Information security

[ follow ]
#russian-hackers #power-grid #power-grid-attack #input-validation #cve-2022-2856 #phishing
#ai-security
Information security
fromComputerworld
1 hour ago

Microsoft's new AI system finds 16 Windows flaws, including four critical RCEs

MDASH will enter enterprise private preview in June, using AI agents to discover and help remediate Windows vulnerabilities, including critical remote code execution flaws.
fromtheregister
1 day ago
Information security

Anthropic's bug-hunting Mythos was greatest marketing stunt ever, says cURL creator

Information security
fromComputerworld
1 hour ago

Microsoft's new AI system finds 16 Windows flaws, including four critical RCEs

MDASH will enter enterprise private preview in June, using AI agents to discover and help remediate Windows vulnerabilities, including critical remote code execution flaws.
Information security
fromThe Hacker News
6 minutes ago

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

MDASH is a model-agnostic, multi-agent AI pipeline that discovers, validates, and proves exploitable vulnerabilities at scale in complex codebases.
Information security
fromSecurityWeek
22 hours ago

White Circle Raises $11 Million for AI Control Platform

White Circle raised $11M seed funding to build an AI control layer that monitors inputs/outputs, detects risks, enforces policies, and improves model accuracy over time.
Information security
fromtheregister
1 day ago

Anthropic's bug-hunting Mythos was greatest marketing stunt ever, says cURL creator

A scan using Anthropic’s Mythos found only one confirmed cURL vulnerability, with other findings largely false positives or minor bugs.
more#ai-security
#microsoft-security-updates
fromThe Hacker News
1 hour ago
Information security

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

Microsoft released patches for 138 vulnerabilities across its products, including critical Windows DNS and Azure flaws, with no publicly known active attacks reported.
Information security
fromZero Day Initiative
19 hours ago

Zero Day Initiative - The May 2026 Security Update Review

Most Microsoft fixes address elevation of privilege, with several code execution paths requiring varying attacker access levels and one kernel issue enabling code execution via crafted NVMe-oF handshake messages.
Information security
fromThe Hacker News
1 hour ago

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

Microsoft released patches for 138 vulnerabilities across its products, including critical Windows DNS and Azure flaws, with no publicly known active attacks reported.
Information security
fromZero Day Initiative
19 hours ago

Zero Day Initiative - The May 2026 Security Update Review

Most Microsoft fixes address elevation of privilege, with several code execution paths requiring varying attacker access levels and one kernel issue enabling code execution via crafted NVMe-oF handshake messages.
more#microsoft-security-updates
#cybersecurity
Information security
fromTechzine Global
1 day ago

Google: AI likely aided attackers to develop a zero-day

Generative AI is increasingly used to develop exploits, enabling attackers to bypass two-factor authentication and automate offensive workflows.
Information security
fromwww.bbc.com
1 day ago

Canvas hack: company pays criminals to delete students' stolen data

Instructure paid hackers to prevent publication of stolen Canvas data, returning it with digital confirmation of destruction and preventing extortion of affected customers.
Information security
fromSecuritymagazine
14 hours ago

Cybersecurity Is No Longer a Gatekeeper, But the Engine of Delivery Across Digital Economy

Cybersecurity is a top fast-growing skill and must be integrated into product delivery, since both protection gaps and misconfigured controls can cause outages, breaches, and lost trust.
Information security
fromSecurityWeek
1 hour ago

Government to Scrutinize Instructure Over Canvas Disruption, Data Breach

Instructure faced repeated Canvas intrusions, exploited Free-For-Teacher issues, and is temporarily shutting accounts while the House Homeland Security Committee demands incident details.
Information security
fromBusiness Matters
1 day ago

Stryker hack shows cyber intelligence is more important than ever

A major medical device company’s devices were wiped after an Iran-linked ransomware attack, showing cyber threats can strike anytime and require urgent security priorities.
Information security
fromTechzine Global
1 day ago

