Helping Romance Scam Victims Requires a Proactive, Empathic Approach
People targeted by confidence schemes find getting help is a lonely road. Experts want law enforcement, financial, and government institutions to work together and protect them.
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Friday Squid Blogging: How Squid Survived Extinction Events
Science news: Scientists have finally cracked a long-standing mystery about squid and cuttlefish evolution by analyzing newly sequenced genomes alongside global datasets. The resea…
TNO061: Networking Theory and Practice; Networking in the Classroom Today
Scott Robohn sits down with Andy Smith, a distinguished engineer with Arrcus Networks, where he and his team work to advance networking with modern software and new architectures. …
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance (…
HN824: That’s Not a Job for an LLM: The Right Way to Apply AI to Network Operations (Sponsored)
On today’s sponsored Heavy Networking, we get off the AI hype train to talk about how different artificial intelligence techniques usefully impact network operations—and where they…
US Busts Myanmar Ring Targeting US Citizens in Financial Fraud
Some 29 people were charged, including a Cambodian senator, and authorities seized more than 500 Web domains tied to fake investment sites.
Cirrascale to offer on-prem Google Gemini models
Cirrascale Cloud Services has announced it will make artificial intelligence models available for on-premise use through Google Distributed Cloud, a move aimed at organizations tha…
Glasswing Secured the Code. The Rest of Your Stack Is Still on You
Forgotten integrations, shadow IT, SaaS, and now shadow AI and agents are everywhere, and attackers don't need sophisticated AI models to take advantage.
NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of a s…
Space data-center news: Roundup of extraterrestrial AI endeavors
If you look away from the orbital data center beat, you could miss a lot. Fortunately, I’m a bit obsessed with the whole space thing. Multiple companies continue to make space-rela…
AI Phishing Is No. 1 With a Bullet for Cyberattackers
In the past six months, companies have seen a significant influx of AI-powered phishing, as cyberattackers progress from small campaigns to 1-to-1 personalized attacks.
North Korea's Lazarus Targets macOS Users via ClickFix
Lazarus continues leveraging ClickFix for initial access and data theft: in this case, against Mac-centric organizations and their high-value leaders.
Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine
The AI Agent Authority Gap - From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security, but the problem is …
26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases
Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and…
Hiding Bluetooth Trackers in Mail
It was used to track a Dutch naval ship: Dutch journalist Just Vervaart, working for regional media network Omroep Gelderland, followed the directions posted on the Dutch governmen…
Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2
Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimat…
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving large language models (LLMs), has come under active exploitation in the wi…
Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia
The threat actor gave itself plenty of options to support command and control, tapping Microsoft Outlook, Slack, Discord, and file.io for online espionage.
Tropic Trooper APT Takes Aim at Home Routers, Japanese Targets
The Chinese state-sponsored cyber threat is known for moving fast and trying odd attack vectors; now it's branching out in tools, victimology, and TTPs.
China-Backed Hackers Are Industrializing Botnets
China's state-backed groups are now using covert networks of compromised devices to execute attacks in a low-cost, low-risk, and deniable way.
LIU013: The Engineer Who Built a Business to Fund a Mission
Ray Cline has been in the tech trenches since he was twelve years old, helping his Dad run a bulletin board service. Today he runs an MSP called Libertas Consulting and leads a non…
UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware
A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on c…
Bad Memories Still Haunt AI Agents
Cisco found and fixed a significant vulnerability in the way Anthropic handles memories, but experts warn that mishandled memory files will continue to threaten AI systems.
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Bitwarden CLI, the command-line interface for the password manager Bitwarden, has reportedly been compromised as part of a newly discovered and ongoing Checkmarx supply chain campa…
ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories
You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The sup…
[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed
Imagine a world where hackers don't sleep, don't take breaks, and find weak spots in your systems instantly. Well, that world is already here. Thanks to AI, attackers are now launc…
Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?
Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public re…
FBI Extracts Deleted Signal Messages from iPhone Notification Database
404 Media reports (alternate site): The FBI was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because c…
'Zealot' Shows What AI's Capable of in Staged Cloud Attack
The proof of concept revealed AI-based attacks unfold too fast for human defenders to respond, and that AI evinced more autonomous behavior than expected.
China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors
Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (APT) group tracked as GopherWhisper. "The grou…