClaw Security Issues Continue as SecureClaw Open Source Tool Debuts
FOE
The Hacker News
Fake IPTV Apps Spread Massive Android Malware Targeting Mobile Banking Users [DE]
FOE
CSO Online
Hackers can turn Grok, Copilot into covert command-and-control channels, researchers warn
FOE
Bleeping Computer
New 'Massiv' Android banking malware poses as an IPTV app
FOE
CSO Online
Cybersecurity needs maturity and not checklists [DE]
FOE
SecurityWeek
German Rail Giant Deutsche Bahn Hit by Large-Scale DDoS Attack
FOE
The Hacker News
CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware
FOE
Dark Reading
More Than 40% of South Africans Were Scammed in 2025
FRIEND
CSO Online
From in-house CISO to consultant. What you need to know before making the leap
FOE
The Register (Security)
Poland bans camera-packing cars made in China cars from military bases
FOE
Risky Business News
Srsly Risky Biz: Europe's Cyber Bullets Can't Replace Political Will
FRIEND
SANS Internet Storm Center
ISC Stormcast For Thursday, February 19th, 2026 https://isc.sans.edu/podcastdetail/9816, (Thu, Feb 19th)
FOE
Recorded Future Blog
2025 Cloud Threat Hunting and Defense Landscape
FOE
The Register (Security)
Adidas investigates third-party data breach after criminals claim they pwned the sportswear giant
FRIEND
CSO Online
Notepad++ author says fixes make update mechanism ‘effectively unexploitable’
FOE
Dark Reading
Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto
FOE
CSO Online
Chinese hackers exploited zero-day Dell RecoverPoint flaw for 1.5 years
FOE
Dark Reading
Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot
FOE
Bleeping Computer
Critical infra Honeywell CCTVs vulnerable to auth bypass flaw
FRIEND
Dark Reading
Threat Intelligence Has a Human-Shaped Blind Spot
FOE
Dark Reading
Dell's Hard-Coded Flaw: A Nation-State Goldmine
FOE
The Register (Security)
ShinyHunters allegedly drove off with 1.7M CarGurus records
FRIEND
EPIC
EPIC Urges Second Circuit to Recognize Constitutionality of Surveillance Pricing Transparency Law
FOE
Bleeping Computer
AI platforms can be abused for stealthy malware communication
FOE
Dark Reading
A CISO's Playbook for Defending Data Assets Against AI Scraping
FOE
The Register (Security)
Fraudster hacked hotel system, paid 1 cent for luxury rooms, Spanish cops say
FRIEND
BrightTALK InfoSec
How to Enhance Threat Hunting Through Enterprise-Wide Collaboration
FOE
The Hacker News
Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody
FOE
The Register (Security)
Texas sues TP-Link over China links and security vulnerabilities
FOE
The Register (Security)
German train line back on track after DDoS yanks the brakes
FOE
The Hacker News
Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution
FOE
Bleeping Computer
Telegram channels expose rapid weaponization of SmarterMail flaws
FRIEND
Bleeping Computer
Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages
FRIEND
BrightTALK InfoSec
Threat Intelligence: Will AI Make Human Analysts Obsolete?
FOE
SecurityWeek
New Keenadu Android Malware Found on Thousands of Devices
FOE
CSO Online
Millions of Chrome extensions reveal browsing history [DE]
FRIEND
BrightTALK InfoSec
Securing DevOps Pipelines with Real-Time Threat Intelligence
FRIEND
BrightTALK InfoSec
Anticipate Attacks Before They Strike: Harness Predictive Threat Intelligence
FRIEND
BrightTALK InfoSec
Mastering Threat Hunting: Aligning with Adversary Tactics in 2026
FOE
BrightTALK InfoSec
Browser Extensions Under Siege: Advanced Detection Tactics for Enterprises
FRIEND
BrightTALK InfoSec
Scaling Security Governance with Platform Engineering: A Proactive Approach for Workloads
FRIEND
BrightTALK InfoSec
Driving Security Culture Evolution for Business Growth
FRIEND
SecurityWeek
Cogent Security Raises $42 Million for AI-Driven Vulnerability Management
FOE
The Register (Security)
Your AI-generated password isn't random, it just looks that way
FOE
Bleeping Computer
Data breach at fintech firm Figure affects nearly 1 million accounts
FRIEND
The Intercept (Privacy)
Philadelphia Could Elect Its First Muslim Congressman. He’s Not Sure Where He Stands on Israel.
