Student Loan Data Exposure Risk Amplified by Forgiveness Scams
A breach at Nelnet Servicing has compromised the personal information of millions, creating a prime target for future phishing.
Microsoft is introducing the PC Insights skill to its Copilot app, allowing users to query system data without digging through menus.
A breach at Nelnet Servicing has compromised the personal information of millions, creating a prime target for future phishing.
UK authorities charge five individuals as they reveal the inner workings of a massive, sophisticated global spoofing operation.
A risk register identifies what could go wrong with AI, but only an actionable response plan ensures your team knows how to react.
Quishing attacks are weaponizing QR codes to bypass traditional security, creating a sophisticated new pathway for account hijacking.
Varonis Threat Labs launches an interactive capture-the-flag experience to teach security teams how to combat modern identity attacks.
Microsoft introduces 'PC insights' to help users query hardware stats via Copilot, sparking new debates over privacy and resource usage.
Researchers identify over 130 firms compromised in a sprawling campaign that successfully bypassed traditional MFA protections.
A stealthy new attack technique is bypassing traditional security logs, allowing threat actors to compromise cloud-based infrastructure.
A faulty BIOS configuration is triggering unnecessary thermal alerts, though hardware remains safe from actual overheating damage.
A new subscription-based phishing service leverages device code theft and AI to bypass traditional security defenses.
A security incident at an IT service provider has resulted in the exposure of personal data for Lidl online shoppers across three countries.
Cybersecurity leaders are mistaking visual dashboards for true operational survivability in an increasingly chaotic, AI-driven era.
A sophisticated China-based actor is leveraging watering hole tactics and keylogging to compromise targets across the maritime sector.
Law enforcement digital infrastructure in Pakistan has become a high-stakes battlefield for dueling foreign intelligence operations.
A single edit permission in Google Cloud's Dialogflow CX could have allowed attackers to hijack agents and steal sensitive data.
Researchers at Tracebit are utilizing context bombing to force AI models to trigger their own safety guardrails during attacks.
Federal agencies face a tight three-day deadline to patch critical remote code execution vulnerabilities in popular Joomla extensions.
A CISA postmortem reveals how a contractor's public repository leak serves as a critical guide for improving organizational security.
Critical flaws in RabbitMQ allow unauthenticated access to OAuth secrets and authorization bypasses, threatening enterprise messaging.
A single exposed directory reveals how multiple threat actors leverage AiTM tools and OAuth abuse to compromise corporate accounts.
Stop wasting time on manual folder navigation and adopt a relational approach to file management using native OS tagging features.
A critical vulnerability allows unauthenticated actors to steal OAuth credentials, potentially granting full control over message brokers.
A flurry of 37 cybersecurity acquisitions in June 2026 underscores how major tech firms are rapidly integrating AI and identity governance.
A decade-long developer's device, infected nearly a year ago, likely provided the gateway for a breach of the Argentine Football Association.
A newly identified infostealer employs unconventional local authentication checks and Rust-based binaries to bypass standard defenses.
Microsoft identifies a sophisticated new Windows backdoor that merges multiple ransomware and data-wiping tools into one modular threat.
Threat actors are leveraging AI to refine and accelerate traditional attack chains, lowering the barrier to entry for complex operations.
A newly uncovered patent application details a system that tracks daily moods through voice, biometric data, and device interaction.
Customers are forced to pull the plug on infrastructure as the vendor probes a mysterious and credible external threat to its file-sharing platform.
Critical RCE flaws in popular Joomla extensions leave unauthenticated websites vulnerable to total compromise by malicious actors.
New sanctions signal a firm shift in European policy as officials target the infrastructure-focused espionage activities of Moscow.
A severe vulnerability in the Classic Web Client requires immediate patching to prevent unauthorized code execution via email.
A recent security breach at the Miinto platform has left shoppers facing an increased risk of targeted phishing attacks.
Researchers discover a critical vulnerability where AI coding agents are tricked into executing malicious code via hallucinations.
Recent vulnerabilities reveal long-standing memory corruption risks in the Linux kernel that could compromise major cloud environments.
A fix for a critical zero-day vulnerability inadvertently introduces a secondary risk that could lead to complete hard drive exhaustion.
A simple configuration blunder by an attacker unraveled three sophisticated, bypass-capable phishing campaigns targeting Microsoft 365.
An international coalition warns that Russian intelligence is exploiting basic network oversights to compromise critical utilities.
