The US Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability (CVE-2026-12569) in Windchill and FlexPLM, two product lifecycle management software platforms developed by PTC, to its Known Exploited Vulnerabilities (KEV) catalog. Entries in the KEV catalog don’t contain links to reports of exploitation, but PTC’s advisory keeps getting updated with indicators of compromise and…
A recent ISACA poll reveals that while 90% of organizations believe employees are using AI, only 22% have seen returns meet or exceed expectations.
The attack, which occurred on September 11, 2021, targeted the Texas Republican Party’s website, hosted by Epik.
WhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform. The optional feature is designed to help users connect with someone on the service through usernames, as opposed to directly sharing their phone numbers. Username reservations…
The breach occurred when threat actors exploited a vulnerability in third-party software used by KDDI.
Attackers are employing sophisticated tactics, hiding malicious code behind convincing government branding and legal references to trick victims into downloading a ZIP archive, according to CYFIRMA.
A Department of Homeland Security inspector general report revealed that Secret Service agents routinely used personal cell phones for mission-critical communications, both domestically and internationally, often because government-issued devices were inadequate.
Apple’s ongoing problems with RAM shortages and higher prices won’t be solved anytime soon, because rapidly accelerating demand for high-end AI memory is devouring the consumer electronics industry. GoPro has already warned it might go out of business — and the scale of the crunch has prompted analysts to call it an “absolute existential crisis” for smaller tech…
The New South Wales Shark Management Program in Australia is the largest shark surveillance drone project in the world. Conducted by Surf Life Saving NSW, the program boasts up…
Founded in 2023, Nebulock’s AI-driven platform performs autonomous, vendor-agnostic threat hunts across endpoint, identity, cloud, network, and SaaS telemetry.
See whether an Amazon Kindle is worth buying, how it compares with other e-readers, and practical ways to read more books without overspending each month today.
The campaign, dubbed “Poisoned Tenant” and discovered by Push Security, involves attackers creating fake OpenAI organizations using Gmail addresses but sending invitations from OpenAI’s legitimate notification system.
The campaign, which Microsoft has not attributed to a known threat actor, uses lures referencing common hotel operational issues like guest complaints, bedbug infestations, and health inspections.
Two hikers lost in Kosciuszko National Park have been found within hours after Fire and Rescue NSW deployed a drone equipped with AI detection software and thermal imaging.
The U.S. Department of State is offering up to $10 million for information that helps identify or locate members of the UNC5792 and UNC4221 hacker groups, which are linked to Russia’s intelligence and military services. […]
The China-aligned espionage group Mustang Panda is running two campaigns against the Indian government and hydropower targets, deploying new malware and turning a legitimate cloud service into its command channel. Acronis Threat Research Unit found active compromises inside Indian government networks, including machines used by senior administrative staff, and worked with
OpenAI is previewing its GPT-5.6 Sol model to a vetted few at the US government’s request
Looking to use AI while you browse the web? Here’s how the AI tools in Chrome, Edge, and Firefox compare.
Brick is one of the few new devices that positively changed my daily content consumption. You can finally buy it on Amazon.
The StrikeShark campaign exhibits a broad geographic reach, targeting a diplomatic organization in Indonesia, government entities in Taiwan, software development companies globally, and other sectors in Hong Kong, Lebanon, Syria, Colombia, North Macedonia, Nepal, and Serbia.
This week on the Lock and Code podcast… Pay is personal for plenty of Americans, but a new distribution model that consumes vast quantities of worker data is turning pay into something else: personalized. For an increasing number of workers in America, the money they can expect to be paid on any given day, week,…
Microsoft has removed 119 extensions from the Edge add-on store which were all tied to one adware campaign. In a paper titled “Inside StegoAd: How We Disrupted a Massive Malicious Extension Campaign,” Microsoft researchers detail how they uncovered and dismantled a sophisticated malware campaign that abused browser extensions to infect users. According to Microsoft, the…
This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open. The noise is not all noise, either. Forums are talking, researchers are finding easy cracks, and defenders have more cleanup waiting. Here’s the full Monday recap.…
The partnership focuses on strengthening the security of open-source components used in enterprise software.
The Athena coalition, led by Chainguard, will leverage artificial intelligence to proactively address vulnerabilities in open source code.
Telstra says its ageing CAN Radio system has reached end-of-life and will be retired by 16 November 2027, but remote residents fear the replacement technology could leave them…
Group-IB says Millenium RAT, now rewritten in C++, has hit 62,289 devices in 160+ countries
Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for payment security industry stakeholders to exchange information about how they are adopting and implementing artificial intelligence (AI) into their organizations.
