Critical Quest KACE SMA flaw exploited after 10 months
The critical vulnerability CVE-2025-32975 in Quest KACE Systems Management Appliance (SMA) was actively exploited by attackers who had not patched the system...
SC Media
20 articles
Cofense unveils AI-driven platform to combat polymorphic phishing campaigns
The company's latest offerings focus on campaign-level responses rather than individual email analysis. Vision 3.
Foxconn factories resume operations after ransomware attack
The attack impacted Foxconn's North American facilities, with the Nitrogen ransomware group claiming to have exfiltrated over 11 million documents, including...
China-linked hackers target Azerbaijani oil firm in multi-wave attack
The attackers exploited a vulnerable Microsoft Exchange Server, specifically the ProxyNotShell chain, to gain initial access.
Researcher publishes proof-of-concept exploits for unpatched Windows vulnerabilities
A cybersecurity researcher has released proof-of-concept exploits for two unpatched Microsoft Windows vulnerabilities, YellowKey and GreenPlasma, which allow...
Microsoft addresses BitLocker recovery issue in Windows 11
The issue, acknowledged on April 14, impacts Windows 10, Windows 11, and Windows Server devices configured with an "unrecommended" BitLocker Group Policy.
Tokee messaging app exposes 1.2 million users' data in MongoDB leak
Security researchers at Cybernews discovered that a MongoDB instance belonging to Deucetek, the developer of Tokee, was left unsecured and accessible.
OpenAI Daybreak joins growing movement of AI-driven vulnerability discovery
The program aims to leverage GPT models and Codex Security to improve software resilience.
Axios breach shows why software supply chains need zero trust
The axios breach shows trusted identities, not code flaws, now drive supply chain attacks.
The CISO shortage: Finding leadership without a leader
Thanks to AI, full-time CISO services may become available to firms that can't afford a full-time CISO.
House committee chair calls on Instructure to testify in Canvas hack
ShinyHunters hit Canvas twice, exposing student data via XSS and identity compromise.
ShinyHunters claims domain suspension after Canvas LMS attacks
The group's domain, shinyhunte.rs, went offline on Monday, May 11, 2026, leading to rumors of law enforcement seizure, potentially involving the FBI.
Veeam enhances data protection with new AI-powered features
Veeam Data Platform v13.1 introduces over 70 enhancements, including post-quantum cryptography to safeguard backups against future quantum computing threats.
Palo Alto Networks launches Idira identity security platform for AI era
Idira integrates technology from CyberArk, acquired by Palo Alto Networks for $25 billion, extending privileged access management controls to machine and AI ...
South Staffordshire Water fined nearly $1.3 million over data breach
The cyberattack on South Staffordshire Water Plc was initiated through a phishing attempt that allowed attackers to install undetected malware for nearly two...
Trusted by default: The npm attack pattern security teams miss
Developers are now the prime target in evolving npm supply chain attacks.
BWH Hotels confirms cyberattack impacting customer data
The cyberattack on BWH Hotels, which operates under brands like Best Western, WorldHotels, and SureStay Hotels, compromised customer names, email addresses, ...
Anthropic's AI finds one low-severity vulnerability in heavily audited curl codebase
Daniel Stenberg, the creator of curl, reviewed a Mythos analysis of 176,000 lines of C code, which claimed to have found five "confirmed" vulnerabilities.
Windows 10 KB5087544 update fixes Remote Desktop warnings and Secure Boot reporting
The KB5087544 update for Windows 10, available for Enterprise LTSC and ESU program participants, primarily delivers security fixes and bug resolutions, addre...