Aggregated from vendor advisories, security research, and industry publications.
Security researchers have discovered a chilling backdoor aimed at Cisco System firewalls that exploits unpatched vulnerabilities to maintain persistence, even after patching. This means that attackers can continue to access compromised devices without re-exploiting the holes. At risk are devices running Cisco ASA or Firepower software, including certain Firepower and Secure Firewall devices. So…
A cryptographically relevant quantum computer is, at some point, going to emerge that can crack modern encryption. But we don’t know when, so it’s tempting to set this problem asid…
Attackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating malware.
Cloud storage provider Backblaze has been ripping out its 100-gigabit links and replacing them with 400-gigabit links because AI has changed how traffic flows inside their data cen…
Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation acros…
Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done. That as…
Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that c…
Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits witho…
When patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizat…
A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy. Xu Zewei, 34, was arrested in July 2025 by Italian autho…
An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new fin…
Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The …
A newly discovered threat actor is using Microsoft Teams, AWS S3 buckets, and custom "Snow" malware in a multipronged campaign.
Take a Network Break! We start with follow up on Anthropic’s Project Glasswing and Linux 7.0. On the news side, Cisco announces a prototype quantum switch that promises to support …
_Sergey_Tarasov_Alamy.png?width=1280&auto=webp&quality=80&disable=upscale)
A researcher discovered five different exploit paths that stem from an architectural weakness in how Windows' Remote Procedure Call (RPC) mechanism handles connections to unavailab…
AI is promising a lot these days, to change how we work, influence how we live, and transform network traffic. It’s interesting, exciting even, but suppose it’s all hype? Wall Stre…
Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on t…
Ready to travel to gain hands-on experience with new networking and infrastructure tools? Tech conferences – in person and virtual – give attendees a chance to access product demos…
Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks worked. Weird r…
Researchers have uncovered a malware framework dubbed "fast16" that predates Stuxnet by five years.
Some fear frontier LLMs like Claude Mythos and OpenAI's GPT-5.5 will lead to cybersecurity annihilation. Ari Herbert-Voss notes this could be an opportunity.
Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of…
A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September…
Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing c…
Sent by a Spanish diplomat. Apparently people have been working on it since it was rediscovered in 1860.
Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending internati…
Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran's nuclear program by destroying uraniu…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series r…
Meta is continuing its compute grab as the agentic AI race accelerates to a sprint. Today, the company announced a partnership with Amazon Web Services (AWS) that will bring “te…
People targeted by confidence schemes find getting help is a lonely road. Experts want law enforcement, financial, and government institutions to work together and protect them.