Page 1 of 10 · 453 stories from the last 30 days across 20 trusted sources.
AICritical unauthenticated RCE in Splunk Enterprise (CVE-2026-20253) exploited in wild; CISA added to KEV, federal agencies must patch by June 21.
5storiesEPSS 92%Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
2storiesEPSS 87%CVE-2026-20262: Cisco Catalyst SD-WAN Manager Zero-Day Leads to Root
3storiesEPSS 1%CISA Adds One Known Exploited Vulnerability to Catalog
1storyEPSS 99%ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
1storyEPSS 90%Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
1storyEPSS 86%An executive order signed Monday aims to accelerate the government's transition to post-quantum cryptography (PQC), a new generation of encryption designed to protect data from the powerful quantum computers expected in the future.
AITwo Scattered Spider members pleaded guilty to the 2024 cyberattack on Transport for London, causing major disruption and £29 million in losses.
Open narrative →Attackers could abuse Dify's multi-tenant cloud service to read private chats, preview other tenants' documents, and reach internal APIs. The post Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps appeared first on SecurityWeek.
The so-called duty of care provision that was excluded would have mandated that online platforms take reasonable measures to prevent specific harms such as suicidal ideation, eating disorders and cyberbullying by changing algorithm and design features.
Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the firm tested it against marked it safe. The payloa...
AITrump signed an executive order setting a 2030 deadline for federal agencies to migrate high-value assets to post-quantum cryptography, with digital signatures due by 2031.
Open narrative →A massive credential-harvesting campaign targeting FortiGate firewalls has exposed thousands of organizations to potential network compromise, and a trove of attacker tools, scripts, and credentials left inadvertently exposed on a server has given researchers an unusually deta...
AIAbdellah Belmili, 26, extradited from Algeria to the US for operating Market0Day and Spoxy, which sold stolen financial credentials and phishing kits targeting US banks, faces 30 years.
Open narrative →GitHub is moving to strengthen software supply chain security by updating "actions/checkout" to block pwn request attacks that exploit the risky use of the "pull_request_target workflow" trigger to run malicious code with the workflow's full privileges. Effective June 18, 2026...
N-able has announced the availability of Shadow AI Visibility across its Unified Endpoint Management (UEM) solutions, N‑central and N‑sight, and its Security Operations platform, Adlumin. The new capability helps organizations identify, classify, and monitor AI tool usage acro...
Attackers can now weaponize newly disclosed vulnerabilities far faster than most organizations can patch them. Picus Security explains how security teams can validate exploitability before a public exploit even exists. [...]
LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in the Klue supply chain attack earlier this month. [...]
Dragos has announced the release of EmberAI, an OT-native AI built on the Dragos Intelligence Fabric. EmberAI gives every analyst immediate access to Dragos’s OT-specific intelligence, gained from more than a decade of OT operations, activity, and expertise. Putting historical...
SocGholish uses traffic distribution systems (TDSs) to provide initial access into victims' networks for cybercrime groups such as the notorious Evil Corp.
A Reddit comment that takes only a few seconds to write can end up influencing the answers generated by AI research tools. A Cornell Tech study found that a short snippet of user-generated text, sometimes as little as 13 words, was enough to affect the output of deep-research ...
The high-severity use-after-free vulnerability in Samsung's KNOX security framework affected Android-powered Galaxy devices from the S9 through S25. The post Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks appeared first on SecurityWeek.
Carl Froggett combines CISO and CIO. He currently occupies both positions at Deep Instinct. Before then, he was CISO at Citi for almost 17 years. The post CISO Conversations: Carl Froggett – Combining CISO and CIO at Deep Instinct appeared first on SecurityWeek.
The threat actors engineered a Golang-based sniffer to target 430,000 FortiGate firewalls and identify 110 million credentials in the ongoing global campaign.
Emergency alert systems work because people believe them. Every time one of these systems issues a false alert - whether through negligence or a deliberate attack - trust erodes. Read more in my article on the Hot for Security blog.
Phishing, BEC, and account takeover attacks continue to overwhelm security teams with alerts and investigations. This webinar explores how behavioral AI can help automate detection and response workflows, reducing alert fatigue and improving operational efficiency. [...]