Information security

[ follow ]
#russian-hackers #power-grid #power-grid-attack #input-validation #cve-2022-2856 #phishing
Information security
fromZero Day Initiative
2 hours ago

Zero Day Initiative - The May 2026 Security Update Review

Most Microsoft fixes address elevation of privilege, with several code execution paths requiring varying attacker access levels and one kernel issue enabling code execution via crafted NVMe-oF handshake messages.
Information security
fromSecurityWeek
2 hours ago

Microsoft Patches 137 Vulnerabilities

Microsoft patched 137 vulnerabilities, including critical privilege escalation and remote code execution flaws, with none reported exploited in the wild.
Information security
fromDevOps.com
2 hours ago

OpenAI's Daybreak Challenges Anthropic in AI Cybersecurity Race

Daybreak embeds AI-driven vulnerability identification, fix validation, and faster patching into enterprise software development workflows using Codex Security and vendor integrations.
#zero-day-vulnerabilities
Information security
fromTNW | Data-Security
1 hour ago

Google identifies first AI-developed zero-day exploit and thwarts planned mass exploitation event

Google identified an AI-assisted zero-day exploit, disrupted a planned mass exploitation event, and documented state-sponsored AI use in vulnerability research and malware development.
Information security
fromThe Verge
1 day ago

Google stopped a zero-day hack that it says was developed with AI

Google identified and disrupted an AI-assisted zero-day exploit targeting a web-based administration tool’s two-factor authentication by exploiting a hardcoded trust assumption.
Information security
fromTNW | Data-Security
1 hour ago

Google identifies first AI-developed zero-day exploit and thwarts planned mass exploitation event

Google identified an AI-assisted zero-day exploit, disrupted a planned mass exploitation event, and documented state-sponsored AI use in vulnerability research and malware development.
Information security
fromThe Verge
1 day ago

Google stopped a zero-day hack that it says was developed with AI

Google identified and disrupted an AI-assisted zero-day exploit targeting a web-based administration tool’s two-factor authentication by exploiting a hardcoded trust assumption.
more#zero-day-vulnerabilities
Information security
fromTechRepublic
2 hours ago

Over 1 Million Baby Monitors, Security Cameras Exposed Through Meari Flaws

Vulnerabilities in Meari Technology exposed private baby monitor and camera data across over one million devices, including images, motion alerts, and real-time activity.
Information security
fromThe Hacker News
2 hours ago

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

Exim security updates fix CVE-2026-45185, a GnuTLS-related BDAT use-after-free that can cause heap corruption and potential code execution.
Information security
fromInfoQ
20 hours ago

GitHub Expands Secret Scanning with General Availability of MCP Server Integration

GitHub added general availability of secret scanning via its MCP Server to let AI agents and automation detect and remediate exposed credentials in structured workflows.
Information security
fromSearch Storage
14 hours ago

Attackers targeting storage infrastructure for remote work | TechTarget

Threat actors increasingly target storage infrastructure to access valuable data, disable backups, steal credentials, and spread ransomware impact efficiently.
#supply-chain-attacks
Information security
fromThe Hacker News
11 hours ago

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP modified npm and PyPI packages to run obfuscated environment profiling and credential stealing, exfiltrating data via external domains and GitHub token abuse.
fromtheregister
1 day ago
Information security

Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged

A modified Checkmarx Jenkins AST plugin was published on the Jenkins Marketplace, and untrusted versions must be replaced with the verified release.
fromSecurityWeek
1 day ago
Information security

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack

A modified Checkmarx Jenkins AST plugin was published via the Jenkins Marketplace, prompting users to update to a safe version. Supply-chain compromise traces to prior repository access.
Information security
fromThe Hacker News
11 hours ago

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP modified npm and PyPI packages to run obfuscated environment profiling and credential stealing, exfiltrating data via external domains and GitHub token abuse.
Information security
fromInfoWorld
3 hours ago

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

Automated Mini Shai-Hulud worm attacks rapidly spread through package ecosystems on May 11 by hijacking release pipelines via pull_request_target and maintainer misconfigurations.
Information security
fromtheregister
1 day ago

Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged

A modified Checkmarx Jenkins AST plugin was published on the Jenkins Marketplace, and untrusted versions must be replaced with the verified release.
Information security
fromSecurityWeek
1 day ago

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack

A modified Checkmarx Jenkins AST plugin was published via the Jenkins Marketplace, prompting users to update to a safe version. Supply-chain compromise traces to prior repository access.
more#supply-chain-attacks
#cybersecurity
Information security
fromwww.bbc.com
10 hours ago

Canvas hack: company pays criminals to delete students' stolen data

Instructure paid hackers to prevent publication of stolen Canvas data, returning it with digital confirmation of destruction and preventing extortion of affected customers.
Information security
fromwww.bbc.com
10 hours ago

Canvas hack: company pays criminals to delete students' stolen data

Instructure paid hackers to prevent publication of stolen Canvas data, returning it with digital confirmation of destruction and preventing extortion of affected customers.
Information security
fromComputerworld
7 hours ago

OpenAI introduces Daybreak cyber platform, takes on Anthropic Mythos

Daybreak automates vulnerability detection, patch testing, and audit-ready verification to continuously secure software across enterprise development lifecycles.
Information security
fromThe Hacker News
13 hours ago

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

Daybreak combines OpenAI frontier AI with Codex Security to help organizations find and patch vulnerabilities before attackers exploit them.
Information security
fromThe Hacker News
13 hours ago

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

Instructure reached an agreement with a cyber extortion group after a Canvas breach, returning stolen data and confirming destruction to protect impacted customers.
more#cybersecurity
Information security
fromMedium
3 hours ago

AI's Double-Edged Sword: Innovation, Risk, and the Expanding Attack Surface

AI capability is expanding cybersecurity risks by turning intelligence and autonomy into attack vectors for fraud, misinformation, and physical threats.
#agentic-ai
Information security
fromSecurityWeek
3 hours ago

Exaforce Raises $125 Million for Agentic SOC Platform

Exaforce raised $125M Series B to expand its agentic SOC platform using Exabots for autonomous detection, triage, investigation, and response across cloud and SaaS.
more#agentic-ai
#soc-operations
Information security
fromSecurityWeek
9 hours ago

Is The SOC Obsolete, And We Just Haven't Admitted It Yet?

SOC operations are increasingly mismatched to machine-speed threats, and current AI SOC promises rarely replace human investigation and contextual decision-making.
Information security
fromThe Hacker News
8 hours ago

Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help

High-risk SOC alerts go unanswered due to structural coverage ceilings, lack of specialized expertise, and automation limits that deprioritize unfamiliar or novel alert categories.
more#soc-operations
Information security
fromTechRepublic
7 hours ago

Google Says Hackers Used AI to Build Zero-Day Exploit

A zero-day exploit with AI assistance targeted 2FA in an open-source web administration tool, but was disrupted before large-scale use.
Information security
fromtheregister
8 hours ago

Cache-poisoning caper turns TanStack npm packages toxic

Eighty-four malicious TanStack npm package versions stole credentials, self-propagated, and wiped disks after poisoning GitHub Actions caches and extracting npm OIDC tokens.
Information security
fromSecurityWeek
9 hours ago

Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means

Claude Mythos testing of curl found only one low-severity vulnerability, challenging claims of thousands of zero-days and suggesting curl’s security may be strong.
#ai-cybersecurity
Information security
fromTNW | Openai
4 hours ago

OpenAI launches Daybreak to take on Anthropic's Mythos in cyber defence

Daybreak pairs GPT-5.5 variants with security partners to model threats, find vulnerabilities, generate patches, and validate fixes in enterprise codebases under controlled access.
Information security
fromTechCrunch
5 hours ago

Exaforce raises $125M Series B to build AI for catching and stopping cyberattacks as they happen | TechCrunch

AI-enabled security operations can detect and stop threats in real time while reducing analyst workload by automating investigation and filtering false positives.
Information security
fromComputerWeekly.com
1 day ago

AI cyber attack threatens global financial crisis, warns International Monetary Fund | Computer Weekly

AI-powered cyber attacks could destabilize the financial system by disrupting payments, solvency, and liquidity, especially through shared cloud vulnerabilities.
Information security
fromFortune
1 day ago

