Yesterday · 12:00 UTC

View CSAF Summary SIMATIC CN 4100 contains multiple vulnerabilities which could potentially lead to a compromise in availability, integrity and confidentiality. Siemens has released a new version for SIMATIC CN 4100 and…

Yesterday · 12:00 UTC

View CSAF Summary Siemens gPROMS Web Applications Publisher (gWAP) is affected by a remote code execution vulnerability introduced through a third-party component, namely the Axios HTTP client library. The vulnerability…

Yesterday · 12:00 UTC

View CSAF Summary ROS# contains a ROS service file_server, that before version 2.2.2 contains a path traversal vulnerability which could allow an attacker to access, i.e. read and write, arbitrary files, which are access…

Yesterday · 20:09 UTC

Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks that allowed attackers to gain administrative privileges on co…

Yesterday · 21:07 UTC

Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. [...]

Yesterday · 22:50 UTC

The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. [...]

Yesterday · 17:45 UTC

Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries…

Yesterday · 16:07 UTC

Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Ha…

Yesterday · 17:22 UTC

Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm pa…

Yesterday · 20:57 UTC

The acquisition looks to boost visibility into third-party ecosystems, which are becoming a bigger concern as vectors for supply chain attacks.

Yesterday · 20:25 UTC

This is the second time this year a threat actor has leveraged a CVSS 10.0 vulnerability in Cisco's network control system.

Today · 01:00 UTC

A Taiwanese student experimenting with software-defined radio technology shut down three bullet trains for nearly an hour, leading to an anti-terrorism response.

12 May 2026 · 21:46 UTC

Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on…

Yesterday · 14:23 UTC

The ransomware group Nitrogen claimed responsibility for the attack and said it stole 8 terabytes of data spanning more than 11 million files belonging to the company’s top customers. The post Major tech manufacturer Fox…

Yesterday · 20:15 UTC

While AI tools present unique cybersecurity threats, they still rely on poor identity security by organizations to do the most damage, a White House official said Thursday. The post White House cyber official: identity s…

Yesterday · 20:35 UTC

Paul Lyons, principal deputy assistant secretary for cyber policy, also discussed the importance of cyber offense. The post Pentagon cyber official calls advanced AI ‘revolutionary warfare’ appeared first on CyberScoop.

Yesterday · 15:00 UTC

Mustang Panda campaign deploys updated FDMTP backdoor against Asia-Pacific and Japan networks

Yesterday · 13:30 UTC

Google’s Android Advanced Protection Mode is getting a new feature allowing trusted security experts to investigate potential spyware infections

Yesterday · 13:00 UTC

New Fragnesia kernel flaw lets unprivileged local users escalate to root on Linux systems

Yesterday · 12:46 UTC

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May. 14, 2026 –Read the full story in CyberScoop CyberScoop reports that the average cyberattack costs for a small- or medium-size bu…

13 May 2026 · 12:55 UTC

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May. 13, 2026 – Watch the YouTube video The challenge Legion Security addresses is well-known: for more than two decades, SOC teams h…

12 May 2026 · 13:01 UTC

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May. 12, 2026 – Watch the YouTube video The Women in Cybersecurity Report, a 7-minute video hosted by Cybercrime Magazine Deputy Edit…

Yesterday · 21:02 UTC

One little mystery—solved.

Yesterday · 21:32 UTC

Study suggests "the bias is real but socially constructed, rather than grounded in how women actually sound."

Yesterday · 19:27 UTC

People confide almost everything to their phones.

13 May 2026 · 11:03 UTC

The UK’s AI Security Institute evaluated GPT-5.5’s ability to find security vulnerabilities, and found that it is comparable to Claude Mythos. Note that the OpenAI model is generally available. Here is the Institute’s ev…

Yesterday · 16:01 UTC

This is a current list of where and when I am scheduled to speak: I’m giving a virtual talk on “The Security of Trust in the Age of AI,” hosted by the Financial Women’s Association of New York, at 6:00 PM ET on May 21, 2…

Yesterday · 11:04 UTC

Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it to the general public.…

13 May 2026 · 06:29 UTC

&#;x26;#;x5b;This is a Guest Diary by Joshua Nikolson, an ISC Intern and part of the SANS.edu Bachelor&#;x26;#;39;s degree in Applied Cybersecurity (BACS) program.]

Yesterday · 06:08 UTC

Besides serving as a place where Microsoft Outlook places suspected spam, the Outlook Junk folder has one additional function that can be quite helpful when it comes to identifying malicious messages. Any e-mail placed i…

Yesterday · 04:20 UTC

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Yesterday · 20:29 UTC

Heap buffer overflow in rewrite module.

Yesterday · 20:34 UTC

As it chases further standardisation.

Yesterday · 20:28 UTC

Explores more agentic applications.

