Latest News

The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.

Noteworthy stories that might have slipped under the radar: Switzerland requires disclosure of critical infrastructure attacks, ESP32 chips don’t contain a backdoor, MassJacker cryptojacking malware.

The ClickFix technique has been employed by cybercrime and APT groups for information stealer and other malware deployment.

Russian-Israeli LockBit ransomware developer Rostislav Panev has been extradited from Israel to the United States.

Measure the different level of risk inherent to all gen-AI foundational models and use that to fine-tune the operation of in-house AI deployments.

Your guide on how to get through the conference with your sanity, energy, and key performance indicators (KPIs) intact.

Two Microsoft researchers have devised a new jailbreak method that bypasses the safety mechanisms of most AI systems.

The newly discovered SuperBlack ransomware has been exploiting two vulnerabilities in Fortinet firewalls.

A recently disclosed Edimax zero-day vulnerability has been exploited in the wild by Mirai botnets for nearly a year.

Meta’s Facebook security team warns of live exploitation of a zero-day vulnerability in the open-source FreeType library. 

Cisco has released patches for 10 vulnerabilities in IOS XR, including five denial-of-service (DoS) bugs.

Threat actors are likely targeting Grafana path traversal bugs for reconnaissance in a SSRF exploitation campaign targeting popular platforms.

A cybercrime group named Storm-1865 has targeted hospitality organizations via fake Booking.com emails and the use of social engineering.

Researchers have analyzed the ability of the Chinese gen-AI DeepSeek to create malware such as ransomware and keyloggers.

The North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play.