Latest Cyber Security News
GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat …
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain AttacksRead More
Cybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet comprises over 1,500 SOHO …
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber ReconnaissanceRead More
Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security …
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical VulnerabilitiesRead More
A high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to …
Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCERead More
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active …
CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active ExploitationRead More
Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues appear. The report …
Your Automated Pentest Looks Clean. See What It Missed in This Expert WebinarRead More
Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the …
Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE BugsRead More
On June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by capability …
Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber SafeguardsRead More
ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. "On June 5, 2026, ServiceNow applied a …
ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer InstancesRead More
The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named …
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated WindowsRead More
Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could …
Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoSRead More
Meta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond …
Meta to Use Off-Site Business Data for Feed and AI PersonalizationRead More
Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability …
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote CodeRead More
Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an …
Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe ContinuesRead More
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The …
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in UkraineRead More
University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, …
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS …
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild – Patch NowRead More
Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce …
The Hidden Security Risk in Modern Networks: The Work Between ToolsRead More
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, …
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD TimingRead More
The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the …
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential StealerRead More
