Aggregating 4933 articles from trusted cybersecurity sources
When Open Source is a bit too Open Several fun modules landed this week, including an Apache RCE, Windows Kernel pointer collection, and Gogs RCE via naming....
Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific condi...
CVE Lite CLI is a free, open-source command line tool that scans your projects in seconds and tells you exactly which included packages contain a vulnerabili...
The sophisticated attack utilizes Google Tag Manager (GTM) and Stripe domains, which are implicitly trusted by e-commerce sites, allowing the malicious code ...
There’s just more code than ever and developers can’t verify everything – we need to make all that code understandable.
Frontier AI models, while powerful for identifying vulnerabilities, also present new risks from bad actors, accelerating exploitation timelines to mere minutes.
Cybersecurity researchers at Sophos and other companies discovered an undeclared executable, identified as a Monero cryptocurrency miner, being installed wit...
Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity compan...
Over 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure ...
When a researcher went public with Microsoft vulnerabilities, it laid bare a conflict that has never really been solved. The post Nightmare Eclipse incident ...
We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257. The post Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 ...
Pro-Iran group Handala breached Cal Water via an exposed GPS tool, reaching billing data for 2M customers. 5GB leaked.
Attackers gained access to Novo Nordisk's internal IT systems, copying non-public data without authorization.
Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state's website, prompting a review...
Argentina's World Cup squad had their passport numbers leaked before a ball was kicked - not by hackers, but by someone who failed to redact a document prope...
About 7 million customers of the genetics testing company had their data stolen by hackers starting in April 2023, and many had their information posted on t...
The penalty is the largest ever issued by the commission for a personal data breach, surpassing the record 134.8 billion won ($88.
Security debt sounds like a tidy metaphor until the first breach turns it into a billing department with teeth. Technical debt behaves like clutter.
On April 27, Kyushu Electric Power Co. utilized an external storage device for data backups due to capacity constraints.
GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose earl...
ShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant an...
Danish pharmaceutical giant Novo Nordisk, the world's largest producer of insulin, disclosed a data breach affecting patient information from some clinical t...
The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French pub...