We are at war
Rising geopolitical tensions are manifesting as sophisticated cyber operations, targeting everything from critical infrastructure to private industry.
China-linked Red Menshen uses stealthy BPFDoor implants to spy via telecom networks
A long-term espionage campaign by a China-nexus actor uses the BPFDoor implant to infiltrate telecom networks, creating a stealthy path to spy on gove
Google's new Android developer verification sparks security vs. openness debate
Google's new policy requiring identity verification for sideloaded Android apps aims to boost security but sparks a debate on platform openness and co
Iranian hackers claim breach of former Trump official Kash Patel's personal data
An alleged Iranian hacker group, Handala, claims to have breached the personal data of former official Kash Patel, highlighting the persistent threat
A ghost in the machine: The cybersecurity risks of a proposed federal voter list
An analysis of a 2020 proposal for a federal voter list reveals why centralizing election data creates a catastrophic cybersecurity risk.
Dutch Finance Ministry's precautionary shutdown highlights high-stakes government cyber defense
The Dutch Ministry of Finance took its treasury portal offline after an attempted cyberattack, showcasing a proactive but disruptive incident response
Popular Axios npm package compromised to deliver cross-platform malware
Malicious versions of the widely used Axios HTTP client were published to the npm registry, injecting a trojan that targets Windows, macOS, and Linux.
How a single malicious prompt could have hijacked your ChatGPT account
A vulnerability in ChatGPT's web interface could have let attackers steal accounts with a single prompt, highlighting classic web security risks in AI
TrueConf zero-day exploited in attacks targeting Southeast Asian governments
A high-severity flaw in TrueConf video conferencing software was exploited as a zero-day to deliver malicious updates to government networks in Southe
F5 BIG-IP vulnerability under active attack after RCE discovery
A critical F5 BIG-IP vulnerability (CVE-2023-46747) is under active attack, allowing unauthenticated attackers to gain full system control.
Block the prompt, not the work: The end of 'Doctor No'
The traditional 'Doctor No' security approach of blocking new tools is failing. The rise of AI and shadow IT is forcing a shift to secure enablement.
Claude Code source leaked via npm packaging error, Anthropic confirms
Anthropic confirmed an accidental leak of its Claude Code AI assistant's source code due to a packaging error, exposing intellectual property.