UK Cyber Security Council Launches Associate Cyber Security Professional Title
The UK Cyber Security Council has unveiled a new Associate Cyber Security Professional title aimed at supporting early‑career cybersecurity professionals
General
20 articles
AI and cryptocurrency scams are costing Americans billions, FBI reports
The fraud landscape has been changed by AI and cryptocurrency in a way that should concern organisations and individuals alike. Read more in my article on th...
Bringing Rust to the Pixel Baseband
Posted by Jiacheng Lu, Software Engineer, Google Pixel Team Google is continuously advancing the security of Pixel devices. We have been focusing on hardenin...
Google Chrome Rolls Out Protection Against Infostealers Targeting Session Cookies
Chrome’s Device Bound Session Credentials is designed to block infostealers from harvesting session cookie
Recovery scammers hit you when you’re down: Here’s how to avoid a second strike
If you’ve been a victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse.
VIP Credential Monitoring Blog
Executives and high-privilege users are prime targets for credential theft — and standard monitoring often misses them. Learn how VIP Credential Monitoring i...
[webapps] D-Link DIR-650IN - Authenticated Command Injection
D-Link DIR-650IN - Authenticated Command Injection
Protecting Cookies with Device Bound Session Credentials
Posted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team Following our April 2024 announcement, De...
Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings
macOS 26.
Master C and C++ with our new Testing Handbook chapter
We added a new chapter to our Testing Handbook: a comprehensive security checklist for C and C++ code. We’ve identified a broad range of common bug classes, ...
Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs
SANS Institute reveals that AI agents are behind a 76% surge in non-human identities
Google Warns of New Threat Group Targeting BPOs and Helpdesks
Google’s threat intel team warns UNC6783, a new extortion group possibly linked to the “Raccoon” persona, is targeting BPOs and enterprises
Third-Party Risk Is an Intelligence Operation. It's Time We Treated It Like One.
Recorded Future sees its inclusion in the 2026 Forrester Wave™ for Cybersecurity Risk Ratings Platforms as a reflection of a broader truth: the era of rating...
[webapps] RomM 4.4.0 - XSS_CSRF Chain
RomM 4.4.
Elastic on Defence Cyber Marvel 2026: A Technical overview from the Exercise Floor
An overview of the Elastic Security and AI infrastructure deployed to support the UK Ministry of Defence's flagship cyber exercise, Defence Cyber Marvel 2026.
Smashing Security podcast #462: LinkedIn is spying on you, and you agreed to nothing
LinkedIn has been secretly scanning your browser for over 6,000 installed extensions — on every single click you make. It can tell if you're job hunting, wha...
Google API Keys Quietly Gain Access to Gemini on Android Devices
Google API key flaw exposes mobile apps to Gemini AI access, private files and billing risks
Announcing ADEM Universal Agent
The ADEM Universal Agent for Prisma Access unifies network data across branch sites to fuel agentic autonomous operations. Get full-stack visibility.
Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software Vulnerabilities
Anthropic launches Project Glasswing, using its Claude Mythos Preview AI to autonomously identify and fix undiscovered vulnerabilities in critical software
Iran‑Backed Threat Actors Hit US CNI Providers via Internet‑Facing OT Assets
CISA has revealed Iranian attacks causing disruption and financial loss at US critical infrastructure firms