VULNERABILITY

An AI-Armed Amateur Hacked More Than 600 FortiGate Devices

An AI-Armed Amateur Hacked More Than 600 FortiGate Devices

Hundreds of FortiGate instances were breached at scale by a financially motivated threat actor with limited technical expertise using generative.

Securing the Modern Workplace: Why Application and Third-Party Security Can’t Be Ignored

Securing the Modern Workplace: Why Application and Third-Party Security Can’t Be Ignored

The number of apps installed across endpoints has increased dramatically as businesses around the world speed up their digital transformation This article.

Attackers Check for React2Shell Exposure Using a New Tool

Attackers Check for React2Shell Exposure Using a New Tool

According to new information, a cyber espionage organization is preparing for attacks on significant industries. According to Anna Pham, senior hunt and.

Lessons From AI Hacking: Every Model, Every Layer Is Risky

Lessons From AI Hacking: Every Model, Every Layer Is Risky

Two years ago, Hillai Ben Sasson and Dan Segev set out to hack AI infrastructure in the hopes of discovering vulnerabilities. However, they were surprised.

AI Agents Disregard Security Policies in God-Like Attack Machines

AI Agents Disregard Security Policies in God-Like Attack Machines

Although AI agents are designed to be diligent and intent on finishing tasks given to them by the user, this singular focus has frequently backfired This.

Dell's Hard-Coded Flaw: A Nation-State Goldmine

Dell's Hard-Coded Flaw: A Nation-State Goldmine

For two years, a Chinese nation-state threat actor exploited a Dell hard-coded credential vulnerability, highlighting the risk of a pre-compromised.

RMM Abuse Explodes as Hackers Ditch Malware

RMM Abuse Explodes as Hackers Ditch Malware

When enterprise software can be used to prevent intrusions, why use malware This article explores malware threat actors. ? Threat actors essentially.

More than 260K Chrome Users Were Tricked by False AI Browser Extensions

More than 260K Chrome Users Were Tricked by False AI Browser Extensions

Discover how Numerous malicious browser extensions that pretend to be AI assistants but are actually stealing victims' personal information have taken.

When AI Factories Scale, Security Has to Be Engineered In

When AI Factories Scale, Security Has to Be Engineered In

A new era of enterprise AI is beginning This article explores ai factories infrastructures. . What started out as experimentation—single models, few.

Security Complexity Follows Suit for AI Agents to Swarm

Security Complexity Follows Suit for AI Agents to Swarm

It is more likely that several models and agents will need to collaborate as the AI landscape develops This article explores ai agents prevalent.

North Koreas UNC1069 Uses AI to Attack Crypto Companies

North Koreas UNC1069 Uses AI to Attack Crypto Companies

A financially driven North Korean threat actor is using innovative social engineering techniques powered by deepfakes to target cryptocurrency companies.

The automaker uses a developer-friendly platform to secure the supply chain.

The automaker uses a developer-friendly platform to secure the supply chain.

Discover how Software supply chain security has serious ramifications for teams in charge of installing software in connected cars. Real-world risks to.

Top Cyber Industry Defenses Spike CO2 Emissions

Top Cyber Industry Defenses Spike CO2 Emissions

Two specific areas of cybersecurity — backups and identity and access management (IAM) — are responsible for nearly half (45%) of the cybersecurity.

SolarWinds WHD Attacks Draw Attention to the Dangers of Vulnerable Apps

SolarWinds WHD Attacks Draw Attention to the Dangers of Vulnerable Apps

New vulnerabilities in SolarWinds Web Help Desk (WHD) are being exploited by threat actors, highlighting the dangers of applications that are accessible.

Microsoft Patches 6 Actively Exploited Zero-Days

Microsoft Patches 6 Actively Exploited Zero-Days

Six of the 59 vulnerabilities Microsoft revealed in its most recent security update are already being actively exploited by attackers, so security teams.

BYOVD Bundles With Ransomware Payload by Reynolds

BYOVD Bundles With Ransomware Payload by Reynolds

The bring-your-own-vulnerable-driver (BYOVD) technique has been reimagined by an emergent ransomware group. The Symantec and Carbon Black Threat Hunter.

Warlock Gang Breaches SmarterTools Via SmarterMail Bugs

Warlock Gang Breaches SmarterTools Via SmarterMail Bugs

A breach that happened as a result of vulnerabilities that SmarterTools fixed last month was recently revealed This article explores smartermail instance.

Shai-hulud: The Unspoken Price of Supply Chain Incidents

Shai-hulud: The Unspoken Price of Supply Chain Incidents

Although thousands of software packages and repositories have been compromised by numerous malware attacks targeting open source software components, it.

Safe Use Is Complicated by OpenClaws Gregarious Insecurities

Safe Use Is Complicated by OpenClaws Gregarious Insecurities

Discover how The open source agentic AI assistant OpenClaw, which is accessible through GitHub, is gaining popularity. Dane Sherrets, a staff innovation.

Data Tool to Triage Exploited Vulnerabilities Can Make KEV More Useful

Data Tool to Triage Exploited Vulnerabilities Can Make KEV More Useful

Not every software vulnerability is the same. With over 48,100 vulnerabilities in 2025, up 21% from the year before, IT and security teams are trying to.

EnCase Driver Weaponized as EDR Killers Persist

EnCase Driver Weaponized as EDR Killers Persist

Even though the driver's digital certificate was revoked over ten years ago, threat actors are still using the Windows kernel driver of a forensic tool to.

Moltbook, an agentic AI website, has numerous security flaws.

Moltbook, an agentic AI website, has numerous security flaws.

The database used to store all user secrets, personally identifiable information (PII), and other information was made public by an experimental.

Sandbox escape and arbitrary code execution are made possible by a critical vm2 Node.js flaw.

Sandbox escape and arbitrary code execution are made possible by a critical vm2 Node.js flaw.

The widely used vm2 Node.js library has been found to have a critical sandbox escape vulnerability that, if successfully exploited, could enable

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

Threat actors who speak Chinese are suspected of using a compromised SonicWall VPN appliance as a first point of access to launch a VMware ESXi exploit that may have been created as early

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

To fix several security flaws affecting on-premise versions of Apex Central for Windows, including a serious flaw that could lead to arbitrary code execution, Trend Micro has released secu

CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024

CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024

Ten emergency directives (Eds) issued between 2019 and 2024 are being retired, the U.S This article explores emergency directives eds. . Cybersecurity and Infrastructure Security Agency (C

Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

Updates for a medium-severity security vulnerability have been made available by Cisco This article explores vulnerability available cisco. . The licensing feature contains the vulnerabili

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform. The flaws could result in authentica

China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes

China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes

UAT-7290, a China-nexus threat actor, has been linked to espionage-focused intrusions against organizations in Southeastern Europe and South Asia This article explores attacks uat 7290. .

Top 5 this week

Page 1 of 2