FRIEND
EFF Deeplinks
EFF to Wisconsin Legislature: VPN Bans Are Still a Terrible Idea
FOE
Schneier on Security
AI Found Twelve New Vulnerabilities in OpenSSL
FOE
CSO Online
Keenadu: Android malware that comes preinstalled and can’t be removed by users
FOE
CSO Online
Flaws in four popular VS Code extensions left 128 million installs open to attack
FOE
SecurityWeek
Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration
FOE
The Register (Security)
You can jailbreak an F-35 just like an iPhone, says Dutch defense chief
FRIEND
The Register (Security)
Notepad++ declares hardened update process 'effectively unexploitable'
FOE
The Hacker News
Cybersecurity Tech Predictions for 2026: Operating in a World of Permanent Instability
FOE
The Hacker News
Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs
FOE
Bleeping Computer
Microsoft says bug causes Copilot to summarize confidential emails
FRIEND
Black Hills Information Security
OSINT: How to Find, Use, and Control Open-Source Intelligence
FRIEND
CSO Online
A new approach for GenAI risk protection
FRIEND
CSO Online
Discipline is the new power move in cybersecurity leadership
FRIEND
CSO Online
Cyberattack on railway disrupts information systems [DE]
FOE
SecurityWeek
CISA: Hackers Exploiting Vulnerability in Product of Taiwan Security Firm TeamT5
FRIEND
The Register (Security)
HackerOne 'updating' Ts&Cs after bug hunters question if they're training AI
FRIEND
The Hacker News
3 Ways to Start Your Intelligent Workflow Program
FOE
The Hacker News
Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024
FOE
Bleeping Computer
Glendale man gets 5 years in prison for role in darknet drug ring
FOE
CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
FRIEND
CSO Online
CredShields Leads OWASP Smart Contract Top 10 2026 as Governance and Access Failures Drive Onchain Risk
FOE
SANS Internet Storm Center
Tracking Malware Campaigns With Reused Material, (Wed, Feb 18th)
FRIEND
SecurityWeek
Palo Alto Networks to Acquire Koi in Reported $400 Million Transaction
FRIEND
The Hacker News
Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware
FOE
CSO Online
The new paradigm for raising up secure software engineers
FOE
SecurityWeek
Dell RecoverPoint Zero-Day Exploited by Chinese Cyberespionage Group
FOE
The Hacker News
CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update
FRIEND
CSO Online
13 Questions to Address Third-Party Risks [DE]
FRIEND
The Register (Security)
Palo Alto CEO says AI isn’t great for business, yet
FOE
SANS Internet Storm Center
ISC Stormcast For Wednesday, February 18th, 2026 https://isc.sans.edu/podcastdetail/9814, (Wed, Feb 18th)
FOE
Risky Business News
Risky Bulletin: Supply chain attack plants backdoor on Android tablets
FRIEND
Dark Reading
[Virtual Event] Shields Up: Key Technologies Reshaping Cybersecurity Defenses
FOE
The Register (Security)
China-linked snoops have been exploiting Dell 0-day since mid-2024, using 'ghost NICs' to avoid detection
FRIEND
Dark Reading
Singapore & Its 4 Major Telcos Fend Off Chinese Hackers
FOE
Sophos News
The OpenClaw experiment is a warning shot for enterprise AI security
FRIEND
EFF Deeplinks
EFF to Wisconsin Legislature: VPN Bans Are Still a Terrible Idea
FOE
Recorded Future Blog
GrayCharlie Hijacks Law Firm Sites in Suspected Supply-Chain Attack
FRIEND
Bleeping Computer
Spain orders NordVPN, ProtonVPN to block LaLiga piracy sites
FOE
Dark Reading
Supply Chain Attack Embeds Malware in Android Devices
FOE
The Register (Security)
China remains embedded in US energy networks 'for the purpose of taking it down'
FOE
Dark Reading
Poland Energy Survives Attack on Wind, Solar Infrastructure
FOE
Bleeping Computer
Flaws in popular VSCode extensions expose developers to attacks
FRIEND
CSO Online
Cyber attacks enabled by basic failings, Palo Alto analysis finds
FOE
Dark Reading
RMM Abuse Explodes as Hackers Ditch Malware
FOE
Dark Reading
ClickFix Attacks Abuses DNS Lookup Command to Deliver ModeloRAT
FOE
Ars Technica (Security)
Password managers' promise that they can't see your vaults isn't always true
FOE
Bleeping Computer
Chinese hackers exploiting Dell zero-day flaw since mid-2024
FRIEND
The Intercept (Privacy)
Can Trump’s Plan for Warehouse Immigrant Detention Camps Be Stopped?
