TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. [...]
A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware. [...]
Chinese APT Red Menshen's super-advanced BPFdoor malware defeats traditional cybersecurity protections. All telcos can do, really, is try hunting it down.
The list of countries exploiting internet-connected cameras to give them eye's inside their adversaries' borders continues to expand, with Russia, Iran, Israel, Ukraine, and the United States all using the tactic. What should companies look out for?
Agentic GRC automates workflows, forcing teams to rethink their role beyond operations. Anecdotes explains why the biggest challenge is shifting from execution to risk leadership. [...]
Operational technology (OT) at industrial and critical infrastructure sites seem to have been benefitting from a lull in ransomware, and hackers' relative ignorance of OT systems.
The post-quantum future may be coming sooner than you think, as Google plans to have PQC migration in place by 2029.
Vulns in Dutch football club's systems didn't just expose data – they let outsiders play with accounts, and even lift stadium bans Dutch football giant AFC Ajax has admitted to a data breach after an attacker gained access to its internal systems, in an incident that looks less like a stray pass and more like the gates left wide open.…
Un acteur malveillant a accédé à au moins un compte AWS de la Commission Européenne, avec accès à des informations d'employés et un serveur email. La Commission enquête sur cette brèche, potentiellement liée à des vulnérabilités Ivanti EPMM exploitées contre d'autres institutions EU. Impact potentiel sur infrastructures critiques EU et conformité DORA/NIS2 pour le secteur financier dépendant des services cloud EU.
US and UK forces seeking tech tender with an April 3 deadline The UK and US are looking for technology to counter the threat posed by underwater drones to ships, harbors and other critical maritime infrastructure, and are asking industry for answers.…
The Alliance for Creativity and Entertainment (ACE) announced the shutdown of AnimePlay, a major anime streaming platform with over 5 million users. [...]
Microsoft has released the KB5079391 preview cumulative update for Windows 11 24H2 and 25H2, which includes 29 changes, such as Smart App Control and Display improvements. [...]
La Police nationale néerlandaise (Politie) a subi une brèche de sécurité résultant d'une attaque de phishing réussie. L'impact est limité et n'a pas affecté les données des citoyens. L'incident a été divulgué le 27 mars 2026.
Global bank's devs have some cleaning up to do after cloud creds found in website code Computer security boffins have conducted an analysis of 10 million websites and found almost 2,000 API credentials strewn across 10,000 webpages.…
Le club néerlandais AFC Ajax a divulgué qu'un hacker a exploité des vulnérabilités IT pour accéder aux données de quelques centaines de personnes, permettant le vol de billets. Bien que non financier direct, impacte la grande région et services numériques en Europe. Notification potentielle RGPD.
Nation-state malware is being sold on the Dark Web and leaked to GitHub; and ordinary organizations might not stand much of a chance of defending themselves.
The agency put foreign-made consumer routers on its list of prohibited communications devices, but the ban could create more problems down the road.
More than a decade since the 2015 Jeep hack, the cybersecurity of vehicles remains of the utmost importance.
The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. [...]
Threats actors pounced on the code injection vulnerability within hours of its disclosure, demonstrating that organizations have little time to address critical bugs.