Google: AI likely aided attackers to develop a zero-day

Generative AI is increasingly used to develop exploits, enabling attackers to bypass two-factor authentication and automate offensive workflows.
Information security
fromwww.bbc.com
1 day ago

Canvas hack: company pays criminals to delete students' stolen data

Instructure paid hackers to prevent publication of stolen Canvas data, returning it with digital confirmation of destruction and preventing extortion of affected customers.
Information security
fromThe Hacker News
1 day ago

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

Daybreak combines OpenAI frontier AI with Codex Security to help organizations find and patch vulnerabilities before attackers exploit them.
more#cybersecurity
fromThe Hacker News
6 minutes ago

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting.
Information security
#microsoft-patch-tuesday
Information security
fromtheregister
14 hours ago

Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs

Microsoft released fixes for 137 CVEs, including 30 critical flaws, with AI-driven bug hunting (MDASH) identifying 16 vulnerabilities.
Information security
fromtheregister
14 hours ago

Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs

Microsoft released fixes for 137 CVEs, including 30 critical flaws, with AI-driven bug hunting (MDASH) identifying 16 vulnerabilities.
Information security
fromSecurityWeek
3 hours ago

Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises

CVE-2026-40361 is a zero-click Outlook remote code execution flaw requiring patching to protect enterprise inboxes.
Information security
fromTechzine Global
6 hours ago

Microsoft patches 137 vulnerabilities and deploys AI scanner

Microsoft’s May Patch Tuesday fixes 137 vulnerabilities, including 30 critical, with AI-driven detection and an internal MDASH scanning environment accelerating discovery and patching.
Information security
fromComputerWeekly.com
15 hours ago

Microsoft releases rare zero-day free Patch Tuesday update | Computer Weekly

May 2026 Patch Tuesday fixes about 140 CVEs with no zero-days, but nearly 20 critical flaws require rapid patching and Secure Boot certificate rotation by 26 June.
more#microsoft-patch-tuesday
Information security
fromwww.bbc.com
7 hours ago

More than 70 million warnings sent to people seeking child abuse material

Over two years, 70 million CSAM warning messages were sent, with 700,000 accessing support resources, and most who seek help continued engaging.
Information security
fromSecurityWeek
4 hours ago

Fortinet, Ivanti Patch Critical Vulnerabilities

Fortinet and Ivanti released patches for 18 vulnerabilities, including three critical flaws enabling remote, unauthenticated code execution or file manipulation.
Information security
fromSecurityWeek
5 hours ago

Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities

Intel and AMD released May 2026 Patch Tuesday advisories covering 70 vulnerabilities, including critical flaws enabling privilege escalation and potential code execution.
#ransomware
Information security
fromTechzine Global
4 hours ago

Foxconn attackers allegedly obtained Apple and Nvidia data

Foxconn confirmed a North American ransomware attack, with Nitrogen claiming theft of confidential data and Foxconn restarting affected factories.
Information security
fromTechzine Global
1 day ago

On Anti-Ransomware Day, some good news arrives for cyber defenders

Ransomware victim rates are falling, while attackers shift to sophisticated intrusions, access sales, and fragmented operations.
Information security
fromWIRED
16 hours ago

Foxconn Ransomware Attack Shows Nothing Is Safe Forever

Nitrogen claims it stole 8 TB of Foxconn data and extorts the electronics manufacturer, which reported cyberattacks and resuming production at affected North American factories.
Information security
fromtheregister
16 hours ago

Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files

A ransomware attack hit Foxconn’s North American operations, disrupting some factories but enabling resumption of normal production after response measures.
Information security
fromTechzine Global
4 hours ago

Foxconn attackers allegedly obtained Apple and Nvidia data

Foxconn confirmed a North American ransomware attack, with Nitrogen claiming theft of confidential data and Foxconn restarting affected factories.
Information security
fromTechzine Global
1 day ago

On Anti-Ransomware Day, some good news arrives for cyber defenders

Ransomware victim rates are falling, while attackers shift to sophisticated intrusions, access sales, and fragmented operations.
Information security
fromWIRED
16 hours ago

Foxconn Ransomware Attack Shows Nothing Is Safe Forever

Nitrogen claims it stole 8 TB of Foxconn data and extorts the electronics manufacturer, which reported cyberattacks and resuming production at affected North American factories.
Information security
fromtheregister
16 hours ago

Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files

A ransomware attack hit Foxconn’s North American operations, disrupting some factories but enabling resumption of normal production after response measures.
more#ransomware
Information security
fromSecurityWeek
7 hours ago

ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA

Multiple vendors released May 2026 ICS security advisories addressing critical and high-severity vulnerabilities, including remote code execution, takeover, XSS, and session hijacking.
#malware
Information security
fromSecurityWeek
1 day ago

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware

CRPx0 uses a free OnlyFans lure to deliver stealthy malware that steals cryptocurrency, exfiltrates data, and deploys ransomware via persistence and C2 control.
Information security
fromSecurityWeek
1 day ago

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware

CRPx0 uses a free OnlyFans lure to deliver stealthy malware that steals cryptocurrency, exfiltrates data, and deploys ransomware via persistence and C2 control.
more#malware
Information security
fromThe Hacker News
4 hours ago

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data

GemStuffer abuses RubyGems to exfiltrate scraped UK council portal content by publishing data-bearing gems using hardcoded API keys.
Information security
fromIndependent
8 hours ago

More than 200 fake websites targeted Irish residents with scams last year

Financial scams targeting Irish residents increased 52% in one year, often impersonating Revenue, An Post, and Irish banks to steal money.
fromIndependent
8 hours ago

More than 200 fake websites targeted Irish residents with scams last year

More than 200 websites were found to be targeting Irish residents with scams last year, including fake online shops and fraudulent loan websites claiming to be regulated by the Central Bank of Ireland.
Information security
Information security
fromInfoQ
1 day ago

GitHub Expands Secret Scanning with General Availability of MCP Server Integration

GitHub added general availability of secret scanning via its MCP Server to let AI agents and automation detect and remediate exposed credentials in structured workflows.
Information security
fromSearch Storage
1 day ago

Attackers targeting storage infrastructure for remote work | TechTarget

Threat actors increasingly target storage infrastructure to access valuable data, disable backups, steal credentials, and spread ransomware impact efficiently.
#supply-chain-attacks
Information security
fromThe Hacker News
1 day ago

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP modified npm and PyPI packages to run obfuscated environment profiling and credential stealing, exfiltrating data via external domains and GitHub token abuse.
Information security
fromThe Hacker News
1 day ago

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP modified npm and PyPI packages to run obfuscated environment profiling and credential stealing, exfiltrating data via external domains and GitHub token abuse.
Information security
fromInfoWorld
20 hours ago

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

Automated Mini Shai-Hulud worm attacks rapidly spread through package ecosystems on May 11 by hijacking release pipelines via pull_request_target and maintainer misconfigurations.
Information security
fromtheregister
2 days ago

Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged

A modified Checkmarx Jenkins AST plugin was published on the Jenkins Marketplace, and untrusted versions must be replaced with the verified release.
more#supply-chain-attacks
Information security
fromMedium
20 hours ago

AI's Double-Edged Sword: Innovation, Risk, and the Expanding Attack Surface

AI capability is expanding cybersecurity risks by turning intelligence and autonomy into attack vectors for fraud, misinformation, and physical threats.
#agentic-ai
Information security
fromSecurityWeek
20 hours ago

Exaforce Raises $125 Million for Agentic SOC Platform

Exaforce raised $125M Series B to expand its agentic SOC platform using Exabots for autonomous detection, triage, investigation, and response across cloud and SaaS.
Information security
fromSecurityWeek
20 hours ago

Exaforce Raises $125 Million for Agentic SOC Platform

Exaforce raised $125M Series B to expand its agentic SOC platform using Exabots for autonomous detection, triage, investigation, and response across cloud and SaaS.
more#agentic-ai
#soc-operations
Information security
fromSecurityWeek
1 day ago

Is The SOC Obsolete, And We Just Haven't Admitted It Yet?

SOC operations are increasingly mismatched to machine-speed threats, and current AI SOC promises rarely replace human investigation and contextual decision-making.
Information security
fromThe Hacker News
1 day ago

Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help

High-risk SOC alerts go unanswered due to structural coverage ceilings, lack of specialized expertise, and automation limits that deprioritize unfamiliar or novel alert categories.
Information security
fromSecurityWeek
1 day ago

Is The SOC Obsolete, And We Just Haven't Admitted It Yet?

SOC operations are increasingly mismatched to machine-speed threats, and current AI SOC promises rarely replace human investigation and contextual decision-making.
Information security
fromThe Hacker News
1 day ago

Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help

High-risk SOC alerts go unanswered due to structural coverage ceilings, lack of specialized expertise, and automation limits that deprioritize unfamiliar or novel alert categories.
more#soc-operations
Information security
fromDevOps.com
19 hours ago

OpenAI's Daybreak Challenges Anthropic in AI Cybersecurity Race

Daybreak embeds AI-driven vulnerability identification, fix validation, and faster patching into enterprise software development workflows using Codex Security and vendor integrations.
Information security
fromTechRepublic
1 day ago

Google Says Hackers Used AI to Build Zero-Day Exploit

A zero-day exploit with AI assistance targeted 2FA in an open-source web administration tool, but was disrupted before large-scale use.
Information security
fromtheregister
1 day ago

Cache-poisoning caper turns TanStack npm packages toxic

Eighty-four malicious TanStack npm package versions stole credentials, self-propagated, and wiped disks after poisoning GitHub Actions caches and extracting npm OIDC tokens.
Information security
fromSecurityWeek
1 day ago

Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means

Claude Mythos testing of curl found only one low-severity vulnerability, challenging claims of thousands of zero-days and suggesting curl’s security may be strong.
Information security
fromTNW | Data-Security
19 hours ago

Google identifies first AI-developed zero-day exploit and thwarts planned mass exploitation event

Google identified an AI-assisted zero-day exploit, disrupted a planned mass exploitation event, and documented state-sponsored AI use in vulnerability research and malware development.
#ai-cybersecurity
Information security
fromTNW | Openai
21 hours ago

OpenAI launches Daybreak to take on Anthropic's Mythos in cyber defence

Daybreak pairs GPT-5.5 variants with security partners to model threats, find vulnerabilities, generate patches, and validate fixes in enterprise codebases under controlled access.
Information security
fromTechCrunch
22 hours ago

Exaforce raises $125M Series B to build AI for catching and stopping cyberattacks as they happen | TechCrunch

AI-enabled security operations can detect and stop threats in real time while reducing analyst workload by automating investigation and filtering false positives.
Information security
fromComputerWeekly.com
2 days ago

AI cyber attack threatens global financial crisis, warns International Monetary Fund | Computer Weekly

AI-powered cyber attacks could destabilize the financial system by disrupting payments, solvency, and liquidity, especially through shared cloud vulnerabilities.
Information security
fromFortune
1 day ago

'It's here': Google issues dire warning after catching hackers using AI to break into computers | Fortune

AI is already being used by criminal groups to exploit previously unknown digital vulnerabilities, increasing cybersecurity risks for governments and companies.
Information security
fromEngadget
1 day ago

Google announces its first-ever discovery of a zero-day exploit made with AI - Engadget

A threat actor used an AI-developed zero-day exploit, prompting patches and showing both offensive and defensive AI capabilities in cybersecurity.
Information security
fromTNW | Openai
21 hours ago

OpenAI launches Daybreak to take on Anthropic's Mythos in cyber defence

Daybreak pairs GPT-5.5 variants with security partners to model threats, find vulnerabilities, generate patches, and validate fixes in enterprise codebases under controlled access.
Information security
fromTechCrunch
22 hours ago

Exaforce raises $125M Series B to build AI for catching and stopping cyberattacks as they happen | TechCrunch

AI-enabled security operations can detect and stop threats in real time while reducing analyst workload by automating investigation and filtering false positives.
Information security
fromComputerWeekly.com
2 days ago

AI cyber attack threatens global financial crisis, warns International Monetary Fund | Computer Weekly

AI-powered cyber attacks could destabilize the financial system by disrupting payments, solvency, and liquidity, especially through shared cloud vulnerabilities.
Information security
fromFortune
1 day ago

'It's here': Google issues dire warning after catching hackers using AI to break into computers | Fortune

AI is already being used by criminal groups to exploit previously unknown digital vulnerabilities, increasing cybersecurity risks for governments and companies.
Information security
fromEngadget
1 day ago

Google announces its first-ever discovery of a zero-day exploit made with AI - Engadget

A threat actor used an AI-developed zero-day exploit, prompting patches and showing both offensive and defensive AI capabilities in cybersecurity.
more#ai-cybersecurity
Information security
fromSecurityWeek
1 day ago

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

A coordinated Mini Shai-Hulud supply chain attack compromised 170+ packages, stealing tokens and credentials and spreading via CI publishing of malicious package versions.
Information security
fromwww.cbc.ca
20 hours ago

Instructure strikes deal with hackers after massive Canvas cyber breach hits universities | CBC News

Instructure reached an agreement with the hacking group, received verification of data destruction, and assured customers would not face extortion or further targeting.
Information security
fromtheregister
1 day ago

Frontier AI safety tests may be creating the very risks they're meant to stop

Third-party AI evaluations require outsider access, but inconsistent standards and weak controls create new risks of theft, tampering, espionage, and abuse.
Information security
fromNextgov.com
17 hours ago

The Pentagon's cyber rules leave MSPs as an attack vector

CMMC aims to secure defense supply chains, but MSP privileged access can become an exploitable attack vector if MSPs aren’t held to equivalent standards.
Information security
fromThe Hacker News
1 day ago

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

TrickMo C uses TON-based command-and-control and updated network features to target banking and crypto users while turning infected devices into traffic-exit nodes.
#linux-kernel
Information security
fromInfoQ
1 day ago

Copy Fail and Dirty Frag: Linux Page-Cache Exploits Target Every Major Distribution

Two Linux kernel local privilege escalation flaws enable unprivileged users to obtain root by manipulating page cache via AF_ALG and related logic bugs.
Information security
fromArs Technica
1 day ago

Linux bitten by second severe vulnerability in as many weeks

Kernel page-cache handling bugs allow untrusted users to modify cached pages via splice-pinned buffers, enabling privilege escalation through corrupted in-memory data.
Information security
fromSecurityWeek
2 days ago

New 'Dirty Frag' Linux Vulnerability Possibly Exploited in Attacks

Dirty Frag and Copy Fail 2 chain two Linux kernel flaws to enable reliable local privilege escalation to root, with possible in-the-wild exploitation.
Information security
fromInfoQ
1 day ago

Copy Fail and Dirty Frag: Linux Page-Cache Exploits Target Every Major Distribution

Two Linux kernel local privilege escalation flaws enable unprivileged users to obtain root by manipulating page cache via AF_ALG and related logic bugs.
Information security
fromArs Technica
1 day ago

Linux bitten by second severe vulnerability in as many weeks

Kernel page-cache handling bugs allow untrusted users to modify cached pages via splice-pinned buffers, enabling privilege escalation through corrupted in-memory data.
Information security
fromSecurityWeek
2 days ago

New 'Dirty Frag' Linux Vulnerability Possibly Exploited in Attacks

Dirty Frag and Copy Fail 2 chain two Linux kernel flaws to enable reliable local privilege escalation to root, with possible in-the-wild exploitation.
more#linux-kernel
Information security
fromTechRepublic
19 hours ago

Over 1 Million Baby Monitors, Security Cameras Exposed Through Meari Flaws

Vulnerabilities in Meari Technology exposed private baby monitor and camera data across over one million devices, including images, motion alerts, and real-time activity.
Information security
fromSecurityWeek
1 day ago

