access ai android api apple attack authentication backdoor breach browser business ceo china cisa cisco ciso cloud compliance control credentials crypto cve cyber cyberattack cybercrime cybersecurity data data-breach defense detection email exploit finance flaw framework fraud google governance government group hacker hacking healthcare identity infrastructure intelligence Internet jobs law leak linux malicious malware microsoft monitoring network open-source password phishing privacy ransomware remote-code-execution resilience risk russia scam service software strategy supply-chain technology theft threat tool unclassified update usa vulnerability windows zero-day
-
Kimi K3 Highlights Limits of AI Benchmark Leaderboards
Open-source model impresses on tests but enterprise performance remains unproven. Moonshot AI’s Kimi K3 has climbed AI benchmark leaderboards and challenged leading U.S. models on coding tasks. But benchmark scores offer only a narrow view of model performance, fueling calls for independent testing and enterprise evaluations before organizations make deployment decisions. First seen on govinfosecurity.com…
-
Microsoft warns of surge in ACR Stealer attacks on customers
Microsoft has observed a surge in attacks using the ACR Stealer malware to steal browser-stored passwords, authentication tokens, and sensitive documents from its enterprise customers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-warns-of-surge-in-acr-stealer-attacks-on-customers/ also interesting: 9 VPN alternatives for securing remote network access Malicious actors increasingly put privileged identity access to work across attack chains…
-
Two new high severity WordPress vulnerabilities, patch immediately!
The 7.0.2 WordPress security release addresses one critical and one high severity security issue. The vulnerabilities reported to the WordPress security team include: … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/07/18/wordpress-vulnerabilities-wp2shell-cve-2026-60137-cve-2026-60137/ also interesting: Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack Millions at Risk: Jetpack Plugin Patches Critical Vulnerability WordPress Plugin Jetpack…
-
Two new high severity WordPress vulnerabilities, patch immediately!
The 7.0.2 WordPress security release addresses one critical and one high severity security issue. The vulnerabilities reported to the WordPress security team include: … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/07/18/wordpress-vulnerabilities-wp2shell-cve-2026-60137-cve-2026-60137/ also interesting: Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack Millions at Risk: Jetpack Plugin Patches Critical Vulnerability WordPress Plugin Jetpack…
-
Daxin: 13-Year-Old China-Linked Malware Found Still Active on Manufacturer’s Network
Researchers found China’s Daxin rootkit and a new Stupig backdoor on a Taiwan firm’s network, suggesting a stealthy intrusion dating back to 2013. Symantec’s Threat Hunter Team found Daxin running on a compromised host at a Taiwan-based subsidiary of a multinational high-tech manufacturer in 2026. Daxin is a Windows kernel-mode rootkit that Symantec first documented…
-
The Future of Age Verification: Your Face Never Leaves Your Device
As age verification laws expand worldwide, organizations face growing pressure to protect users’ privacy while meeting regulatory requirements. Incode explains how on-device age estimation verifies age without transmitting or storing facial images, reducing biometric privacy risks while supporting compliance. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-future-of-age-verification-your-face-never-leaves-your-device/ also interesting: CISOs: Stop trying to do the…
-
U.S. CISA adds Fortinet FortiSandbox and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, exploit, flaw, fortinet, infrastructure, kev, microsoft, remote-code-execution, update, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiSandbox and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Fortinet FortiSandbox and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities (KEV) catalog. This week, Microsoft’s July 2026 Patch Tuesday addressed the SharePoint remote code execution bug…
-
LegacyHive: Neuer WindowsDay hebelt selbst vollständig gepatchte Systeme aus
LegacyHive ist ein neuer Windows-Zero-Day, der selbst vollständig gepatchte Systeme betrifft. Microsoft untersucht die Schwachstelle. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/legacyhive-windows-zero-day-gepatchte-systeme-331579.html also interesting: CISA, FBI call software with buffer overflow issues ‘unforgivable’ Microsoft Patch Tuesday May 2025 Released With the Fixes for 72 Flaws With 5 Actively Exploited 0-Day Microsoft Patch Tuesday security…
-
Your Period Tracker Is (Probably) Spying on You
