Aggregated from vendor advisories, security research, and industry publications.
Bitwarden CLI, the command-line interface for the password manager Bitwarden, has reportedly been compromised as part of a newly discovered and ongoing Checkmarx supply chain campaign, according to findings from JFrog and Socket. "The affected package version appears to be @bitwarden/cli@2026.4.0, and the malicious code was published in 'bw1.js,' a file included in the package contents," the
You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The sup…
Imagine a world where hackers don't sleep, don't take breaks, and find weak spots in your systems instantly. Well, that world is already here. Thanks to AI, attackers are now launc…
Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public re…
404 Media reports (alternate site): The FBI was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because c…
The proof of concept revealed AI-based attacks unfold too fast for human defenders to respond, and that AI evinced more autonomous behavior than expected.
Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (APT) group tracked as GopherWhisper. "The grou…
Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to …
Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The vulnerability, track…
The volume of cyberattacks targeting Africa declined in the past year, with weekly attacks down 22%, as attackers seemingly shifted their focus to other regions.
Hackpocalypse deferred
Not nearly as polite as the name suggests, the ransomware gang has impressed researchers with its speed in scaling up operations — and its sophistication.
Eyvonne Sharp and William Collins speak with Sif Baksh, Principal Solutions Architect at Tines, to discuss the power of automation. Sif shares some personal stories of how he has b…
Eric Chou is joined by Ashwin Joshi, a Senior Solutions Engineer at Keysight Technologies, to discuss the rapidly increasing demands that AI places on modern networks. They break d…
A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other malware.
IT has long been concerned with ensuring systems receive the right amount of electricity. Cyberattackers are realizing they can manipulate voltage fluctuations for their purposes, …
Good news for future missions as initial findings agree with agency's design decision
ICE has admitted that it uses spyware from the Israeli company Graphite.
A cautionary tale illustrates why the person negotiating should never be involved with any part of the ransom payment process.
Three proof-of-concept exploits are being used in active attacks against Microsoft's built-in security platform; two are unpatched.
For decades, network and security professionals have adapted to technology change in a piecemeal fashion: a new rule here, an upgrade there, a new product deployment over yonder. O…
Still only a tiny slice of mobile activity overall
The critical remote code execution flaw (CVE-2026-1731) in the remote monitoring and management tool can be exploited to spread ransomware and compromise supply chains.
Your enterprise better have a cybersecurity strategy for AI. But where to start? Everywhere! Securing AI means securing all the AI layers and throughout the lifecycle: data, model,…
_NicoElNino_Alamy.png?width=1280&auto=webp&quality=80&disable=upscale)
The prompt-injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execution.
A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert …
One of two second stage engines misbehaved, administration must sign off report before flights resume
China is spying on India's financial sector, for some reason, and it's not putting much effort into it, judging by some stale TTPs.
Grupo Seguritech is a Mexican surveillance company that is expanding into the US.
Dud contracts, proprietary designs, and zero-experience supplier make for quite the mess