The exploitation of critical Joomla extensions highlights a broader trend of automated campaigns targeting vulnerable CMS plugins globally.
To handle an intense spike in user demand, OpenAI has lifted the five-hour restriction on its premier GPT-5.6 Sol model.
Anthropic repeatedly extends free access to Claude Fable 5 for premium users, highlighting the immense hardware costs of frontier AI.
A newly upgraded RedHook Android malware variant exploits wireless debugging settings to gain high-level shell privileges without root.
Security weaknesses in Microsoft BitLocker wrappers could expose corporate networks and cash machines to deep physical compromise.
As frontline clinical defenses strengthen, digital adversaries are pivoting toward vulnerable third-party service providers.
As Jen Ellis becomes a Member of the Order of the British Empire (MBE), the vital link between researchers and policy comes into focus.
Two British teenagers plead guilty, exposing the massive operational and financial toll of the notorious Scattered Spider hacking syndicate.
Law enforcement and tech giants dismantle a massive residential proxy network operating right inside consumer living rooms.
A look inside IRIS C2, a mysterious cyber firm offering multimillion-dollar bounties but secretly run by notorious political schemers.
Sustained cyber espionage campaigns weaponize local law enforcement systems to harvest sensitive citizen data and security records.
A compromised jscrambler package release highlights how modern software pipelines are weaponized to harvest developer secrets.
As an automated, potentially AI-assisted campaign scans for flawed plugins, small businesses face a severe rise in stealthy webshell attacks.
A persistent cross-site scripting flaw in Zimbra's classic client underscores the relentless exploitation of enterprise email platforms.
Researchers have demonstrated how bad actors can exploit AI code assistants by hiding malicious instructions inside unchecked images.
As Progress Software forces ShareFile servers offline, a sudden threat exposes the vulnerabilities inherent in hybrid storage systems.
Newly discovered vulnerabilities in the popular U-Boot bootloader could allow attackers to bypass startup security protections entirely.
Three vulnerabilities in the OpenClaw AI assistant allow attackers to bypass sandbox restrictions and execute code on host environments.
Unpatched vulnerabilities in U-Boot expose millions of consumer and enterprise devices to silent, early-boot execution risks.
Progress Software orders customers to sever internet access to their storage controllers, signaling an escalating, unpatched security risk.
As hackers exploit a critical Gitea Docker flaw, the ease of bypassing authentication exposes the fragility of self-hosted DevOps security.
An Armenian hacker faces 15 years in prison after admitting to his role in the devastating Ryuk ransomware attacks on American targets.
A compromised developer account on GitHub allowed attackers to inject silent credential-stealing malware into a popular Web3 ecosystem.
As police narrow in on domestic suspects behind the Odido data breach, the incident highlights the devastating efficacy of voice phishing.
A high-tech laser attack bypasses security checks on Tangem hardware wallets, highlighting the double-edged sword of unpatchable firmware.
A dispute within the OpenMandriva Linux community leads to deleted repositories and a debate over administrative trust.
GodDamn ransomware now exploits PoisonX, a Microsoft-signed kernel driver, to disable endpoint security, marking a critical escalation in evasion tactics.
As AI accelerates vulnerability discovery, a surge in 'clearinghouses' highlights a critical shift from mere data sharing to rapid, automated remediation.
AI-driven cyberattacks operate at machine speed, rendering human-paced defenses obsolete and necessitating a paradigm shift in security strategies to maintain an effective posture.
Recent reports reveal a vast landscape of cyber threats, from international law enforcement combating social engineering at scale to sophisticated tactics undermining software integrity and user trust.
GitHub's npm 12 release hardens software supply chains by disabling install scripts by default and overhauling granular access tokens to mitigate critical risks.
Microsoft is phasing out its two-decade-old Outlook Web Access Light client, urging users and administrators to transition to the full Outlook on the web experience by August 2026.
Reduced summer IT staffing creates critical security gaps, which cybercriminals exploit through slower responses and diminished oversight, escalating risks.
Forg365, a sophisticated phishing-as-a-service platform, now combines AI-assisted lure generation with advanced AiTM and device code methods to compromise Microsoft 365 accounts and maintain persistent access.
Microsoft's increasing reliance on advanced artificial intelligence to proactively uncover vulnerabilities within its Windows codebase is set to significantly raise the volume of monthly security updates for users.
A sophisticated new group named Helix leverages identity-based phishing and MFA abuse to infiltrate corporate SharePoint environments, exfiltrating sensitive data for extortion or sale.