FOE
The Hacker News
Webinar: How Modern SOC Teams Use AI and Context to Investigate Cloud Breaches Faster
NEUTRAL
The Intercept (Privacy)
It’s Correct and Moral to Use the Olympics to Speak Out About Politics
FOE
EFF Deeplinks
San Jose Can Protect Immigrants by Ending Flock Surveillance System
FOE
EFF Deeplinks
San Jose Can Protect Immigrants by Ending Flock Surveillance System
FRIEND
Bleeping Computer
Notepad++ boosts update security with ‘double-lock’ mechanism
FOE
The Hacker News
Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies
FOE
EFF Deeplinks
New Report Helps Journalists Dig Deeper Into Police Surveillance Technology
FRIEND
EFF Deeplinks
New Report Helps Journalists Dig Deeper Into Police Surveillance Technology
FOE
The Hacker News
Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates
FRIEND
SecurityWeek
VulnCheck Raises $25 Million in Series B Funding to Scale Vulnerability Intelligence
FOE
Bleeping Computer
Microsoft Teams outage affects users in United States, Europe
FOE
SecurityWeek
Hackers Offer to Sell Millions of Eurail User Records
FRIEND
CSO Online
MCSC 2026: "Politics and Business Must Work Together" [DE]
FOE
Bleeping Computer
What 5 Million Apps Revealed About Secrets in JavaScript
FOE
Bleeping Computer
New Keenadu backdoor found in Android firmware, Google Play apps
FOE
SecurityWeek
API Threats Grow in Scale as AI Expands the Blast Radius
FOE
SecurityWeek
Cyber Insights 2026: The Ongoing Fight to Secure Industrial Control Systems
FOE
The Register (Security)
US lawyers fire up privacy class action accusing Lenovo of bulk data transfers to China
FRIEND
The Register (Security)
Polish cops nab 47-year-old man in Phobos ransomware raid
FRIEND
SecurityWeek
Man Linked to Phobos Ransomware Arrested in Poland
FOE
The Hacker News
SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer
FOE
CSO Online
ZeroDayRAT spyware targets Android and iOS devices via commercial toolkit
FOE
Schneier on Security
Side-Channel Attacks Against LLMs
FOE
CISA Alerts
CISA Adds Four Known Exploited Vulnerabilities to Catalog
FOE
CISA Alerts
Honeywell CCTV Products
FOE
CISA Alerts
Delta Electronics ASDA-Soft
FOE
CISA Alerts
GE Vernova Enervista UR Setup
FOE
CISA Alerts
Siemens Simcenter Femap and Nastran
FRIEND
Bleeping Computer
Poland arrests suspect linked to Phobos ransomware operation
FOE
The Register (Security)
UK.gov launches cyber 'lockdown' campaign as 80% of orgs still leave door open
FRIEND
The Hacker News
My Day Getting My Hands Dirty with an NDR System
FOE
The Register (Security)
Ireland joins regulator smackdown after X's Grok AI accused of undressing people
FOE
SecurityWeek
3 Threat Groups Started Targeting ICS/OT in 2025: Dragos
FRIEND
The Intercept (Privacy)
U.S. Sent a Rescue Plane for Boat Strike Survivors. It Took 45 Hours to Arrive.
FOE
Bleeping Computer
Ireland now also investigating X over Grok-made sexual images
FOE
CSO Online
With CISOs stretched thin, re-envisioning enterprise risk may be the only fix
FRIEND
The Intercept (Privacy)
Air Force Maintenance Staff Can’t Stop Buying Fancy Knives With Tax Dollars
FOE
CSO Online
Why 2025’s agentic AI boom is a CISO’s worst nightmare
FOE
The Hacker News
Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations
FOE
SecurityWeek
Password Managers Vulnerable to Vault Compromise Under Malicious Server
FRIEND
The Register (Security)
MoD ticks shopping list as PM considers weapons budget boost
FOE
SANS Internet Storm Center
Fake Incident Report Used in Phishing Campaign, (Tue, Feb 17th)
FRIEND
The Hacker News
Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta
FRIEND
SANS Internet Storm Center
ISC Stormcast For Tuesday, February 17th, 2026 https://isc.sans.edu/podcastdetail/9812, (Tue, Feb 17th)
FOE
CSO Online
Exploit available for new Chrome zero-day vulnerability, says Google
FRIEND
Sophos News
Sophos Workspace Protection Enables Secure SaaS App Control
FOE
Bleeping Computer
Washington Hotel in Japan discloses ransomware infection incident
FOE
CSO Online
What CISOs Should Know About OpenClaw [DE]
FOE
CSO Online
Open source maintainers being targeted by AI agent as part of ‘reputation farming’
FOE
Bleeping Computer
Eurail says stolen traveler data now up for sale on dark web
FOE
Bleeping Computer
Man arrested for demanding reward after accidental police data leak
FOE
The Hacker News
Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens
FOE
The Hacker News
Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers
FOE
Dark Reading
Operation DoppelBrand: Weaponizing Fortune 500 Brands
FOE
The Register (Security)
Canada Goose ruffles feathers over 600K record dump, says leak is old news
FOE
Bleeping Computer
Infostealer malware found stealing OpenClaw secrets for first time
FOE
The Register (Security)
Dutch cops arrest man after sending him confidential files by mistake
FOE
The Register (Security)
You probably can't trust your password manager if it's compromised
FOE
SecurityWeek
Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea After Data Breaches
FRIEND
Bleeping Computer
Passwords to passkeys: Staying ISO 27001 compliant in a passwordless era
FOE
The Register (Security)
Open source registries don't have enough money to implement basic security
FOE
