Foxconn confirms cyberattack claimed by Nitrogen ransomware gang
Foxconn, the world's largest electronics manufacturer, says some of its North American factories are now working to resume normal operations after a cyberattack.
Category / Security
Security briefings
Cybersecurity briefings on breaches, exploited vulnerabilities, ransomware, incident response, and systemic security failures.
Signal adds security warnings for social engineering, phishing attacks
Signal has introduced new in-app confirmations and warning messages as additional safeguards against phishing and social engineering attempts that could lead to various forms of fraud.
Official CheckMarx Jenkins package compromised with infostealer
Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace.
LLMs and Text-in-Text Steganography
Turns out that LLMs are really good at hiding text messages in other text messages.
Why Changing Passwords Doesn’t End an Active Directory Breach
Resetting a password doesn't always remove attackers from Active Directory. Specops Software explains how cached credentials and Kerberos tickets can keep attackers authenticated after a reset. Password resets are often the first respons…
JDownloader site hacked to replace installers with Python RAT
The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found deploying a Python-based remote access trojan.
Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia
Evidence of them has been found by analyzing DNA in the seawater. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
Insider Betting on Polymarket
Insider trading is rife on Polymarket: Analysis by the Anti-Corruption Data Collective, a non-profit research and advocacy group, found that long-shot bets—defined as wagers of $2,500 or more at odds of 35 percent or less—on the platfo…
NVIDIA confirms GeForce NOW data breach affecting Armenian users
NVIDIA has confirmed in a statement for BleepingComputer that GeForce NOW user information has been exposed in a data breach.
Canvas Breach Disrupts Schools & Colleges Nationwide
New security development detected from Krebs on Security. An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the Un…
CISA gives feds four days to patch Ivanti flaw exploited as zero-day
CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. The U.S.
Ivanti warns of new EPMM flaw exploited in zero-day attacks
Ivanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks.
Trellix source code breach claimed by RansomHouse hackers
The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion.
DAEMON Tools devs confirm breach, release malware-free version
Disc Soft Limited, the maker of DAEMON Tools Lite, confirmed that the software had been trojanized in a supply chain attack and released a new, malware-free version.
Hackers abuse Google ads for GoDaddy ManageWP login phishing
A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy's platform for managing fleets of WordPress websites. A phishing campaign delivered through Google sponsored search resu…
Palo Alto Networks firewall zero-day exploited for nearly a month
Palo Alto Networks warned customers that suspected state-sponsored hackers have been exploiting a critical-severity PAN-OS firewall zero-day vulnerability for nearly a month.
Smart Glasses for the Authorities
ICE is developing its own version of smart glasses, with facial recognition tied to various databases.
DAEMON Tools trojanized in supply-chain attack to deploy backdoor
Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website.
New stealthy Quasar Linux malware targets software developers
A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers' systems with a mix of rootkit, backdoor, and credential-stealing capabilities.
Rowhammer Attack Against NVIDIA Chips
A new rowhammer attack gives complete control of NVIDIA CPUs. On Thursday, two research teams, working independently of each other, demonstrated attacks against two cards from Nvidia’s Ampere generation that take GPU rowhammering into ne…
Why ransomware attacks succeed even when backups exist
Backups don't fail because they're missing, they fail because attackers destroy them first. Acronis explains how ransomware targets backup systems before encryption, leaving no path to recovery. Written by Subramani Raom Senior Manager,…
Amazon SES increasingly abused in phishing to evade detection
The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective.
Weaver E-cology critical bug exploited in attacks since March
Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands.
Instructure confirms data breach, ShinyHunters claims attack
Educational tech giant Instructure has confirmed that data was stolen in a cyberattack, with the ShinyHunters extortion gang claiming responsibility.
Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha
Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts, and in some cases, removing certificates from Windows. Update: Added Microsoft's statem…
They don’t hack, they borrow: How fraudsters target credit unions
Fraudsters aren't hacking credit unions, they are exploiting normal business processes. Flare reveals how structured loan fraud methods use stolen identities to pass verification and secure funds. Threat actors across underground forums…
Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks
A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in "Sorry" ransomware attacks.
