Trump administration's voter data collection efforts face legal challenges
The Department of Justice's Office of Legal Counsel issued a memo arguing that a provision in the 1960 Civil Rights Act, requiring election officials to reta...
SC Media
20 articles
Fake job interviews used to deploy JobStealer malware
The campaign involves scammers posing as recruiters and inviting victims to online interviews via custom platforms that mimic legitimate services like Cisco ...
Alleged Dream Market administrator indicted on money laundering charges
Owe Martin Andresen, 49, faces six counts each of international concealment money laundering and concealment money laundering, potentially leading to 20 year...
Broadcom patches high-severity VMware Fusion flaw allowing local privilege escalation
The vulnerability is a time-of-check time-of-use (TOCTOU) flaw affecting operations performed by a SETUID binary.
Fleet Device Management launches autonomous endpoint management platform
Fleet's new platform aims to shorten patch cycles from an industry average of 55 to 94 days to under two weeks, and in some cases, hours.
SecurityScorecard acquires Driftnet to enhance AI-driven risk management
The acquisition of Driftnet will see its internet scanning engine integrated into SecurityScorecard's TITAN AI platform.
Two vulnerabilities found in popular WordPress plugin Avada Builder
The vulnerabilities, disclosed by Wordfence, include an arbitrary file read flaw (CVE-2026-4782) requiring subscriber-level access and a high-severity SQL in...
Critical 'NGINX Rift' vulnerability discovered, present for 18 years
The vulnerability, with a CVSS v4 score of 9.2, resides in the ngx_http_rewrite_module and affects a significant portion of internet infrastructure due to NG...
You're not going to patch your way out of this - PSW #926
Cyber Insurance Explained: What CISOs MUST Know Before a Breach - WC #1
How Agentic AI made org charts obsolete
AI has blown up role-based access – here’s how teams can change their mindset in this new era.
Microsoft details new AI system for vulnerability discovery
The MDASH system, developed by Microsoft's Autonomous Code Security team, utilizes over 100 specialized AI agents to find and validate exploitable bugs.
Critical Exim vulnerability allows remote code execution
The vulnerability, a user-after-free flaw, occurs during the TLS shutdown process when handling chunked SMTP traffic.
Critical Quest KACE SMA flaw exploited after 10 months
The critical vulnerability CVE-2025-32975 in Quest KACE Systems Management Appliance (SMA) was actively exploited by attackers who had not patched the system...
Cofense unveils AI-driven platform to combat polymorphic phishing campaigns
The company's latest offerings focus on campaign-level responses rather than individual email analysis. Vision 3.
Foxconn factories resume operations after ransomware attack
The attack impacted Foxconn's North American facilities, with the Nitrogen ransomware group claiming to have exfiltrated over 11 million documents, including...
China-linked hackers target Azerbaijani oil firm in multi-wave attack
The attackers exploited a vulnerable Microsoft Exchange Server, specifically the ProxyNotShell chain, to gain initial access.
Researcher publishes proof-of-concept exploits for unpatched Windows vulnerabilities
A cybersecurity researcher has released proof-of-concept exploits for two unpatched Microsoft Windows vulnerabilities, YellowKey and GreenPlasma, which allow...
Microsoft addresses BitLocker recovery issue in Windows 11
The issue, acknowledged on April 14, impacts Windows 10, Windows 11, and Windows Server devices configured with an "unrecommended" BitLocker Group Policy.
Tokee messaging app exposes 1.2 million users' data in MongoDB leak
Security researchers at Cybernews discovered that a MongoDB instance belonging to Deucetek, the developer of Tokee, was left unsecured and accessible.