Deleted Google API keys remain active for up to 23 minutes, study finds
While the Google Cloud Platform console indicates immediate deletion, researchers found that keys take an average of 16 minutes to become fully inactive, wit...
SC Media
20 articles
New Linux malware 'Showboat' targets Middle East telecom provider
Showboat is believed to be utilized by Chinese-affiliated threat actors, with command-and-control infrastructure linked to Chengdu, China.
'First VPN' service used by cybercriminals dismantled in international operation
First VPN marketed itself on Russian-speaking cybercrime forums as a reliable tool for anonymity, offering features like anonymous payments and concealed inf...
Nvidia releases driver updates to fix 14 critical vulnerabilities
The vulnerabilities affect GeForce, RTX, Quadro, Tesla, and NVS product lines, as well as vGPU and Cloud Gaming software.
FCC, Github, MiniShai-hulud, Stated of Supply Chain, Itron, CRA, NIS2, and more!! - PSW #927
Senator urges classified briefing after CISA data leak on GitHub
A GitHub leak exposed CISA credentials, sparking concerns over secrets management and leadership.
Socket raises $60 million for its open-source security platform
The investment, led by Thrive Capital with participation from Andreessen Horowitz and Capital One Ventures, brings Socket's total funding to $125 million.
Microsoft releases new AI red teaming tools for developers
As reported by CyberScoop, Microsoft has released two new open-source tools, Rampart and Clarity, designed to enhance the security of agentic AI development ...
Teenager from Odesa suspected of running infostealer malware operation
The suspect allegedly used information-stealing malware between 2024 and 2025 to infect user devices, aiming to steal browser sessions and account credentials.
Attackers exploit SonicWall VPN vulnerability to bypass MFA
The vulnerability, CVE-2024-12802, allows threat actors to bypass MFA on SonicWall Gen6 SSL-VPN appliances by using a specific user principal name (UPN) logi...
AI Governance Explained: How to Secure Data, Control Risk & Stay Compliant - WC #1
How identity became the new security battleground
Exploits happen in minutes in the AI era – so 43 days to fully remediate just doesn’t cut it today.
WantToCry ransomware evades detection through SMB abuse, remote encryption
More than 1.5 million exposed SMB ports may be susceptible to brute force attacks.
APIs under pressure: How AI is rewriting the rules of enterprise security
The rapid growth of AI has created an explosion of APIs that will require new techniques to manage.
1Password and OpenAI collaborate on secure credential access for AI coding agents
The new 1Password Environments MCP Server for Codex establishes a secure runtime environment where secrets are mounted, utilized, and then discarded after us...
Carding forum B1ack's Stash releases millions of stolen credit card records
The released data is unusually comprehensive, including full card numbers, expiration dates, CVV2 codes, cardholder names, billing addresses, email addresses...
DataDome launches priority protect for virtual waiting rooms
The product enhances DataDome's existing bot detection capabilities by classifying every request in real time and applying distinct access policies for diffe...
Terra Security expands platform to include network infrastructure exploitation validation
Terra's platform now allows security teams to validate vulnerabilities across web applications, AI systems, and network infrastructure from a single console.
Trump Mobile phone provider reportedly leaking customer data
A pair of YouTubers say their personal information, including mailing and email addresses, was leaked after they purchased the Trump Mobile T1 phone.
New Mini Shai-Hulud attack targets npm ecosystem
Mini Shai-Hulud campaign hits 323 npm packages, GitHub Actions and VS Code tools.