Aggregating 4544 articles from trusted cybersecurity sources
Executive summary People’s Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally, including, but not limited to, teleco...
Written by: Marco Galli Welcome to the Frontline Bulletin Series Straight from Mandiant Threat Defense, the "Frontline Bulletin" series brings you the latest...
Sometimes people think they've found HTTP request smuggling, when they're actually just observing HTTP keep-alive or pipelining.
Posted by Dave Kleidermacher, VP Engineering, Android Security & Privacy Today marks a watershed moment and new benchmark for open-source security and the fu...
Abstract Upstream HTTP/1.1 is inherently insecure and regularly exposes millions of websites to hostile takeover.
Summary The Cybersecurity and Infrastructure Security Agency (CISA) and U.S.
Written by: Stuart Carrera, Brian Meyer Executive Summary Broadcom's VMware vSphere product continues to be a top choice for private cloud virtualization, un...
Introduction In mid 2025, Google Threat Intelligence Group (GTIG) identified a sophisticated and aggressive cyber campaign targeting multiple industries, inc...
Posted by Matthew Suozzo, Google Open Source Security Team (GOSST) Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open sou...
Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ...
Written by: Josh Goddard, Zander Work, Dimiter Andonov UPDATE (Sep 16): Clarified hunting guidance specifics surrounding ld.so.
Manual testing doesn't have to be repetitive.
The notice, submitted on June 8, 2026, presents several anomalies that suggest it may not be an officially verified incident.
The compromised projects, many of which are related to Microsoft's Azure cloud service and AI development tools, allowed attackers to steal user passwords an...
The breach involves a database managed by a third-party vendor used by SoFi Securities (Hong Kong) Limited.
Maine Attorney General portal lists a Discord breach notice claiming 10 million affected, but odd filing details leave it unverified and questionable.
Apple’s next generation of Apple Intelligence, the company’s personal intelligence system, expands its capabilities and introduces new security features in P...
DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government's en...
Static analysis tools have spent years scanning legitimate software for security bugs before it goes out the door. The same scanners work on malware, and mal...
The FTC's order stems from allegations that Illuminate failed to implement reasonable security controls, contributing to a December 2021 cyberattack.
WhatsApp says it blocked Israeli firm NSO’s Pegasus spyware activity and is asking a US court to treat the targeting as an injunction breach.
The breach occurred on May 28, with attackers gaining access to users' first names, last names, email addresses, and encrypted passwords for those not using ...
SoFi Hong Kong is warning that it suffered a data breach after hackers gained access to a database at a third-party vendor containing customer information. [.
For the latest discoveries in cyber research for the week of 1st June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES DentaQuest,...