Aggregated from vendor advisories, security research, and industry publications.
OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. "Daybreak combines the intelligence of OpenAI models, the extensibility of Codex as an agentic harness, and our partners across
CVSSv3 Score: 2.1 A Missing Authorization [CWE-862] in FortiClient Windows may allow an authenticated local attacker to decrypt a currently logged in users VPN password via u…
CVSSv3 Score: 8.3 An Out-Of-Bounds Write vulnerability [CWE-787] in FortiOS capwap daemon may allow an attacker controlling an authenticated FortiAP FortiExtender or FortiSwi…
CVSSv3 Score: 6.1 An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] in FortiAP, FortiAP-U & FortiAP-W2 CLI …
CVSSv3 Score: 5.0 An improper export of Android application components [CWE-926] in FortiTokenAndroid may allow other applications on the device to read the OTP code via an e…
Fears exponential increase in attack scale and speed
Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a "cross-industry effort" to repl…
Critics are not convinced this plan to add an ‘area code’ based on ASNs has much merit
Code hosting biz is trimming its global footprint and flattening its management layer
Linux server admins may get the ability to turn off a vulnerable function in the OS kernel until a patch for a zero-day vulnerability is ready, if a proposal from a kernel develope…
Orbital compute platform, which launched on a mission to the ISS last year, gets an immutable upgrade alongside refreshed container images
Join us to learn how to architect a development environment where your builders and their agents can move fast and securely.
Analyst says modernizing applications is probably a better use of your time than hypervisor migration
UPDATED: Sorry, kids, everything's back up so get to work on your new assignment - An essay on the ethics of paying ransoms, because it looks like that's what happened here
California Attorney General Rob Bonta announced a proposed $12.75 million settlement agreement with General Motors (GM) over allegations that the company violated the California Co…
Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace. [...]
A security researcher has released a proof-of-concept tool named GhostLock that demonstrates how a legitimate Windows file API can be abused in attacks to block access to files sto…
U.S. tech employment regained momentum in April, with job postings reaching a three-year high and tech hiring swinging back into positive territory, according to new data from Comp…
The Federal Communications Commission eased some restrictions and pushed back deadlines for foreign router manufacturers, but the ban is still in place.
Inspired by TempleOS, this terminal emulator is just about as bonkers
An intern who failed this much would be shown the door
New IElevator2 COM interface? No problem
Security controls can do only so much. Here are four attacks where your employees are usually your first, and only, line of cyber defense.
HPE has rolled out a new enterprise memory server built for complex business workloads, compute-heavy systems, and emerging agentic AI workloads. The HPE Compute Scale-up Server…
As part of Dark Reading's 20th anniversary special coverage, we profile the CISOs, founders, researchers, criminals, and policymakers who rewrote the enterprise risk playbook.
The PCI-SIG consortium announced PCIe 7.0 nearly four years ago and no products supporting it have come to market yet, but the standards body is going forward with the first draft …
By which we mean it bought someone else's with other people's money
Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. "If you are using Checkmarx Jenkins AST plugin, you need to ensu…
A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environ…
Take a Network Break! There’s a Red Alert for Apache Polaris with four CVEs that could enable unauthorized read/write access. On the news front, Lumen is spending $475 million in c…