Dark Reading
260K+ Chrome Users Duped by Fake AI Browser Extensions
FRIEND
SecurityWeek
Android 17 Beta Strengthens Secure-by-Default Design for Privacy and App Security
FOE
SecurityWeek
CISA Navigates DHS Shutdown With Reduced Staff
FOE
The Hacker News
Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware
FOE
The Register (Security)
Google patches Chrome zero-day as in-the-wild exploits surface
FOE
Bleeping Computer
CISA gives feds 3 days to patch actively exploited BeyondTrust flaw
FOE
Schneier on Security
The Promptware Kill Chain
FOE
The Hacker News
Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud
FOE
CSO Online
Leaky Chrome extensions with 37M installs caught divulging your browsing history
FOE
The Intercept (Privacy)
Prison-Style Free Speech Censorship Is Coming for the Rest of Us
FOE
The Hacker News
New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft
FRIEND
CSO Online
Finding a common language around risk
FRIEND
CSO Online
New cooperation to bring sovereign cloud solutions [DE]
FRIEND
CSO Online
CISO Julie Chatman offers insights for you to take control of your security leadership role
FOE
SANS Internet Storm Center
2026 64-Bits Malware Trend, (Mon, Feb 16th)
FOE
CSO Online
10 years later, Bangladesh Bank cyberheist still offers cyber-resiliency lessons
FOE
The Hacker News
New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released
FOE
The Register (Security)
US appears open to reversing some China tech bans
FRIEND
CSO Online
SIEM Buying Guide [DE]
FRIEND
Risky Business News
Risky Bulletin: Cambodia promises to dismantle scam networks by April
NEUTRAL
SANS Internet Storm Center
ISC Stormcast For Monday, February 16th, 2026 https://isc.sans.edu/podcastdetail/9810, (Mon, Feb 16th)
FRIEND
Recorded Future Blog
Network Intelligence: Your Questions, Global Answers
FOE
The Register (Security)
Infosec exec sold eight zero-day exploit kits to Russia, says DoJ
FOE
The Intercept (Privacy)
Palantir Gets Millions of Dollars From New York City’s Public Hospitals
FOE
The Hacker News
Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging
FOE
EPIC
The Guardian: The problem with doorbell cams: Nancy Guthrie case and Ring Super Bowl ad reawaken surveillance fears
FRIEND
Schneier on Security
Upcoming Speaking Engagements
FOE
EPIC
EPIC Urges FTC, States to Block Meta’s Facial Recognition Smart Glasses Plan
FOE
CSO Online
Critical BeyondTrust RS vulnerability exploited in active attacks
FRIEND
Schneier on Security
Friday Squid Blogging: Do Squid Dream?
FRIEND
Dark Reading
Zscaler-SquareX Deal Boosts Zero Trust, Secure Browsing Capabilities
FOE
EFF Deeplinks
Seven Billion Reasons for Facebook to Abandon its Face Recognition Plans
FOE
EFF Deeplinks
Seven Billion Reasons for Facebook to Abandon its Face Recognition Plans
FRIEND
The Intercept (Privacy)
Leakers Helped Destroy Deportation Case Against Tufts Student
FOE
The Register (Security)
Attackers finally get around to exploiting critical Microsoft bug from 2024
FOE
CSO Online
South Korea fines Louis Vuitton, Christian Dior, Tiffany $25M for SaaS security failures
FOE
CSO Online
Researchers unearth 30-year-old vulnerability in libpng library
FRIEND
CSO Online
Battling bots face off in cybersecurity arena
FOE
The Hacker News
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs
FOE
Dark Reading
Microsoft Under Pressure to Bolster Defenses for BYOVD Attacks
FOE
Dark Reading
Nation-State Hackers Put Defense Industrial Base Under Siege
FOE
Dark Reading
AI Agents 'Swarm,' Security Complexity Follows Suit
FOE
The Hacker News
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
FOE
CSO Online
Four new reasons why Windows LNK files cannot be trusted
FOE
The Hacker News
UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors
FRIEND
The Intercept (Privacy)
The Woman Alex Pretti Was Killed Trying to Defend Is an EMT. Federal Agents Stopped Her From Giving First Aid.
NEUTRAL
The Intercept (Privacy)
Jasmine Crockett Swears Off Corporate Cash — But Transferred Thousands From Her House Campaign
FRIEND
CSO Online
BSI heralds the end of classical encryption [DE]
FRIEND
The Intercept (Privacy)
The Only Solution Capitalism Has Is to Sell Us More Useless Junk
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
The Register (Security)
Top Dutch telco Odido admits 6.2M customers caught in contact system caper
FOE
The Hacker News
Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History
FRIEND
The Intercept (Privacy)
Attorney for Epstein Survivors Warns That Justice Is Impossible With Bondi as AG
FOE
The Hacker News
npm’s Update to Harden Their Supply Chain, and Points to Consider
FOE
The Hacker News
Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability
FRIEND
The Register (Security)
Enforcing piracy policy earned helpdesk worker death threats
FRIEND
SANS Internet Storm Center
&#xa;AI-Powered Knowledge Graph Generator & APTs, (Thu, Feb 12th)
FOE
Risky Business News
Risky Bulletin: IcedID malware developer fakes his own death to escape the FBI
NEUTRAL
SANS Internet Storm Center
ISC Stormcast For Friday, February 13th, 2026 https://isc.sans.edu/podcastdetail/9808, (Fri, Feb 13th)
FRIEND
The Intercept (Privacy)
Trump Attacked Immigrant Food Aid in Minnesota. Locals Fought Back.