'It's here': Google issues dire warning after catching hackers using AI to break into computers | Fortune

AI is already being used by criminal groups to exploit previously unknown digital vulnerabilities, increasing cybersecurity risks for governments and companies.
Information security
fromEngadget
1 day ago

Google announces its first-ever discovery of a zero-day exploit made with AI - Engadget

A threat actor used an AI-developed zero-day exploit, prompting patches and showing both offensive and defensive AI capabilities in cybersecurity.
Information security
fromComputerworld
23 hours ago

IMF warns of the potential for AI attacks on global financial systems

AI could accelerate and enhance cyberattacks, threatening global financial stability through faster exploitation of vulnerabilities across shared financial infrastructure.
Information security
fromTNW | Openai
4 hours ago

OpenAI launches Daybreak to take on Anthropic's Mythos in cyber defence

Daybreak pairs GPT-5.5 variants with security partners to model threats, find vulnerabilities, generate patches, and validate fixes in enterprise codebases under controlled access.
Information security
fromTechCrunch
5 hours ago

Exaforce raises $125M Series B to build AI for catching and stopping cyberattacks as they happen | TechCrunch

AI-enabled security operations can detect and stop threats in real time while reducing analyst workload by automating investigation and filtering false positives.
Information security
fromComputerWeekly.com
1 day ago

AI cyber attack threatens global financial crisis, warns International Monetary Fund | Computer Weekly

AI-powered cyber attacks could destabilize the financial system by disrupting payments, solvency, and liquidity, especially through shared cloud vulnerabilities.
Information security
fromFortune
1 day ago

'It's here': Google issues dire warning after catching hackers using AI to break into computers | Fortune

AI is already being used by criminal groups to exploit previously unknown digital vulnerabilities, increasing cybersecurity risks for governments and companies.
Information security
fromEngadget
1 day ago

Google announces its first-ever discovery of a zero-day exploit made with AI - Engadget

A threat actor used an AI-developed zero-day exploit, prompting patches and showing both offensive and defensive AI capabilities in cybersecurity.
Information security
fromComputerworld
23 hours ago

IMF warns of the potential for AI attacks on global financial systems

AI could accelerate and enhance cyberattacks, threatening global financial stability through faster exploitation of vulnerabilities across shared financial infrastructure.
more#ai-cybersecurity
Information security
fromSecurityWeek
10 hours ago

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

A coordinated Mini Shai-Hulud supply chain attack compromised 170+ packages, stealing tokens and credentials and spreading via CI publishing of malicious package versions.
#ransomware
Information security
fromwww.bbc.com
1 day ago

Cyber-crime increasingly coming with threats of physical violence

Ransomware attacks increasingly include threats of physical violence, with a significant share of incidents involving harm to staff who refuse to pay.
Information security
fromwww.bbc.com
1 day ago

Cyber-crime increasingly coming with threats of physical violence

Ransomware attacks increasingly include threats of physical violence, with a significant share of incidents involving harm to staff who refuse to pay.
more#ransomware
Information security
fromwww.cbc.ca
2 hours ago

Instructure strikes deal with hackers after massive Canvas cyber breach hits universities | CBC News

Instructure reached an agreement with the hacking group, received verification of data destruction, and assured customers would not face extortion or further targeting.
Information security
fromtheregister
7 hours ago

Frontier AI safety tests may be creating the very risks they're meant to stop

Third-party AI evaluations require outsider access, but inconsistent standards and weak controls create new risks of theft, tampering, espionage, and abuse.
Information security
fromThe Hacker News
7 hours ago

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

TrickMo C uses TON-based command-and-control and updated network features to target banking and crypto users while turning infected devices into traffic-exit nodes.
#linux-kernel
Information security
fromInfoQ
20 hours ago

Copy Fail and Dirty Frag: Linux Page-Cache Exploits Target Every Major Distribution

Two Linux kernel local privilege escalation flaws enable unprivileged users to obtain root by manipulating page cache via AF_ALG and related logic bugs.
Information security
fromArs Technica
22 hours ago

Linux bitten by second severe vulnerability in as many weeks

Kernel page-cache handling bugs allow untrusted users to modify cached pages via splice-pinned buffers, enabling privilege escalation through corrupted in-memory data.
Information security
fromSecurityWeek
1 day ago

