Why Security Leadership Makes or Breaks a Pen Test
Well-run security drills go beyond checking audit boxes to identifying and addressing trouble spots. Effective leaders ensure proper scope, access, and follow-through, but it's not easy.
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Anthropic wants Claude to play with money, unleashes finance agents
Always bet on backpropagation If you've ever read Anthropic's disclaimer that responses generated by Claude may contain mistakes and thought, "That's what I need to spice up financ…
HW077: The Lean Network Team: Real-World Lessons in Automating a Wireless Network (Sponsored)
In this sponsored episode, brought to you by Cisco, Keith sits down with Mark Rodrigue of Room & Board and Dan Davis of Cisco. They discuss Room & Board’s network and how their thr…
DAEMON Tools trojanized in supply-chain attack to deploy backdoor
Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. […
PP108: How to Build and Sustain a Successful Zero Trust Project
In theory, a zero trust initiative seems straightforward: you just need the right tools and maybe some whiteboard sessions to work out the architecture. In practice, our guests not…
HS131: Cybersecurity Strategy: Defending Against AI
Enterprise strategists need to worry about securing their environments against AI-powered attacks. John and Johna discuss what cybersecurity and IT leaders need to consider in deve…
Student hacked Taiwan high-speed rail to trigger emergency brakes
A 23-year-old university student in Taiwan was arrested for interfering with the TETRA communication system used by the country's high-speed railway network (THSR). [...]
IBM asks DBAs to trust AI to act on their behalf
With help from Google and Intel, Big Blue brings new automation to Db2
IBM asks DBAs to trust AI to act on their behalf
With help from Google and Intel, Big Blue brings new automation to Db2 IBM has added support for Google Vertex AI and Intel Gaudi to boost the AI-based management of its stalwart D…
ServiceNow clears agents for landing with new AI control tower
ServiceNow acquisitions Veza and Traceloop join to monitor agents and AI workflows
ServiceNow clears agents for landing with new AI control tower
ServiceNow acquisitions Veza and Traceloop join to monitor agents and AI workflows ServiceNow announced an expansion of its AI Control Tower, transforming what began last year as a…
DIY mystery box will wow your friends by hinting at what the ionosphere is up to
A rough guide to when your signal will behave, or not
DIY mystery box will wow your friends by hinting at what the ionosphere is up to
A rough guide to when your signal will behave, or not Shortwave radio enthusiasts are sure to know the problem: You're trying to tune in to your favorite global broadcast only to f…
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could poten…
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky. "These ins…
Attackers are cashing in on fresh 'CopyFail' Linux flaw
Researchers dropped a reliable root exploit and it didn’t sit idle for long
Attackers are cashing in on fresh 'CopyFail' Linux flaw
Researchers dropped a reliable root exploit and it didn’t sit idle for long CISA is warning that a newly-disclosed Linux kernel bug dubbed "CopyFail" is already being exploited, ju…
Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk
A proof-of-concept exploit (PoC) shows how someone with admin privileges can exploit the issue to steal passwords, and thus use them to engage in further malicious activity.
Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations
The malicious emails claim to contain a conduct report and lure victims to a Microsoft phishing website that leverages AitM. The post Microsoft Warns of Sophisticated Phishing Camp…
FTC to ban data broker Kochava from selling Americans’ location data
The FTC will ban data broker Kochava and its subsidiary, Collective Data Solutions (CDS), from selling location data without consumers' explicit consent to settle charges alleging …
More missions, less money, higher risk: NASA's back to the '90s playbook
Faster, better, cheaper is back and history suggests you can't get all three at the same time OPINION NASA's budget and its new administrator's statements are evoking a ghost from …
More missions, less money, higher risk: NASA's back to the '90s playbook
Faster, better, cheaper is back and history suggests you can't get all three at the same time
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and govern…
Bun posts Rust porting guide, says rewrite is still half-baked
Zig's no-AI policy is at odds with view that most open source code will be AI-written in future
Bun posts Rust porting guide, says rewrite is still half-baked
Zig's no-AI policy is at odds with view that most open source code will be AI-written in future Bun creator Jarred Sumner has posted a Zig-to-Rust porting guide, igniting speculati…
The EOL Blind Spot in Your CVE Feed: What SCA Tools Miss
Critical vulnerabilities can exist in open source software your scanners don't check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you …
The EOL Blind Spot in Your CVE Feed: What SCA Tools Don't Check.
Critical vulnerabilities can exist in open source software your scanners don't check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you …
Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking
Cushman & Wakefield activated incident response protocols after serial extortionists issued separate threats Real estate giant Cushman & Wakefield has confirmed a data breach after…
Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking
Cushman & Wakefield activated incident response protocols after serial extortionists issued separate threats
Hacker Conversations: Joey Melo on Hacking AI
AI red team specialist details his methods for manipulating AI guardrails through jailbreaking and data poisoning, helping developers harden machine learning models. The post Hacke…