FOE
Sophos News
February’s Patch Tuesday assumes battle stations
FOE
Sophos News
The OpenClaw experiment is a warning shot for enterprise AI security
FOE
The Register (Security)
30+ Chrome extensions disguised as AI chatbots steal users' API keys, emails, other sensitive data
FOE
Dark Reading
Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy — Again
FRIEND
Dark Reading
Booz Allen Announces General Availability of Vellox Reverser to Automate Malware Defense
FOE
EFF Deeplinks
Discord Voluntarily Pushes Mandatory Age Verification Despite Recent Data Breach
FOE
EFF Deeplinks
Discord Voluntarily Pushes Mandatory Age Verification Despite Recent Data Breach
FRIEND
Dark Reading
SpecterOps Launches BloodHound Scentry to Accelerate the Practice of Identity Attack Path Management
FOE
Dark Reading
Gone With the Shame: One in Two Americans Are Reluctant to Talk About Romance Scam Incidents
FOE
Dark Reading
Those 'Summarize With AI' Buttons May Be Lying to You
FOE
The Intercept (Privacy)
Pam Bondi Admits DOJ Has a Secret Domestic Terrorist List
FOE
The Register (Security)
Who's the bossware? Ransomware slingers like employee monitoring tools, too
FRIEND
EPIC
EPIC Model Platform Design Legislation Introduced in Georgia and Kansas
FOE
The Intercept (Privacy)
FBI Counterterrorism Agents Spent Weeks Seeking a Climate Activist — Then Showed Up at His Door
FOE
EPIC
Coming to America: The Government Wants to See Your Emails
FRIEND
BrightTALK InfoSec
Elevating Enterprise IGA Programs for the Future
FOE
The Hacker News
Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support
FOE
The Hacker News
Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems
FRIEND
BrightTALK InfoSec
Mastering Identity Governance: Strategies for Enterprise Success in 2026
FOE
The Intercept (Privacy)
Marine Detained in Minneapolis Says Feds Copied His Phone Without a Warrant
FOE
The Register (Security)
Apple patches decade-old iOS zero-day, possibly exploited by commercial spyware
NEUTRAL
The Intercept (Privacy)
AIPAC Is Flooding Illinois With Cash. Pro-Palestine Groups Are Backing Kat Abughazaleh.
FOE
Schneier on Security
3D Printer Surveillance
FOE
CISA Alerts
CISA Adds Four Known Exploited Vulnerabilities to Catalog
FOE
CISA Alerts
Siemens SINEC NMS
FOE
CISA Alerts
Siemens COMOS
FOE
CISA Alerts
Airleader Master
FOE
CISA Alerts
Siemens Solid Edge
FOE
CISA Alerts
Siemens Polarion
FOE
CISA Alerts
Siemens Siveillance Video Management Servers
FOE
CISA Alerts
Siemens Desigo CC Product Family and SENTRON Powermanager
FOE
CISA Alerts
Hitachi Energy SuprOS
FOE
CISA Alerts
Siemens NX
FOE
CISA Alerts
Siemens SINEC OS
FOE
The Register (Security)
Supply chain attacks now fuel a 'self-reinforcing' cybercrime economy
FOE
The Hacker News
ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories
FRIEND
BrightTALK InfoSec
Overcoming Digital ID Barriers to Drive Seamless Adoption in 2026
FRIEND
The Hacker News
The CTEM Divide: Why 84% of Security Programs Are Falling Behind
FRIEND
The Register (Security)
Feeling brave? Ministry of Defence seeks £300K digital boss to manage £4.6B spend
FOE
Dark Reading
Senegalese Data Breaches Expose Lack of Security Maturity
FRIEND
Google Project Zero
Bypassing Administrator Protection by Abusing UI Access
FOE
The Hacker News
83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure
FOE
The Register (Security)
Google: China's APT31 used Gemini to plan cyberattacks against US orgs
FOE
The Hacker News
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices
FOE
SANS Internet Storm Center
ISC Stormcast For Thursday, February 12th, 2026 https://isc.sans.edu/podcastdetail/9806, (Thu, Feb 12th)
FOE
SANS Internet Storm Center
Four Seconds to Botnet - Analyzing a Self Propagating SSH Worm with Cryptographically Signed C2 [Guest Diary], (Wed, Feb 11th)
FOE
The Register (Security)
Microsoft warns that poisoned AI buttons and links may betray your trust
NEUTRAL
Risky Business News
Srsly Risky Biz: Microsoft's Forgoes Its Secure Future
