Aggregated from vendor advisories, security research, and industry publications.
A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of the control
Take a Network Break! There’s a Red Alert for Apache Polaris with four CVEs that could enable unauthorized read/write access. On the news front, Lumen is spending $475 million in c…
Team8, Index Ventures, Picture Capital, Elad Gil, Cerca Partners, and Tesonet invested in Frame Security. The post Frame Security Emerges From Stealth With $50M for Awareness and T…
Dull but important … so, a bit like Debian itself, really
Cisco (Nasdaq:CSCO) is the dominant vendor in enterprise networking, and under CEO Chuck Robbins, it continues to shake things up. Cisco’s momentum is accelerating across multiple …
After all that hype, AI scanner found one low-severity cURL flaw
Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, markin…
Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login portals and leave an extortion message. [...]
The privilege escalation vulnerability, which is similar to other Linux flaws like Copy Fail and Dirty Pipe, may already be under limited exploitation.
Debian 14 plans to ax Gtk2 – and hard pruning stimulates fresh growth
Customers urged to keep an eye out for phisherfolk
JIT compiler much improved, but no reinstatement for leaky incremental garbage collector
Rather than scanning code alone, Build Application Firewalls inspect runtime behavior inside the software build pipeline. The post Build Application Firewalls Aim to Stop the Next …
Resetting a password doesn't always remove attackers from Active Directory. Specops Software explains how cached credentials and Kerberos tickets can keep attackers authenticated a…
GTIG says AI-powered hacking has moved well beyond phishing emails and chatbot tricks
Tech investment giant wants batteries for its own AI datacenters, and lots of them
Dubai-founded OTT Cybersecurity LLC also unveils the Agent Trust Protocol (ATP), the first open cryptographic standard for AI agent identity, scope, and action verification — slate…
The zero-day was designed to bypass 2FA and it was developed by a prominent cybercrime group. The post Google Detects First AI-Generated Zero-Day Exploit appeared first on Security…
Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web administration tool was likely generated using AI. [...]
Cyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestrate complex attacks.
Utility provider failed to detect Cl0p ransomware attack for nearly two years
Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should…
This upcoming webinar explores how organizations need to combine security, backups, and recovery planning to reduce the impact of modern cyberattacks. [...]
Cybercrooks ruin engineers' weekends with Saturday attack
The campaign quietly compromises aerospace and drone operators to exfiltrate GIS files, terrain models, and GPS data and gain a clear picture of adversaries' world view.
Using a vulnerability in the portal, hackers accessed names, addresses, email addresses, and phone numbers. The post Skoda Data Breach Hits Online Shop Customers appeared first on …
Katalyst's LINK spacecraft clears Goddard tests before Pegasus rocket integration
Defending a network at 2 am looks a lot like this: an analyst copy-pasting a hash from a PDF into a SIEM query. A red team script is being rewritten by hand so the blue team can us…
The company topped revenue and earnings forecasts for the first quarter of 2026, but its shares plunged more than 20%. The post Cloudflare Lays Off 1,100 Employees in AI-Driven Res…
Instead of waiting for patch cycles, admins could simply shut down vulnerable functions before attackers get there