15-year-old detained over French govt agency data breach
French authorities have detained a 15-year-old suspected of selling data stolen in a cyberattack on France Titres (ANTS), the country's agency for issuing and managing administrative documents. French authorities have detained a 15-year-…
Edu tech firm Instructure discloses cyber incident, probes impact
Instructure, the company behind the widely used Canvas learning platform, has disclosed that it recently suffered a cybersecurity incident and is now investigating its impact.
A Ransomware Negotiator Was Working for a Ransomware Gang
Someone pleaded guilty to secretly working for a ransomware gang as he negotiated ransomware payments for clients.
US ransomware negotiators get 4 years in prison over BlackCat attacks
Two former employees of cybersecurity incident response companies Sygnia and DigitalMint were sentenced to four years in prison each for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks.
Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
New security development detected from Krebs on Security. A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of…
Critical cPanel and WHM bug exploited as a zero-day, PoC now available
The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February.
Popular WordPress redirect plugin hid dormant backdoor for years
The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that allows injecting arbitrary code into users' sites. The Quick Page/Post Redirect plugin, installed on more than 7…
Broken VECT 2.0 ransomware acts as a data wiper for large files
Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them.
CISA orders feds to patch Windows flaw exploited as zero-day
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks.
Video service Vimeo confirms Anodot breach exposed user data
Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company.
Home security giant ADT data breach affects 5.5 million people
The ShinyHunters extortion group stole the personal information of 5.5 million individuals after breaching the systems of home security giant ADT earlier this month, according to data breach notification service Have I Been Pwned.
PyPI package with 1.1M monthly downloads hacked to push infostealer
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets.
Robinhood account creation flaw abused to send phishing emails
Online trading platform Robinhood's account creation process was exploited by threat actors to inject phishing messages into legitimate emails, tricking users into believing their accounts had suspicious activity.
American utility firm Itron discloses breach of internal IT network
Itron, Inc. has disclosed, via an 8-K filing with the U.S. Securities and Exchange Commission (SEC), a cybersecurity incident in which an unauthorized third party accessed certain internal systems. Utility technology company Itron, Inc.
Medieval Encrypted Letter Decoded
Sent by a Spanish diplomat. Apparently people have been working on it since it was rediscovered in 1860.
Medtronic confirms breach after hackers claim 9 million records theft
Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in "certain corporate IT systems." Medical device giant Medtronic disclosed last week that hackers breached its network and accessed d…
Threat actor uses Microsoft Teams to deploy new “Snow”
A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named 'Snow' which includes a browser extension, a tunneler, and a backdoor. A threat group tracked as UNC6692 uses social engineering to dep…
Friday Squid Blogging: How Squid Survived Extinction Events
Science news: Scientists have finally cracked a long-standing mystery about squid and cuttlefish evolution by analyzing newly sequenced genomes alongside global datasets. The research reveals that these bizarre, intelligent creatures lik…
Bitwarden CLI npm package compromised to steal developer credentials
The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
Hackers exploit file upload bug in Breeze Cache WordPress plugin
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication.
Hiding Bluetooth Trackers in Mail
It was used to track a Dutch naval ship: Dutch journalist Just Vervaart, working for regional media network Omroep Gelderland, followed the directions posted on the Dutch government website and mailed a postcard with a hidden tracker ins…
Trigona ransomware attacks use custom exfiltration tool to steal data
Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently.
Apple fixes iOS bug that retained deleted notification data
Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notifications marked for deletion to remain stored on the device.
CISA orders feds to patch BlueHammer flaw exploited as zero-day
CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has been exploited in zero-day attacks. CISA has given U.S.
FBI Extracts Deleted Signal Messages from iPhone Notification Database
404 Media reports (alternate site): The FBI was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because copies of the content were saved in the device’s push noti…
Kyber ransomware gang toys with post-quantum encryption on Windows
A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption.