New 'Dirty Frag' Linux Vulnerability Possibly Exploited in Attacks

Dirty Frag and Copy Fail 2 chain two Linux kernel flaws to enable reliable local privilege escalation to root, with possible in-the-wild exploitation.
Information security
fromInfoQ
20 hours ago

Copy Fail and Dirty Frag: Linux Page-Cache Exploits Target Every Major Distribution

Two Linux kernel local privilege escalation flaws enable unprivileged users to obtain root by manipulating page cache via AF_ALG and related logic bugs.
Information security
fromArs Technica
22 hours ago

Linux bitten by second severe vulnerability in as many weeks

Kernel page-cache handling bugs allow untrusted users to modify cached pages via splice-pinned buffers, enabling privilege escalation through corrupted in-memory data.
Information security
fromSecurityWeek
1 day ago

New 'Dirty Frag' Linux Vulnerability Possibly Exploited in Attacks

Dirty Frag and Copy Fail 2 chain two Linux kernel flaws to enable reliable local privilege escalation to root, with possible in-the-wild exploitation.
more#linux-kernel
Information security
from24/7 Wall St.
8 hours ago

5 Cybersecurity Stocks That May Be Acquired in 2026's M&A Wave

Cybersecurity M&A in 2026 is accelerating as platform consolidation, AI disruption, and hyperscaler demand drive acquisitions of sub-scale vendors.
#cybercrime
Information security
fromNextgov.com
1 day ago

Canvas breach spotlights cybercriminal appetite for student data

Education technology platforms like Canvas are being targeted for breaches that can expose student data and enable fraud, identity theft, extortion, and further intrusions.
Information security
fromtheregister
4 hours ago

Congress investigates Canvas breach as company pays ransom

US Congress summoned Instructure CEO Steve Daly to explain two Canvas breaches, including data accessed, containment, notifications, and coordination with federal law enforcement and CISA.
Information security
fromNextgov.com
1 day ago

Canvas breach spotlights cybercriminal appetite for student data

Education technology platforms like Canvas are being targeted for breaches that can expose student data and enable fraud, identity theft, extortion, and further intrusions.
more#cybercrime
Information security
fromTechzine Global
7 hours ago

Cisco open-sources Foundry Security Spec for CISO-ready agents

Foundry Security Spec standardizes LLM-based security evaluations with orchestration, validation, coverage tracking, and auditable outputs.
Information security
fromSecurityWeek
7 hours ago

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware

CRPx0 uses a free OnlyFans lure to deliver stealthy malware that steals cryptocurrency, exfiltrates data, and deploys ransomware via persistence and C2 control.
Information security
fromEngadget
3 hours ago

Google announces upcoming security tools for Android, including enhanced protection against banking scam calls - Engadget

Android adds protections against banking scam calls, expands live threat detection for abusive apps, and introduces device-theft security settings.
Information security
fromSecurityWeek
4 hours ago

Adobe Patches 52 Vulnerabilities in 10 Products

Adobe released patches for 52 vulnerabilities across 10 products, including critical flaws enabling arbitrary code execution and privilege escalation.
#linux-kernel-security
fromZDNET
1 day ago
Information security

Dirty Frag is a new Linux bug putting your system at risk - and there's no easy fix yet

fromtheregister
1 day ago
Information security

Linux kernel maintainers pitch emergency killswitch after CopyFail and Dirty Frag chaos

Information security
fromTechzine Global
13 hours ago

Linux kernel kill switch proposal sparks fierce debate

Privileged administrators could disable vulnerable kernel functions temporarily until patches arrive, reducing exposure during zero-day gaps but raising concerns about delaying patching and adding operational risk.
Information security
fromZDNET
1 day ago

Dirty Frag is a new Linux bug putting your system at risk - and there's no easy fix yet

Dirty Frag enables local privilege escalation from an unprivileged account to root by corrupting kernel page cache via networking and authentication logic bugs.
Information security
fromtheregister
1 day ago

Linux kernel maintainers pitch emergency killswitch after CopyFail and Dirty Frag chaos