Yesterday · 17:01 UTC

US-based site, whose operators were fined £950,000 by Ofcom, appears in Google’s search results and can be accessed in UKGoogle has denied breaching the Online Safety Act by promoting a “nihilistic” suicide forum associa…

13 May 2026 · 10:48 UTC

Industry body says energy consumption driven by AI up 15% globally in two years as it warns of societal backlashDatacentres are consuming 6% of electricity in the UK and US, with the growing strain of AI on energy suppli…

Yesterday · 09:00 UTC

Defying criticisms of ‘slop’ and ‘theft’, the growing culture of AI-powered creativity is attracting interest from HollywoodIn a former hemstitching workshop where artisans sewed pleats for Stockholm’s 19th-century bourg…

Yesterday · 13:00 UTC

Financial services companies have unique needs when it comes to business AI. They operate in one of the most highly regulated sectors while responding to external events that are updated by the second. As a result, the s…

Yesterday · 13:00 UTC

When generative AI first moved from research labs into real-world business applications, enterprises made a tacit bargain: “Capability now, control later.” Feed your proprietary data into third-party AI models, and you w…

Yesterday · 09:00 UTC

When Jennifer got a job doing research for a nonprofit in 2023, she ran her new professional headshot through a facial recognition program. She wanted to see if the tech would pull up the porn videos she’d made more than…

Yesterday · 20:58 UTC

The update gives users enhanced flexibility over how they can manage their workflows.

Yesterday · 21:30 UTC

More than 50 employees have reportedly left Elon Musk’s newly merged SpaceXAI since February, raising questions about burnout, leadership changes, talent poaching, and whether liquidity events weakened retention incentiv…

Yesterday · 22:47 UTC

Here's what the biggest tech court case of the year is all about.

Yesterday · 10:00 UTC

British technology company Humanoid will deploy humanoid robots at factories operated by German industrial supplier Schaeffler, Reuters reported. The two companies’ agreement covers an estimated 1,000 to 2,000 robots in…

Yesterday · 07:51 UTC

Real estate products depend on integrations, data flows, and compliance layers that rarely appear in marketing pages. A vendor may look strong on reviews about general software development and struggle once MLS feeds, pa…

13 May 2026 · 13:43 UTC

The Physical AI Conference shaping the future of robotics, autonomous systems and real-world AI deployment lands in Silicon Valley this May, bringing together the engineers, builders and AI pioneers turning intelligence…

Yesterday · 22:46 UTC

Honda revealed prototypes of two new hybrid models, an Accord sedan and the Acura RDX SUV, during its annual business briefing this week, built on a platform that it says will begin launching next year. The RDX was annou…

Yesterday · 22:21 UTC

Today was closing arguments in the Musk v. Altman trial, and I almost feel bad writing about the unbelievable demolition derby I just witnessed. Steven Molo, Musk's lawyer, stumbled over his words. He at one point called…

Yesterday · 21:38 UTC

The most graphically-impressive first-person shooter made for the Nintendo Switch is $20 off at Best Buy. Right now, you can buy the physical version of Metroid Prime 4: Beyond for $39.99 ($20 off). The game looks surpri…

Today · 00:49 UTC

A federal jury is now deciding whether Elon Musk will win his lawsuit against OpenAI and Sam Altman—but the trial has made everyone look bad.

Yesterday · 20:27 UTC

Meta employees in the US and UK are organizing against corporate software that tracks workers’ keystrokes and mouse activity.

Yesterday · 19:04 UTC

Today on Uncanny Valley, we discuss how Donald Trump’s visit to China could influence conversations between world leaders at a moment when the economic and foreign policy stakes couldn’t be higher.

Yesterday · 19:17 UTC

Town’s 49,000 California residents compete with Nevada data centers for energy.

Yesterday · 17:28 UTC

Made-up therapy referrals, incorrect prescriptions among the common mistakes.

Yesterday · 11:00 UTC

Xi meeting may force Trump to pivot on chip restrictions and Taiwan.

Yesterday · 13:00 UTC

Editor’s note: The Gaijin single sign-on feature is now up and running. Dive masks on — Subnautica 2 is making a splash on GeForce NOW day-and-date with launch, so members can plunge into the title’s brand-new alien ocea…

13 May 2026 · 13:00 UTC

Reinforcement-learning agents — AI systems that learn by trial and error — can convert computation into new knowledge. That’s the focus of a new engineering-level collaboration between NVIDIA and Ineffable Intelligence,…

13 May 2026 · 13:00 UTC

Agentic AI is changing the way users get work done. Following the success of OpenClaw, the community is embracing new open source agentic frameworks. The latest is Hermes Agent, which crossed 140,000 GitHub stars in unde…

Today · 02:07 UTC

Australia's northern cattle industry says it is "deeply disappointed" by a Federal Court decision to dismiss its appeal over compensation for the 2011 live export ban.