Assess your National Cybersecurity Capabilities and Maturity with the updated ENISA Framework
ENISA is the EU agency dedicated to enhancing cybersecurity in Europe. They offer guidance, tools, and resources to safeguard citizens and businesses from cyber threats. ENISA has released the updated National Capabilities Assessment fra…
French govt agency confirms breach as hacker offers to sell data
France Titres, the government agency in France for issuing and managince administrative documents has disclosed a data breach after a threat actor claimed the attack and stealing citizen data.
ICE Uses Graphite Spyware
ICE has admitted that it uses spyware from the Israeli company Graphite.
New Lotus data wiper used against Venezuelan energy, utility firms
A previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations in Venezuela.
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
New security development detected from Krebs on Security. A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft.
CISA flags new SD-WAN flaw as actively exploited in attacks
CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. The U.S.
Stopping Fraud at Each Stage of the Customer Journey Without Adding Friction
Fraud prevention and user experience don't have to be a tradeoff. IPQS shows how combining identity, device, and network signals stops fraud without adding friction. Fraud prevention and user experience have long been treated as opposing…
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate.
Apple account change alerts abused to send phishing emails
Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple's servers, increasing legitimacy and potentially allowing them to bypass spam filters.
Is “Satoshi Nakamoto” Really Adam Back?
The New York Times has a long article where the author lays out an impressive array of circumstantial evidence that the inventor of Bitcoin is the cypherpunk Adam Back. I don’t know. The article is convincing, but it’s written to be conv…
Vercel confirms breach as hackers claim to be selling stolen data
Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. Update 4/19/26: Added additional information from Vercel that was disclo…
Critical flaw in Protobuf library enables JavaScript code execution
Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly popular in the Node Package Manager (npm)…
Friday Squid Blogging: New Giant Squid Video
Pretty fantastic video from Japan of a giant squid eating another squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
Payouts King ransomware uses QEMU VMs to bypass endpoint security
The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security.
Operation PowerOFF identifies 75k DDoS users, takes down 53 domains
The latest wave of "Operation PowerOFF," on April 13, 2026, targeted the distributed denial-of-service (DDoS) ecosystem and its users across 21 countries. More than 75,000 individuals using distributed denial-of-service (DDoS) platforms…
Recently leaked Windows zero-days now exploited in attacks
Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions.
Data breach at edtech giant McGraw Hill affects 13.5 million accounts
The ShinyHunters extortion group has leaked data from 13.5 million McGraw Hill user accounts, stolen after breaching the company's Salesforce environment earlier this month.
WordPress plugin suite hacked to push malware to thousands of sites
More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them.
Crypto-exchange Kraken extorted by hackers after insider breach
The Kraken cryptocurrency exchange announced that a cybercrime group is trying to extort the company by threatening to release videos showing internal systems that host client data.
Defense in Depth, Medieval Style
This article on the walls of Constantinople is fascinating. The system comprised four defensive lines arranged in formidable layers: The brick-lined ditch, divided by bulkheads and often flooded, 1520 meters wide and up to 7 meters deep…
Patch Tuesday, April 2026 Edition
New security development detected from Krebs on Security. Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-…
Friday Squid Blogging: Squid Overfishing in the South Pacific
Regulation is hard: The South Pacific Regional Fisheries Management Organization (SPRFMO) oversees fishing across roughly 59 million square kilometers (22 million square miles) of the South Pacific high seas, trying to impose order on a…
Healthcare IT solutions provider ChipSoft hit by ransomware attack
Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers.
New ‘LucidRook’ malware used in targeted attacks on NGOs, universities
A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan.
New VENOM phishing attacks steal senior executives' Microsoft logins
Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials of C-suite executives across multiple industries. Threat actors using a previously undocumented phishing-as-a-s…
Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools.
Eurail says December data breach impacts 300,000 individuals
Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025 data breach.
Hackers exploiting Acrobat Reader zero-day flaw since December
Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December.
Russia Hacked Routers to Steal Microsoft Office Tokens
New security development detected from Krebs on Security. Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security…
Snowflake customers hit in data theft attacks after SaaS integrator breach
Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen.
Hong Kong Police Can Force You to Reveal Your Encryption Keys
the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.—even if you are just transiting the airport. In a security alert dated March 26, the U.S. Consulate General said that,…
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
New security development detected from Krebs on Security. An elusive hacker who went by the handle “UNKN” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face.
