C/C++ checklist challenges, solved
We recently added a C/C++ security checklist to the Testing Handbook and challenged readers to spot the bugs in two code samples: a deceptively simple Linux ...
Threat Intelligence Feed
Aggregating 5353 articles from trusted cybersecurity sources
Latest News
DarkSword Malware
DarkSword is a sophisticated piece of malware—probably government designed—that targets iOS. Google Threat Intelligence Group (GTIG) has identified a new iOS...
FEMITBOT Network Abuses Telegram Mini Apps for Crypto Scams and Android Malware
A massive fraud network called FEMITBOT uses Telegram Mini Apps and fake brand names like Apple, Disney, and…
We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is
While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that ...
NCSC Warns of an AI-Fuelled “Vulnerability Patch Wave”
The UK's National Cyber Security Centre is urging organizations to prepare for glut of new software updates
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizin...
CISOs step up to the security workforce challenge
A robust cybersecurity program needs a range of skilled people, yet many CISOs continue to face an ongoing skills shortage — and the squeeze may only get wor...
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games
Trellix Reveals Unauthorized Access to Source Code
Security vendor Trellix has suffered a breach involving unauthorized access
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploit...
How Iranian Cyber Intrusions Unfold Inside Enterprise Networks
Iranian cyber operations have gone from being disruptive single events to ongoing campaigns against governments, infrastructure providers, technology compani...
Copy Fail lands in CISA KEV as actively exploited Linux flaw threatens widespread privilege escalation
The Cybersecurity and Infrastructure Security Agency (CISA) has added another Linux kernel vulnerability, CVE-2026-31431, also known as Copy Fail, to the Kno...
Data Breaches
Kodak Admits Data Breach After ShinyHunters Hack Claims
Kodak told SecurityWeek it believes there is no threat to its systems or operations as a result of the cybersecurity incident. The post Kodak Admits Data Bre...
Massive database with 24 billion credentials found exposed online
The exposed database, weighing approximately 8 terabytes, was compiled from 36 different sources, including Telegram channels, previous data breach collectio...
Low-skilled attacker used Claude, Codex to breach 14 companies
Researchers have long warned that AI agents could lower the skill floor for offensive cyber operations, and a recent report by OALABS (Open Analysis) researc...
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
A newly discovered data leak dubbed "FortiBleed" has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall UR...
Another healthcare firm attacked days after Novo Nordisk breach
Medical technology company iRhythm Holdings disclosed a cyberattack involving certain third-party-hosted business applications that resulted in the theft of ...
India's Telegram ban hit the UAE too. Here's how to get around it
India has banned Telegram until June 22 after the app was used to circulate leaked exam papers. CEO Pavel Durov accuses telecom Reliance of BGP hijacking tha...
ESET MDR vs Sophos MDR: Compared Time to discover and respond to a threat
A detailed ESET MDR vs Sophos MDR comparison covering tiers, response speed, coverage, threat intelligence, pricing, and breach warranties to help you choose.
What 22,000 breaches teach us about incident preparedness
The 2026 Verizon Data Breach Investigations Report analyzed more than 22,000 confirmed data breaches across 145 countries. Its findings point to a single unc...
FulcrumSec Targets Novo Nordisk, Leaks Clinical and Research Data
FulcrumSec leaked data stolen from Novo Nordisk, claiming to have exfiltrated 1.3TB, including clinical records and AI research assets.
Kodak confirms data breach claimed by ShinyHunters extortion gang
Kodak has confirmed that it's working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company...
India temporarily blocks Telegram over medical exam cheating fears
Authorities said scammers previously exploited the feature by posting fake exam questions before the test and later replacing them with the real questions, m...
iRhythm Confirms Data Stolen in Hack
The digital health company said it learned of the breach on June 8 and the attackers demanded a ransom. The post iRhythm Confirms Data Stolen in Hack appeare...