Page 1 of 10 · 410 stories from the last 30 days across 20 trusted sources.
AICritical unauthenticated RCE in Splunk Enterprise (CVE-2026-20253) exploited in wild; CISA added to KEV, federal agencies must patch by June 21.
5storiesEPSS 10%Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
2storiesEPSS 19%CVE-2026-20262: Cisco Catalyst SD-WAN Manager Zero-Day Leads to Root
2storiesEPSS 1%Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
1storyEPSS 81%CISA Adds Two Known Exploited Vulnerabilities to Catalog
1storyEPSS 54%CISA Adds Two Known Exploited Vulnerabilities to Catalog
1storyEPSS 41%Hackers stole customers’ names, addresses, email addresses, phone numbers, and account information. The post Canadian Electricity Provider London Hydro Discloses Data Breach appeared first on SecurityWeek.
Omada has introduced Omada Identity Sovereign, a new solution that enables organizations to take direct control over where and how their identity governance is deployed. The solution addresses the digital sovereignty requirements, including data, operational, and jurisdictiona...
Hack The Box (HTB) has announced new capabilities to help security leaders gain greater visibility into skills, performance and operational readiness. As AI transforms cyberattacks and cybersecurity operations, HTB is expanding its cyber readiness platform to help organization...
WhatsApp VBScript Campaign Installs ManageEngine Endpoint Central for Persistent Remote Access A newly reported malware campaign uses WhatsApp direct messages to deliver VBScript (VBS/VBE) attachments that look like routine business documents. If a recipient downloads and then...
Mavenir has announced its Agentic Service Assurance Framework, a TM Forum IG1251/IG1453-aligned, multi-agent system that automates complex network operations across multiple domains without replacing existing systems. The framework pairs an Intent Orchestrator with a multi-lay...
Top Dark Web Telegram Groups & Channels 2026 Note: This article is intended for cybersecurity awareness and research purposes only. It does not promote or endorse illegal content. The top Dark Web Telegram channels and groups monitored in 2026 are CTI Now, NoName057(16), Rippe...
Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The list of identified packages, is below - aes-decode-runner-pro (145 downloads) postcss-minify-selector (256 downloads) postcss-...
OpenAI expanded Daybreak, its cybersecurity initiative that combines AI models, Codex Security, security researchers, maintainers, industry partners, and access controls to support vulnerability discovery and remediation. Organizations can use the initiative to identify, valid...
F5 has introduced the F5 AI Security Platform to give CISOs continuous visibility, governance, and protection across enterprise AI applications, models, agents, and the APIs connecting them. F5 also announced the acquisition of SurePath AI, as a key component in the launch of ...
Federal agencies are required to transition high-value assets and high-impact systems to use PQC by the end of 2030 and 2031. The post Trump Signs Executive Order Accelerating Post-Quantum Cryptography Migration appeared first on SecurityWeek.
Attackers are abusing Outlook Groups and Microsoft 365 collaboration features to make phishing campaigns appear routine, according to Fortra. “The technique shifts malicious intent away from a single phishing email into a trusted productivity workflow. A user may see what look...
Attackers backdoored ShapedPlugin Pro updates, deploying malware that steals credentials, 2FA secrets, and grants full site access. If you installed a ShapedPlugin Pro plugin between April and June 2026 and kept it updated, your site may be compromised. Not because you did som...
AIThe Squidbleed vulnerability, a 29-year-old heap over-read in Squid Proxy, exposes cleartext HTTP requests, including credentials and tokens, to other proxy users.
Open narrative →Threat actors gained access to personal and protected health information that Xsolis received from its clients. The post Xsolis Data Breach Affects 1.4 Million Individuals appeared first on SecurityWeek.
Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic Script (VBScript) files that lead to the installation of legitimate Remote Monitoring and Management (RMM) software. Per findings from Kaspersky, the active campaign is targeting users of Wha...
A research team has built a system that teaches AI agents to hunt for software bugs by writing the audit method down as plain text. The system, called EVOHUNT, keeps the underlying AI model fixed and improves only an external “playbook” that tells the agent how to work. One re...
Smart TVs in living rooms run small apps that show fish tanks, clocks, solitaire games, and slideshows of puppies. A share of those apps can also send other people’s internet traffic out through the home connection. Spur Intelligence scanned 6,038 apps across LG webOS and Sams...
Researchers at Malwarebytes identified dozens of websites claiming to offer free access to FIFA World Cup matches. Instead of streaming games, the sites directed visitors through a chain of advertising pages designed to generate revenue for their operators. Fake World Cup stre...
Most organizations now run or pilot AI agents that operate on company data with limited human direction at each step, a share that reaches 88% in Veeam Software’s Data and AI Trust Gap report. The systems that are supposed to keep an eye on them have not caught up. That gap is...
OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative, the artificial intelligence (AI) company announced last month. Calling GPT‑5.5‑Cyber its "strongest model yet for finding and helping pa...