Cybercriminals take aim at Hasbro, weeks of recovery ahead
Hasbro, an American toy maker with more than 5,000 employees, confirmed a cyberattack and proactively took certain systems offline. The intrusion was detecte...
Transportation
20 articles
Cyberattacks powered by stolen credentials on the rise
Cybersecurity incidents are increasingly centered on identity abuse, where stolen login credentials serve as the primary entry point for attackers, and the g...
Claude Code source code inadvertently leaked
Anthropic, the firm behind Claude Code, has accidentally included an unobfuscated TypeScript source in the AI coding tool's npm package, exposing over 500,00...
Monetization of ransomware-stolen data touted by new cybercrime service
Affiliates and customers are being sought by the new Leak Bazaar cybercrime service, which was reported by Flare researchers to be promoted across the dark w...
Bogus LinkedIn message alerts enable credential siphoning
Malicious actors have been distributing fraudulent LinkedIn alert messages for potential job opportunities to facilitate credential exfiltration in a new phi...
Widespread Microsoft 365 account compromise sought by Iran-linked hackers
Widespread Microsoft 365 account compromise sought by Iran-linked hackers More than 300 organizations in Israel, over 25 others in the United Arab Emirates, ...
Joint offering combines CrowdStrike's Falcon with HCLTech's AI Force
CrowdStrike and HCLTech have expanded their partnership with a new continuous threat exposure management service combining CrowdStrike's Falcon platform with...
FCC bans import of new foreign-made consumer routers due to security risks
The FCC has added all foreign-produced consumer-grade routers to its Covered List, prohibiting their marketing and sale in the U.S.
Routine Access Is Powering Modern Intrusions, a New Threat Report Finds
Modern intrusions increasingly start with valid credentials and routine access, not exploits. Blackpoint Cyber's upcoming threat report shows how VPN abuse, ...
WhatsApp malware campaign uses malicious VBS files to gain persistent access
Microsoft is warning WhatsApp users of a new malware campaign that tricks them into executing malicious Visual Basic Script (VBS) files, ultimately enabling ...
Hacker zielen auf Exilportal Iranwire
Unbekannte sollen das Exilportal Iranwire gehackt haben. PX Media – shutterstock.
A Taxonomy of Cognitive Security
Last week, I listened to a fascinating talk by K. Melton on cognitive security, cognitive hacking, and reality pentesting.
9 ways CISOs can combat AI hallucinations
AI hallucinations are a well-known problem and, when it comes to compliance assessments, these convincing but inaccurate assessments can cause real damage wi...
PyPI Telnyx Python SDK Backdoored to Steal Credentials on Windows, macOS, and Linux
Telnyx Python SDK on PyPI, using a multi‑stage WAV steganography payload to steal credentials across Windows, macOS, and Linux systems. The backdoor lives in...
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management
Malware detectors trained on one dataset often stumble on another
Machine learning models built to catch malware on Windows systems are typically evaluated on data that closely resembles their training set. In practice, the...
New macOS feature seeks to avert ClickFix compromise
Apple has released a new mechanism for macOS Tahoe 26.4 that stops the execution of potentially harmful commands in Terminal and warns the user about related...
New compliance guide available: ISO/IEC 27001:2022 on AWS
We’re excited to announce the release of our latest compliance guide, ISO/IEC 27001:2022 on AWS, which provides practical guidance for organizations designin...
New critical Telegram zero-click issue threatens total device compromise
Cybernews reports that Telegram for Android and Telegram Desktop for Linux have been affected by a critical zero-click vulnerability that could enable remote...
Critical Fortinet FortiClient EMS vulnerability under attack
Intrusions harnessing a critical SQL injection flaw in Fortinet FortiClient EMS, tracked as CVE-2026-21643, were reported by Defused researchers to have been...