FIFA World Cup scams target fans and businesses
Cybercriminals are using fake ticketing, accommodation, and transportation apps to trick fans into divulging login credentials or losing money.
SC Media
20 articles
4 vulnerabilities in OpenClaw AI agent put thousands of servers at risk
The vulnerabilities, collectively known as Claw Chain, were found by security experts at Cyera and affect all versions of OpenClaw released before April 23, ...
Thousands of Yarbo robotic lawnmowers exposed with identical default passwords
Security researcher Andreas Makris discovered that Yarbo robotic lawnmowers, which operate in over 30 countries and are equipped with cameras, GPS, and AI ma...
REMUS infostealer evolves into sophisticated malware-as-a-service platform
Flare's analysis of 128 posts between February and May 2026 reveals REMUS's aggressive development cycle, mirroring structured software businesses.
Hackers exploit calendar invites to hijack accounts using CalPhishing
The CalPhishing campaign, active since early 2026, begins with an email appearing to be an urgent administrative alert.
Hotel check-in system exposed over 1 million customer passports
The exposed data belonged to users of Tabiq, a system maintained by Japanese tech startup Reqrea that utilizes facial recognition and document scanning for h...
Turla group evolves Kazuar backdoor into modular P2P botnet
Turla, also known as Secret Blizzard and linked to Russia's FSB, has re-engineered its Kazuar .NET backdoor, first used in 2017, into a modular botnet.
AI can accelerate microsegmentation, but it cannot govern policy
Here’s the case for looking at policy governance as its own discipline.
Recovery is the new cyber deterrence
Why resilience and quick recovery can deter potential attacks.
IBM executive floated for CISA director as concerns persist for agency
Cybersecurity leaders warn weakened CISA could hurt AI-era defense and threat response.
AI Has a data problem, cascading breaches, and the weekly news - Dimitri Sirota - ESW #459
TeamPCP releases ‘vibe coded’ Shai-Hulud source code, issues challenge
The variant was used in recent attacks against TanStack and others – but it’s not the original, researchers say.
10.0 Cisco Catalyst SD-WAN Controller bug added to CISA’s KEV list
Maximum-severity bug an authentication bypass flaw that’s considered the highest value target in an attacker’s playbook.
Microsoft warns of active exploitation of new Exchange Server zero-day vulnerability
The vulnerability, a cross-site scripting flaw with a CVSS score of 8.1, specifically impacts Outlook Web Access (OWA).
Hackers use PyInstaller to hide XWorm malware
The attack begins with deceptive emails or fake software updates containing a seemingly harmless file.
Researchers bypass Apple's M5 security with AI-powered macOS exploit
Researchers from Calif utilized Anthropic's Mythos Preview AI to chain two previously unknown bugs and several techniques, ultimately creating a functional e...
FTC begins enforcing Take It Down Act for nonconsensual deepfakes
The Take It Down Act mandates that online platforms remove nonconsensual intimate imagery and AI-generated "digital forgeries" within 48 hours of a victim's ...
U.S. officials discard items from China trip over security concerns
During a high-level meeting between U.S.
ESET details new Ghostwriter activity targeting Ukrainian government
The latest FrostyNeighbor campaign begins with a spear-phishing email containing a PDF attachment disguised as an official communication from Ukrtelecom, a m...
WordPress Funnel Builder vulnerability exploited to steal payment data
The vulnerability in the Funnel Builder plugin, used by over 40,000 websites, allows unauthenticated attackers to modify global settings via an unprotected c...