Plus: Russian cyberspies turn to infrastructure hacking, DHS repeatedly fails to realize it’d been hacked, a breach exposes an AI music generator’s scraping ways, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-your-period-tracker-is-probably-spying-on-you/ also interesting: The 2024 cyberwar playbook: Tricks used by nation-state actors Navigating a Heightened Cyber Threat Landscape: Military Conflict Increases Attack…
-
TI 2.0 und Cybersicherheit: Was VSDM 2.0, PoPP und Zero Trust für Primärsysteme bedeuten
Die Telematikinfrastruktur (TI) vernetzt Praxen, Apotheken, Kliniken und Krankenkassen im deutschen Gesundheitswesen. Die nächste Ausbaustufe TI 2.0 bringt neue Verfahren wie VSDM 2.0, die elektronische Prüfung und Aktualisierung der Versichertenstammdaten, PoPP, den Nachweis, dass ein Patient vor Ort ist, und ZETA Zero Trust Access, ein Sicherheitsmodell, das jeden Zugriff einzeln prüft. Für Hersteller von… First…
-
Critical WordPress Core Flaw Lets Anonymous Hackers Gain Remote Code Execution
A newly disclosed a pre-authentication remote code execution (RCE) vulnerability in WordPress Core, dubbed >>wp2shell,<< that requires no authentication and affects stock WordPress installations with zero plugins installed. Given that WordPress powers an estimated 500 million websites globally. The flaw represents one of the most significant CMS security disclosures in recent memory. The issue stems…
-
Prompt Injection Attacks Are Thwarting AI Hacking Agents
“Context bombing” tricks malicious AI agents into shutting down before they can do harm. First seen on wired.com Jump to article: www.wired.com/story/prompt-injection-attacks-are-thwarting-ai-hacking-agents/ also interesting: Gen AI is transforming the cyber threat landscape by democratizing vulnerability hunting 25 on 2025: APAC security thought leaders share their predictions and aspirations AI Models Resize Photos and Open Door…
-
(g+) Anti-Cheating-Software: Spielen mit Systemrechten – eine unterschätzte Gefahr
Tags: softwareModerne Computerspiele greifen tief ins Betriebssystem ein, um Cheater zu stoppen. Doch wann wird der Schutz selbst zum Sicherheitsrisiko? First seen on golem.de Jump to article: www.golem.de/news/anti-cheating-software-spielen-mit-systemrechten-eine-unterschaetzte-gefahr-2607-210822.html also interesting: AI may create a tidal wave of buggy, vulnerable software DOGE software engineer’s computer infected by info-stealing malware Die wichtigsten Trends im Bereich der physischen Sicherheit…
-
OpenSSL DoS Vulnerability Lets Remote Attackers Exhaust Server Memory With an 11-Byte Payload
A newly disclosed vulnerability reminds us how deeply our digital infrastructure relies on foundational libraries. The Okta Red Team recently discovered >>HollowByte,<< a Denial of Service (DoS) flaw in OpenSSL that allows a remote, unauthenticated attacker to force a server to allocate disproportionate memory chunks before any security handshake even begins, using a payload just…
-
Citrix Secure Access Client Flaw Lets Low-Privileged Windows Users Gain SYSTEM Privileges
Cloud Software Group has issued a High-severity security bulletin (CTX696734) disclosing two vulnerabilities in the Citrix Secure Access Client for Windows and the Citrix Endpoint Analysis Client for Windows. The more serious of the two, tracked as CVE-2026-53565, allows a standard, low-privileged user on a local system to escalate privileges and gain full SYSTEM access,…
-
China’s Kimi K3 Triggers Chip Stocks Into Bear Market
Open-Weight Model Reopens Debate Over US AI Pricing Power. Moonshot AI’s Kimi K3 pushed semiconductor stocks into a bear market and revived debate over whether U.S. labs still lead China on AI, even as benchmarks, weights and true costs are still being analyzed. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinas-kimi-k3-triggers-chip-stocks-into-bear-market-a-32263 also interesting: Chinese GenAI…
-
Million Email Phishing Campaign Uses Text Salting
Barracuda researchers identified more than one million phishing emails using text salting to manipulate AI-powered email security. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/million-email-phishing-campaign-uses-text-salting/ also interesting: Privacy Roundup: Week 1 of Year 2025 Privacy Roundup: Week 4 of Year 2025 11 ways cybercriminals are making phishing more potent than ever Malicious actors increasingly put…
-
Ernst Young (EY) Investigates Data Breach Involving Third-Party Support Tickets
Ernst & Young (EY) disclosed a data breach after attackers compromised a third-party IT support system containing client documents and tax information. Ernst & Young (EY) is disclosed a data breach linked to a compromised third-party support ticket system used by its IT teams. The platform stored support requests that may have included documents containing…
-
