A new macOS ClickFix campaign is using Terminal commands to silently download, mount, and launch info-stealing malware from malicious disk image (DMG) files. […]

Read more →

US President Donald Trump on Monday signed a pair of executive orders aimed at accelerating the federal government’s transition to post-quantum cryptography while expanding US investment in quantum technologies, establishing what the administration describes as a coordinated strategy to prepare for the opportunities and risks posed by quantum computing. The actions include an executive order,…

Read more →

LastPass has confirmed it was affected by the Klue supply chain incident, saying an unauthorised actor used stolen…

Read more →

AI agents expose identity gaps as machine accounts outpace governance.

Read more →

It’s Amazon Prime Day, and smart home deals are everywhere. But don’t fall for just any deal: these are the ones worth your time and money.

Read more →

Claude Tag could turn your Slack channels into shared spaces where an agentic coworker reads the room, joins threads, remembers context, and moves team tasks forward. Is your workplace ready?

Read more →

The city is betting on a promising—but commercially unproven—technology.

Read more →

Provider of observability and IT management software SolarWinds is making additional enhancements to its Reseller Partner Program, including improved benefits, enablement opportunities, and a more predictable discount framework. The new enhancements provide a clearer, more consistent framework for how SolarWinds rewards investment and growth. SolarWinds targets predictability and clearer rules of engagement It provides predictable…

Read more →

We compared the price histories of the products that ZDNET experts recommend to help you find the best deals while shopping during Amazon Prime Day.

Read more →

Plus, tech job cuts, Sam Altman’s web of investments and Asia’s stock-market fever.

Read more →

Make your car feel high tech without breaking the bank. Shop our favorite Bluetooth adapters, chargers, and more.

Read more →

Read more →

Two members of the ‘Scattered Spider’ cybercrime group pleaded guilty to hacking the Transport for London (TfL) systems in 2024. […]

Read more →

I live in San Francisco, but as a founder serving large enterprises, I now travel quite a bit. When you get outside of the Bay Area, the first thing you notice is that there are no billboards screaming about AI, and no buses advertising agents for SDR, customer success, or finance. Three weeks ago, I…

Read more →

Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the firm tested it against marked it safe. The payload was harmless by design: it collected the user’s email address and…

Read more →

President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems to post-quantum cryptography. Key establishment must move by December 31, 2030; digital signatures by December 31, 2031. EO 14409 leaves national security systems on a separate track. The deadlines matter because of a threat that…

Read more →

JFrog found an npm package impersonating postcss-selector-parser to drop a multi-stage Windows RAT

Read more →

A massive credential-harvesting campaign targeting FortiGate firewalls has exposed thousands of organizations to potential network compromise, and a trove of attacker tools, scripts, and credentials left inadvertently exposed on a server has given researchers an unusually detailed look at how the operation worked. Analysts from ZenoX and CloudSEK have pieced together the full attack chain…

Read more →

An Algerian man known online as “SPOX” was extradited from Spain and charged with running a black-market cybercrime operation that prosecutors say defrauded thousands of victims and funneled roughly $900,000 through a cryptocurrency account over a three-year period. Abdellah Belmili, 26, made his initial appearance Monday in the U.S. District Court for the Western District…

Read more →

Amazon Prime Day is packed with affordable tech deals, from Bluetooth speakers and chargers to streaming devices.

Read more →

I’m a health and wearables editor, and these are some of the top smartwatch, smart ring, and wellness deals I’ve found for Prime Day.

Read more →

OpenAI expanded Daybreak with a full GPT-5.5-Cyber release to help defenders patch software flaws

Read more →

N-able has announced the availability of Shadow AI Visibility across its Unified Endpoint Management (UEM) solutions, N‑central and N‑sight, and its Security Operations platform, Adlumin. The new capability helps organizations identify, classify, and monitor AI tool usage across managed environments, providing IT and security teams with the visibility needed to address a rapidly growing operational…

Read more →

Attackers can now weaponize newly disclosed vulnerabilities far faster than most organizations can patch them. Picus Security explains how security teams can validate exploitability before a public exploit even exists. […]

Read more →

LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company’s OAuth tokens in the Klue supply chain attack earlier this month. […]

Read more →

Dragos has announced the release of EmberAI, an OT-native AI built on the Dragos Intelligence Fabric. EmberAI gives every analyst immediate access to Dragos’s OT-specific intelligence, gained from more than a decade of OT operations, activity, and expertise. Putting historical and real-time intel in the hands of every security analyst, EmberAI enables teams to gain…

Read more →

SocGholish uses traffic distribution systems (TDSs) to provide initial access into victims’ networks for cybercrime groups such as the notorious Evil Corp.

