Microsoft credential phishing weaponizes Bubble AI app builder
Microsoft credential phishing weaponizes Bubble AI app builder AI-powered no-code app-building platform Bubble has been exploited to create illicit web apps ...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1598 — Phishing for Information (Reconnaissance)
Clear filter96 articles found
AI Becomes the Top Cybersecurity Priority for Defenders as Criminals Exploit It, PwC Warns
PwC Annual Threat Dynamics report says AI-threats are the biggest concern of clients
Google races to secure encryption before quantum threats arrive
Google is preparing for the quantum era, a turning point in digital security, with a 2029 timeline for post-quantum cryptography (PQC) migration. Security pr...
Preventing Account Takeovers: A Practical Guide to Detection and Response
Yesterday’s password leak can become tomorrow’s identity crisis. According to research firm Gitnux, account-takeover attacks jumped 354 percent in 2023, driv...
A nearly undetectable LLM attack needs only a handful of poisoned samples
Prompt engineering has become a standard part of how large language models are deployed in production, and it introduces an attack surface most organizations...
ColorTokens' Rajesh Khazanchi on breach readiness for measurable risk reduction in the age of AI
Rajesh Khazanchi explores why breach readiness has become mission-critical for business continuity.
Novee's Ido Geffen on why AI pentesting is becoming essential
Novee's Ido Geffen explains what “AI penetration testing” means.
Cisco IOS XE Software Denial of Service Vulnerability
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected ...
Cisco IOS XE Software Lobby Ambassador Privilege Escalation Vulnerability
A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their priv...
Paid AI Accounts Are Now a Hot Underground Commodity
AI accounts are becoming part of the cybercrime supply chain, sold like email accounts or VPS access. Flare Systems shows how underground markets bundle and ...
Vorlon adds forensics and response to secure AI agents
Vorlon has unveiled AI Agent Flight Recorder and AI Agent Action Center, adding forensics and coordinated response to secure enterprise agentic ecosystems an...
GoHarbor Issues Urgent Patch for Harbor Flaw Allowing Full Registry Compromise
A critical security flaw in GoHarbor’s Harbor container registry exposes organizations to severe supply chain attacks. Tracked as CVE-2026-4404, this vulnera...
Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave
What started as a supply chain attack on Trivy, a widely used security scanner, has become a Lapsus$-linked extortion campaign, with more than 1,000 enterpri...
Hackers Exploiting Magento Flaw to Execute Remote Code and Seize Full Account Access
A critical vulnerability dubbed “PolyShell” is actively being exploited across Magento and Adobe Commerce platforms. Discovered by the Sansec Forensics Team ...
ClawHub Vulnerability Lets Attackers Manipulate Rankings to Become Top Skill
Silverfort researchers recently uncovered a critical security flaw in ClawHub, the main public registry for the OpenClaw agent ecosystem. This vulnerability ...
Understanding Wiz’s Approach to Securing the AI Supply Chain
As organizations race to deploy AI, securing the rapidly expanding ecosystem of models, data, and dependencies has become a critical priority, much of which ...
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-nativ...
Streamline physical security to enable data center growth in the era of AI
AI is the new space race for data centers, and consistency at speed is the rocket fuel that colocation and hyperscale providers need to reach orbit. Everythi...
Pro-Iranian Nasir Security is targeting energy companies in the Gulf
Resecurity tracks Iran-linked Nasir Security targeting Middle East energy firms amid ongoing regional cyber and military threats. Resecurity (USA) is trackin...
Behavioral XDR and threat intel nab North Korean fake IT worker within 10 days of hire
The North Korea fake IT worker scheme has become a pernicious threat across several industries. While best practices emphasize precautions throughout the hir...