Acer Confirms Patch in Progress for Wave 7 Router 0-Day Flaw
Acer has confirmed that it is actively developing a firmware patch to address critical zero-day vulnerabilities affecting its Wave 7 routers, following respo...
Amazon
20 articles
Attackers already know the secrets are on your developers’ machines. Do you?
In a recent GitGuardian analysis, an average of 150 secrets were found on a sample of developer endpoints. Private keys accounted for 38% of unique secrets, ...
Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs
Threat actors are exploiting vulnerable Kirki and Burst Statistics deployments to elevate privileges and take over websites. The post Kirki, Burst Statistics...
Gentlemen Ransomware Exploits Fortinet Flaws, AI, and Custom C2 Tools
A newly analyzed leak tied to The Gentlemen ransomware group reveals how modern ransomware operations are evolving in structure and tooling while relying on ...
HazyBeacon Campaign Abuses AWS for Stealthy C2 Communications
A newly documented cyber espionage operation known as HazyBeacon, tracked as CL-STA-1020, is leveraging Amazon Web Services (AWS) to build stealthy command-a...
Infosecurity Europe: Patch Responsibility Remains Up for Grabs as AI Unearths Decades of Flaws
The emergence of AI models capable to autonomously find and fix vulnerabilities at scale is having a significant impact on patching management, experts say
Agent Threat Rules: Open detection rule format for AI agent security threats
AI agents run inside coding assistants, MCP servers, and multi-agent frameworks, and the access that makes them useful also opens paths to prompt injection, ...
Identify unused AWS KMS keys and prevent accidental key deletions
As you scale your use of Amazon Web Services (AWS), managing KMS keys becomes increasingly important. Whether you manage a handful of keys or thousands acros...
Secure multi-tenant AI agents with Amazon Bedrock AgentCore resource-based policies
Software as a service (SaaS) providers building AI-powered applications on Amazon Bedrock AgentCore often need to serve multiple tenants with distinct securi...
The HazyBeacon Protocol – How Malware Weaponizes Amazon Web Services (AWS) Lambda Function URLs
Key Takeaways The Rise of Cloud-Native Command and Control (C2) Command and control (C2) infrastructure traditionally lived outside the victim environment. M...
Claude Code GitHub Actions Flaw Exposes Repositories to Full Compromise
A critical supply chain vulnerability in Anthropic’s Claude Code GitHub Actions workflow has been disclosed, exposing thousands of repositories to potential ...
OpenAI brings frontier AI to existing AWS environments
OpenAI frontier models and Codex are now available on AWS, giving customers access to OpenAI capabilities within AWS environments and the controls needed to ...
USPS moving forward with mail-in ballot changes as courts weigh Trump’s election order
A judge said Democrats and civil groups filed the lawsuit too early to demonstrate harm, but that could change after newly proposed postal regulations. The p...
Oracle’s first monthly patch release fixes 35 flaws, including 11 rated ‘critical’
Oracle has released the first security fixes in its new monthly Critical Security Patch Update (CSPU) cycle, designed to address urgent vulnerabilities that ...
California sues 23andMe over 2023 data breach
The lawsuit stems from a credential-stuffing attack in October 2023, where threat actors exploited weak user credentials to access accounts.
Spring 2026 SOC 1, 2, and 3 reports are now available with 188 services in scope
Amazon Web Services (AWS) is pleased to announce that the Spring 2026 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The repor...
145 AI laws passed in 2025 and privacy teams aren’t catching a break
145 AI-related laws were enacted by state legislatures in 2025, and more than 1,000 additional bills were introduced or revised, according to DataGrail’s Pri...
Zapier security flaws could have exposed millions of user accounts
The flaws, disclosed by Token Security, did not require malware or insider access, only a free Zapier account.
Federal audit reveals NIST’s NVD is plagued by poor planning and duplication
A report from the Commerce Inspector General details how mismanagement allowed a backlog of 27,000 unprocessed security flaws to grow unchecked, while the ag...
Chilling Effects
Younger Americans have soured on the second Donald Trump presidency, but they are not protesting it. Despite an unpopular Iran war and an even more unpopular...