Read more →

A Reddit comment that takes only a few seconds to write can end up influencing the answers generated by AI research tools. A Cornell Tech study found that a short snippet of user-generated text, sometimes as little as 13 words, was enough to affect the output of deep-research agents, AI systems that search the web,…

Read more →

Meta has paused a controversial employee‑tracking program after an internal security review found that highly granular keystroke and screen‑capture data from staff laptops was far more widely accessible inside the company than intended. The program was part of Meta’s Model Capability Initiative (MCI), which collected mouse movements, click locations, keystrokes, and screen content from employees’…

Read more →

Healthcare leaders are overwhelmingly confident in their tech vendors’ cybersecurity, right up until those vendors get hacked and freeze their cash flow. A report released today by managed IT and security provider Omega Systems reveals a massive visibility gap in the healthcare digital supply chain.  While 70% of healthcare leaders express confidence in their vendors’…

Read more →

Cybercriminals launch fake GTA 6 pre-order sites offering early access for crypto payments

Read more →

The threat actors engineered a Golang-based sniffer to target 430,000 FortiGate firewalls and identify 110 million credentials in the ongoing global campaign.

Read more →

The RayNeo Air 4 Pro project your phone or laptop screen into a 201-inch virtual display with surprisingly vivid picture quality.

Read more →

Emergency alert systems work because people believe them. Every time one of these systems issues a false alert – whether through negligence or a deliberate attack – trust erodes. Read more in my article on the Hot for Security blog.

Read more →

What began as a routine ransomware investigation uncovered two unrelated attackers operating inside the same victim network at the same time, each obscuring the other’s activity and complicating the response. The discovery emerged during a Microsoft Detection and Response Team (DART) engagement involving Storm-2603, a threat actor associated with ransomware deployment. Investigators initially believed they…

Read more →

Microsoft researchers warn of a new dual-action cryptocurrency clipper (CryptoBandits Malware) spreading through USB devices to alter wallet addresses and steal crypto assets.

Read more →

Enterprise data teams may finally have a way to tap into vast stores of unstructured data without spending months moving files around. Komprise today announced Transparent File Tables, a new capability that exposes enterprise file data as queryable Apache Iceberg tables for AI, analytics, and business intelligence platforms, including Snowflake and Databricks. The launch addresses…

Read more →

Once you ingest major telemetry sources, how can we add value for our Threat Hunters? Check out how we brought in potentially malicious sandbox submissions to the analysts’ queue for triage.

Read more →

The cyber attacks timeline for 1-15 June 2026 is out with 80 confirmed events dominated by cyber crime, malware, and exploitation of public-facing applications. Information & Communication led the most targeted sectors, while supply chain was under fire.

Read more →

Here’s why the next social engineering wave won’t hit inboxes – it will just simply call employees on the phone.

Read more →

OpenAI has launched a program with cybersecurity firm Trail of Bits to use AI to find and fix vulnerabilities in widely used open-source software, as enterprises face growing risks from flaws buried deep in their software supply chains. The initiative, called Patch the Planet, uses AI-assisted vulnerability research alongside human review to help turn security…

Read more →

Scam websites are circulating across the internet with a pitch aimed at millions of gamers: a way to play Grand Theft Auto VI before its release. The pages promise early access for a few hundred dollars in cryptocurrency, ask buyers to enter a payment code, and claim the game will then unlock. These offers deliver…

Read more →

You can change a password and cancel a card. But replacing a passport or driver’s license number every time someone leaves yours unsecured in a vendor database isn’t so easy. More than three million Texans are facing that problem after a data breach involving a vendor used by the Texas Parks and Wildlife Department (TPWD)…

Read more →

Xsolis disclosed a breach affecting 1.4M people after a phishing attack exposed personal and health data from its hospital clients’ systems. Healthcare tech company Xsolis, Inc. has disclosed a data breach impacting nearly 1.4 million individuals. The Tennessee-based firm provides utilization management and revenue cycle solutions for healthcare providers. The company became aware of an…

Read more →

Two teenagers face sentencing after admitting to a massive Scattered Spider cyberattack that hit Transport for London (TfL) and US healthcare networks.

Read more →

Here’s how to adjust your TV colors so they look more realistic than what’s shown on the retail floor.

Read more →