Admins could disable specific vulnerable kernel functions at runtime to stop exploits before patches are built, distributed, and rebooted.
more#linux-kernel-security
fromTechzine Global
4 hours ago

Veeam launches DataAI Command Platform for the agentic era

“The infrastructure to deploy AI exists. The infrastructure to trust it doesn't. With the DataAI Command Platform, Veeam is building the missing layer combining resilience, security, governance, compliance and privacy, in one platform.”
Information security
Information security
fromtheregister
4 hours ago

FCC walks back router update ban before it bricked America's network security

The FCC extended update waivers for certain foreign-made routers to prevent millions of devices from becoming unpatched through at least January 1, 2029.
#ai-security
Information security
fromSecurityWeek
5 hours ago

White Circle Raises $11 Million for AI Control Platform

White Circle raised $11M seed funding to build an AI control layer that monitors inputs/outputs, detects risks, enforces policies, and improves model accuracy over time.
Information security
fromtheregister
1 day ago

Anthropic's bug-hunting Mythos was greatest marketing stunt ever, says cURL creator

A scan using Anthropic’s Mythos found only one confirmed cURL vulnerability, with other findings largely false positives or minor bugs.
Information security
fromSecurityWeek
5 hours ago

White Circle Raises $11 Million for AI Control Platform

White Circle raised $11M seed funding to build an AI control layer that monitors inputs/outputs, detects risks, enforces policies, and improves model accuracy over time.
Information security
fromtheregister
1 day ago

Anthropic's bug-hunting Mythos was greatest marketing stunt ever, says cURL creator

A scan using Anthropic’s Mythos found only one confirmed cURL vulnerability, with other findings largely false positives or minor bugs.
more#ai-security
Information security
fromThe Verge
7 hours ago

Canvas owner reaches 'agreement' with hackers to secure stolen data

Instructure reached an agreement with hackers after a Canvas breach, claiming stolen data was returned and customers will not be extorted.
Information security
fromwww.theregister.com
15 hours ago

Japan's PM orders cybersecurity review to defend against Anthropic Mythos

Japan ordered a cabinet-level review of cybersecurity strategy to assess government system vulnerabilities and ensure critical infrastructure operators can detect and fix them amid AI-enabled attack risks.
Information security
fromTNW | Business
11 hours ago

ServiceNow lines up $4bn bond sale to refinance Armis acquisition debt

ServiceNow plans a $4bn US high-grade bond sale to refinance 2025 debt used for its Armis acquisition and support AI-driven growth.
#secure-by-design
Information security
fromZDNET
1 day ago

Beyond the cleanup job: Redefining application security for the modern enterprise

Security must be built into software before release through a funded, managed, repeatable operating model with board-level accountability.
fromZDNET
1 day ago
Information security

Stopping bugs before they ship: The shift to preventative security

Secure software requires proactive security practices before coding, using threat modeling and dependency hygiene to reduce supply chain and design risks.
Information security
fromZDNET
1 day ago

Beyond the cleanup job: Redefining application security for the modern enterprise

Security must be built into software before release through a funded, managed, repeatable operating model with board-level accountability.
Information security
fromZDNET
1 day ago

Stopping bugs before they ship: The shift to preventative security

Secure software requires proactive security practices before coding, using threat modeling and dependency hygiene to reduce supply chain and design risks.
more#secure-by-design
Information security
fromZDNET
1 day ago

The patching treadmill: Why traditional application security is no longer enough

Continuous deployment and scanning create endless find-and-fix cycles, overwhelming teams and making old security models obsolete.
Information security
fromSecurityWeek
1 day ago

Build Application Firewalls Aim to Stop the Next Supply Chain Attack

Supply chain attacks repeatedly compromise CI/CD build processes via trusted dependencies, enabling malicious code to enter builds and deliver payloads through automation.
Information security
fromInfoWorld
1 day ago

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

Malicious Hugging Face model repos can impersonate legitimate releases, inflate popularity, and deliver credential-stealing malware to Windows systems through deceptive setup files.
Information security
fromThe Hacker News
1 day ago

Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More

Attackers are actively exploiting newly weaponized Ivanti EPMM and Palo Alto PAN-OS vulnerabilities, including root-level remote code execution flaws.
Information security
fromDevOps.com
1 day ago

