General Cyber Security News

Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some …

Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch TuesdayRead More

A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an …

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange ExploitationRead More

TL;DR: Stop chasing thousands of "toast" alerts. Join experts from Wiz and Okta/GitLab to learn how hackers connect tiny flaws to build a "Lethal Chain" to your data—and how to break it. Register for …

[Webinar] Why Your AppSec Tools Miss the “Lethal Path” (and How to Fix It)Read More

Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant's M-Trends 2026 report puts the mean time to exploit at …

Most Remediation Programs Never Confirm the Fix Actually WorkedRead More

Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. Of the 138 …

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE FlawsRead More

Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration …

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal DataRead More

Google on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks. Intrusion Logging, available as part of …

Android Adds Intrusion Logging for Sophisticated Spyware ForensicsRead More

Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail …

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code ExecutionRead More

RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack." "We're dealing with a …

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are UploadedRead More

Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2). The new variant, observed by ThreatFabric …

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network PivotsRead More

Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn't always alert volume; it's the blind spots. The most dangerous alerts are the …

Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can HelpRead More

Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from …

Why Agentic AI Is Security’s Next Blind SpotRead More

TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI …

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More PackagesRead More

American educational technology company Instructure, the parent company of Canvas, said it reached an "agreement" with a decentralized cybercrime extortion group after it breached its network and …

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas LeakRead More

OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch …

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch ValidationRead More

Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a "cross-industry effort" to replace traditional SMS …

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and AndroidRead More

Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. "If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are …

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain AttackRead More

A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack …

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager BackdoorRead More

Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first time the …

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass ExploitationRead More

Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — …

⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and MoreRead More