FOE
Recorded Future Blog
State of Security Report | Recorded Future
FOE
Recorded Future Blog
Fragmentation Defined 2025's Threat Landscape. Here's What It Means for 2026
FRIEND
Sophos News
Sophos Firewall Configuration Viewer
FOE
BrightTALK InfoSec
Defending Against AI-Driven Identity Threats in 2026
FOE
Ars Technica (Security)
Once-hobbled Lumma Stealer is back with lures that are hard to resist
FOE
Dark Reading
North Korea's UNC1069 Hammers Crypto Firms With AI
FOE
The Register (Security)
Devilish devs spawn 287 Chrome extensions to flog your browser history to data brokers
FRIEND
Dark Reading
How to Stay on Top of Future Threats With a Cutting-Edge SOC
FRIEND
SANS Internet Storm Center
Apple Patches Everything: February 2026, (Wed, Feb 11th)
FRIEND
Dark Reading
Automaker Secures the Supply Chain With Developer-Friendly Platform
FRIEND
The Intercept (Privacy)
Officials Dispute Trump Explanation of El Paso Airspace Closure: “There Was Not a Threat”
FOE
The Register (Security)
Posting AI-generated caricatures on social media is risky, infosec killjoys warn
FOE
EPIC
CyberScoop: Your AI doctor doesn’t have to follow the same privacy rules as your real one
FOE
EFF Deeplinks
🗣 Homeland Security Wants Names | EFFector 38.3
FOE
EFF Deeplinks
🗣 Homeland Security Wants Names | EFFector 38.3
FRIEND
EPIC
EPIC Endorses New Bill to Ban ICE and CBP from Using Facial Recognition Technology
FOE
EFF Deeplinks
“Free” Surveillance Tech Still Comes at a High and Dangerous Cost
FOE
EFF Deeplinks
“Free” Surveillance Tech Still Comes at a High and Dangerous Cost
FOE
The Hacker News
First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials
FOE
Krebs on Security
Kimwolf Botnet Swamps Anonymity Network I2P
FOE
The Register (Security)
Were telcos tipped off to *that* ancient Telnet bug? Cyber pros say the signs stack up
FOE
The Hacker News
APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities
FRIEND
Schneier on Security
Rewiring Democracy Ebook is on Sale
FOE
Dark Reading
AI Rising: Do We Know Enough About the Data Populating It?
FRIEND
Black Hills Information Security
What to Do with Your First Home Lab
FRIEND
Dark Reading
Top Cyber Industry Defenses Spike CO2 Emissions
FOE
The Intercept (Privacy)
Texas “Antifa Cell” Terror Trial Takes On Tough Questions About Guns at Protests Against ICE
FOE
The Hacker News
Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms
FOE
The Register (Security)
Payroll pirates are conning help desks to steal workers' identities and redirect paychecks
FRIEND
BrightTALK InfoSec
Scaling Digital Credentials: The Fast Evolving Landscape of mDL
FOE
Schneier on Security
Prompt Injection Via Road Signs
FOE
The Register (Security)
Notepad's new Markdown powers served with a side of remote code execution
FOE
The Hacker News
Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments
FOE
The Hacker News
Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days
FOE
The Hacker News
SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits
FOE
The Register (Security)
Legacy systems blamed as ministers promise no repeat of Afghan breach
FRIEND
BrightTALK InfoSec
Modern IAM: Decentralized Solutions for Evolving Threats
FOE
The Hacker News
North Korea-Linked UNC1069 Uses AI Lures to Attack Cryptocurrency Organizations
FOE
Risky Business News
Risky Bulletin: Chinese cyber-spies breached all of Singapore's telcos
FOE
Dark Reading
Asia Fumbles With Throttling Back Telnet Traffic in Region
FRIEND
Recorded Future Blog
From 27 Steps to 5: How Recorded Future Reimagined Threat Hunting with Autonomous Threat Operations
FOE
EFF Deeplinks
Open Letter to Tech Companies: Protect Your Users From Lawless DHS Subpoenas
FRIEND
EFF Deeplinks
Open Letter to Tech Companies: Protect Your Users From Lawless DHS Subpoenas
FOE
The Register (Security)
Microsoft's Valentine's gift to admins: 6 exploited zero-day fixes
FOE
The Intercept (Privacy)
Americans Want Accountability With the Epstein Files. Elites Couldn’t Care Less.