For the latest discoveries in cyber research for the week of 29th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Polymarket, a large cryptocurrency-based prediction market, has confirmed a supply chain attack after a third-party frontend vendor breach led to malicious JavaScript being injected into its website. Attackers tricked users into approving fraudulent…
AI agents can access data, trigger workflows, and take action across enterprise systems. Token Security explains why governing these privileged identities is becoming essential for enterprise security. […]
Hackers are exploiting a recently disclosed critical vulnerability (CVE-2026-48558) in SimpleHelp to deploy Djinn Stealer, a previously undocumented cross-platform information stealer targeting Windows, macOS, and Linux. […]
Attackers have begun exploiting a critical vulnerability (CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intelligence company Defused. […]
Scality, a provider of data infrastructure software for AI-era storage at scale, is reimagining its partner program to extract greater value, build stronger economics, and provide a clear growth path for resellers and distributors. Scality adapts to new model as partners target cyber resilience and AI demands The Scality Partner Program’s update is a change…
Cyberbit is closing its Israeli operations and laying off local staff as the former Elbit Systems spin-off grows mainly in the US after buying RangeForce.
PrivacyHawk has announced the general availability of PrivacyHawk Enterprise, a solution that identifies and eliminates the shadow IT accounts, abandoned SaaS subscriptions, and forgotten third-party services quietly exposing organizations to breach risk. Every organization has an invisible attack surface. Shadow AI tools. Free trials nobody cancelled. Third-party services still holding employee data from years ago.…
Sony’s Bravia 8 II might be a generation behind, but it still offers plenty of reasons to buy – especially with this discount.
The U.S. Department of Justice (DOJ) has seized nearly 400 internet domains that were illegally streaming FIFA World Cup 2026 matches. The operation, known as Operation Offsides, targeted websites distributing unauthorized live broadcasts while also highlighting the cybersecurity risks often associated with illegal streaming platforms. According to the DOJ, the seized websites provided unauthorized real-time…
AI is reshaping tech hiring, and smaller companies may offer some of the best opportunities today.
Italy’s competition watchdog has opened an investigation into Microsoft over concerns it may not have clearly informed consumers about the integration of Copilot and Designer into Microsoft 365 subscriptions, associated price increases, and automatic upgrades to higher-cost plans. The Italian Competition Authority (AGCM), in a statement to the press, said it had opened an investigation…
Business email compromise attacks increasingly rely on convincing impersonation rather than malware, making them harder for employees and traditional email defenses to detect. This webinar explores how behavioral AI can help identify sophisticated email threats and automate response workflows. […]
I’m in the throes of target host recon for another pentest, and thought I’d share some workflow / automation stuff. In the past, I’ve discussed using historic DNS “mining” to collect target hosts in the domain. I thought I’d share some work on using the favicon.ico methods to expand on that. Jan has an excellent…
New findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cross-platform application development framework called DCloud Uni-App. The templates power bogus cryptocurrency exchanges, multi-language pig-butchering operations, WhatsApp phishing networks, fake gambling platforms, brand-impersonation
The deal would give Rocket Lab control over a satellite fleet and access to wireless resources it could use to compete with SpaceX.
