Page 1 of 10 · 418 stories from the last 30 days across 20 trusted sources.
AICritical unauthenticated RCE in Splunk Enterprise (CVE-2026-20253) exploited in wild; CISA added to KEV, federal agencies must patch by June 21.
5storiesEPSS 10%Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
2storiesEPSS 19%CVE-2026-20262: Cisco Catalyst SD-WAN Manager Zero-Day Leads to Root
2storiesEPSS 1%Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
1storyEPSS 81%CISA Adds Two Known Exploited Vulnerabilities to Catalog
1storyEPSS 54%CISA Adds Two Known Exploited Vulnerabilities to Catalog
1storyEPSS 41%26-year-old Abdellah Belmili faces up to 30 years in prison for allegedly operating the marketplaces Market0Day and Spoxy. The post Algerian Man Extradited to US for Running Cybercrime Marketplaces appeared first on SecurityWeek.
Attackers can send crafted media files to execute code in any application that uses FFmpeg’s libavcodec library. The post FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances appeared first on SecurityWeek.
OpenAI has expanded its Daybreak cybersecurity initiative with a new suite of tools and partnerships. The post OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery appeared first on SecurityWeek.
Fable 5 is the supposed safe version of Anthropic’s Mythos Preview, with guardrails to ensure that it can’t be used to create cyberattacks. Well, that restriction was bypassed within days.
Scam websites are circulating across the internet with a pitch aimed at millions of gamers: a way to play Grand Theft Auto VI before its release. The pages promise early access for a few hundred dollars in cryptocurrency, ask buyers to enter a payment code, and claim the game ...
Using a custom sniffer, the threat actor has captured over 110 million credentials since at least February 2026. The post Russian Initial Access Broker Behind FortiBleed Campaign appeared first on SecurityWeek.
AIHealthcare tech firm Xsolis disclosed a breach impacting 1.4 million individuals after a phishing attack exposed personal and protected health information from its clients.
Open narrative →Two members of the notorious hacker group Scattered Spider have pleaded guilty to charges related to a 2024 cyberattack on Transport for London (TfL) that resulted in £29 million in loss and recovery costs. Thalha Jubair, 20, from London, and Owen Flowers, 18, from Walsall, pl...
Hackers stole customers’ names, addresses, email addresses, phone numbers, and account information. The post Canadian Electricity Provider London Hydro Discloses Data Breach appeared first on SecurityWeek.
Omada has introduced Omada Identity Sovereign, a new solution that enables organizations to take direct control over where and how their identity governance is deployed. The solution addresses the digital sovereignty requirements, including data, operational, and jurisdictiona...
Hack The Box (HTB) has announced new capabilities to help security leaders gain greater visibility into skills, performance and operational readiness. As AI transforms cyberattacks and cybersecurity operations, HTB is expanding its cyber readiness platform to help organization...
WhatsApp VBScript Campaign Installs ManageEngine Endpoint Central for Persistent Remote Access A newly reported malware campaign uses WhatsApp direct messages to deliver VBScript (VBS/VBE) attachments that look like routine business documents. If a recipient downloads and then...
Mavenir has announced its Agentic Service Assurance Framework, a TM Forum IG1251/IG1453-aligned, multi-agent system that automates complex network operations across multiple domains without replacing existing systems. The framework pairs an Intent Orchestrator with a multi-lay...
Top Dark Web Telegram Groups & Channels 2026 Note: This article is intended for cybersecurity awareness and research purposes only. It does not promote or endorse illegal content. The top Dark Web Telegram channels and groups monitored in 2026 are CTI Now, NoName057(16), Rippe...
Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The list of identified packages, is below - aes-decode-runner-pro (145 downloads) postcss-minify-selector (256 downloads) postcss-...
OpenAI expanded Daybreak, its cybersecurity initiative that combines AI models, Codex Security, security researchers, maintainers, industry partners, and access controls to support vulnerability discovery and remediation. Organizations can use the initiative to identify, valid...
F5 has introduced the F5 AI Security Platform to give CISOs continuous visibility, governance, and protection across enterprise AI applications, models, agents, and the APIs connecting them. F5 also announced the acquisition of SurePath AI, as a key component in the launch of ...
Federal agencies are required to transition high-value assets and high-impact systems to use PQC by the end of 2030 and 2031. The post Trump Signs Executive Order Accelerating Post-Quantum Cryptography Migration appeared first on SecurityWeek.
Attackers are abusing Outlook Groups and Microsoft 365 collaboration features to make phishing campaigns appear routine, according to Fortra. “The technique shifts malicious intent away from a single phishing email into a trusted productivity workflow. A user may see what look...
Attackers backdoored ShapedPlugin Pro updates, deploying malware that steals credentials, 2FA secrets, and grants full site access. If you installed a ShapedPlugin Pro plugin between April and June 2026 and kept it updated, your site may be compromised. Not because you did som...