Today · 00:54 UTC

The announcement comes as TT-Line continues to wrestle with the financial fallout from its bungled delivery of the new Spirit of Tasmania vessels.

Yesterday · 21:06 UTC

How to reduce your petrol bill by changing your driving technique and tinkering with your car.

Yesterday · 16:00 UTC

Imagine you build a massive corporate campus with every security control money can buy. Blast resistant doors. Biometric scanners. Guards at every entrance. Maybe something similar to the infamous Death Star. On paper, i…

Yesterday · 19:15 UTC

OverviewOn May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0265, a signature verification vulnerability that facilitates authentication bypass on PAN-OS, the operating system that most Palo Al…

Yesterday · 16:00 UTC

OverviewWhile researching a critical authentication bypass vulnerability, CVE-2026-20127, which was exploited in-the-wild, Rapid7 Labs discovered a new authentication bypass vulnerability affecting Cisco Catalyst SD-WAN…

Yesterday · 14:20 UTC

Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by threat actors. Learn how exploitable misconfigurations lead to RCE and data leaks. The post Whe…

Yesterday · 15:00 UTC

Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused operations. Over time, K…

Yesterday · 16:00 UTC

As AI agents gain autonomy, defense in depth must evolve, with application-layer design, identity, and human oversight at the center. The post Defense in depth for autonomous AI agents appeared first on Microsoft Securit…

Today · 00:38 UTC

Active Supply Chain Attack: Malicious node-ipc Versions Published to npm StepSecurity has detected multiple malicious releases of the popular node-ipc npm package. Three versions are currently known to be compromised, co…

12 May 2026 · 13:58 UTC

The Mini Shai-Hulud worm is actively compromising legitimate npm packages by hijacking CI/CD pipelines and stealing developer secrets. StepSecurity's OSS Package Security Feed first detected the attack in official @tanst…

Yesterday · 16:02 UTC

Cisco Talos is tracking the active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vM…

13 May 2026 · 10:00 UTC

Philippe shares his unique journey from French engineering school to the front lines of cybersecurity, explaining how his lifelong love for solving puzzles helps him uncover critical security flaws before they can be exp…

Yesterday · 18:00 UTC

In this week’s newsletter, Martin reflects on what the next iteration of AI tools means for vulnerability discovery and our ability to manage large-scale patch releases.

12 May 2026 · 05:00 UTC

Yesterday · 05:00 UTC

13 May 2026 · 05:00 UTC

12 May 2026 · 15:00 UTC

Microsoft Incident Response investigated an attack operated through legitimate and trusted administrative mechanisms to blend seamlessly into routine operations and remain undetected demonstrating that intrusions have in…

Yesterday · 15:00 UTC

Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused operations. Over time, K…

13 May 2026 · 13:01 UTC

Key Points Introduction The Gentlemen ransomware‑as‑a‑service (RaaS) operation is a relatively new group that emerged around mid‑2025. Its operators advertise the service across multiple underground forums, promoting the…

12 May 2026 · 07:00 UTC

Kaspersky researchers are sharing insights into the main ransomware trends for 2026: EDR killers on the rise, switching from data encryption to data leaks, and more.

Yesterday · 11:00 UTC

Kaspersky researchers analyze a range of new PebbleDash-based tools used in recent Kimsuky campaigns and reveal their connection to the AppleSeed malware cluster.

Yesterday · 13:00 UTC

Mick Baccio and Scott Roberts examine whether public breach signals and market timing models can turn cyber incidents into actionable trading opportunities.

Yesterday · 00:00 UTC

Learn how new ChatGPT safety updates improve context awareness in sensitive conversations, helping detect risk over time and respond more safely.

Yesterday · 13:00 UTC

Use Codex anywhere with the ChatGPT mobile app. Monitor, steer, and approve coding tasks in real time across devices and remote environments.

13 May 2026 · 11:00 UTC

Learn how OpenAI built a secure sandbox for Codex on Windows, enabling safe, efficient coding agents with controlled file access and network restrictions.

13 May 2026 · 21:47 UTC

This article guides you on how to use Amazon GuardDuty to identify and mitigate cryptocurrency mining threats in your Amazon Web Services (AWS) environment. You’ll learn about the specialized detection capabilities of Gu…

Yesterday · 20:42 UTC

AWS IAM Identity Center provides a web-based access portal that gives your workforce a single place to view their AWS accounts and applications. With the recent launch of IAM Identity Center multi-Region replication, cus…

Yesterday · 16:18 UTC

Migrating your TLS endpoints to Post-quantum cryptography (PQC) starts with understanding your current TLS endpoint inventory and posture. This post introduces the PQC Readiness Scanner — an automated tool that inventori…

12 May 2026 · 22:00 UTC