4 Critical Threats Where Attackers Have the Advantage
Gartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections.
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Credit card theft campaign abuses Stripe to host stolen payment info
A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. [...]
Microsoft makes Linux developers feel more at home in Windows with Coreutils release
Microsoft has announced Coreutils, a new Windows 11 feature that allows developers to run many popular Linux command line utilities natively on Windows from a single binary. Rev…
Anthropic's open-source framework for AI-powered vulnerability discovery
Article URL: https://github.com/anthropics/defending-code-reference-harness Comments URL: https://news.ycombinator.com/item?id=48403980 Points: 539 # Comments: 142
AMD ships second-gen Versal Prime accelerators
AMD has added three new chips to its Versal Prime series lineup, which is designed for space-constrained applications. AMD began shipping the first production units of the Versa…
OpenAI's agent chained decade-old DoS attacks to crash web servers in seconds
Codex drops an HTTP/2 Bomb
DentaQuest data breach exposed info of 2.6 million accounts
A data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts. [...]
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked…
AI heavyweights warn their tech could help terrorists develop bioweapons
Scientists and industry leaders push for mandatory DNA synthesis screening
UN food agency discloses breach affecting 600,000 Gaza households
The United Nations' World Food Programme (WFP), the world's largest humanitarian organization, revealed over the weekend that its self-registration application (SRA) for Palestine …
Benevolent dictator Zuck will give Meta staff 30-minute breaks from keylogging privacy assault
Tech biz teaching AI to use computers by slurping staff activity
LIU016: Michael Keith Lewis: The Network Behind the Show
Today’s guest takes us behind the scenes of modern concert venues, which rely on wired and wireless IP networking. Michael Keith Lewis is a front-of-house engineer, tour manager, a…
AMD takes a third of server CPU market as shipments grow
Intel still owns the room, but Epyc keeps nicking the furniture
New IronWorm malware hits 36 packages in npm supply-chain attack
A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. [...]
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a singl…
Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It
Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic's C…
Offroad Emerges From Stealth With $7 Million to Tackle Enterprise Identity Risk
As AI agents, machine identities, and third-party applications multiply across enterprises, Offroad is betting autonomous security agents can restore control over an increasingly u…
Webinar Today: Third-Party Risk in Practice – Where Programs Break Down and How to Respond
Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. The post Web…
Willow Raises $7 Million for Securing Autonomous AI Agents
Willow (formerly Webrix) emerged from stealth mode with an access platform designed to secure enterprise AI agents. The post Willow Raises $7 Million for Securing Autonomous AI Age…
Bugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs
Organizations are growing serious about which nation's rules apply to their data. Experts point to geopolitical tensions as a main contributing factor.
Hackers Are After the Gaps in Your Vulnerability Program: Here's Their Playbook
Threat actors are actively teaching newcomers how to find, exploit, and profit from vulnerable systems. Flare explores what a popular underground hacking tutorial reveals about mod…
ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories
It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weir…
'Please do not vibe f--- up this software': Broken backups spark AI coding row in rsync project
Users probe backup failures find Claude-assisted commits. Veteran engineer retorts: "I did not just vibe-code 'convert test suite to python'."
Microsoft blames unexpected Windows driver updates on caching issue
On Wednesday, Microsoft fixed an issue that caused some Windows devices to install driver updates without notice despite policies configured to prevent auto-updates. [...]
CompTIA debuts AutoOps+ certification
CompTIA has launched AutoOps+, a new certification and training program that the organization says will validate the automation, scripting, infrastructure management, and DevOps sk…
Intel's mysterious new datacenter GPU is what Nvidia's Rubin CPX nearly was
Nvidia's prefill accelerator was shelved, but Chipzilla's Crescent Island could fill the void
Gemini Voice Assistant Hijacked via Messaging Notifications
Attackers could have triggered dangerous actions, including controlling smart home devices via Google Home and starting Zoom video calls. The post Gemini Voice Assistant Hijacked v…
Palantir wins £9M contract to run UK firearms licensing: CIA-backed biz to hold gun, bomb, and poison records
Pips Accenture and NEC to bag decade-long deal for cops across England, Wales, and beyond
Police dismantles fake ID marketplace used by migrant smugglers
French and Spanish authorities took down an online marketplace selling fake identity documents to migrant smuggling rings operating within the European Union. [...]
China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa
A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts …