- Artemis II Astronauts Have 'Two Microsoft Outlooks' and Neither Work2 April 2026, 5:00 pm
Even on NASA's Artemis II mission around the moon, astronauts apparently still have to deal with broken Microsoft Outlook. One of the crew members, Reid Wiseman, jokingly reported that he had "two Microsoft Outlooks" and neither worked. 404 Media reports: On April 1, four astronauts from the U.S. and Canada embarked on a 10-day flight to loop around the moon. Spotted by VGBees podcast host Niki Grayson on the NASA livestream of live views from the , around 2 a.m. ET, mission control acknowledges... 
- Life With AI Causing Human Brain 'Fry'30 March 2026, 7:00 pm
fjo3 shares a report from France 24: Too many lines of code to analyze, armies of AI assistants to wrangle, and lengthy prompts to draft are among the laments by hard-core AI adopters. Consultants at Boston Consulting Group (BCG) have dubbed the phenomenon "AI brain fry," a state of mental exhaustion stemming "from the excessive use or supervision of artificial intelligence tools, pushed beyond our cognitive limits."
The rise of AI agents that tend to computer tasks on demand has put users in ...
- Do Emergency Microsoft, Oracle Patches Point to Wider Issues?29 March 2026, 3:34 am
"Emergency out-of-band fixes issued by enterprise IT giants Microsoft and Oracle have shone a spotlight on issues around both update cycles and patching," reports Computer Weekly:
Microsoft's emergency update, KB5085516, addresses an issue that arose after installing the mandatory cumulative updates pushed live on Patch Tuesday earlier this month. According to Microsoft, it has since emerged that many users experienced problems signing into applications with a Microsoft account, seeing a "no i...
- Linux Maintainer Greg Kroah-Hartman Says AI Tools Now Useful, Finding Real Bugs28 March 2026, 6:34 pm
Linux kernel maintainer Greg Kroah-Hartman tells The Register that AI-driven code review has "really jumped" for Linux. "There must have been some inflection point somewhere with the tools..."
"Something happened a month ago, and the world switched. Now we have real reports." It's not just Linux, he continued. "All open source projects have real reports that are made with AI, but they're good, and they're real." Security teams across major open source projects talk informally and frequently, he...
- Google Moves Post-Quantum Encryption Timeline Up To 202927 March 2026, 11:00 pm
Google has moved up its post-quantum encryption migration target to 2029. "This new timeline reflects migration needs for the PQC era in light of progress on quantum computing hardware development, quantum error correction, and quantum factoring resource estimates," said vice president of security engineering Heather Adkins and senior staff cryptology engineer Sophie Schmieg in a blog post. CyberScoop reports: Google is replacing outdated encryption across their devices, systems and data with ne...
- European Commission Investigating Breach After Amazon Cloud Account Hack27 March 2026, 10:00 pm
The European Commission is investigating a breach after a threat actor allegedly accessed at least one of its AWS cloud accounts and claimed to have stolen more than 350 GB of data, including databases and employee-related information. AWS says its own services were not breached. BleepingComputer reports: Sources familiar with the incident have told BleepingComputer that the attack was quickly detected and that the Commission's cybersecurity incident response team is now investigating. While the...
- Iran-Linked Hackers Breach FBI Director's Personal Email27 March 2026, 7:00 pm
An anonymous reader quotes a report from Reuters: Iran-linked hackers have broken into FBI Director Kash Patel's personal email inbox, publishing photographs of the director and other documents to the internet, the hackers and the bureau said on Friday. On their website, the hacker group Handala Hack Team said Patel "will now find his name among the list of successfully hacked victims." The hackers published a series of personal photographs of Patel sniffing and smoking cigars, riding in an anti...
- Popular LiteLLM PyPI Package Backdoored To Steal Credentials, Auth Tokens27 March 2026, 6:00 pm
joshuark shares a report from BleepingComputer: The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. LiteLLM is an open-source Python library that serves as a gateway to multiple large language model (LLM) providers via a single API. The package is very popular, with over 3.4 million downloads a day and over 95 million in the p...
- Hong Kong Police Can Demand Passwords Under New National Security Rules25 March 2026, 3:30 am
An anonymous reader quotes a report from the BBC: Hong Kong police can now demand phone or computer passwords from those who are suspected of breaching the wide-ranging National Security Law (NSL). Those who refuse could face up to a year in jail and a fine of up to $12,700, and individuals who provide "false or misleading information" could face up to three years in jail. It comes as part of new amendments to a bylaw under the NSL that the government gazetted on Monday.
The NSL was introduced...
- Self-Propagating Malware Poisons Open Source Software, Wipes Iran-Based Machines24 March 2026, 6:00 pm
An anonymous reader quotes a report from Ars Technica: A new hacking group has been rampaging the Internet in a persistent campaign that spreads a self-propagating and never-before-seen backdoor -- and curiously a data wiper that targets Iranian machines. The group, tracked under the name TeamPCP, first gained visibility in December, when researchers from security firm Flare observed it unleashing a worm that targeted cloud-hosted platforms that weren't properly secured. The objective was to bui...
- Ad Trackers Accounted for 10.22 Percent of Global Internet Traffic in 2025, Up from 7.84 Percent in 20243 April 2026, 7:27 am
In 2025, ad trackers made up 10.
Thank you for being a Ghacks reader. The post Ad Trackers Accounted for 10.22 Percent of Global Internet Traffic in 2025, Up from 7.84 Percent in 2024 appeared first on gHacks....
- Artemis II Astronaut Reports Microsoft Outlook Not Working Aboard Orion Spacecraft3 April 2026, 7:21 am
An astronaut aboard NASA's Orion spacecraft, currently in orbit for the Artemis II mission, reported to ground controllers in Houston that Microsoft Outlook was
Thank you for being a Ghacks reader. The post Artemis II Astronaut Reports Microsoft Outlook Not Working Aboard Orion Spacecraft appeared first on gHacks....
- OpenAI Adds Pay-As-You-Go Codex Seats for ChatGPT Business and Enterprise Teams3 April 2026, 7:16 am
OpenAI is now offering pay-as-you-go pricing for Codex-only seats on ChatGPT Business and Enterprise plans.
Thank you for being a Ghacks reader. The post OpenAI Adds Pay-As-You-Go Codex Seats for ChatGPT Business and Enterprise Teams appeared first on gHacks....
- Google Increases AI Pro Cloud Storage from 2TB to 5TB at No Extra Cost for Subscribers3 April 2026, 6:26 am
Google has increased the amount of cloud storage included with its Google AI Pro plan from 2TB to 5TB, without changing the monthly price of $20.
Thank you for being a Ghacks reader. The post Google Increases AI Pro Cloud Storage from 2TB to 5TB at No Extra Cost for Subscribers appeared first on gHacks....
- Android 17 May Add Smart Notification Rules to Automate Alerts and Reduce Lock Screen Clutter3 April 2026, 6:19 am
Strings referencing a "Notification Rules" feature have been spotted in the latest Android 17 beta by the Android Authority team.
Thank you for being a Ghacks reader. The post Android 17 May Add Smart Notification Rules to Automate Alerts and Reduce Lock Screen Clutter appeared first on gHacks....
- Opera Neon Adds MCP Connector to Let External AI Tools Safely Control Live Browser Sessions2 April 2026, 7:34 am
Opera has introduced an MCP Connector feature in its Neon browser that enables external AI tools to connect to a live browser session and perform actions direct
Thank you for being a Ghacks reader. The post Opera Neon Adds MCP Connector to Let External AI Tools Safely Control Live Browser Sessions appeared first on gHacks....
- Google Rolls Out AI Inbox in Gmail for $250 Per Month to Gemini Advanced (AI Ultra) Subscribers2 April 2026, 7:26 am
Google has started rolling out AI Inbox for Gmail to Google AI Ultra subscribers in the United States.
Thank you for being a Ghacks reader. The post Google Rolls Out AI Inbox in Gmail for $250 Per Month to Gemini Advanced (AI Ultra) Subscribers appeared first on gHacks....
- Microsoft Releases Emergency Windows 11 Security Update to Fix Broken Preview Build2 April 2026, 7:19 am
Microsoft has released an out-of-band update, KB5086672, for Windows 11 versions 24H2 and 25H2 to replace the March 2026 preview update KB5079391, which was pul
Thank you for being a Ghacks reader. The post Microsoft Releases Emergency Windows 11 Security Update to Fix Broken Preview Build appeared first on gHacks....
- Apple Releases iOS 18.7.7 Update to Extend DarkSword Exploit Protection to More iPhones and iPads2 April 2026, 7:13 am
Apple has expanded the availability of iOS 18.
Thank you for being a Ghacks reader. The post Apple Releases iOS 18.7.7 Update to Extend DarkSword Exploit Protection to More iPhones and iPads appeared first on gHacks....
- Asia-Pacific PC Shipments To Fall 13.7% In 2026 As AI Data Centers Drive Up DRAM Demand1 April 2026, 7:16 am
PC shipments in the Asia-Pacific region are expected to drop 13.
Thank you for being a Ghacks reader. The post Asia-Pacific PC Shipments To Fall 13.7% In 2026 As AI Data Centers Drive Up DRAM Demand appeared first on gHacks....
- Hitachi Energy Ellipse2 April 2026, 12:00 pm
View CSAF
Summary
Hitachi Energy is aware of a Jasper Report vulnerability that affects the Ellipse product versions mentioned in this document below. This vulnerability can be exploited to carry out remote code execution (RCE) attack on the product. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation.
The following versions of Hitachi Energy Ellipse are affected:
Ellipse vers:Ellipse/<=9.0.50 (CVE-2025-10492)
CVSS
Vendor
Equipment
Vulnerab...
- CISA Adds One Known Exploited Vulnerability to Catalog2 April 2026, 12:00 pm
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-3502 TrueConf Client Download of Code Without Integrity Check Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV ...
- Yokogawa CENTUM VP2 April 2026, 12:00 pm
View CSAF
Summary
Successful exploitation of this vulnerability could allow an attacker to login as the PROG user and modify permissions.
The following versions of Yokogawa CENTUM VP are affected:
CENTUM VP >=R5.01.00|
CENTUM VP >=R6.01.00|
CENTUM VP vR7.01.00 (CVE-2025-7741)
CVSS
Vendor
Equipment
Vulnerabilities
v3 4
Yokogawa
Yokogawa CENTUM VP
Use of Hard-coded Password
Background
Critical Infrastructure Sectors: Critical Manufacturing, Energy, Food and Agriculture
Countri...
- Siemens SICAM 8 Products2 April 2026, 12:00 pm
View CSAF
Summary
Multiple SICAM 8 products are affected by multiple vulnerabilities that could lead to denial of service, namely: - SICAM A8000 Device firmware - CPCI85 for CP-8031/CP-8050 - SICORE for CP-8010/CP-8012 - RTUM85 for CP-8010/CP-8012 - SICAM EGS Device firmware - CPCI85 - SICAM S8000 - SICORE - RTUM85 Siemens has released new versions for the affected products and recommends to update to the latest versions.
The following versions of Siemens SICAM 8 Products are affected:
CPCI85 C...
- CISA Adds One Known Exploited Vulnerability to Catalog1 April 2026, 12:00 pm
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-5281 Google Dawn Use-After-Free Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vuln...
- PX4 Autopilot31 March 2026, 12:00 pm
View CSAF
Summary
Successful exploitation of this vulnerability could allow an attacker with access to the MAVLink interface to execute arbitrary shell commands without cryptographic authentication.
The following versions of PX4 Autopilot are affected:
Autopilot v1.16.0_SITL_latest_stable (CVE-2026-1579)
CVSS
Vendor
Equipment
Vulnerabilities
v3 9.8
PX4
PX4 Autopilot
Missing Authentication for Critical Function
Background
Critical Infrastructure Sectors: Transportation Systems, Eme...
- Anritsu Remote Spectrum Monitor31 March 2026, 12:00 pm
View CSAF
Summary
Successful exploitation of this vulnerability could allow attackers with network access to alter operational settings, obtain sensitive signal data, or disrupt device availability.
The following versions of Anritsu Remote Spectrum Monitor are affected:
Remote Spectrum Monitor MS27100A vers:all/* (CVE-2026-3356)
Remote Spectrum Monitor MS27101A vers:all/* (CVE-2026-3356)
Remote Spectrum Monitor MS27102A vers:all/* (CVE-2026-3356)
Remote Spectrum Monitor MS27103A vers:all/* (CVE...
- CISA Adds One Known Exploited Vulnerability to Catalog30 March 2026, 12:00 pm
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-3055 Citrix NetScaler Out-of-Bounds Read Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Co...
- CISA Adds One Known Exploited Vulnerability to Catalog27 March 2026, 12:00 pm
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2025-53521 F5 BIG-IP Remote Code Execution Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Commo...
- CISA Adds One Known Exploited Vulnerability to Catalog26 March 2026, 12:00 pm
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-33634 Aqua Security Trivy Embedded Malicious Code Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of...
- CVE-2023-364097 November 2023, 12:15 am
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability...
- CVE-2023-367696 November 2023, 11:15 pm
Microsoft OneNote Spoofing Vulnerability...
- CVE-2023-470046 November 2023, 10:15 pm
Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication....
- CVE-2023-455566 November 2023, 10:15 pm
Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component....
- CVE-2023-56056 November 2023, 9:15 pm
The URL Shortify WordPress plugin through 1.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)...
- CVE-2023-56016 November 2023, 9:15 pm
The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE....
- CVE-2023-55306 November 2023, 9:15 pm
The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts/comments etc however the vendor acknowledged and fixed the issue...
- CVE-2023-57716 November 2023, 9:15 pm
Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages.  This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions....
- CVE-2023-49306 November 2023, 9:15 pm
The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled....
- CVE-2023-52286 November 2023, 9:15 pm
The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)....
- Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials2 April 2026, 7:30 pm
A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale.
Cisco Talos has attributed the operation to a threat cluster it tracks as...
- Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise2 April 2026, 3:21 pm
Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges.
The vulnerability, tracked as CVE-2026-20093, carries a CVSS score of 9.8 out of a maximum of 10.0.
"This...
- ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories2 April 2026, 12:45 pm
The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week.
Things are moving fast. The list includes researchers chaining small bugs together to create massive backdoors, old software flaws...
- Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners2 April 2026, 11:42 am
A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023.
"Beyond cryptomining, the threat actor monetizes infections through CPA (Cost Per Action) fraud, directing victims to content locker pages under the guise of software registration," Elastic...
- The State of Trusted Open Source Report2 April 2026, 11:30 am
In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption across our catalog of container image projects, versions, images, language libraries, and builds. These insights shed light on what teams pull, deploy, and maintain day to day, alongside the vulnerabilities and...
- WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action2 April 2026, 9:51 am
Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with spyware.
According to reports from Italian newspaper La Repubblica and news agency ANSA, the vast majority of the targets are located in Italy. It's assessed that the threat actors behind the activity used social engineering...
- Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit2 April 2026, 7:09 am
Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a recently disclosed exploit kit known as DarkSword.
"We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security...
- CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails1 April 2026, 4:10 pm
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote administration tool known as AGEWHEEZE.
As part of the attacks, the threat actors, tracked as UAC-0255, sent emails on March 26 and 27, 2026, posing as CERT-UA to distribute a password-protected ZIP archive...
- Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass1 April 2026, 2:10 pm
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files.
The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and enabling remote access. It's currently not known what lures the threat actors use to trick users into...
- Block the Prompt, Not the Work: The End of "Doctor No"1 April 2026, 12:46 pm
There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No."
No to ChatGPT.
No to DeepSeek.
No to the file-sharing tool the product team swears by.
For years, this looked like security. But in 2026, "Doctor No" is no longer just a management headache &...
- ‘CanisterWorm’ Springs Wiper Attack Targeting Iran23 March 2026, 3:43 pm
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language....
- Feds Disrupt IoT Botnets Behind Huge DDoS Attacks20 March 2026, 12:49 am
The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets -- named Aisuru, Kimwolf, JackSkid and Mossad -- are responsible for a series of recent record-smashing distributed denial-of-service (DDoS) attacks capable of knocking nearly any target offline....
- Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker11 March 2026, 4:20 pm
A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker's main U.S. headquarters says the company is currently experiencing a building emergency....
- Microsoft Patch Tuesday, March 2026 Edition11 March 2026, 12:32 am
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing "zero-day" flaws this month (compared to February's five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this month's Patch Tuesday....
- How AI Assistants are Moving the Security Goalposts8 March 2026, 11:35 pm
AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and n...
- Who is the Kimwolf Botmaster “Dort”?28 February 2026, 12:01 pm
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle "Dort" -- has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks against the researcher and this author, and more recently caused a SWAT team to be sent to the researcher's home. This post examines wh...
- ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA20 February 2026, 8:00 pm
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand's real website, and then acts as a relay between the target and the legitimate site -- forwarding the victim's username, password and multi-factor authentic...
- Kimwolf Botnet Swamps Anonymity Network I2P11 February 2026, 4:08 pm
For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet's control servers....
- Patch Tuesday, February 2026 Edition10 February 2026, 9:49 pm
Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild....
- Please Don’t Feed the Scattered Lapsus ShinyHunters2 February 2026, 4:15 pm
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators… Read More »...
- US Bans All Foreign-Made Consumer Routers2 April 2026, 5:28 pm
This is for new routers; you don’t have to throw away your existing ones:
The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense” and (2) pose “a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons.”
More information:
Any new router made outside the US ...
- Possible US Government iPhone Hacking Tool Leaked2 April 2026, 10:05 am
Wired writes (alternate source):
Security researchers at Google on Tuesday released a report describing what they’re calling “Coruna,” a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defenses of an iPhone to silently install malware on a device when it visits a website containing the exploitation code. In total, Coruna takes advantage of 23 distinct vulnerabilities in iOS, a rare collection of hacking components that...
- Is “Hackback” Official US Cybersecurity Strategy?1 April 2026, 4:57 pm
The 2026 US “Cyber Strategy for America” document is mostly the same thing we’ve seen out of the White House for over a decade, but with a more aggressive tone.
But one sentence stood out: “We will unleash the private sector by creating incentives to identify and disrupt adversary networks and scale our national capabilities.” This sounds like a call for hackback: giving private companies permission to conduct offensive cyber operations.
The Economist noticed (alternate link) this, too...
- A Taxonomy of Cognitive Security1 April 2026, 9:59 am
Last week, I listened to a fascinating talk by K. Melton on cognitive security, cognitive hacking, and reality pentesting. The slides from the talk are here, but—even better—Menton has a long essay laying out the basic concepts and ideas.
The whole thing is important and well worth reading, and I hesitate to excerpt. Here’s a taste:
The NeuroCompiler is where raw sensory data gets interpreted before you’re consciously aware of it. It decides what things mean, and it does this fast, autom...
- Inventors of Quantum Cryptography Win Turing Award31 March 2026, 11:05 am
Charles Bennett and Gilles Brassard have won the 2026 Turing Award for inventing quantum cryptography.
I am incredibly pleased to see them get this recognition. I have always thought the technology to be fantastic, even though I think it’s largely unnecessary. I wrote up my thoughts back in 2008, in an essay titled “Quantum Cryptography: As Awesome As It Is Pointless.”
Back then, I wrote:
While I like the science of quantum cryptography—my undergraduate degree was in physics—I don’t ...
- Apple’s Camera Indicator Lights30 March 2026, 11:08 am
A thoughtful review of Apple’s system to alert users that the camera is on. It’s really well-designed, and important in a world where malware could surreptitiously start recording.
The reason it’s tempting to think that a dedicated camera indicator light is more secure than an on-display indicator is the fact that hardware is generally more secure than software, because it’s harder to tamper with. With hardware, a dedicated hardware indicator light can be connected to the camera hardware...
- Friday Squid Blogging: Bioluminescent Bacteria in Squid27 March 2026, 8:18 pm
The Hawaiian bobtail squid has bioluminescent bacteria....
- As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters26 March 2026, 11:06 am
In December, the Trump administration signed an executive order that neutered states’ ability to regulate AI by ordering his administration to both sue and withhold funds from states that try to do so. This action pointedly supported industry lobbyists keen to avoid any constraints and consequences on their deployment of AI, while undermining the efforts of consumers, advocates, and industry associations concerned about AI’s harms who have spent years pushing for state regulation.
Trump’s ...
- Sen. Wyden Warns of Another Section 702 Abuse25 March 2026, 11:02 am
Sen. Ron Wyden is warning us of an abuse of Section 702:
Wyden took to the Senate floor to deliver a lengthy speech, ostensibly about the since approved (with support of many Democrats) nomination of Joshua Rudd to lead the NSA. Wyden was protesting that nomination, but in the context of Rudd being unwilling to agree to basic constitutional limitations on NSA surveillance. But that’s just a jumping off point ahead of Section 702’s upcoming reauthorization deadline. Buried in the speech is a ...
- Team Mirai and Democracy24 March 2026, 11:03 am
Japan’s election last month and the rise of the country’s newest and most innovative political party, Team Mirai, illustrates the viability of a different way to do politics.
In this model, technology is used to make democratic processes stronger, instead of undermining them. It is harnessed to root out corruption, instead of serving as a cash cow for campaign donations.
Imagine an election where every voter has the opportunity to opine directly to politicians on precisely the issues they ca...
- Black Hat USA1 August 2026, 11:00 am
...
- Geopolitics, AI, and Cybersecurity: Insights From RSAC 20262 April 2026, 9:14 pm
AI-driven threats, global leadership shifts, and the future of cybersecurity in a rapidly evolving landscape were among the discussions at RSAC 2026 Conference....
- Not Toying Around: Hasbro Attack May Take 'Weeks' to Remediate2 April 2026, 8:28 pm
The company's 8-K filing notes "unauthorized access" and that it's activated business continuity plans and taken some systems offline....
- Security Bosses Are All-In on AI. Here's Why2 April 2026, 7:12 pm
CISOs are bullish on AI and have big plans to roll out future tools. We talk to Reddit CISO Frederick Lee and leading analyst Dave Gruber about how AI is working out in the real world, as well as its future promise....
- RSAC 2026: AI Dominates, But Community Remains Key to Security2 April 2026, 3:56 pm
As AI took center stage at this year's conference, experts debated automation, oversight and the evolving role of human intelligence in cybersecurity — despite the US government's notable absence....
- Bank Trojan 'Casbaneiro' Worms Through Latin America2 April 2026, 1:00 pm
Augmented Marauder's multipronged banking-Trojan cyber campaigns are targeting Spanish speakers, evading detection, and replicating rapidly....
- Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense1 April 2026, 10:04 pm
A chief medical information officer describes what hospitals face when they inevitably suffer a ransomware attack—whether it leads to short- or long-term outages....
- LatAm's Self-Taught Cyber Talent Overlooked Amid Cyberattack Glut1 April 2026, 7:00 pm
A newly released study exclusively shared with Dark Reading details the unique circumstances that make up Latin America's labor pool, and why organizations may want to expand their talent search....
- Cyberattacks Intensify Pressure on Latin American Governments1 April 2026, 4:52 pm
Cyber threats across Latin America are increasingly targeting government systems, from disruptive attacks in Puerto Rico to a surge of probes against Colombia’s health sector....
- Venom Stealer MaaS Platform Commoditizes ClickFix Attacks1 April 2026, 2:54 pm
A new service on the cybercrime market provides automated capabilities to create persistent information-stealing social engineering attacks....
- Claude Code leak used to push infostealer malware on GitHub2 April 2026, 8:30 pm
Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. [...]...
- Drift loses $280 million as hackers seize Security Council powers2 April 2026, 7:03 pm
The Drift Protocol lost at least $280 million after a threat actor took control of its Security Council administrative powers in a planned, sophisticated operation. [...]...
- Residential proxies evaded IP reputation checks in 78% of 4B sessions2 April 2026, 3:21 pm
Researchers warn that residential proxies used to route malicious traffic are a big problem for IP reputation systems, as there is no clear distinction between attackers and legitimate users. [...]...
- Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime2 April 2026, 2:01 pm
Threat actors are exploiting vacant homes as "drop addresses" to intercept mail and enable fraud. Flare shows how postal services and fake identities are abused to turn mail into a fraud vector. [...]...
- New Progress ShareFile flaws can be chained in pre-auth RCE attacks2 April 2026, 1:33 pm
Two vulnerabilities in Progress ShareFile, an enterprise-grade secure file transfer solution, can be chained to enable unauthenticated file exfiltration from affected environments. [...]...
- Medtech giant Stryker fully operational after data-wiping attack2 April 2026, 1:28 pm
Stryker Corporation, one of the world's leading medical technology companies, says it's fully operational three weeks after many of its systems were wiped out in a cyberattack claimed by the Iranian-linked Handala hacktivist group. [...]...
- Critical Cisco IMC auth bypass gives attackers Admin access2 April 2026, 11:01 am
Cisco has patched several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) authentication bypass that enables attackers to gain Admin access. [...]...
- Microsoft links Classic Outlook issue to email delivery problems2 April 2026, 9:12 am
Microsoft is investigating a known issue that prevents some Classic Outlook users from sending emails via Outlook.com. [...]...
- Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks2 April 2026, 8:25 am
Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability. [...]...
- New CrystalRAT malware adds RAT, stealer and prankware features1 April 2026, 11:17 pm
A new malware-as-a-service called CrystalRAT is being promoted on Telegram, offering remote access, data theft, keylogging, and clipboard hijacking capabilities. [...]...
- Student Loan Breach Exposes 2.5M Records31 August 2022, 12:57 pm
2.5 million people were affected, in a breach that could spell more trouble down the line....
- Watering Hole Attacks Push ScanBox Keylogger30 August 2022, 4:00 pm
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool....
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms29 August 2022, 2:56 pm
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system....
- Ransomware Attacks are on the Rise26 August 2022, 4:44 pm
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group....
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras25 August 2022, 6:47 pm
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed....
- Twitter Whistleblower Complaint: The TL;DR Version24 August 2022, 2:17 pm
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk....
- Firewall Bug Under Active Attack Triggers CISA Warning23 August 2022, 1:19 pm
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP....
- Fake Reservation Links Prey on Weary Travelers22 August 2022, 1:59 pm
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels....
- iPhone Users Urged to Update to Patch 2 Zero-Days19 August 2022, 3:25 pm
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack....
- Google Patches Chrome’s Fifth Zero-Day of the Year18 August 2022, 2:31 pm
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack....
- Critical Vulnerability in Claude Code Emerges Days After Source Leak2 April 2026, 6:00 pm
Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found by Adversa AI.
The post Critical Vulnerability in Claude Code Emerges Days After Source Leak appeared first on SecurityWeek....
- Apple Rolls Out DarkSword Exploit Protection to More Devices2 April 2026, 4:18 pm
The DarkSword exploit kit has been used by both state-sponsored hackers and commercial spyware vendors.
The post Apple Rolls Out DarkSword Exploit Protection to More Devices appeared first on SecurityWeek....
- Cybersecurity M&A Roundup: 38 Deals Announced in March 20262 April 2026, 2:30 pm
Significant cybersecurity M&A deals announced by Airbus, Cellebrite, Databricks, Quantum eMotion, Rapid7, and OpenAI.
The post Cybersecurity M&A Roundup: 38 Deals Announced in March 2026 appeared first on SecurityWeek....
- Cisco Patches Critical and High-Severity Vulnerabilities2 April 2026, 12:34 pm
The bugs could lead to authentication bypass, remote code execution, information disclosure, and privilege escalation.
The post Cisco Patches Critical and High-Severity Vulnerabilities appeared first on SecurityWeek....
- 250,000 Affected by Data Breach at Nacogdoches Memorial Hospital2 April 2026, 11:57 am
In January 2026, a threat actor hacked the hospital’s internal network and stole personal and health information.
The post 250,000 Affected by Data Breach at Nacogdoches Memorial Hospital appeared first on SecurityWeek....
- Mercor Hit by LiteLLM Supply Chain Attack2 April 2026, 10:42 am
The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data.
The post Mercor Hit by LiteLLM Supply Chain Attack appeared first on SecurityWeek....
- Sophisticated CrystalX RAT Emerges2 April 2026, 9:51 am
The malware can spy on victims, steal their information, and make configuration changes on devices.
The post Sophisticated CrystalX RAT Emerges appeared first on SecurityWeek....
- Variance Raises $21.5M for Compliance Investigation Platform Powered by AI Agents2 April 2026, 8:01 am
Variance has raised a total of $26 million in funding and the latest investment will fuel platform growth.
The post Variance Raises $21.5M for Compliance Investigation Platform Powered by AI Agents appeared first on SecurityWeek....
- Linx Security Raises $50 Million for Identity Security and Governance2 April 2026, 4:04 am
The company will accelerate product development, scale go-to-market efforts, and expand its global footprint.
The post Linx Security Raises $50 Million for Identity Security and Governance appeared first on SecurityWeek....
- Depthfirst Raises $80 Million in Series B Funding1 April 2026, 4:47 pm
The startup will expand its AI research team, train additional security models, and scale enterprise adoption.
The post Depthfirst Raises $80 Million in Series B Funding appeared first on SecurityWeek....
- ISC Stormcast For Friday, April 3rd, 2026 https://isc.sans.edu/podcastdetail/9878, (Fri, Apr 3rd)3 April 2026, 2:00 am
...
- Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)2 April 2026, 2:49 pm
From its GitHub repo: "Vite (French word for "quick", pronounced /vi?t/, like "veet") is a new breed of frontend build tooling that significantly improves the frontend development experience" [https://github.com/vitejs/vite].
...
- ISC Stormcast For Thursday, April 2nd, 2026 https://isc.sans.edu/podcastdetail/9876, (Thu, Apr 2nd)2 April 2026, 2:00 am
...
- Malicious Script That Gets Rid of ADS, (Wed, Apr 1st)1 April 2026, 8:09 pm
Today, most malware are called âfilelessâ because they try to reduce their footprint on the infected computer filesystem to the bare minimum. But they need to write something⦠think about persistence. They can use the registry as an alternative storage location.
...
- TeamPCP Supply Chain Campaign: Update 005 - First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows, (Wed, Apr 1st)1 April 2026, 1:08 pm
This is the fifth update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 004 covered developments through March 30, including the Databricks investigation, dual ransomware operations, and AstraZeneca data release. This update consolidates two days of intelligence through April 1, 2026.
...
- ISC Stormcast For Wednesday, April 1st, 2026 https://isc.sans.edu/podcastdetail/9874, (Wed, Apr 1st)1 April 2026, 2:05 am
...
- Application Control Bypass for Data Exfiltration, (Tue, Mar 31st)31 March 2026, 7:31 am
In case of a cyber incident, most organizations fear more of data loss (via exfiltration) than regular data encryption because they have a good backup policy in place. If exfiltration happened, it means a total loss of control of the stolen data with all the consequences (PII, CC numbers, â¦).
...
- ISC Stormcast For Tuesday, March 31st, 2026 https://isc.sans.edu/podcastdetail/9872, (Tue, Mar 31st)31 March 2026, 2:00 am
...
- TeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released, (Mon, Mar 30th)31 March 2026, 12:52 am
This is the fourth update to the TeamPCP supply chain campaign threat intelligence report,&#;x26;#;xc2;&#;x26;#;xa0;"When the Security Scanner Became the Weapon"&#;x26;#;xc2;&#;x26;#;xa0;(v3.0, March 25, 2026). Update 003 covered developments through March 28, including the first 48-hour pause in new compromises and the campaign&#;x26;#;39;s shift to monetization. This update consolidates intelligence from March 28-30, 2026 -- two days since our last update.
...
- DShield (Cowrie) Honeypot Stats and When Sessions Disconnect, (Mon, Mar 30th)30 March 2026, 6:53 pm
A lot of the information seen on DShield honeypots [1] is repeated bot traffic, especially when looking at the Cowrie [2] telnet and SSH sessions. However, how long a session lasts, how many commands are run per session and what the last commands run before a session disconnects can vary. Some of this information could help indicate whether a session is automated and if a honeypot was fingerprinted. This information can also be used to find more interesting honeypot sessions.
...
- Amazon GuardDuty enhances detection efficacy with Sophos threat intelligence2 April 2026, 12:00 am
Amazon has integrated Sophos threat intelligence into Amazon GuardDuty, expanding the breadth and accuracy of malicious threat detection for customers running workloads on Amazon Web Services (AWS).Categories: Products & ServicesTags: AWS, Sophos Intelix, amazon, Amazon GuardDuty, Sophos OEM...
- The Cybersecurity Trust Reality in 202631 March 2026, 12:00 am
New Sophos survey reveals only 5% of IT leaders say they fully trust their cybersecurity vendorsCategories: Products & Services, Sophos InsightsTags: Trust, Privacy, Trust Center...
- The High Cost of Low Trust: Our Commitment to Radical Transparency31 March 2026, 12:00 am
Only 5% of organizations fully trust their cybersecurity providers. Let’s do better.Categories: Products & Services, Sophos InsightsTags: Trust, Trust Center, Privacy...
- Axios npm package compromised to deploy malware31 March 2026, 12:00 am
Categories: Threat ResearchTags: advisory, NPM, Axios...
- Incident responders, s'il vous plait: Invites lead to odd malware events30 March 2026, 12:00 am
A phishing campaign targeting multiple organizations led to RMM installations – but not much else (yet). A threat actor experimenting, or an access-as-a-service attack underway?Categories: Threat ResearchTags: STAC6405, infostealer, RMM, Phishing...
- Where AI in the SOC is actually delivering — and where it isn’t30 March 2026, 12:00 am
“We’ll have a generation of security professionals who can supervise AI but can’t function without it."Categories: AI Research, Sophos InsightsTags: AI, AI Cybersecurity, AI RESEARCH, Generative AI, SOC...
- Incident responders, s'il vous plait: Invites lead to odd malware events27 March 2026, 9:38 pm
...
- The High Cost of Low Trust: Our Commitment to Radical Transparency26 March 2026, 5:37 pm
...
- The Cybersecurity Trust Reality in 202625 March 2026, 4:51 pm
...
- Sophos Firewall ranked the #1 overall firewall solution in G2’s Spring 2026 reports24 March 2026, 12:00 am
Why organizations are choosing Sophos Firewall to reduce exposure and strengthen resilienceCategories: Products & Services, ProductsTags: Firewall, G2, Awards...
- Unauthorized Plugin Installation/Activation in Hunk Companion10 December 2024, 9:03 pm
This report highlights a vulnerability in the Hunk Companion plugin < 1.9.0 that allows unauthenticated POST requests to install and activate plugins directly from the WordPress.org repository. This flaw poses a significant security risk, as it enables attackers to install vulnerable or closed plugins, which can then be exploited for attacks such as Remote Code Execution […]...
- Identifying Traffic from Shell Finder Bots1 November 2024, 11:04 pm
A shell finder is a type of reconnaissance tool that is used by threat actors to identify websites that have already been compromised and contain backdoor shells. A backdoor shell is a form of malware that is added by a threat actor after gaining unauthorized access to a website. The purpose of a backdoor shell is […]...
- Unpatched Vulnerability in TI WooCommerce Wishlist Plugin9 September 2024, 5:45 pm
A Few weeks ago an Sql Injection was discovered in the TI WooCommerce Wishlist plugin. After checking closer we found another entry point, affecting over 100,000 active installs. Despite the severity of this issue, the vendor have not yet provided a patch, leading to public disclosure. The vulnerability can be exploited by unauthenticated users, allowing […]...
- Unauthenticated Privilege Escalation in Profile-Builder plugin15 July 2024, 4:29 pm
During a routine audit of various WordPress plugins, we identified some issues in Profile Builder and Profile Builder Pro (50k+ active installs). We discovered an Unauthenticated Privilege Escalation Vulnerability which could allow attackers to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This vulnerability was fixed on […]...
- Object Injection vulnerability fixed in SEOPress 7.924 June 2024, 2:00 pm
During a routine audit of various WordPress plugins, we identified a few issues in SEOPress (300k+ active installs). More specifically, we discovered an authentication bug which could allow attackers to access certain protected REST API routes without having any kind of account on the targeted site. Digging deeper into what an attacker could do with this […]...
- 10 of the Best Website Security Tools to Stay Ahead of Hackers5 June 2024, 1:00 pm
Which website security tools are really necessary for your site? What to consider before investing in new software. 10 must-have tools you can’t skip....
- The 10 Best Vulnerability Scanners for Effective Web Security16 May 2024, 1:00 pm
7 factors for choosing the best vulnerability scanner. Top options compared on features, pros, cons, & pricing. 5 things that make a great scanner...
- A persistent twist in the current Malware Campaign13 May 2024, 7:12 pm
Recently while covering malware campaigns exploiting the LiteCache and WP‑Automatic WordPress plugins, we found that attackers were installing php‑everywhere, a plugin that allows users to run arbitrary PHP code in their site’s posts. This plugin was closed on April 25th per its author’s request. The reasoning behind this installation was to have persistent malware on the […]...
- Surge of JavaScript Malware in sites with vulnerable versions of LiteSpeed Cache Plugin3 May 2024, 3:01 pm
If you’ve recently encountered the admin user wpsupp‑user on your website, it means it’s being affected by this wave of infections. Identifying Contamination Signs: The malware typically injects code into critical WordPress files, often manifesting as : Or in the database, when the vulnerable version of LiteSpeed Cache is exploited : decoded version: Cleanup Procedures Identifying Malicious URLs and IPs […]...
- New Malware Campaign Targets WP-Automatic Plugin24 April 2024, 7:27 pm
A few weeks ago a critical vulnerability was discovered in the plugin WP‑Automatic. This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as attackers can exploit it to gain unauthorized access to websites, create admin‑level user accounts, upload malicious files, and potentially take full control of affected sites. The Vulnerability The vulnerability lies in […]...
Like this:
Like Loading...