Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.
A cryptomining incident highlights how AI gateways can provide access to AI models, cloud infrastructure, and identity and access management (IAM) dat… More...
Microsoft signed a malicious kernel driver, and now it's being used to kill security software in ransomware attacks. More...
Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried? More...
An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and encrypt other systems. More...
Does life feel Orwellian sometimes? One researcher has a solution for you: graphic tees that confuse the neural networks in surveillance cameras. More...
Threat actors can easily steal one-time passwords sent by text when they conduct a SIM swap attack. This can lead to account takeovers, so users must … More...
A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem. More...
In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques designed to evade detection. More...
The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their o… More...
“Ghost-Sender" is the result of a widespread misconfiguration, according to researchers, and evidence indicates it's being actively abused in the wild… More...
AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strike within a year, researchers s… More...
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender. More...
Attackers are using AI to dramatically reduce the time they need to develop a working exploit for a CVE, according to new research. More...
High-autonomy agents with broad permissions and unfettered access are a recipe for disaster, and enterprises need to act now before they become the ne… More...
AI agents aren't black boxes — they're models interacting with software tools. The risk lies in their overlap. More...
SharePoint access often means access to the keys of the kingdom, something attackers and defenders understand all too well. More...
A security researcher discovered the API keys can still be used for up to 23 minutes after deletion, even though the cloud provider claims deletion is… More...
GitHub confirmed a data breach this week involving the theft of thousands of developer code repositories. One threat actor — TeamPCP — took credit. More...
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation … More...
A Nitrogen ransomware attack on Foxconn's North American facilities is one of 600 hits on manufacturers this year, as gangs increasingly target the se… More...
Malicious repositories can trigger code execution in Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI with minimal or no user interaction, thanks … More...