Google Wants to Transition to Post-Quantum Cryptography by 2029
Google says that it will fully transition to post-quantum cryptography by 2029. I think this is a good move, not because I think we will have a useful quantum computer anywhere near that year, but because crypto-agility is always a good…
Hackers exploit React2Shell in automated credential theft campaign
Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps.
Traffic violation scams switch to QR codes in new phishing texts
Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing pers…
Axios npm hack used fake Teams error fix to hijack maintainer account
The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been conducted by North Korean threat actors. The…
Device code phishing attacks surge 37x as new kits spread online
Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year.
Friday Squid Blogging: Jurassic Fish Chokes on Squid
Here’s a fossil of a 150-million year old fish that choked to death on a belemnite rostrum: the hard, internal shell of an extinct, squid-like animal. Original paper. As usual, you can also use this squid post to talk about the security…
Hims & Hers warns of data breach after Zendesk support ticket breach
Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform.
Company that Secretly Records and Publishes Zoom Meetings
WebinarTV searches the internet for public Zoom invites, joins the meetings, secretly records them, and publishes (alternate link) the recordings. It doesn’t use the Zoom record feature, so Zoom can’t do anything about it.
ENISA advances the certification of EU Digital Wallets
ENISA is the EU agency dedicated to enhancing cybersecurity in Europe. They offer guidance, tools, and resources to safeguard citizens and businesses from cyber threats. ENISA launches a public consultation on the draft candidate EU Digi…
US Bans All Foreign-Made Consumer Routers
This is for new routers; you don’t have to throw away your existing ones: The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical in…
Is “Hackback” Official US Cybersecurity Strategy?
The 2026 US “Cyber Strategy for America” document is mostly the same thing we’ve seen out of the White House for over a decade, but with a more aggressive tone. But one sentence stood out: “We will unleash the private sector by creating…
New EvilTokens service fuels Microsoft device code phishing attacks
A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks.
Possible US Government iPhone Hacking Tool Leaked
Wired writes (alternate source): Security researchers at Google on Tuesday released a report describing what they’re calling “Coruna,” a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable o…
A Taxonomy of Cognitive Security
Last week, I listened to a fascinating talk by K. Melton on cognitive security, cognitive hacking, and reality pentesting. The slides from the talk are here, but—even better—Menton has a long essay laying out the basic concepts and ideas…
Axios malware incident shows how npm account compromise can become cross-platform developer compromise
Malicious Axios releases on npm reportedly delivered a cross-platform RAT, turning one of the ecosystem’s most widely used JavaScript dependencies into a supply-chain compromise with immediate developer impact.
Cisco source code theft shows how upstream supply-chain compromises can spill into internal development systems
Reporting says attackers used credentials exposed through the Trivy supply-chain campaign to breach a Cisco development environment and steal source code, showing how one ecosystem compromise can cascade into secondary enterprise intrusions.
European Commission confirms data breach after Europa.eu hack
The European Commission has confirmed a data breach after its Europa.eu web platform was hacked in a cyberattack claimed by the ShinyHunters extortion gang.
Inventors of Quantum Cryptography Win Turing Award
Charles Bennett and Gilles Brassard have won the 2026 Turing Award for inventing quantum cryptography. I am incredibly pleased to see them get this recognition. I have always thought the technology to be fantastic, even though I think it…
Apple’s Camera Indicator Lights
A thoughtful review of Apple’s system to alert users that the camera is on. It’s really well-designed, and important in a world where malware could surreptitiously start recording. The reason it’s tempting to think that a dedicated camer…
‘CanisterWorm’ Springs Wiper Attack Targeting Iran
New security development detected from Krebs on Security. A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and w…
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
Threat actors are exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), enabling them to impersonate users and potentially take over administrative accounts.
Friday Squid Blogging: Jumbo Flying Squid in the South Pacific
The population needs better conservation. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
New security development detected from Krebs on Security. The U.S.
CISA links Stryker breach to rising endpoint management system attacks, releases hardening guidance
CISA is aware of malicious cyber activity targeting endpoint management systems following the March 2026 cyberattack against Stryker Corporation. The agency has issued best-practice guidance for securing Microsoft Intune and similar platforms.
