Content Delivery Exploit Opens Websites to Brand Hijacking
The Underminr domain-fronting attack allows threat actors to modify Web requests and leverage trusted websites to cloak malicious activity.
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Gemini accused of 30,000-line code purge and fake recovery report
Developer: AI coding agent broke production and generated fictitious post-mortem paperwork after the rollback
Forward launches Predict to take the guesswork out of network changes
Forward (formerly Forward Networks) has been building out technology for a decade to help enterprises better understand their network traffic. In January, the company launched an a…
Minecraft-streaming gran swatted while raising cash for grandson's cancer care
Sue Jacquot said she had a great time, despite the rude awakening
Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach
Leakage blamed on treacherous friends exposed unencrypted credentials, email addresses
Cisco Patches Critical Vulnerability in Secure Workload
Insufficient validation and authentication in the Secure Workload’s REST APIs provide remote attackers with Site Admin privileges. The post Cisco Patches Critical Vulnerability in …
Vivaldi 8 polishes the chrome without coating it in AI
Unified UI revamp gives browser a cleaner look while rivals keep wedging assistants into the web
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: a…
Ocean Emerges From Stealth With $28M for Agentic Email Security Platform
The company has developed a platform that uses specialized AI agents to inspect every incoming message. The post Ocean Emerges From Stealth With $28M for Agentic Email Security Pla…
Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw
Switchzilla says attackers could access sensitive data and make configuration changes across tenant boundaries through vulnerable internal APIs
Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention
The company blocked over 1.1 billion accounts and $2.2 billion in potentially fraudulent transactions. The post Apple Rejected 2 Million App Store Submissions in 2025 for Security …
Flipper One project needs community help to build open Linux platform
Flipper Devices, the maker of the Flipper Zero pentesting tool, is asking the community to help build Flipper One, an open Linux platform for connected devices. [...]
Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution. The post Drupal Patches Highly Critical Vulnerabi…
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091,…
Apple adds AI smarts to Voice Control, VoiceOver and Magnifier ahead of Accessibility Day
Natural language commands and better image descriptions but Mac users and dictation fans may still be waiting
Socket Raises $60 Million at $1 Billion Valuation
The company will invest in its firewall, certified patches, protection extensions, new products, and team expansion. The post Socket Raises $60 Million at $1 Billion Valuation appe…
Microsoft storms RAMPART, adds Clarity to agentic AI safety
Redmond open sources two tools for building and maintaining safer agents
When Identity is the Attack Path
Consider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS …
Think tank to UK government: You can't build the future on systems from the past
Legacy IT is getting worse, not better, and could trip up Whitehall's shiny digital plans, report warns
Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
The bugs could be exploited to elevate privileges to System or create a denial-of-service (DoS) condition. The post Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Da…
Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI
More than 200 vulnerabilities patched in recent Chrome releases are marked as ‘reported by Google’. The post Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI …
UK.gov hikes health AI tender by 400% – and hundreds of millions – after a chat with suppliers
Maximum framework value sky-rockets from £150M to £600M after 'an extensive intelligence gathering exercise'
UK’s Education Committee: Social media ban a must to save children’s mental health
Committee says tech companies are failing children and cannot be trusted to self-regulate
Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility
New vulnerabilities are being discovered too fast, the time-to-exploitation is too short, and our visibility into them is largely lacking. The post Supply Chain Security Crisis: To…
Shifting Budget Dynamics for Identity Security and AI Agents
AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent ide…
Microsoft warns of new Defender zero-days exploited in attacks
On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. [...]
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS…
Zombie user account let hackers control the city’s water
Failing to disable a former employee’s account was a huge mistake
GitHub links repo breach to TanStack npm supply-chain attack
GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm …
Open Compute urges local government to bask in the warm glow of excess datacenter heat
Org that represents Meta, Google and Microsoft plans more heat reuse guidelines as debate over bit barn social license burns red hot