Qilin Ransomware Uses RDP History to Accelerate Lateral Movement
Qilin ransomware now harvests cached RDP connection logs from Windows servers to map internal networks and prioritize targets for encryption.
The Latest
Hackers Deploy Linux Backdoor GOGRA in Latest Campaign
Researchers identified that the threat actor 'Harvester' uses a Go-based backdoor named GOGRA, exploiting unpatched Linux server vulnerabilities for stealthy…
Critical cPanel and WHM Flaw Actively Exploited as Zero Day for Three Months
Attackers have exploited an authentication bypass in cPanel and WHM since February 2026, with widespread scanning for vulnerable servers detected…
Cloud Security Startup Native Raises $42 Million to Tackle Data Protection Gaps
The startup secured $42 million in combined seed and Series A funding from Ballistic Ventures and Notable Capital.
Anthropic Launches Claude Security to Combat Rising AI Driven Attacks
Anthropic's Claude Security product targets automated, AI-generated threats like malware and phishing by embedding continuous monitoring into its existing enterprise…
Over 1,800 Developers Compromised in Mini Shai-Hulud Supply Chain Attack
The threat actors infiltrated legitimate npm packages for SAP, Lightning, and Intercom to deploy credential-harvesting code, compromising over 1,800 developers.
Academics on arXiv Relying on LaTeX Leak Confidential Data
A detailed analysis of thousands of arXiv submissions revealed that 88% of LaTeX source files leaked private data, including internal…
Hiring undercover: North Korean operatives use deepfakes to infiltrate remote jobs
North Korean operatives are using live deepfake technology and stolen or synthetic identities to bypass remote job interviews, aiming to…
29 Million Secrets Exposed in 2025: The AI Agent Credential Crisis
In 2025, the number of hardcoded secrets exposed in public repositories surged 47% year-over-year to 28.7 million, driven by the…
CIS Benchmarks Receive March 2026 Refresh
The March 2026 update introduces new and revised configuration guidelines to counter emerging threats and meet evolving compliance standards across…
Malicious Ruby Gems and Go Modules Target CI Pipelines for Credential Theft
Attackers are exploiting automated CI build processes by embedding credential-harvesting code into fake updates of widely-used open source packages.
Cybercriminals Weaponize Vishing and SSO Hijacking for Rapid SaaS Extortion
Vishing calls are successfully coercing help desk staff into resetting MFA, enabling attackers to steal SSO tokens, encrypt data, and…
China Linked APT Group Strikes Asian Governments, NATO Ally, and Civil Society
A custom malware and spear-phishing campaign targeted Asian governments, a NATO ally, and civil society figures to steal credentials and…
Over 30,000 Facebook Accounts Compromised in Google AppSheet Phishing Attack
Attackers exploited Google's legitimate no-code AppSheet platform to create and host fake login pages, evading traditional security filters and stealing…
Spotlight
EtherRAT Campaign Uses SEO Poisoning and GitHub Facades to Target Enterprise Admins
Attackers are weaponizing SEO poisoning and counterfeit GitHub repositories to trick IT administrators into downloading a remote access trojan disguised as legitimate development software.
Huskeys Emerges From Stealth With $8 Million in Funding for Edge Security Management
Israeli cybersecurity startup Huskeys launches from stealth with an edge security management platform that adds an agentic layer across multi-cloud and multi-WAF environments. Israeli cybersecurity startup Huskeys emerged from stealth…
Wiz Joins Google Cloud as Landmark $32 Billion Acquisition Closes
Google Cloud completes its $32 billion acquisition of Wiz, combining cloud security with Google’s Threat Intelligence and Gemini AI to create an AI-powered cybersecurity platform. Cloud security giant Wiz has…
Zurich Acquires Beazley in $11 Billion Deal to Lead Cyberinsurance
Zurich Insurance acquires UK-based Beazley for $11 billion, creating a combined entity generating $15 billion in specialty premiums with Beazley’s cyberinsurance at its core. Swiss insurance giant Zurich has agreed…
Features
Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable
Sevii’s Cyber Swarm Defense charges per asset protected instead of per AI token, allowing CISOs to spin up unlimited defensive…
CVE MCP Server Turns Claude Into a Fully Capable Security Analyst With 27 Tools Across 21 APIs
An open-source MCP server transforms Claude AI into a security analyst with 27 tools spanning 21 APIs for CVE lookup,…
FBI Warns of Surge in Hacker-Enabled Cargo Theft
The FBI warns of a surge in cyber-enabled cargo theft where hackers compromise broker accounts and trucking load boards to…
Anthropic Launches Claude Security in Public Beta for Enterprise Customers
Claude Security brings AI-powered vulnerability detection to production codebases with the Opus 4.7 model, offering scheduled scans, validation to reduce…
Two US Security Experts Sentenced to Prison for Helping Ransomware Gang
Ryan Goldberg and Kevin Martin, working as cybersecurity professionals, received 4-year prison sentences for conducting BlackCat/Alphv ransomware attacks against companies.…
OpenAI to Acquire AI Security Startup Promptfoo
OpenAI acquires Promptfoo, an AI security evaluation platform valued at 6 million, to integrate automated red-teaming into its Frontier enterprise…
