General
20 articles
Suspected Chinese Threat Group Targets Universities via Vulnerable Roundcube Servers
A suspected Chinese threat cluster is exploiting Roundcube vulnerabilities to compromise university networks in the US and Canada and harvest user credentials
Britain plans to build autonomous AI 'Cyber Shield' to defend nation
The capability, called Cyber Shield, is designed to counter a threat the National Cyber Security Centre (NCSC) said could see attackers “move at machine spee...
Spain arrests suspected member of pro-Russian hacktivist groups
The National Police in Spain have arrested a man who is suspected of being an active member of the CyberArmy of Russia Reborn (CARR) and Z-Pentest, both pro-...
Qualys Joins Cisco Cloud Control Studio as a Launch Partner to Bring Risk Intelligence to Agentic Operations
Key Takeaways Qualys is a launch partner in Cisco Cloud Control Studio, Cisco’s new unified platform for agentic IT operations. Joint customers can access Qu...
Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data
A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization's private repositories, researchers at Noma Security have show...
New TrojPix technique uses screen pixels to exfiltrate data from air-gapped computers
The TrojPix technique, developed by Shandong University researchers, exploits the video cable to radiate faint radio signals that can be captured by a nearby...
The GitHub Actions Attack Pattern Your CI Security Scanners Miss
ActiveState explains how GitHub Actions attack chains can evade traditional CI security scanners, why passing a scan doesn't guarantee a secure pipeline, and...
Scattered Spider’s Structure More Like a Cybercrime Collective Than a Unified Gang
Group-IB analysis argued Scattered Spider is a decentralized collective of independent clusters
Barracuda adds PAM and identity protection with Evo Security acquisition
Barracuda Networks has acquired Evo Security. The acquisition expands the BarracudaONE platform’s identity security capabilities by adding privileged access ...
CyberProof Agentic MXDR Service brings AI agents to managed detection and response
CyberProof has announced the launch of the CyberProof Agentic MXDR Service which connects AI agents with human expertise and presents quantifiable security o...
Picus Autonomous Exposure Validation Platform validates real-world CVE exploitability
Picus Security has launched the Picus Autonomous Exposure Validation Platform, built for a world where frontier AI has collapsed the time between disclosure ...
Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker
U.S.
CISA Reportedly Using Anthropic’s Mythos to Scan Government Software for Flaws
The audits are reportedly being spearheaded by CISA’s Attack Surface Evaluation team, a specialized unit tasked with conducting digital defense assessments a...
uBlock Origin adds protections against ClickFix attacks
The popular browser content blocker, uBlock Origin, has integrated specific rules into its badware filter list to combat ClickFix attacks.
UK cyber pledge draws only a handful of top firms despite ministerial appeal
Those that did sign include large firms such as Aviva, the London Stock Exchange Group and Marks & Spencer, which lost hundreds of millions of pounds in a cy...
GitLost: GitHub’s AI Agent Tricked Into Leaking Private Repository Data
Noma Labs details GitLost, a prompt injection flaw that made GitHub's AI agent expose private repo data through a crafted public issue and guardrail failures.
SindriKit 1.3.0 Abuses Call Stack Spoofing to Bypass EDR Detection
SindriKit 1.3.
CISO Conversations: Tarah Wheeler, Cybersecurity Leader, Thought Leader and Original Thinker
Tarah Wheeler is CISO at TPO Group, a firm that provides cybersecurity consultancy for high-stakes organizations. But despite this elevated position, her jou...
Digi International PortServer TS, Digi One SP IA
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted resources, ...