FOE
Dark Reading
SolarWinds WHD Attacks Highlight Risks of Exposed Apps
FOE
Krebs on Security
Patch Tuesday, February 2026 Edition
FOE
Dark Reading
In Bypassing MFA, ZeroDayRAT Is 'Textbook Stalkerware'
FRIEND
EPIC
EPIC Joins EFF, Others Urging California to Block Federal Agencies’ Covert ALPRs in New Letter
FOE
EFF Deeplinks
No One, Including Our Furry Friends, Will Be Safer in Ring's Surveillance Nightmare
FOE
EFF Deeplinks
No One, Including Our Furry Friends, Will Be Safer in Ring's Surveillance Nightmare
FOE
Dark Reading
Microsoft Patches 6 Actively Exploited Zero-Days
FRIEND
EPIC
Maine House Passes Strong Privacy Bill
FOE
Ars Technica (Security)
Windows' original Secure Boot certificates expire in June—here's what you need to do
FOE
The Register (Security)
AI agents spill secrets just by previewing malicious links
FOE
The Hacker News
DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies
FOE
EFF Deeplinks
Coalition Urges California to Revoke Permits for Federal License Plate Reader Surveillance
FRIEND
EFF Deeplinks
Coalition Urges California to Revoke Permits for Federal License Plate Reader Surveillance
FRIEND
EFF Deeplinks
Speaking Freely: Yazan Badran
FOE
Dark Reading
OT Attacks Get Scary With 'Living-off-the-Plant' Techniques
FOE
The Hacker News
Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools
FOE
The Hacker News
From Ransomware to Residency: Inside the Rise of the Digital Parasite
FRIEND
The Register (Security)
Singapore spent 11 months booting China-linked snoops out of telco networks
FOE
The Hacker News
Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution
FOE
Schneier on Security
AI-Generated Text and the Detection Arms Race
FOE
CISA Alerts
Barriers to Secure OT Communication: Why Johnny Can’t Authenticate
FOE
CISA Alerts
CISA Adds Six Known Exploited Vulnerabilities to Catalog
FOE
CISA Alerts
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps
FOE
CISA Alerts
ZOLL ePCR IOS Mobile Application
FOE
CISA Alerts
AVEVA PI Data Archive
FOE
CISA Alerts
AVEVA PI to CONNECT Agent
FOE
CISA Alerts
ZLAN Information Technology Co. ZLAN5143D
FOE
CISA Alerts
Yokogawa FAST/TOOLS
FRIEND
The Hacker News
ZAST.AI Raises $6M Pre-A to Scale "Zero False Positive" AI-Powered Code Security
FOE
The Register (Security)
Nearly 17,000 Volvo staff dinged in supplier breach
FOE
The Hacker News
Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server
FOE
The Register (Security)
British Army splashes $86M on AI gear to speed up the battlefield kill chain
FOE
Sophos News
Malicious use of virtual machine infrastructure
FOE
The Hacker News
Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data
FRIEND
Sophos News
From Security Operations to Security Leadership: Sophos CISO Advantage
FRIEND
Sophos News
Sophos Workspace Protection Enables Safe GenAI Adoption
FRIEND
Sophos News
Sophos AI Agents: Accelerating MDR and Powering the Agentic SOC
FOE
Sophos News
Threat Intelligence Executive Report – Volume 2025, Number 6
FRIEND
Dark Reading
TransUnion's Real Networks Deal Focuses on Robocall Blocking
FOE
EFF Deeplinks
EFFecting Change: Get the Flock Out of Our City
FRIEND
EFF Deeplinks
EFFecting Change: Get the Flock Out of Our City
FRIEND
EFF Deeplinks
The Internet Still Works: Yelp Protects Consumer Reviews
FRIEND
EFF Deeplinks
The Internet Still Works: Yelp Protects Consumer Reviews
FOE
Dark Reading
Warlock Gang Breaches SmarterTools Via SmarterMail Bugs
FOE
The Register (Security)
Someone's attacking SolarWinds WHD to steal high‑privilege credentials - but we don't know who or how
FRIEND
EFF Deeplinks
The Internet Still Works: Wikipedia Defends Its Editors
FOE
Dark Reading
TeamPCP Turns Cloud Infrastructure Into Crime Bots
FOE
Dark Reading
'Reynolds' Bundles BYOVD With Ransomware Payload
FRIEND
EFF Deeplinks
On Its 30th Birthday, Section 230 Remains The Lynchpin For Users’ Speech
FRIEND
EFF Deeplinks
RIP Dave Farber, EFF Board Member and Friend
FRIEND
EFF Deeplinks
RIP Dave Farber, EFF Board Member and Friend
FOE
The Register (Security)
More than 135,000 OpenClaw instances exposed to internet in latest vibe-coded disaster
FOE
Dark Reading
What Organizations Need to Change When Managing Printers
FOE
The Hacker News
China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign
FRIEND
EFF Deeplinks
Op-ed: Weakening Section 230 Would Chill Online Speech
FOE
The Register (Security)
Dutch data watchdog snitches on itself after getting caught in Ivanti zero-day attacks
FOE
The Hacker News
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers
FRIEND
The Register (Security)
Taiwan tells Uncle Sam its chip ecosystem ain't going anywhere
FOE
The Hacker News
⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More
FOE
The Register (Security)
How the GNU C Compiler became the Clippy of cryptography
FOE
Schneier on Security
LLMs are Getting a Lot Better and Faster at Finding and Exploiting Zero-Days
FRIEND
The Register (Security)
Follow the money: Switzerland remains Europe's top destination for tech pay
FRIEND
The Hacker News
How Top CISOs Solve Burnout and Speed up MTTR without Extra Hiring
FOE
The Hacker News
Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign
FOE
