Aggregated from vendor advisories, security research, and industry publications.
Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and deliver email. The vulnerability, tracked as CVE-2026-45185 (CVSS score: 9.8), aka Dead.Letter, has been described as a
While none of the flaws have been exploited in the wild, many of them could lead to arbitrary code execution. The post Adobe Patches 52 Vulnerabilities in 10 Products appeared firs…
Instructure CEO Steve Daly's got some explaining to do
ThreatLocker takes an opinionated approach to Zero Trust. The company, our sponsor for today’s episode, starts with application control. It uses endpoint software that runs on PCs …
After guilty pleas, prison terms, and seizures, the DOJ has opened the compensation process
The startup will invest in accelerating product development, hiring new talent, and expanding its customer base. The post White Circle Raises $11 Million for AI Control Platform ap…
Guest Nick Turner joins Keith to discuss the technicalities of Wi-Fi validation survey file structures. Nick has spent a lot of time deep in the weeds of .ESX files, and he’s here …
Traffic patterns are shifting, agent deployments are multiplying, and cloud environments keep expanding. The point tools enterprises use to manage each layer are not keeping pace. …
Volume and sensitivity of the data cited as chief concerns
RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack." "…
Threat actors obtained names and contact information for an unspecified number of BWH Hotels guests. The post BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months a…
Red Hat on Tuesday opened its Ansible Automation Platform to AI agents while adding new controls intended to keep them under tight control. The company made its Model Context Proto…
Launch of Musk's monster rocket could be in May
A tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model's outputs and exfiltrate data.
CRPx0 is a complex, stealthy malware campaign that targets macOS and Windows systems, and appears to have Linux capabilities in development. The post Free OnlyFans Lure Used to Spr…
Former franchise operators claim telco unfairly cut commission and other payments
The company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a cyberattack that created chaos for students, many o…
Tech firm's employees can get an 'admin' role letting them into the National Data Integration Tenant... and its identifiable information
The company took systems offline globally after hackers exfiltrated data and deployed file-encrypting ransomware. The post West Pharmaceutical Services Hit by Disruptive Ransomware…
Think tank warns outsider access to powerful models is governed by patchy controls and a hope nobody dangerous gets in
Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2). The new variant, observed …
The tech giant has also ported the patch for a recent deleted chats recovery issue to older versions of iOS. The post Apple Patches Dozens of Vulnerabilities in macOS, iOS appeared…
The flaws could allow attackers to inject malicious code, leading to information disclosure and code execution. The post SAP Patches Critical S/4HANA, Commerce Vulnerabilities appe…
Understanding that enterprise migrations can be structurally complicated, costly, and constrained in certain environments, many software and cloud providers offer extended maintena…
Red Hat is attempting to reposition sovereignty from a compliance issue for European companies to a global strategic priority for enterprises, including US firms, who want more con…
Six-minute supply chain blitz pushed 84 malicious versions with credential theft and disk-wiping code
Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn't always alert volume; it's the blind spots. The most dange…
Mozilla claims the Digital Markets Act delivered lasting bump, invites Britain to do similar
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. [...]
Curl’s lead developer says Mythos claims are marketing, but many in the industry believe the results stem from Curl’s robust security. The post Claude Mythos Finds Only One Curl Vu…