Northern Ireland cops issue PSA after official phone number spoofed by scammers
If you’re going to impersonate an officer, perhaps choose a more sophisticated way to nick cash than asking for gift cards…
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
How Leading Organizations Are Turning EDR Into Operational Resilience
Most organizations now recognize that endpoint protection alone is no longer sufficient. That's why adoption of endpoint detection and response (EDR) has accelerated rapidly in re…
Peter Mandelson invited UK PM to meet Palantir's Thiel
Britain's former US ambassador founded lobbyist that represented spy-tech firm, saw it win big roles in UK defense, health tech
Supply Chain Attack Hits 32 Red Hat NPM Packages
Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud. The post Supply Chain Attack Hits 32 Red Hat NPM Packages appe…
Intel and pals cram 36,864 CPU cores into a 100kW rack while chasing the agentic AI dragon
Meanwhile, Intel and SambaNova's disaggregated inference blueprint lands its first customer
Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT
Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan's Ministry of Finance w…
Satellite phone dreams orbit reality as direct-to-cell usage set to underwhelm
Nice technology, shame about the price and the indoor blackouts
Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads
Dashlane’s security systems automatically locked accounts to protect them against the hacking attempts. The post Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downlo…
Oracle’s First Monthly Patches Resolve 77 Vulnerabilities
Oracle’s monthly Critical Security Patch Update (CSPU) rollouts are meant to deliver critical fixes faster. The post Oracle’s First Monthly Patches Resolve 77 Vulnerabilities appea…
Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded
Password manager Dashlane has disclosed that "fewer than" 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched b…
FTC broadens Microsoft probe to cloud, AI, and software bundling
Microsoft continues to face scrutiny over its alleged antitrust practices, with new details coming to light about what, exactly, the federal government is investigating about the t…
Angry devs vow to flee GitHub Copilot as metered billing takes hold
'16% of my monthly Pro+ allowance. Gone. For basically nothing'
Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks
A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. [...]
Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week
TeamPCP? Or copycat malware dev?
Red Hat npm packages compromised to steal developer credentials
More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-s…
Spain arrests doxer leaking sensitive data of govt employees
The Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity…
Anthropic to Open Mythos AI to EU's ENISA
The European security agency's entry to Project Glasswing is the result of "strong bilateral cooperation" between the European Commission and Anthropic.
Election interlopers register 5K+ domains, hope to catch some voting phish
Hacking voting machines is so 2017. Phishing, impersonation pose the real election risks
Can Chinese memory maker CXMT help relieve the memory shortage?
As the DRAM shortage continues with no end in sight, China-based ChangXing Memory Technologies (CXMT) is taking advantage of an opportunity to grow its base. Until now, CXMT has…
Microsoft's Zero-Day Legal Threats Spark Backlash
After a disgruntled security researcher published several zero-day exploits in recent weeks, Microsoft seemingly indicated criminal charges were in order.
Broadcom, Samsung team for wireless SoC
Broadcom and Samsung Electronics are collaborating on a new, broadband-optimized reference platform for the global fixed wireless access (FWA) market, integrating Broadcom’s Wi-Fi …
WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites
The security defect (CVE-2026-8732) allows unauthenticated attackers to create administrative accounts on the affected installations. The post WP Maps Pro Vulnerability Exploited t…
Dashlane password manager users locked out by brute force attacks
Multiple Dashlane users have been locked out of their accounts following brute-force attacks that attempted logins from distant locations and unknown devices. [...]
Anthropic, now atop the AI bubble, files for its IPO
First it tops OpenAI's valuation, then it beats Altman to the IPO punch
Dutch Police Dismantle Massive 17-Million-Device Botnet
Dutch authorities seized command-and-control servers tied to a botnet of infected computers, smartphones, and tablets that was allegedly used to power a residential proxy network a…
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and d…
NB577: Cisco Brings SONiC to N9000 Switches; Broadcom Debuts Wi-Fi 8 SoCs for Consumer Routers
Take a Network Break! We start with listener followup and a red alert affecting ScadaBR, an open source SCADA controller. On the news front, Forward adds predictive testing to its…
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, a…
WordPress malware campaign hides payloads in Steam profiles
Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data. [...]
Vulnerability Disclosure in the Age of AI
New article: “Responsible Disclosure in the Age of AI: A Call for Urgent Action,” by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally reshaping the balance betw…