SAP Patches Critical S/4HANA, Commerce Vulnerabilities

SAP released 15 security notes for May 2026 Patch Day, including critical SQL and code injection flaws in S/4HANA and SAP Commerce.
Information security
from24/7 Wall St.
1 day ago

5 Cybersecurity Stocks That May Be Acquired in 2026's M&A Wave

Cybersecurity M&A in 2026 is accelerating as platform consolidation, AI disruption, and hyperscaler demand drive acquisitions of sub-scale vendors.
#cybercrime
Information security
fromNextgov.com
1 day ago

Canvas breach spotlights cybercriminal appetite for student data

Education technology platforms like Canvas are being targeted for breaches that can expose student data and enable fraud, identity theft, extortion, and further intrusions.
Information security
fromtheregister
21 hours ago

Congress investigates Canvas breach as company pays ransom

US Congress summoned Instructure CEO Steve Daly to explain two Canvas breaches, including data accessed, containment, notifications, and coordination with federal law enforcement and CISA.
Information security
fromNextgov.com
1 day ago

Canvas breach spotlights cybercriminal appetite for student data

Education technology platforms like Canvas are being targeted for breaches that can expose student data and enable fraud, identity theft, extortion, and further intrusions.
more#cybercrime
Information security
fromTechzine Global
1 day ago

Cisco open-sources Foundry Security Spec for CISO-ready agents

Foundry Security Spec standardizes LLM-based security evaluations with orchestration, validation, coverage tracking, and auditable outputs.
Information security
fromEngadget
21 hours ago

Google announces upcoming security tools for Android, including enhanced protection against banking scam calls - Engadget

Android adds protections against banking scam calls, expands live threat detection for abusive apps, and introduces device-theft security settings.
Information security
fromSecurityWeek
21 hours ago

Adobe Patches 52 Vulnerabilities in 10 Products

Adobe released patches for 52 vulnerabilities across 10 products, including critical flaws enabling arbitrary code execution and privilege escalation.
Information security
fromThe Hacker News
19 hours ago

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

Exim security updates fix CVE-2026-45185, a GnuTLS-related BDAT use-after-free that can cause heap corruption and potential code execution.
#linux-kernel-security
Information security
fromTechzine Global
1 day ago

Linux kernel kill switch proposal sparks fierce debate

Privileged administrators could disable vulnerable kernel functions temporarily until patches arrive, reducing exposure during zero-day gaps but raising concerns about delaying patching and adding operational risk.
Information security
fromZDNET
1 day ago

Dirty Frag is a new Linux bug putting your system at risk - and there's no easy fix yet

Dirty Frag enables local privilege escalation from an unprivileged account to root by corrupting kernel page cache via networking and authentication logic bugs.
Information security
fromTechzine Global
1 day ago

Linux kernel kill switch proposal sparks fierce debate

Privileged administrators could disable vulnerable kernel functions temporarily until patches arrive, reducing exposure during zero-day gaps but raising concerns about delaying patching and adding operational risk.
Information security
fromZDNET
1 day ago

Dirty Frag is a new Linux bug putting your system at risk - and there's no easy fix yet

Dirty Frag enables local privilege escalation from an unprivileged account to root by corrupting kernel page cache via networking and authentication logic bugs.
more#linux-kernel-security
fromTechzine Global
21 hours ago

Veeam launches DataAI Command Platform for the agentic era

“The infrastructure to deploy AI exists. The infrastructure to trust it doesn't. With the DataAI Command Platform, Veeam is building the missing layer combining resilience, security, governance, compliance and privacy, in one platform.”
Information security
Information security
fromtheregister
21 hours ago

FCC walks back router update ban before it bricked America's network security

The FCC extended update waivers for certain foreign-made routers to prevent millions of devices from becoming unpatched through at least January 1, 2029.
Information security
fromThe Verge
1 day ago

