SC Media
20 articles
TeamPCP releases ‘vibe coded’ Shai-Hulud source code, issues challenge
The variant was used in recent attacks against TanStack and others – but it’s not the original, researchers say.
10.0 Cisco Catalyst SD-WAN Controller bug added to CISA’s KEV list
Maximum-severity bug an authentication bypass flaw that’s considered the highest value target in an attacker’s playbook.
Microsoft warns of active exploitation of new Exchange Server zero-day vulnerability
The vulnerability, a cross-site scripting flaw with a CVSS score of 8.1, specifically impacts Outlook Web Access (OWA).
Hackers use PyInstaller to hide XWorm malware
The attack begins with deceptive emails or fake software updates containing a seemingly harmless file.
Researchers bypass Apple's M5 security with AI-powered macOS exploit
Researchers from Calif utilized Anthropic's Mythos Preview AI to chain two previously unknown bugs and several techniques, ultimately creating a functional e...
FTC begins enforcing Take It Down Act for nonconsensual deepfakes
The Take It Down Act mandates that online platforms remove nonconsensual intimate imagery and AI-generated "digital forgeries" within 48 hours of a victim's ...
U.S. officials discard items from China trip over security concerns
During a high-level meeting between U.S.
ESET details new Ghostwriter activity targeting Ukrainian government
The latest FrostyNeighbor campaign begins with a spear-phishing email containing a PDF attachment disguised as an official communication from Ukrtelecom, a m...
WordPress Funnel Builder vulnerability exploited to steal payment data
The vulnerability in the Funnel Builder plugin, used by over 40,000 websites, allows unauthenticated attackers to modify global settings via an unprotected c...
American Lending Center data breach impacts over 123,000 individuals
The breach involved a ransomware attack where threat actors compromised the internal network and accessed files containing personal identifying information.
Cisco, Canvas, Microsoft, Exchange 0-Days, NPM Backdoors, GPT-5.5 and more... - SWN #581
When compliance isn’t continuous, that’s a security risk
Companies need to treat compliance as a service that helps the business compete.
Permiso launches AI agent runtime security
The new capabilities extend Permiso’s unified identity platform to address the growing challenge of securing AI agents, which are increasingly making autonom...
Critical vulnerability in Burst Statistics plugin allows admin takeover
The flaw, identified as CVE-2026-8181, was introduced in version 3.4.
The blind spot in AI security: Resilience for model and training data
AI resilience, not speed alone, will decide which enterprises survive AI-era breaches.
New Linux privilege escalation flaw ‘Fragnesia’ disclosed; PoC available
Fragnesia is at least the fourth privilege escalation flaw affecting Linux systems disclosed in the last three weeks.
Trump administration's voter data collection efforts face legal challenges
The Department of Justice's Office of Legal Counsel issued a memo arguing that a provision in the 1960 Civil Rights Act, requiring election officials to reta...
Fake job interviews used to deploy JobStealer malware
The campaign involves scammers posing as recruiters and inviting victims to online interviews via custom platforms that mimic legitimate services like Cisco ...
Alleged Dream Market administrator indicted on money laundering charges
Owe Martin Andresen, 49, faces six counts each of international concealment money laundering and concealment money laundering, potentially leading to 20 year...