Page 1 of 10 · 394 stories from the last 30 days across 20 trusted sources.
AICritical unauthenticated RCE in Splunk Enterprise (CVE-2026-20253) exploited in wild; CISA added to KEV, federal agencies must patch by June 21.
5storiesEPSS 10%Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
2storiesEPSS 19%CVE-2026-20262: Cisco Catalyst SD-WAN Manager Zero-Day Leads to Root
2storiesEPSS 1%Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
1storyEPSS 81%CISA Adds Two Known Exploited Vulnerabilities to Catalog
1storyEPSS 54%CISA Adds Two Known Exploited Vulnerabilities to Catalog
1storyEPSS 41%A research team has built a system that teaches AI agents to hunt for software bugs by writing the audit method down as plain text. The system, called EVOHUNT, keeps the underlying AI model fixed and improves only an external “playbook” that tells the agent how to work. One re...
Smart TVs in living rooms run small apps that show fish tanks, clocks, solitaire games, and slideshows of puppies. A share of those apps can also send other people’s internet traffic out through the home connection. Spur Intelligence scanned 6,038 apps across LG webOS and Sams...
Researchers at Malwarebytes identified dozens of websites claiming to offer free access to FIFA World Cup matches. Instead of streaming games, the sites directed visitors through a chain of advertising pages designed to generate revenue for their operators. Fake World Cup stre...
Most organizations now run or pilot AI agents that operate on company data with limited human direction at each step, a share that reaches 88% in Veeam Software’s Data and AI Trust Gap report. The systems that are supposed to keep an eye on them have not caught up. That gap is...
OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative, the artificial intelligence (AI) company announced last month. Calling GPT‑5.5‑Cyber its "strongest model yet for finding and helping pa...
The vulnerability
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access. [...]
A judge said the administration’s database violates the Privacy Act, the Social Security Act and the Administrative Procedures Act. The post Court rules SAVE database illegal, orders it dismantled appeared first on CyberScoop.
Unit 42 research details how attackers could exploit global name uniqueness in bucket hijacking to redirect cloud data streams across major CSPs. The post The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration appeared first on Unit 42.
The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-detection logic by creating fake cryptocurrency trading opportunities. [...]
A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under certain conditions, and can also trigger a denial-of-service condition in applications like Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio. [...]
WhatsApp accounts were hijacked to spread fake debt notices that install remote access software, giving attackers control of victims’ PCs. Kaspersky published a technical analysis this week of an active malware campaign that spreads through WhatsApp messages and ends with a re...
Security firm SOCRadar says the large-scale FortiBleed campaign targeting Fortinet FortiGate devices used custom sniffers to harvest authentication secrets from compromised firewalls and steal credentials. [...]
Both EOs are expected to be signed as soon as Monday per an industry source with knowledge of timing. The White House has a signing ceremony scheduled this afternoon. The post Trump administration to order agencies to speed up post-quantum migration, boost industry appeared fi...
What happens when threat actors target what AI remembers? Microsoft breaks down the risks and the defenses. The post Guarding AI memory appeared first on Microsoft Security Blog.
AITexas Parks & Wildlife data breach via third-party vendor exposed personal info of over 3 million, including driver’s licenses.
Open narrative →AIThreat actors compromised ShapedPlugin's build pipeline, backdooring multiple WordPress plugins and distributing malicious updates to paying customers via the official update system.
Open narrative →Microsoft has confirmed that Windows 11 version 26H2 will be the next feature update and that devices running Windows 11 24H2 and 25H2 will be able to upgrade using a small enablement package. [...]
A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers manipulate an agent into executing arbitrary commands on its host system simply by visiting a malicious webpage. [...]