Microsoft Defender for Endpoint Gains Automatic Network Isolation for Hacked Workstations
The new capability automatically cuts network access to compromised workstations during ransomware attacks while preserving the device's connection to Microsoft's security telemetry service.
The Latest
Notepad++ Urgent Update Fixes Two Critical Code Execution Flaws
The update patches three flaws including two critical arbitrary code execution vulnerabilities that could let attackers silently run malicious programs.
ISC Warns of Remote Exploit Risks in BIND 9 DNS Software
ISC has documented multiple BIND 9 flaws including a critical memory corruption vulnerability in the DNS-over-HTTPS implementation that could allow…
Evaluating Static Application Security Testing Platforms for Modern DevSecOps Pipelines
Modern SAST tools analyze uncompiled code for vulnerabilities and integrate into CI/CD pipelines, helping security teams catch flaws early without…
Media Firm Fined for Faking Phone Listening Capability in Ad Targeting Scam
Cox Media Group was fined after marketing a fake AI listening service that claimed to capture smartphone conversations for targeted…
Balancing Strong Active Directory Password Rules with User Experience
Modern Active Directory password policies can improve security by replacing complex rules with longer passphrases and blocking compromised credentials at…
Windows 11 Optional Update Boosts App Launch Speed and Hello Reliability
The optional KB5089573 update delivers 30 changes including faster app launches, improved Windows Hello defaults, and foundational updates for expiring…
Taming the Shadow AI Explosion Without Handcuffing Your Workforce
Organizations can close the shadow AI gap by auditing OAuth connections, browser extensions, and API integrations to create a safe…
Active Exploitation of LiteSpeed cPanel Plugin Flaw Triggers CISA Warning
The actively exploited LiteSpeed cPanel plugin flaw allows any authenticated user to gain root-level control over affected servers, posing severe…
Researcher Revives Windows Cloud Driver Bug for Full System Takeover
A revived Windows zero-day exploit bypasses existing patches to give attackers full system control through a cloud files driver flaw.
Poisoned VS Code Extension Opens Backdoor into GitHub’s Internal Code Vault
A poisoned version of the Nx Console VS Code extension gave the TeamPCP group backdoor access to GitHub's internal systems, leading to the theft of thousands of proprietary source code repositories.
How Top CISOs Build Threat Visibility to Stop Incidents Before They Escalate
Security teams can close visibility gaps by connecting weak signals across multiple investigation stages instead of examining files, URLs, and…
Fake ChatGPT and Claude Installers Spread DinDoor Backdoor in New Malware Campaign
Attackers are using compromised YouTube channels and trusted platforms like GitHub to distribute fake installers that deliver the DinDoor backdoor,…
Sophisticated npm Malware Campaign Steals Crypto Wallets and Developer Credentials
Attackers published 22 versions of a malicious npm package over 22 days, stealing cryptocurrency keys, browser credentials, and developer data…
Spotlight
AI chatbot recommendations weaponized in cryptojacking malware campaign
Attackers are poisoning AI chatbot recommendations to direct users searching for system utilities toward fake download sites that install cryptomining malware and remote access tools.
GitHub Outage Blocks Developers from Automation Services
A widespread authentication failure at GitHub on May 26, 2026, halted software delivery by blocking access to Actions and Pages services for developers worldwide.
Fraudsters Build 300+ Fake Domains to Steal World Cup Ticket Credentials
A Chinese speaking threat actor has set up over 300 fake websites using a custom phishing kit to steal FIFA World Cup ticket credentials, with thousands of stolen account pairs…
US Executives Plead Guilty in Tech Support Scam Ring
Two former executives of a call tracking company admitted to providing phone numbers and coaching to tech support scammers based in India.
Features
Iranian Threat Group Expands Global Espionage With DLL Side Loading Technique
The campaign abused legitimate signed binaries from Fortemedia and SentinelOne to bypass security detection while targeting industrial, financial, and transportation…
Apple Develops iPhone Auto Lock Feature That Triggers on Theft Detection
A new iPhone feature in development uses accelerometer and Apple Watch signals to automatically lock the screen the moment the…
Silent Account Hijack Exploits iOS 16 Image Flaw to Take Over WhatsApp
A zero click attack exploits two vulnerabilities to silently hijack WhatsApp accounts on iOS 16 devices, leaving no trace in…
Credential Theft Emerges as the New Goal in Software Supply Chain Attacks
Recent supply chain attacks demonstrate a clear shift from code injection to credential theft, targeting developer environments as a primary…
Urgent Update: Three Critical Flaws Patched in UniFi OS
Ubiquiti releases emergency patches for three maximum severity flaws in UniFi OS that allow unauthenticated remote attackers to compromise systems.
ShinyHunters Leaks Data of 185,000 Individuals After 7-Eleven Breach
The convenience store chain disclosed that attackers accessed franchisee document systems in April, leading to the exposure of hundreds of…