Custom PC worked in the lab, failed on site – and so did the angry client
It's amazing what happens when you plug everything in
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
Lax extension permissions and improper trust implementation allow attackers to inject prompts in the Claude Chrome extension. The post Vulnerability in Claude Extension for Chrome …
Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks
CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code. The post Ivanti Patches EPMM Zero-Day Exploited in Target…
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel. Dubbed Dirty Frag, it has been described as a successor to Co…
Cloudflare to fire 1,100 staff whose jobs just aren’t AI enough
Around 20 percent of staff get an ‘In one hour, you might not work here anymore’ email
Canvas Breach Disrupts Schools & Colleges Nationwide
An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the Uni…
AWS warns of EC2 'impairment' as power loss hits notorious US-EAST-1 region
Extra aircon found to cool overheating datacenter as users complain their resources are... nowhere
HPE drops first Juniper x Aruba collab – self-driving Wi-Fi
NetAdmins can stay in the loop while they learn to trust AI to tackle some scutwork
GNU IFUNC is the real culprit behind CVE-2024-3094
Article URL: https://github.com/robertdfrench/ifuncd-up Comments URL: https://news.ycombinator.com/item?id=48056749 Points: 132 # Comments: 69
Mozilla boasts Mythos boosted Firefox bug cull
Yet it remains unclear if Anthropic's uber model was effective, or if better model middleware is what makes the difference
Canvas login portals hacked in mass ShinyHunters extortion campaign
The ShinyHunters extortion gang has breached education technology giant Instructure again, this time exploiting another vulnerability to deface Canvas login portals for hundreds of…
Dyna Software's AI assistant promises to massage your toughest ServiceNow configs
The tool is meant to take the place of 80% of the work that requires ServiceNow dev teams
New TCLBanker malware self-spreads over WhatsApp and Outlook
A new trojan named TCLBanker, which targets 59 banking, fintech, and cryptocurrency platforms, uses a trojanized MSI installer for Logitech AI Prompt Builder to infect systems. [..…
After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
PCPJack makes innovative use of parquet files for stealthy, pre-validated target discovery as it canvasses multiple cloud environments.
Fake IT workers rented laptops to Nork scammers, got prison time
Matthew Isaac Knoot and Erick Ntekereze Prince will each do 18 months for hosting laptops used by North Korean IT workers to remotely infiltrate US companies
Anthropic response to 1-click pwn: Shouldn't have clicked 'ok'
Security biz Adversa AI argues users of AI tools need clearer warnings
LIU014: Linda Haviv: From Philosophy Major to AI Engineer
Alexis and Kevin sit down with Linda Haviv, an AI/ML Engineer and founder of Coding Crystals. Linda is known for making AI infrastructure accessible, and for a career path that wen…
Worries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s Leaders
Musk said that he could have founded OpenAI as a for-profit company, just like the other companies he started or took over. “I deliberately chose this,” he said, “for the public go…
New PCPJack worm steals credentials, cleans TeamPCP infections
A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing TeamPCP's access to the systems. [...]
Gluware’s Titan rises to meet Mythos network vulnerability challenge
Anthropic’s Claude Mythos Preview, released earlier this year, showed that AI systems could identify and probe network vulnerabilities at a speed that traditional patch management …
Australia warns of ClickFix attacks pushing Vidar Stealer malware
The Australian Cyber Security Center (ACSC) is warning organizations of an ongoing malware campaign using the ClickFix social engineering technique to distribute the Vidar Stealer…
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973…
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to Team…
AMD launches AI-targeted PCIe cards for current servers
AMD has launched the latest in its Instinct enterprise GPU accelerators, the MI350, which are designed to fit the data center infrastructure customers already own. Targeted at a…
Has CISA Finally Found Its New Leader in Tom Parker?
Dark Reading investigates rumors that Tom Parker, a board room "operator" and longtime cyber exec, could be next in line to take over CISA.
60% of MD5 password hashes are crackable in under an hour
Happy World Password Day! Maybe it's finally time to kill this holiday in favor of World No-More-Passwords Day?
IBM Cloud evaporates as datacenter loses power
Customers say services were down for at least 4 hours, while status page showed no issues
Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking
The cybersecurity firm has not explicitly accused China of being behind the attack, but the evidence suggests it was. The post Palo Alto Zero-Day Exploited in Campaign Bearing Hal…
Ivanti warns of new EPMM flaw exploited in zero-day attacks
Ivanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. [...]
$250M crypto-robbing gang’s dirty work guy sentenced to 6.5 years behind bars
The then-teen was told to break in and steal what the keyboard warriors couldn’t