Canvas owner reaches 'agreement' with hackers to secure stolen data

Instructure reached an agreement with hackers after a Canvas breach, claiming stolen data was returned and customers will not be extorted.
Information security
fromwww.theregister.com
1 day ago

Japan's PM orders cybersecurity review to defend against Anthropic Mythos

Japan ordered a cabinet-level review of cybersecurity strategy to assess government system vulnerabilities and ensure critical infrastructure operators can detect and fix them amid AI-enabled attack risks.
Information security
fromTNW | Business
1 day ago

ServiceNow lines up $4bn bond sale to refinance Armis acquisition debt

ServiceNow plans a $4bn US high-grade bond sale to refinance 2025 debt used for its Armis acquisition and support AI-driven growth.
#secure-by-design
Information security
fromZDNET
1 day ago

Beyond the cleanup job: Redefining application security for the modern enterprise

Security must be built into software before release through a funded, managed, repeatable operating model with board-level accountability.
fromZDNET
1 day ago
Information security

Stopping bugs before they ship: The shift to preventative security

Secure software requires proactive security practices before coding, using threat modeling and dependency hygiene to reduce supply chain and design risks.
Information security
fromZDNET
1 day ago

Beyond the cleanup job: Redefining application security for the modern enterprise

Security must be built into software before release through a funded, managed, repeatable operating model with board-level accountability.
Information security
fromZDNET
1 day ago

Stopping bugs before they ship: The shift to preventative security

Secure software requires proactive security practices before coding, using threat modeling and dependency hygiene to reduce supply chain and design risks.
more#secure-by-design
Information security
fromZDNET
1 day ago

The patching treadmill: Why traditional application security is no longer enough

Continuous deployment and scanning create endless find-and-fix cycles, overwhelming teams and making old security models obsolete.
Information security
fromSecurityWeek
2 days ago

Build Application Firewalls Aim to Stop the Next Supply Chain Attack

Supply chain attacks repeatedly compromise CI/CD build processes via trusted dependencies, enabling malicious code to enter builds and deliver payloads through automation.
Information security
fromInfoWorld
2 days ago

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

Malicious Hugging Face model repos can impersonate legitimate releases, inflate popularity, and deliver credential-stealing malware to Windows systems through deceptive setup files.
Information security
fromThe Hacker News
2 days ago

Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More

Attackers are actively exploiting newly weaponized Ivanti EPMM and Palo Alto PAN-OS vulnerabilities, including root-level remote code execution flaws.
Information security
fromDevOps.com
2 days ago

How Open Source Dependency and Repo Attacks Compromise DevOps Pipelines and How to Stay Safe - DevOps.com

Open source repositories are continuously targeted, and supply-chain attacks exploit weak dependency governance and insecure development practices to compromise many systems at once.
Information security
fromZDNET
1 day ago

Linux is getting a security wake-up call - why it was inevitable and I'm not worried

Linux security is no longer guaranteed as vulnerabilities rise, but kernel development is responding to reduce risk for users and organizations.
Information security
fromSecurityWeek
2 days ago

Over 500 Organizations Hit in Years-Long Phishing Campaign

Operation HookedWing has stolen over 2,000 credentials from 500+ organizations using long-running, adaptive phishing infrastructure and targeted lures across many sectors.
Information security
fromtheregister
1 day ago

Cookie thieves caught stealing dev secrets via fake Claude Code installers

A fake Claude Code installer delivers malware that abuses IElevator2 to exfiltrate decrypted cookies, passwords, and payment data from Chromium-based browsers.
Information security
fromDevOps.com
2 days ago

Lyrie.ai Joins First Batch of Anthropic's Cyber Verification Program - DevOps.com

Agent Trust Protocol (ATP) provides an open cryptographic standard to verify AI agent identity, authorization scope, and tamper status for autonomous internet actions.
Information security
fromThe Hacker News
1 day ago

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

A critical cPanel flaw enables authentication bypass and remote control, with attackers deploying Filemanager backdoors, credential-stealing web shells, and cross-platform malware.
[ Load more ]