CISA credential leak raises alarms, and Capitol Hill demands answers
A researcher who found a repository that leaked on GitHub said it was one of the worst he’s witnessed. The post CISA credential leak raises alarms, and Capit...
Cyberscoop
20 articles
Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches
Verizon’s annual Data Breach Investigations Report uncovered a surge of exploited vulnerabilities, and a growing lack of critical defect remediation industry...
Mini Shai-Hulud returns, compromising hundreds of npm packages
Another malware wave is washing through open-source software repos, stealing publishing tokens, installing OS‑level backdoors and persisting in developer too...
Microsoft disrupts cybercrime service that abused software verification systems en masse
Fox Tempest, a financially-motivated threat group, allowed ransomware operators and other cybercriminals to slip malware-laced software past security control...
AI might cut false positives, but it won’t stop the slop
Anthropic and OpenAI promise their latest tools will find more vulnerabilities. Cybersecurity employees say they’re already flooded with AI-generated reports.
Interpol leads cybercrime crackdown across 13 countries in Middle East, North Africa
Operation Ramz resulted in 201 arrests and disrupted phishing services, malware and financial scams. The post Interpol leads cybercrime crackdown across 13 c...
The Canvas breach proved that prevention is no longer enough
Cybercriminals brought down the most widely used learning platform in North America. The Canvas breach is a blueprint for how SaaS attacks now work — and a w...
Former CISA nominee Sean Plankey named US CEO of defense startup
UFORCE, a London-based company founded by Ukrainians, is looking to make drones in America. The post Former CISA nominee Sean Plankey named US CEO of defense...
Colorado governor commutes prison sentence for election denier Tina Peters
Peters was sentenced to nine years for stealing voting data and has been publicly unrepentant. But Colorado Governor Jared Polis has been hinting at the deci...
Here’s how the FTC plans to enforce the Take It Down Act
The commission will dole out hefty fines and promises investigations for Take It Down Act violators. Experts say questions remain around the agency’s resourc...
Cisco zero-day under ongoing attack by persistent threat group
The threat group behind the attacks is also linked to a series of recently disclosed vulnerabilities in the vendor’s firewalls and SD-WAN systems. The post C...
Pentagon cyber official calls advanced AI ‘revolutionary warfare’
Paul Lyons, principal deputy assistant secretary for cyber policy, also discussed the importance of cyber offense. The post Pentagon cyber official calls adv...
White House cyber official: identity security matters more than ever in the age of AI
While AI tools present unique cybersecurity threats, they still rely on poor identity security by organizations to do the most damage, a White House official...
Major tech manufacturer Foxconn confirms cyberattack hit North American factories
The ransomware group Nitrogen claimed responsibility for the attack and said it stole 8 terabytes of data spanning more than 11 million files belonging to th...
Researchers say AI just broke every benchmark for autonomous cyber capability
Two independent studies found that Anthropic's Claude Mythos Preview and OpenAI's GPT-5.5 have outpaced every trend line researchers were tracking.
Closed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risks
The committee held a closed briefing Wednesday with company reps, and more oversight is in the works. The post Closed briefing sets stage for House hearing o...
DOJ releases legal rationale for nationwide voter data collection
The memo claims a robust executive branch role vetting voter eligibility. One Secretary of State called it a “fantasy” that “isn’t worth the paper it’s print...
Weaponized AI: The new frontier of fraud and identity spoofing
As fake identity fraud is projected to cause $40 billion in losses next year, leaders must abandon static security in favor of rapid-iteration, AI-enabled de...
Daybreak is OpenAI’s answer to the AI arms race in cybersecurity
With Daybreak, OpenAI is taking direct aim at Anthropic's tightly restricted Mythos model, offering a more open — but still carefully gated — path to AI-powe...
‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
The campaign hit major registries and hid behind legitimate-looking release signatures, showing how attackers can weaponize the software update process itsel...