Aggregated from vendor advisories, security research, and industry publications.
Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating administrative utilities they rely on for daily operations. By integrating Search Engine Order (SEO)
Just in time for the Trump-Xi summit Exclusive A novel China-linked threat group infiltrated more than a dozen critical networks in Poland, Asian countries, and possibly beyond, be…
Researchers have reverse-engineered a piece of malware named Fast16. It’s almost certainly state-sponsored, probably US in origin, and was deployed against Iran years before Stuxne…
Emergency patches out now for those managing the millions of domains assumed to be affected Emergency patches are available for a critical vulnerability in cPanel and WHM that allo…
Federation warns members to ditch work devices off duty as force uses AI to probe 600+ cops London cops are being told by their staff association to be "extremely cautious" about c…
Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The high-severity vuln…
A few years back, Bhaskar Ramachandran read the tea leaves and what he saw was clear: With all the enhancements hyperscalers continuous make, there was no value in having on-premis…
Investigation finds no single cause for soldiers falling ill, just bad bolts, cold air, and apparently the soldiers themselves Britain's notorious Ajax armored vehicles are being a…
Great idea, guys. Let's keep all of the data in an Excel file with weak password protection PWNED Welcome, once again, to PWNED, the weekly column where we recount the adventures o…
Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" GitHub Actions workflow -…
Can now use SANs for storage, and adds a local control plane and key management Microsoft has given its Azure Local on-prem cloud a major makeover to make it fit for duty powering …
AI is driving more searches and ads Google Cloud will start selling its custom tensor processing units to some customers, because they want them and the search giant wants to diver…
Will write checks for $190 billion and even those megabucks may not satisfy demand If you've felt the sting of surging hardware prices, Microsoft can sympathize because the company…
Patches land for authencesn flaw enabling local privilege escalation Developers of major Linux distributions have begun shipping patches to address a local privilege escalation (LP…
Global financial institutions are panicked over Anthropic's new superhacker AI model. Cyber experts aren't quite as worried.
The Trainium train keeps a-rollin' Amazon is now among the top three datacenter chip businesses in the world, as its semiconductor business surpassed a $20 billion annual run rate …
Cisco has bolstered the security and AI control features in its latest release of SD-WAN software. The company rolled out Cisco SD-WAN 26.1.1 with a number of new features that,…
ORNL says portable detector kit can separate real GPS signals from fake ones even at equal strength GPS spoofing, which sends fake satellite-like signals, and GPS jamming, which dr…
Wiz used an AI reverse-engineering tool to pinpoint a vulnerability that previously would have been too costly and time-consuming to undertake.
New research from Enterprise Management Associates (EMA) suggests that the first wave of AI adoption—centered on chatbots and virtual assistants—is succumbing to an AI agent-driven…
Flaws in OpenEMR's platform — used by more than 100,000 healthcare providers — enabled database compromise, remote code execution, and data theft.
Second try's a charm? Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are exploiting a zero-click Windows flaw that can expose se…
Microsoft readies the axe once again for yesterday's security Microsoft has warned users still clinging to legacy TLS versions that the end is nigh for TLS 1.0 and 1.1 on POP3 and …
Authors say it acquired an LLM that was trained on their copyrighted data, and judge keeps asking for more info Databricks cannot shake a class action lawsuit targeting its LLM, wh…
Kyler and Ned are joined by Enrico Teotti, an independent consultant with over 25 years of experience. Enrico has worked with clients on real-world AI implementations, and he’s her…
IT teams managing multi-vendor networks are dealing with a growing volume of alerts and a shrinking pool of engineers with the expertise to act on them. AI, and more specifically a…
New sealed bootable container images and Stratis storage, too Fedora Linux 44 has arrived – in multiple formats and for several CPU families, including some new container formats a…
Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports …
The emerging ransomware has been deployed against victims of the TeamPCP supply chain attacks, but organizations should think twice before paying for a decryptor.
Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model …