How Open Source Dependency and Repo Attacks Compromise DevOps Pipelines and How to Stay Safe - DevOps.com

Open source repositories are continuously targeted, and supply-chain attacks exploit weak dependency governance and insecure development practices to compromise many systems at once.
Information security
fromZDNET
1 day ago

Linux is getting a security wake-up call - why it was inevitable and I'm not worried

Linux security is no longer guaranteed as vulnerabilities rise, but kernel development is responding to reduce risk for users and organizations.
Information security
fromSecurityWeek
1 day ago

Over 500 Organizations Hit in Years-Long Phishing Campaign

Operation HookedWing has stolen over 2,000 credentials from 500+ organizations using long-running, adaptive phishing infrastructure and targeted lures across many sectors.
Information security
fromtheregister
1 day ago

Cookie thieves caught stealing dev secrets via fake Claude Code installers

A fake Claude Code installer delivers malware that abuses IElevator2 to exfiltrate decrypted cookies, passwords, and payment data from Chromium-based browsers.
Information security
fromDevOps.com
1 day ago

Lyrie.ai Joins First Batch of Anthropic's Cyber Verification Program - DevOps.com

Agent Trust Protocol (ATP) provides an open cryptographic standard to verify AI agent identity, authorization scope, and tamper status for autonomous internet actions.
Information security
fromThe Hacker News
1 day ago

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

A critical cPanel flaw enables authentication bypass and remote control, with attackers deploying Filemanager backdoors, credential-stealing web shells, and cross-platform malware.
Information security
fromThe Hacker News
1 day ago

Your Purple Team Isn't Purple - It's Just Red and Blue in the Same Room

Attackers exploit vulnerabilities faster than defenders can validate and patch, making traditional purple teaming impractical; automated iterative purple teaming can close the gap.
Information security
fromTechzine Global
1 day ago

Checkmarx Jenkins plugin compromised in new supply chain attack

A backdoored Checkmarx Jenkins AST plugin release compromises Jenkins instances, requiring immediate plugin replacement and full secret rotation across multiple credential types.
Information security
fromComputerworld
1 day ago

Apple needs to fix admin authentication in ABM

Admins must use non-federated Apple Account sign-in with Apple two-factor authentication, which often relies on SMS codes vulnerable to SIM swapping, phishing, and interception.
Information security
fromSecurityWeek
1 day ago

SailPoint Discloses GitHub Repository Hack

Unauthorized access to a subset of GitHub repositories was detected and contained, with no evidence of customer data access or service interruption.
Information security
fromThe Cipher Brief
4 days ago

The Intelligence Community's Acquisition Revolution: Can Washington Move Fast Enough?

CIA procurement is being overhauled to adopt commercial innovation faster through structural reforms and new technology-focused initiatives.
fromThe Hacker News
1 day ago

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. "If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously," the cybersecurity company said in a statement over the weekend.
Information security
fromtheregister
1 day ago

Taiwan's train cyber-trauma reveals a global system that's coming off the tracks

There are three little words to make the heart beat faster in anyone who knows what they mean: critical infrastructure resilience. If you run that infrastructure or a country dependent on it, you need energy, communication and transport to be impregnable to cyber attacks. This is doubly so if that country is five minutes by incoming missile from an implacable hyper-competent enemy sworn to invade you.
Information security
Information security
fromFuturism
2 days ago

Vibe Coded Apps Are Spilling Users' Personal Information Directly Into the Maw of Greedy Hackers

Vibe coding enables rapid app creation but frequently produces insecure deployments that expose sensitive user and corporate data.
Information security
fromThe Hacker News
2 days ago

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

A heap out-of-bounds read in Ollama’s GGUF loader can let remote unauthenticated attackers leak entire process memory via /api/create.
Information security
fromnews.bitcoin.com
3 days ago

Layerzero Discloses RPC Poisoning Incident Linked to $292M KelpDAO Hack

Lazarus Group poisoned Layerzero internal RPC sources and exploited DVN configuration weaknesses, impacting a small share of apps and TVL, prompting migration to 5/5 DVN and multisig hardening.
[ Load more ]