Aggregated from vendor advisories, security research, and industry publications.
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of "Sicoob.Sdk" contain functionality to exfiltrate sensitive information, including PFX certificates that are used to
Estonian academic fingers mobile tower-mounted devices as Kremlin tries to swat Ukrainian forces
The ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking the U.S. telecom giant Charter Communications in early April, according to data b…
The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corpora…
Anthropic has confirmed that it plans to bring Mythos-class models to the general public after delaying the rollout due to security risks to public and private software. [...]
The future of cybersecurity is germinating, as nation-states vie for dominance in the embodied AI market and its supply chain.
A likely Russian threat cluster tracked as GreyVibe has been targeting Ukrainian entities with AI-generated lures and a rich set of custom malware tools. [...]
Lawmakers push DoD to tighten smartphone controls after adversaries exploited commercial tracking data
An Android remote access trojan named BTMOB is offered to cybercriminals with a builder interface for generating malware payloads tailored to phishing lures. [...]
Six 0-days, three under active exploitation, more to come on July 14?
It is the database titan’s sixth acquisition announcement since June 2025
.png?width=720&quality=80&disable=upscale){kind=logo}
Today’s conversation centers around a new Best Current Practices (BCP) RFC draft written by Jordi Palet Martinez. Our hosts explore the document for service providers and enterpris…
The FBI is warning of fake websites impersonating FIFA ahead of the 2026 World Cup, to steal personal and financial information, sell fake tickets and hospitality packages, and pus…
Dutch law enforcement seized 800 servers and arrested two operators of THE.Hosting but left the hosting provider's core IP address space intact.
Chocolate Factory shifts Tensor Processing Unit Ubuntu support back upstream
Researchers warn GreyVibe’s extensive use of ChatGPT, Gemini, and other AI tools offers a glimpse into how future cybercriminal and state-aligned groups will operate. The post Russ…
In the previous episode of N is for Networking, Jennifer “JJ” Jabbusch gave us a thorough overview of Network Access Control (NAC) for wired networks. This week we’re going wireles…
Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer calle…
A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certa…
The funding round was led by Balderton Capital, with additional support from Crosspoint Capital and previous investors General Catalyst and Ten Eleven Ventures. The post Geordie Ra…
May security update trips over hostnames of a very specific length
Get the balance right, Grundfos says, and the region will be a shining example of how to do it without sacrificing the environment
AI agents aren't black boxes — they're models interacting with software tools. The risk lies in their overlap.
Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver a credential-stealing ma…
Andrew Kelley interview describes paying monthly for cloud-powered AI coding as an 'insane proposition'
Data breach leaves nearly 6 million Carnival customers navigating identity theft risks. The post Carnival Data Breach Exposed 6 Million People appeared first on SecurityWeek.
An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. [...]
Refresh cycle sluggishness is a tailwind, insists PC giant's money people