American citizen pleads guilty to spying for China
Thomas Weir Pauken II, 50, admitted to conspiring with multiple individuals to exfiltrate data for the Chinese government.
SC Media
20 articles
Check Point patches critical VPN flaw exploited in zero-day attacks
This vulnerability affects deployments configured to use the deprecated IKEv1 key exchange protocol.
FTC orders Illuminate Education to improve data security after student data breach
The FTC's order stems from allegations that Illuminate failed to implement reasonable security controls, contributing to a December 2021 cyberattack.
Guardz introduces agentic reporting to simplify MSP security communication
The new reporting feature introduces a conversational interface, allowing MSPs to interact directly with their security data using natural language.
Massachusetts lawmakers pass consumer data privacy bill
The Massachusetts House unanimously passed the Consumer Data Privacy Act, a bill that will give residents rights to access and delete their data held by larg...
Silverfort integrates identity controls with Microsoft Copilot Studio agents
The new integration evaluates every access request made by a Copilot agent in real time, providing a decision before the action is executed.
University of Oxford discloses data breach via third-party career platform
The breach occurred on May 28, with attackers gaining access to users' first names, last names, email addresses, and encrypted passwords for those not using ...
Ubiquiti UniFi OS server vulnerabilities allow unauthenticated remote code execution
The security flaws, tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, were addressed in May and impacted UniFi OS Server versions 5.0.
Silent Ransom Group moves to in-person method if vishing attempt fails
Mandiant warns Silent Ransom Group uses vishing and even in-person visits to steal data.
Critical Infrastructure: The Risk Hiding in Plain Sight - Jason Manar - CSP #225
How managing digital identities has become critical to agentic AI projects
Teams need identity systems that have access control, the ability to limit and revoke privileges, and auditability.
VS Code adds 2-hour delay for extension updates to combat supply chain threats
Starting with VS Code version 1.123, extensions will undergo a two-hour waiting period after publication before being automatically updated, provided automat...
Researcher finds Bright Data iOS SDK turns smart TVs into web-scraping nodes
Bright Data, formerly Luminati, operates a large residential proxy network, with a portion sourced from an SDK embedded in free applications.
AI helps uncover critical 4-year-old Zcash vulnerability
The bug, which existed from Orchard's activation in May 2022 until an emergency fix on June 1, 2026, involved a flawed validation check for transaction inputs.
AI agents discover numerous vulnerabilities in FFmpeg and Chrome
The security startup depthfirst utilized an autonomous AI agent to scan FFmpeg's extensive codebase, uncovering 21 previously unknown vulnerabilities, some o...
Guardrails for agents: How to secure AI at runtime
Here's how identity security is becoming the enforcement layer for agentic AI.
New Pink cybercrime group targets corporate data using vishing and cloud theft
Pink avoids traditional malware, instead employing voice phishing (vishing) to trick employees into visiting credential-stealing domains.
Hackers exploit critical Everest Forms Pro vulnerability for website control
The vulnerability resides within the plugin's Complex Calculation feature, which processes user input and inserts it into a PHP code string for execution via...
OpenAI rolls out lockdown mode for ChatGPT to combat prompt injection attacks
Lockdown Mode is an optional security setting designed for users handling sensitive data, including those on Free, Go, Plus, Pro, and ChatGPT Business plans.
Former IBM executive sues, alleging cover-up of foreign government hacks
The lawsuit was filed by William Barlow, IBM's former vice president of threat intelligence.