HTTP/1.1 must die: the desync endgame
Abstract Upstream HTTP/1.1 is inherently insecure and regularly exposes millions of websites to hostile takeover.
Threat Intelligence Feed
Aggregating 5380 articles from trusted cybersecurity sources
Latest News
CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization
Summary The Cybersecurity and Infrastructure Security Agency (CISA) and U.S.
Beyond Convenience: Exposing the Risks of VMware vSphere Active Directory Integration
Written by: Stuart Carrera, Brian Meyer Executive Summary Broadcom's VMware vSphere product continues to be a top choice for private cloud virtualization, un...
From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944
Introduction In mid 2025, Google Threat Intelligence Group (GTIG) identified a sophisticated and aggressive cyber campaign targeting multiple industries, inc...
Introducing OSS Rebuild: Open Source, Rebuilt to Last
Posted by Matthew Suozzo, Google Open Source Security Team (GOSST) Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open sou...
#StopRansomware: Interlock
Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ...
Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor
Written by: Josh Goddard, Zander Work, Dimiter Andonov UPDATE (Sep 16): Clarified hunting guidance specifics surrounding ld.so.
Repeater Strike: manual testing, amplified
Manual testing doesn't have to be repetitive.
Advancing Protection in Chrome on Android
Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team Android recently announced Advanced Protection, which extends Google’s Advanced P...
Isolated Recovery Environments: A Critical Layer in Modern Cyber Resilience
Written by: Jaysn Rye Executive Summary As adversaries grow faster, stealthier, and more destructive, traditional recovery strategies are increasingly insuff...
Mitigating prompt injection attacks with a layered defense strategy
Posted by Adam Gavish, Google GenAI Security Team With the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the ai...
Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider
Summary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this advisory in response to ransomware actors leveraging unpatched instance...
Data Breaches
GentleKiller targets more than 400 security processes across 48 products
Most ransomware operations leave the work of disabling endpoint security software to their affiliates. The ransomware-as-a-service gang Gentlemen runs a diff...
Kodak Admits Data Breach After ShinyHunters Hack Claims
Kodak told SecurityWeek it believes there is no threat to its systems or operations as a result of the cybersecurity incident. The post Kodak Admits Data Bre...
Massive database with 24 billion credentials found exposed online
The exposed database, weighing approximately 8 terabytes, was compiled from 36 different sources, including Telegram channels, previous data breach collectio...
Low-skilled attacker used Claude, Codex to breach 14 companies
Researchers have long warned that AI agents could lower the skill floor for offensive cyber operations, and a recent report by OALABS (Open Analysis) researc...
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
A newly discovered data leak dubbed "FortiBleed" has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall UR...
Another healthcare firm attacked days after Novo Nordisk breach
Medical technology company iRhythm Holdings disclosed a cyberattack involving certain third-party-hosted business applications that resulted in the theft of ...
India's Telegram ban hit the UAE too. Here's how to get around it
India has banned Telegram until June 22 after the app was used to circulate leaked exam papers. CEO Pavel Durov accuses telecom Reliance of BGP hijacking tha...
ESET MDR vs Sophos MDR: Compared Time to discover and respond to a threat
A detailed ESET MDR vs Sophos MDR comparison covering tiers, response speed, coverage, threat intelligence, pricing, and breach warranties to help you choose.
What 22,000 breaches teach us about incident preparedness
The 2026 Verizon Data Breach Investigations Report analyzed more than 22,000 confirmed data breaches across 145 countries. Its findings point to a single unc...
FulcrumSec Targets Novo Nordisk, Leaks Clinical and Research Data
FulcrumSec leaked data stolen from Novo Nordisk, claiming to have exfiltrated 1.3TB, including clinical records and AI research assets.
Kodak confirms data breach claimed by ShinyHunters extortion gang
Kodak has confirmed that it's working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company...
India temporarily blocks Telegram over medical exam cheating fears
Authorities said scammers previously exploited the feature by posting fake exam questions before the test and later replacing them with the real questions, m...