Top 10 Best Static Application Security Testing (SAST) Tools for Security Teams in 2026
The complexity of modern software development requires security to be deeply embedded within the engineering pipeline rather than treated as an afterthought....
Energy
20 articles
$20 per zero-day is already the WordPress plugin reality
Vulnerability researchers have spent the past year arguing about whether AI agents can find real bugs at scale or whether they mostly generate noise. A pipel...
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub reposit...
Hitachi Energy GMS600
View CSAF Summary Hitachi Energy is aware of the vulnerability, CVE-2022-4304 in the OSS component OpenSSL, that affects the GMS600 versions that are listed ...
Two U.S. Executives Plead Guilty in India-Based Tech Support Fraud Schemes
Two U.S.
[webapps] solaredge - (CSRF-OOB-Injection)
solaredge - (CSRF-OOB-Injection)
CVE Lite CLI: Open-source dependency vulnerability scanner
Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, contin...
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, p...
Mini Shai-Hulud returns, compromising hundreds of npm packages
Another malware wave is washing through open-source software repos, stealing publishing tokens, installing OS‑level backdoors and persisting in developer too...
Iran suspected in breaching automatic tank gauges at US gas stations
The automatic tank gauge systems were reportedly exposed online without passwords.
Public Instagram posts provide raw material for AI phishing campaigns
A handful of public Instagram posts can give attackers enough material to generate convincing phishing emails with GenAI. Research from the University of Tex...
Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations
A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. A...
Why geopolitical turmoil is a gift for scammers, and how to stay safe
Conflict is a boon for opportunistic fraudsters. Look out for their ploys.
China-linked hackers target Azerbaijani oil firm in multi-wave attack
The attackers exploited a vulnerable Microsoft Exchange Server, specifically the ProxyNotShell chain, to gain initial access.
FamousSparrow Targeted Oil and Gas Industry via MS Exchange Server Exploit
Bitdefender Labs reveals how the China-linked FamousSparrow hacking group targeted an Azerbaijani energy firm using ProxyNotShell, Deed RAT,…
Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns
Salt Typhoon has hit an energy entity in Azerbaijan. Twill Typhoon has targeted Asian entities with an updated RAT.
GitLab Security Flaw Allows Cross-Site Scripting and Unauthenticated DoS
GitLab has issued an urgent security update to neutralize a massive wave of vulnerabilities. Threat actors could exploit these newly disclosed flaws to silen...
Vector embedding security gap exposes enterprise AI pipelines
Enterprise adoption of retrieval-augmented generation has moved sensitive corporate content into a new storage format that existing security tools cannot ins...
Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities
Welcome to the largest educational data breach in history - affecting nearly 9,000 institutions, every Ivy League university, and 30 million students mid-fin...
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late Decem...