CVE Lite CLI is a free, open-source command line tool that scans your projects in seconds and tells you exactly which included packages contain a vulnerability. The post OWASP Incu...
When a researcher went public with Microsoft vulnerabilities, it laid bare a conflict that has never really been solved. The post Nightmare Eclipse incident shows the researcher-ve...
Other noteworthy stories that might have slipped under the radar: Ultrahuman data leak, The Gentlemen ransomware analysis, Hola Browser bundles miner. The post In Other News: Anthr...
The ShinyHunters extortion group leaked roughly 234 GB of data allegedly stolen from the dental benefits administrator. The post Hackers Leak DentaQuest Information Impacting 2.6 M...
Over 100 bugs are critical or high-severity, mainly use-after-free and insufficient validation of untrusted input flaws. The post Chrome 149 Patches 429 Vulnerabilities appeared fi...
Experts commented on the EOβs voluntary nature, the balance between innovation and security, and potential implementation gaps. The post Industry Reactions to New Trump AI Cybersec...
Posing as recruiters on online platforms, Chinese intelligence officers target personnel with access to classified or privileged information. The post Five Eyes: Chinese Spies Targ...
The company detected a network intrusion in March and an investigation showed that some files were stolen during the attack. The post Nightclub Giant RCI Says Data Breach Affects 4...
The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet. The post Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026...
A House Appropriations subcommittee is set to mark up fiscal 2027 DHS funding legislation Friday. The post Hill Dems hammer GOP for $250M CISA budget cut appeared first on CyberSco...
New research details how the increasing integration of AI agents into businesses is making it easier than ever for insiders - malicious or otherwise - to put sensitive data at risk...
As AI agents, machine identities, and third-party applications multiply across enterprises, Offroad is betting autonomous security agents can restore control over an increasingly u...
AI is breaking things faster than anyone can fix them. Security leaders across the industry are racing to figure out what comes next. The post Inside the race to adapt to an AI-pow...
Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and whatβs actually happening in practice. The post Web...
Officials said they dismantled nine organized crime groups and removed more than 27,000 URLs hosting live sports and other copyrighted media during a seven-month operation. The pos...
He told lawmakers that he wants approximately 600 more people than it has now, which would still be well below personnel numbers prior to Trumpβs second term. The post DHS Secretar...
Your childβs first data breach may happen before theyβve even opened a bank account. Hereβs how to keep their digital life safe.
Top Pentagon cyber policy official Katherine Sutton said recent conflicts have emphasized the importance of cyber, and that the department canβt make old mistakes with AI security....
The order β which Trump previously refrained from signing at the last minute β appears to make significant concessions to industry compared to earlier drafts. The post Trump admini...
Roughly 150 new organizations across critical infrastructure sectors will gain access to Claude Mythos Preview, Anthropic's most capable β and most restricted β AI model. The post ...
The escalated threat posed by the defect showcases how quickly a seemingly mild vulnerability can turn into an urgent warning. The post Attackers are exploiting Palo Alto Networks ...
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, a...
In this roundup, Tony looks at attacks against Polish water treatment facilities, how AI-directed attacks failed in Mexico, and what Google believes is the first AI-generated zero-...
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2025 and Q1 2026
Using chatbots for medical advice could elicit hallucinations and even expose you to security and privacy risks. Hereβs whatβs at stake and how to stay safe.
The malware pairs remote access capabilities with ready-made campaign tools, lowering the barrier for full device compromise
Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influ...
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a ...
Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data
Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved million...
ESET researchers describe new tools and techniques that the Webworm APT group recently added to its arsenal
A complete decoupling from US technology is neither realistic nor necessary, but the changing environment does require nations and companies to reassess their relationships and dep...
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several h...
Conflict is a boon for opportunistic fraudsters. Look out for their ploys.
ESET researchers uncovered new activities attributed to FrostyNeighbor, updating its compromise chain to support the groupβs continual cyberespionage operations
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in huma...
Smart glasses allow anyone to track and record the world around them. That could put your data and the privacy of those nearby at risk.
An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the Uni...
ESET researchers uncovered fraudulent apps on Google Play that claim to provide the call history βfor any numberβ and had been downloaded more than seven million times before being...
How come itβs still possible to βsecureβ an online account with a six-digit string?
ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games
A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of m...
Warnings about helpdesk impersonation scams and Iran-linked hackers targeting critical sectors in the US, plus the most damaging scams of 2025 - here's some of what made the headli...
A breach claims the systems as well as the confidence that was, in retrospect, a major vulnerability
ESET Research has discovered a new China-aligned APT group that weβve named GopherWhisper, which targets Mongolian governmental institutions
A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert ...
ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI
An attack is what you see, but a business operation is what youβre up against
Ignoring a real breach notification invites risk, but falling for a bogus one could be even worse. Stop reacting on autopilot.
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-d...
2.5 million people were affected, in a breach that could spell more trouble down the line.
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
Lockbit is by far this summerβs most prolific ransomware group, trailed by two offshoots of the Conti group.
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
Twitter is blasted for security and privacy lapses by the companyβs former head of security who alleges the social media giantβs actions amount to a national security risk.
CISA is warning that Palo Alto Networksβ PAN-OS is under active attack and needs to be patched ASAP.
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.