General

[GUEST DIARY] Tearing apart website fraud to see how it works., (Wed, May 13th)

&#;x26;#;x5b;This is a Guest Diary by Joshua Nikolson, an ISC Intern and part of the SANS.edu Bachelor&#;x26;#;39;s degree in Applied Cybersecurity (BACS) pr...

SANS ISC →

NetSPI AI-powered Continuous Pentesting identifies high-impact vulnerabilities

NetSPI launched AI-powered Continuous Pentesting offerings, designed to help organizations continuously identify, validate and reduce risk across dynamic ext...

Help Net Security →

The hidden risk of non-human identities in AI adoption

An employee with persistent, unsupervised admin access across critical systems, with no audit trail, no clear owner, and no regular access reviews, would rai...

Help Net Security →

Falcon AIDR Detects Threats at the Prompt Layer in Kubernetes AI Applications

CrowdStrike Blog →

Researchers open-source a Wi-Fi cyber range for security training

Wireless security training programs lean heavily on generic network labs, with Wi-Fi appearing as a checkbox alongside Bluetooth, Zigbee, and cellular. Hands...

Help Net Security →

Android pushes new scam, theft, and AI protections in 2026 update wave

Phone scammers spoofing bank caller IDs have driven an estimated $980 million in annual losses worldwide, according to Europol. Android’s 2026 security roadm...

Help Net Security →

ISC Stormcast For Wednesday, May 13th, 2026 https://isc.sans.edu/podcastdetail/9930, (Wed, May 13th)

SANS ISC →

Proxying the Unproxyable? Sending EXE traffic to a Proxy, (Wed, May 13th)

..

SANS ISC →

[webapps] coreruleset 4.21.0 - Firewall Bypass

coreruleset 4.21.

Exploit Database →

[webapps] Flowise < 3.0.5 - Missing Authentication for Critical Function

Flowise < 3.0.

Exploit Database →

[webapps] Ninja Forms Uploads - Unauthenticated PHP File Upload

Ninja Forms Uploads - Unauthenticated PHP File Upload

Exploit Database →

[webapps] glances 4.5.2 - command injection

glances 4.5.

Exploit Database →

US govt seeks Instructure testimony on massive Canvas cyberattack

The U.S.

BleepingComputer →

Accelerating detection engineering using AI-assisted synthetic attack logs generation

What if you could generate realistic attack telemetry on demand? Explore research methods that translate attacker behaviors (TTPs) into synthetic logs that c...

Microsoft Security Blog →

Fedora Hummingbird brings the container security model to a Linux host OS

Container image security pipelines have spent the past several years pushing toward minimal footprints, hermetic builds, and continuous CVE remediation. The ...

Help Net Security →

Defense at AI speed: Microsoft’s new multi-model agentic security system finds 16 new vulnerabilities

Today Microsoft is announcing a major step forward in AI-powered cyber defense: a new multi-model agentic scanning harness (codenamed MDASH). The post Defens...

Microsoft Security Blog →

Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark

Today Microsoft is announcing a major step forward in AI-powered cyber defense: a new multi-model agentic scanning harness (codenamed MDASH). The post Defens...

Microsoft Security Blog →

Proofpoint Launches Dedicated MSP Business Unit and Introduces 365 Total Protection for North America

Proofpoint Blog →

AWS Security Agent full repository code scanning feature now available in preview

Today, we’re excited to announce the preview release of full repository code review, a new capability in AWS Security Agent that performs deep, context-aware...

AWS Security Blog →

Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended

ShinyHunters says its shinyhunte.rs domain was suspended after the Canvas LMS attacks, forcing the group to move fully to its dark web (.

HackRead →