Flux RSS

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware

‘Q-Day’ and the cybersecurity problems it brings could come as early as 2029 as Google accelerates its post-quantum cryptography migration

The UK government has sanctioned Xinbi, described as “the second-largest illicit online marketplace ever”

Security researchers from Georgia Tech have observed a surge in reported CVEs for which the flaw was introduced by AI-generated code

Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study

PwC Annual Threat Dynamics report says AI-threats are the biggest concern of clients

OpenAI’s Safety Bug Bounty program seeks to address AI safety vulnerabilities beyond traditional security flaws

Cybersecurity company’s annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials

The US Federal Communications Commission has placed all “consumer-grade” internet routers produced outside the US on its “covered list”

Expel has warned of malicious Chrome extensions stealing users’ AI conversations

Geopolitics and cyber warfare take center stage at Infosecurity Europe as Dmytro Kuleba discusses Ukraine’s hybrid war experience

The FBI has warned that Iranian hacking group Handala has been targeting opponents of the regime since 2023

High tech was the most frequently targeted industry in Mandiant investigations in 2025, overtaking financial services which led in 2023 and 2024

CISA added CVE-2026-20131 to its KEV catalog as it is being used in ransomware campaigns

Sysdig details how threat actors exploited a critical CVE in Langflow in less than a day

Hastalamuerte leaks The Gentlemen RaaS ops: FortiGate exploits, BYOVD evasion, Qilin split tactics

Notorious ransomware group Interlock has been exploiting a Cisco zero-day bug since January, AWS says

35% of security leaders working in the UK’s critical infrastructure said regulatory requirements are the primary influence on their security programs

CVE-2026-3888 Ubuntu snap flaw lets local users escalate to root via timing-based exploit

Rapid7 says median time from publication to CISA KEV inclusion dropped to five days