Today’s encrypted data, such as credentials, may no longer remain confidential in the future because the public-key cryptography protecting it will soon be broken by quantum computers. Although no machine today can break elliptic curve cryptography or RSA, quantum hardware is advancing rapidly and will inevitably change how organizations protect their data. Ciphertext and credentials…
A Russian advanced persistent threat (APT) group has continued to evolve and expand its malware arsenal as part of its ongoing cyber onslaught against Ukraine throughout 2025. Slovakian cybersecurity company ESET said it observed 35 distinct spear-phishing campaigns mounted by Gamaredon against new targets, with most of them taking place in the second half of…
Microsoft shut down the StegoAd campaign, which used 119 malicious Edge extensions, hit 2.6M installs, and ran undetected for two years. Microsoft just shut down one of the more technically clever malicious extension campaigns it’s ever documented. The operation, named StegoAd, ran 119 extensions on the Edge Add-ons store, racked up roughly 2.6 million installs,…
Reading about the “revolutionary” nature of generative AI technology these days, it’s hard not to feel a little left out. Sure, services like Google’s Gemini and its contemporaries can be useful in certain limited, specific areas for productivity purposes. But working with them can also be pretty disheartening and overwhelming — from prompt fatigue and…
The U.S. Justice Department’s Criminal Division has seized nearly 400 web domains used for illegally streaming matches at the FIFA World Cup. […]
A malicious GitHub repository can silently compromise a developer’s machine without containing a single line of malicious code, security researchers at Mozilla’s Zero Day Investigative Network (0DIN) warned. The attack The proof-of-concept attack targets AI-powered coding agents such as Claude Code, and uses indirect prompt injection to manipulate an AI agent into taking harmful actions…
An attacker has exploited a zero day in Oracle Peoplesoft to gain access to the IT systems of the NAIC, the standard-setting association for the US federal insurance system
A new phishing-as-a-service (PHaaS) platform called Bluekit is letting cybercriminals steal user accounts using a tricky method. While…
Collage: The Intercept/Photo: Peter Thiel by Gage Skidmore, licensed under CC BY-SA 3.0 Aron D’Souza, the brainchild behind the lawsuit to kill Gawker Media, says he wants to fix journalism. To that end, in the spring he launched a platform that he described as a “private AI tribunal” to adjudicate the veracity of media claims.…
As forensic testing of the purported will begins, the fight for the future of the tech executive’s legacy harks back to a contested will for billionaire Howard Hughes.
The world’s two largest memory-chip makers said their existing investments wouldn’t be enough to meet demand, amid a worldwide shortage.
Experts warn the Jaguar Land Rover breach bears hallmarks of Kremlin-backed hackers, citing novel ransomware, strategic timing and efforts to obscure attribution
OpenAI has started rolling out the GPT-5.6 series models in limited preview to a small group of trusted partners through the API and Codex. The series includes Sol as the flagship model, Terra as a balanced option, and Luna as the fastest and most cost-efficient model. The rollout is being coordinated with the U.S. government…
Looking to migrate to Linux but fond of the Mac UI? Zorin OS can help make your new distro look very much like the one you just left. Here’s how to achieve that for free.
Post-quantum cryptography didn’t sneak up on the industry. For years, security teams, standards bodies, hyperscalers, and governments have been pointing at the same horizon: a cryptographically relevant quantum computer will, eventually, dismantle the public-key algorithms underpinning today’s enterprise security. The latest executive order doesn’t introduce a new threat. It codifies what the field has long…
Ukraine’s SSU and the FBI Just Confirmed Russian Intelligence Has Been Systematically Hacking Messenger Accounts for Years. The Security Service of Ukraine (SSU), working jointly with the FBI, has formally exposed a sustained Russian intelligence campaign targeting the messaging accounts of government officials, military personnel, politicians, and activists across Ukraine, Europe, and the United States.…
Microsoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font files, then woke up days after install to steal credentials and run ad fraud. The company calls it StegoAd, a mash-up of steganography and adware, and ties 119 extensions to a single threat…
Summit Holdings’ MSP-as-a-Service model is expanding its reach through a go-to-market partnership with Pax8, bringing white-labeled service desk, NOC, SOC, and technical operations support to Pax8 partners seeking more scalable delivery models. For Pax8 partners, the model adds access to NOCDOC’s 24/7 operational backbone while allowing MSPs to retain ownership of the customer relationship. According…
A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and including 1.11.1 and carries a CVSS 4.0 score of 9.2.…
During Everpure’s Pure Accelerate 2026 conference, media and analysts sat down with Charles Giancarlo, Everpure’s CEO, for a candid discussion on channel partners, the organization’s data management strategy, and its new products. Below are Giancarlo’s responses to key queries asked by a variety of talented tech journalists and analysts from a number of different IT…
Last week on Malwarebytes Labs: Malware steals Chrome session cookies to take over your accounts Beware of “Parcel Expert” job offers: They’re parcel mule scams Update Chrome to patch critical browser security flaws Fake domain renewal emails trick website owners into paying scammers Elite network says it was hacked after members’ personal data was left…
AI is at the top of every CIO’s agenda, yet most organisations still struggle to turn pilots into profit.
Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. “This attack avoids the most common npm execution paths through lifecycle scripts, perhaps in an attempt to remain ‘compatible’ with npm v12’s security hardenings,” JFrog…
Penetration testing has long run on expert time, with specialists spending days probing a network or web application by hand. Manual engagements stretch across weeks, expert consultants run into thousands of dollars a day, and results vary with the tester. Automation promises to narrow those gaps. A growing set of projects now hands the work…
People use AI chatbots for company, advice, and emotional support, and these systems answer in ways meant to hold their attention. Researchers describe the resulting risks as affective safety, a class of harm that exists because humans are emotional beings and because the systems engage directly with that emotional life. The damage happens during ordinary…
Companies keep bolting AI and LLM features onto their products, and the security results are starting to show a pattern. The vulnerabilities those features create get rated high risk far more often than anything else, and they get fixed slower than anything else. The figures come from Cobalt’s AI and Pentesting Pulse Report 2026, built…
Database professionals are using AI for everyday work like writing queries, building schemas, and reviewing code, and a growing share rely on autonomous tools that act on the database itself. The use of AI in database management has almost tripled in a year, climbing from 15% to 44% of organizations, according to Redgate’s 2026 State…
Can the world’s oldest and most influential trading card game absorb the vast cast of Marvel heroes and villains in a way that feels natural, and respects players from both…
Amazon Prime Day is over, but some of my favorite offers are still available, including deals on the Ninja Slushi, Garmin Fenix 8 Pro, Walmart Plus, and more.
Brisbane is about to become one giant Poké-playground. Pokémon GO will turn Queensland’s capital into a citywide game board on Saturday 26 and Sunday 27 September 2026, and…
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
New integration embeds Cloudflare’s AI Crawl Control technology into beehiiv, allowing newsletter operators to seamlessly manage bot traffic, optimise for AI search discovery…
Australia’s most senior intelligence official has warned that foreign adversaries are actively positioning themselves inside the nation’s critical infrastructure networks in…
Launch partners The Atlantic, Box, Dataiku, Docusign, Marketbridge, and Telus Digital are using Palmata to turn AI discovery risk into a credible plan for growth
Strategic partnership with MatSing delivers scalable stadium connectivity that increases capacity, simplifies operations, and reduces infrastructure requirements for Extreme…
Modern systems generate more telemetry and data than ever, but more telemetry and data hasn’t made teams faster or more productive. In fact, it’s doing the opposite. Fragmented…
Compare 15 cyber range platforms across live-fire exercises, AI testing, SOC training, OT realism, deployment options, pricing models, and data residency needs.
KDDI Corporation disclosed a breach affecting up to 14.2 million email accounts after attackers exploited a vulnerability in third-party software. KDDI Corporation disclosed a data breach that exposed up to 14.2 million email accounts across six Japanese internet service providers. KDDI Corporation is one of Japan’s largest telecommunications companies. It employs more than 60,000 people…
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter More Than 4,000 Legacy Routers Compromised by AryStinger, Turned into Global Attack Proxies for Hackers A VBScript campaign distributed through WhatsApp deploying RMM software Lost in relocation: analysis of a new loader distributing CASTLESTEALER …
In this post, I will talk about the best managed DDoS testing services to stress-test without risking an outage. Last year, a single botnet hurled 31.4 Tbps of junk traffic at one target—shattering every distributed-denial-of-service (DDoS) record on the books. Regulators moved fast: under Europe’s NIS2 directive and the new U.S. four-day disclosure rule, boards…
Canadian hacktivist Aubrey Cottle, known as Kirtaner and once linked to Anonymous, gets 18 months for a 2021 Texas GOP website cyberattack.
Plus, another primary win for Trump-backed candidates, and the World Cup reignites a long-running debate: Who lives better, Americans or Europeans?
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. New FBI Alert: Russian Intelligence Uses Signal Recovery Keys to Access Messages Hospitality Sector Hit by…
Taser and body-cam king Rick Smith is betting Axon’s dominance—and his own pay package—on his tech-driven vision.
Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other internet service providers (ISPs) in the country. […]
Plus, how chatbots can amplify delusional thinking, inside Sam Altman’s personal investments and inflationary risk from data centers.
Premium accounts for ChatGPT and Claude can get pricey, but you should think twice before pooling your logins.
Thermal cameras have saved me thousands over the years. Just the other day, one simple check saved me $1,000.
Ryan Raynor deals with contact centres at organisations of all sizes – and he’s been doing it for a very long time. He has some important advice…
We learn how the solutions and services provider maps out what the customer needs while ensuring it’s kept efficient and secure
No, there’s no cheap dongle that you can plug into your car to save you money. Here’s the truth.
Surfshark’s HeyPolo is taking on the popular Life360. Here’s how this latest contender in the location-sharing space competes.
MSI’s Claw 8 EX AI+ is a worthy sequel, with stronger performance, better ergonomics, and highly effective cooling.