The Register (Security)
European Commission probes intrusion into staff mobile management backend
FOE
The Hacker News
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
FOE
The Hacker News
BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA
FRIEND
The Register (Security)
Indian police commissioner wants ID cards for AI agents
FOE
Risky Business News
Risky Bulletin: SmarterTools hacked via its own product
FOE
The Register (Security)
Telcos aren't saying how they fought back against China's Salt Typhoon attacks
FRIEND
The Hacker News
OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills
FRIEND
The Register (Security)
Study confirms experience beats youthful enthusiasm
FOE
The Hacker News
German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists
FOE
Ars Technica (Security)
Malicious packages for dYdX cryptocurrency exchange empties user wallets
FRIEND
Schneier on Security
Friday Squid Blogging: Squid Fishing Tips
FRIEND
EPIC
South Carolina Becomes Fifth State to Enact an Age-Appropriate Design Code
FOE
The Register (Security)
Flickr emails users about data breach, pins it on third party
FOE
The Register (Security)
DDoS deluge: Brit biz battered as botnet blitzes break records
FRIEND
Dark Reading
'Encrypt It Already' Campaign Pushes Big Tech to Prioritize E2E Encryption
FOE
Dark Reading
Shai-hulud: The Hidden Costs of Supply Chain Attacks
FOE
Dark Reading
OpenClaw's Gregarious Insecurities Make Safe Usage Difficult
FOE
The Hacker News
China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
FRIEND
The Register (Security)
Ad blocking is alive and well, despite Chrome's attempts to make it harder
FOE
Risky Business News
Risky Bulletin: Denmark recruits hackers for offensive cyber operations
FOE
The Register (Security)
OpenClaw reveals meaty personal information after simple cracks
FRIEND
EFF Deeplinks
Yes to the “ICE Out of Our Faces Act”
FRIEND
EFF Deeplinks
Yes to the “ICE Out of Our Faces Act”
FOE
Dark Reading
EnCase Driver Weaponized as EDR Killers Persist
FOE
Dark Reading
Agentic AI Site 'Moltbook' Is Riddled With Security Risks
FRIEND
Dark Reading
Data Tool to Triage Exploited Vulnerabilities Can Make KEV More Useful
FOE
The Register (Security)
Substack says intruder lifted emails, phone numbers in months-old breach
FRIEND
EPIC
PRESS RELEASE: EPIC Publishes Model Bill to Protect Minors from Online Harms and Promote Safer Platform Design
FRIEND
PortSwigger Research
Top 10 web hacking techniques of 2025
FRIEND
Dark Reading
Cyber Success Trifecta: Education, Certifications & Experience
FOE
CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
FOE
CISA Alerts
Hitachi Energy FOX61x
FOE
CISA Alerts
o6 Automation GmbH Open62541
FOE
CISA Alerts
Hitachi Energy XMC20
FOE
CISA Alerts
Ilevia EVE X1 Server
FOE
Dark Reading
Protests Don't Impede Iranian Spying on Expats, Syrians, Israelis
FRIEND
Risky Business News
Srsly Risky Biz: Google's Cyber Disruption Unit Kicks Its First Goal
FRIEND
EFF Deeplinks
Protecting Our Right to Sue Federal Agents Who Violate the Constitution
FOE
Ars Technica (Security)
Microsoft releases urgent Office patch. Russian-state hackers pounce.
FRIEND
EFF Deeplinks
Smart AI Policy Means Examining Its Real Harms and Benefits
NEUTRAL
EFF Deeplinks
Smart AI Policy Means Examining Its Real Harms and Benefits
FOE
Dark Reading
Ransomware Gang Goes Full 'Godfather' With Cartel
FOE
Dark Reading
CISA Makes Unpublicized Ransomware Updates to KEV Catalog
FOE
Dark Reading
Attackers Use Windows Screensavers to Drop Malware, RMM Tools
FRIEND
Privacy International
Card game about technology, data, and elections [ES]
FRIEND
Black Hills Information Security
When the SOC Goes to Deadwood: A Night to Remember
FRIEND
Dark Reading
Extra Extra! Announcing DR Global Latin America
FOE
Dark Reading
Big Breach or Smooth Sailing? Mexican Gov't Faces Leak Allegations
FOE
Dark Reading
Google Looker Bugs Allow Cross-Tenant RCE, Data Exfil
FOE
Risky Business News
Risky Bulletin: Plone CMS stops supply-chain attack
FOE
Recorded Future Blog
Rublevka Team: Anatomy of a Russian Crypto Drainer Operation
FOE
Sophos News
Malicious use of virtual machine infrastructure
FOE
Dark Reading
Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days
FOE
Dark Reading
GlassWorm Malware Returns to Shatter Developer Ecosystems
FOE
Dark Reading
AI May Supplant Pen Testers, But Oversight & Trust Are Not There Yet
FRIEND
EPIC
Virginia Senate Passes Bill Banning Sale of Precise Location Data
FOE
Ars Technica (Security)
The rise of Moltbook suggests viral AI prompts may be the next big security threat
FOE
EPIC
The Minnesota Star Tribune: Why the Trump administration keeps asking for Minnesota’s welfare data
FRIEND
EPIC
Inside AI Policy: Washington state lawmakers to consider controversial automated decision-making bill
FOE
Ars Technica (Security)
Notepad++ users take note: It's time to check if you're hacked
FOE
Krebs on Security
Please Don’t Feed the Scattered Lapsus ShinyHunters
FOE
Risky Business News
Risky Bulletin: StopICE blames hack on "a CBP agent here in SoCal"
FRIEND
Recorded Future Blog
Autonomous Threat Operations in action: Real results from Recorded Future’s own SOC team | Recorded Future
