Flux RSS

Someone tries to remote control his own DJI Romo vacuum, and ends up controlling 7,000 of them from all around the world. The IoT is horribly insecure, but we already knew that.

35% of security leaders working in the UK’s critical infrastructure said regulatory requirements are the primary influence on their security programs

Where are you? What are you working on? Why are you doing that? Identity access and management platform Okta announced the general availability of its Okta for AI Agents, which will give customers the ability to do three things: locate agents, see what they’re doing, and shut them down if need be.…

Darksword is the second iOS exploit chain in a month A new exploit kit targeting iPhone users and stealing their sensitive data is being abused by "multiple" spyware vendors and suspected nation-state goons, security researchers said on Wednesday.…

Interlock's post-exploit toolkit exposed Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, according to Amazon security boss CJ Moses.…

CVE-2026-3888 Ubuntu snap flaw lets local users escalate to root via timing-based exploit

ShieldGuard Chrome extension posed as a crypto security tool but stole wallets and drained user data

Researchers map full org chart of the scam from dodgy recruiters to helpful Western collaborators Researchers at IBM X‑Force and Flare Research have uncovered data that sheds light on how North Korea's fake IT worker schemes operate and infiltrate companies in order to funnel money back to the regime and steal sensitive information.…

Rapid7 says median time from publication to CISA KEV inclusion dropped to five days

No 1 Space Operations Squadron will get a persistent stare capability The Ministry of Defence (MoD) plans to spend £17.5 million on a remotely-operated satellite monitoring facility in Cyprus, partly to protect the UK's secure communications system Skynet.…

The Vidar 2.0 infostealers is deployed through fake free game cheats on GitHub and Reddit

Surprising no one, Meta’s new AI glasses are a privacy disaster. I’m not sure what can be done here. This is a technology that will exist, whether we like it or not. Meanwhile, there is a new Android app that detects when there are smart glasses nearby.

Gartner has urged security teams to get involved in AI projects from the start to avoid costly incident response

Even without a navy, or air power, 'They'll still have the ability to hack' Businesses should expect that Iran will conduct more aggressive cyber-ops as the war escalates, according to security analysts.…

Big Tech donates $12.5 million to get things rolling Half a dozen Big Tech players have together delivered $12.5 million in grants towards a project that aims to help maintainers of open source projects to cope with AI slop bug reports.…

In less polite places, this is called ‘hacking back’ or ‘offensive cyber-ops’ Japan’s government yesterday decided to allow its Self-Defense Force to conduct offensive cyber-operations, starting on October 1st.…

Sell your soul to the orb Sam Altman has cooked up a plan to make his cryptocurrency/identity/eyeball-scanning-orb venture more useful by – you guessed it – adding agentic AI to the mix. Now the technology behind it will be used to identify the human behind bots.…

Android’s LSPosed-based attack hijacks payment apps via runtime manipulation and SIM-binding bypass

State-sponsored attackers joined by Chinese snoops and hackers-for-hire in latest round of economic penalties The Council of the European Union sanctioned Emennet Pasargad on Monday, a company used as a front for a series of Iranian cyberattacks.…

CursorJack shows how malicious MCP deeplinks in Cursor IDE can trigger user-approved code execution