CISA adds Wing FTP information disclosure flaw to KEV after active exploitation
CISA has added CVE-2025-47813, a Wing FTP Server information disclosure vulnerability, to the Known Exploited Vulnerabilities catalog based on evidence of active exploitation.
GlassWorm ForceMemo campaign shows how stolen GitHub tokens can silently poison Python repos
Researchers say a GlassWorm-linked campaign used stolen GitHub tokens to force-push obfuscated malware into Python repositories, turning account takeover into a stealthy software supply-chain distribution channel.
CISA adds two Google browser and graphics flaws to KEV catalog after active exploitation
CISA has added CVE-2026-3909 in Google Skia and CVE-2026-3910 in Chromium V8 to the Known Exploited Vulnerabilities catalog, turning a routine patching task into a live exposure-management priority.
APT28 cloud-backed espionage tooling shows the value of old frameworks in new campaigns
ESET says APT28 has used BEARDSHELL, SLIMAGENT, and a heavily modified COVENANT framework to maintain long-term surveillance of Ukrainian military targets while abusing legitimate cloud storage services for command and control.
CISA adds n8n remote code execution flaw to KEV catalog after active exploitation
CISA has added CVE-2025-68613, an n8n improper control of dynamically managed code resources vulnerability, to its Known Exploited Vulnerabilities catalog based on evidence of active exploitation.
Google Looker Studio LeakyLooker flaws show how shared analytics can break tenant boundaries
Researchers disclosed nine cross-tenant flaws in Google Looker Studio that could have enabled arbitrary SQL queries, data exfiltration, and destructive actions across victims’ cloud-connected data sources before Google patched them.
UNC4899 crypto-firm breach shows how personal-device bridges can end in cloud theft
Google says a cryptocurrency firm was breached after a developer transferred a trojanized file from a personal device to a work device via AirDrop, enabling UNC4899 to pivot into cloud infrastructure and steal millions in digital assets.
CISA issues urgent guidance on ongoing global exploitation of Cisco SD-WAN systems
CISA and international partners say attackers are actively exploiting Cisco SD-WAN systems and urge organisations to inventory assets, patch immediately, collect forensic artifacts, and hunt for compromise.
ENISA taking over the EU Cybersecurity Reserve makes cyber solidarity more operational
The European Commission has entrusted ENISA with operating the EU Cybersecurity Reserve, creating a €36 million mechanism to provide incident response support during major cyber incidents.
ENISA NIS2 guidance pushes European cyber compliance toward a more operational model
ENISA has published technical implementation guidance for the NIS2 Implementing Regulation, giving digital infrastructure and managed service providers a more practical map for turning legal obligations into concrete security measures.
ENISA Threat Landscape 2025 says Europe faces converging pressure from hacktivists, ransomware, and state-aligned actors
ENISA’s 2025 threat landscape report says Europe is facing overlapping pressure from hacktivism, ransomware, phishing, vulnerability exploitation, and state-aligned cyber activity across critical sectors.
Akira advisory update shows ransomware crews are still winning through edge and remote-access weaknesses
A 2025 multi-agency update on Akira ransomware highlights continued attacks on critical sectors, with emphasis on edge-device exploitation, credential abuse, remote admin tooling, and faster encryption variants.
CISA updates Play ransomware guidance as victim count nears 900
A joint CISA, FBI, and ASD advisory update says Play ransomware has hit roughly 900 entities and remains active across multiple regions and sectors.
Joint advisory flags Interlock ransomware as an active cross-sector threat
CISA and partner agencies say Interlock ransomware activity is affecting businesses and critical infrastructure, with current guidance focused on access control, segmentation, patching, and phishing defense.
Last 48 hours watchlist: three signals worth tracking
A security and privacy watchlist covering student cyber safety policy, AI workplace tooling risk, and emerging privacy-governance signals worth monitoring.
Why the next wave of AI security stories will be about interfaces
AI security risk is increasingly concentrated in extensions, browser flows, workplace tooling, and other user-facing interfaces rather than models alone.