Artificial Intelligence Offensive Security10 Min Read July 16, 2026 AI Can Find Bugs, But Human Knowledge Still Proves Them Artificial intelligence (AI) is changing offensive security, but it has not changed the standard that matters most: a finding has to be proven before it b…
4 Min Read July 16, 2026 Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide Pull the certificate off the flash of a Shark RV2320EDUS robot vacuum,… IoT Security Vulnerability
4 Min Read July 16, 2026 OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol OpenAI has disclosed details of GPT-Red, an internal automated… Red Teaming Software Security
2 Min Read July 16, 2026 Zoom Patches Critical Windows Flaw That Could Enable Account Takeover Zoom has released security updates for a critical security flaw… Enterprise Security Vulnerability
IoT Security Network Security3 Min Read July 15, 2026 TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development Cybersecurity researchers have disclosed details of a previously unreported Internet-of-Things (IoT) botnet framework dubbed TuxBot v3…
Endpoint Security Malware4 Min Read July 15, 2026 OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware…
Browser Security Vulnerability3 Min Read July 15, 2026 Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published. The…
Enterprise Security Network Security3 Min Read July 15, 2026 SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough. For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection…
Enterprise Security Vulnerability3 Min Read July 15, 2026 Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday Security researcher Chaotic Eclipse (aka Nightmare-Eclipse) has released a new proof-of-concept (PoC) exploit called LegacyHive. It has been…
Endpoint Security Vulnerability5 Min Read July 15, 2026 Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval…
Malware Software Security3 Min Read July 15, 2026 Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings…
Enterprise Security Vulnerability2 Min Read July 15, 2026 Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 series appliances, one…
Enterprise Security Vulnerability5 Min Read July 14, 2026 Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack Microsoft shipped its largest Patch Tuesday on record today, and two of the fixes close holes that attackers are already exploiting. The…
Artificial Intelligence Data Privacy4 Min Read July 14, 2026 Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read xAI's Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI,…
Cyber Espionage Network Security4 Min Read July 14, 2026 U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling…
Browser Security Malvertising6 Min Read July 14, 2026 148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet A campaign of 148 npm packages disguised as student web proxies turned visitors' browsers into a distributed denial-of-service botnet for…
Identity Security SaaS Security6 Min Read July 14, 2026 Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce…
Cybercrime Endpoint Security2 Min Read July 13, 2026 CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from…
Browser Security Web Security4 Min Read July 13, 2026 Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after…
Cybersecurity Hacking10 Min Read July 13, 2026 ⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That's supposed to be the good news. The…
AI Security Data Integrity6 Min Read July 13, 2026 New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single…
Artificial Intelligence Email Security5 Min Read July 13, 2026 Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM)…
Identity Security Threat Intelligence7 Min Read July 13, 2026 Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365 An attacker running a live Microsoft 365 phishing operation left a Python web server listening on a public port with directory listing…
Vulnerability Web Security3 Min Read July 13, 2026 iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa…
Malware Software Supply Chain4 Min Read July 11, 2026 Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published…
Cyber Espionage Threat Intelligence3 Min Read July 11, 2026 Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations…
Email Security Vulnerability2 Min Read July 11, 2026 Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in…
Enterprise Security Security Incident3 Min Read July 10, 2026 URGENT – Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The…
Malware Software Supply Chain3 Min Read July 10, 2026 Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the…
Firmware Security Vulnerability4 Min Read July 10, 2026 Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot Researchers at firmware security firm Binarly have found six new flaws in U-Boot, the small program that starts up hardware as…
Hardware Security Vulnerability5 Min Read July 10, 2026 Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched Researchers at Ledger's Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto…
AI Security Vulnerability2 Min Read July 10, 2026 Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws Details have emerged about three now-patched security flaws in the OpenClaw personal artificial intelligence (AI) assistant that, if…
Enterprise Security Malware2 Min Read July 10, 2026 New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan (RAR) called MODBEACON.…
Server Security Vulnerability3 Min Read July 10, 2026 Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers A single wrong variable on one line in XQUIC, Alibaba's QUIC and HTTP/3 library, lets any remote client crash the server with a short burst of…
Asset Management Enterprise Security4 Min Read July 10, 2026 From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management at Scale Most enterprises assume their asset inventory is close enough to accurate. The evidence suggests otherwise. According to a survey of over 600…
Cybercrime Website Security6 Min Read July 10, 2026 Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation's inner workings: the…
Mobile Security Privacy6 Min Read July 10, 2026 Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the…
Authentication Enterprise Security3 Min Read July 10, 2026 Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365…
Cryptocurrency Vulnerability4 Min Read July 10, 2026 Attackers Exploit 'Ill Bloom' Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom, and attackers are already using it. The flaw is…
Cybercrime Law Enforcement2 Min Read July 10, 2026 Ransomware Negotiator Gets 70 Months in Prison for Aiding BlackCat Attacks A 41-year-old former ransomware negotiator has been sentenced to nearly six years (i.e., 70 months) in prison in the U.S. for their role in…
Developer Security Supply Chain Security2 Min Read July 9, 2026 Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations,…
Cyber Espionage Malware4 Min Read July 9, 2026 New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware Microsoft has taken apart a destructive Windows backdoor it calls GigaWiper. What stands out is how it is built: not one tool but three older…
DevSecOps Supply Chain Security2 Min Read July 9, 2026 npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access…
Cybersecurity News Hacking News12 Min Read July 9, 2026 ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories Most security mess starts as admin work. A link gets clicked. A tool gets trusted. A bucket name gets reused. A setting stays loose because…
AI Security Zero Trust2 Min Read July 9, 2026 AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps Up AI has changed how fast attacks move. Work that once took an attacker days now takes minutes. Using models like Mythos, attackers write…
AI Security Application Security12 Min Read July 9, 2026 Summer of Clearinghouses Everyone seems to have announced a clearinghouse over the past few weeks. We did too. Ours is called Athena, and the main thing that sets it…