Datenschatz heben für Industrie 4.0: Deutschlands wichtigsten Rohstoff endlich erschließen
Tags: germanyFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/datenschatz-industrie-4-0-deutschland-wichtigster-rohstoff also interesting: Weitere Ergebnisse der großangelegten Sophos Management-Studie Probleme bei Dienstleister: Störung bei Kartenzahlungen in Deutschland Thales Digital Trust Index 2025 : Vertrauen in digitale Services auf dem Rückzug Cyberangriffe seit 2008: Deutschland auf Platz 2
-
KI-Einsatz: Blinder Fleck der Cybersicherheit liegt in den Daten
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/ki-einsatz-blinder-fleck-cybersicherheit-daten also interesting: NIS2 und der Mittelstand: Zwischen Pflicht und Praxis KI und Cybersicherheit benötigen solide Basis: Beide auf riesige Mengen vielfältiger, hochwertiger Daten angewiesen Frontier-AI stellt erweiterte Anforderungen an die Cybersicherheit Abwehrmaßnahmen zu Cyberwarfare sollten deutlich gestärkt werden
-
Google’s Gemini lets strangers send messages from your locked Android phone
Gemini, Google’s AI assistant, is supposed to make life easier for Android smartphone owners. But right now it may also be making life easier for anyone anyone who happens to pick up your phone. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/googles-gemini-strangers-messages-locked-android-phone also interesting: Android’s New Security Feature Prevents Sensitive Setting Changes During Calls Google…
-
New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable.Every 6.9 and 7.0 site was in range until Friday, when WordPress shipped 6.9.5 and 7.0.2 and enabled what it calls forced updates through its auto-update system.Adam Kues at Assetnote, Searchlight…
-
EU Orders Google to Open Android AI Features, Share Search Data With Rivals
EU rules will make Google share anonymized search data and give rival AI assistants broader access to Android features across Europe. The post EU Orders Google to Open Android AI Features, Share Search Data With Rivals appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-eu-google-android-ai-search-data-rules-emea/ also interesting: Cybersecurity Snapshot: AI Will Take…
-
ClickLock Mac Malware Traps Users in a Three-Day Password Loop
ClickLock can shut down Mac apps for more than three days while pressuring users to enter a password and stealing sensitive account data in the background. The post ClickLock Mac Malware Traps Users in a Three-Day Password Loop appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-clicklock-mac-password-malware/ also interesting: Python-powered malware snags…
-
Hugging Face Says Autonomous AI System Executed Multi-Stage Cyberattack
Hugging Face says an autonomous AI agent carried out a cyberattack against its production systems, highlighting the growing role of AI in offensive and defensive cybersecurity. The post Hugging Face Says Autonomous AI System Executed Multi-Stage Cyberattack appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-hugging-face-ai-agent-cyberattack-production-systems/ also interesting: Hugging Face: Anbieter prominenter…
-
1Password Lets Claude Sign In Without Revealing Passwords
1Password’s new Claude integration lets AI agents sign in to websites without exposing passwords, adding user approval and credential protection. The post 1Password Lets Claude Sign In Without Revealing Passwords appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-1password-claude-passwordless-sign-in-ai-agents/ also interesting: Cybercriminals switch up their top initial access vectors of choice GoBruteforcer…
-
AI Hardware, App Store Shifts, and Security Scares Define This Week in Tech
Catch up on the week’s biggest tech news, including Google’s app store shakeup, Apple’s AI expansion, OpenAI’s hardware plans, and critical security threats. The post AI Hardware, App Store Shifts, and Security Scares Define This Week in Tech appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/ai-hardware-app-store-shifts-and-security-scares-define-this-week-in-tech/ also interesting: Sieben gängige Wege,…
-
Apple Sued Over Hide My Email Privacy Claims
Apple faces a proposed class action alleging a Hide My Email flaw could expose users’ real addresses despite the company’s privacy claims. The post Apple Sued Over Hide My Email Privacy Claims appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-hide-my-email-privacy-lawsuit/ also interesting: Privacy Roundup: Week 1 of Year 2025 Privacy Roundup:…
-
New FCC Proposal Pits Phone Privacy Against Fraud Prevention
The FCC has proposed requiring identity verification for phone activation, a move supporters say will fight fraud while critics warn it threatens privacy. The post New FCC Proposal Pits Phone Privacy Against Fraud Prevention appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-fcc-phone-identity-verification-burner-phone-proposal/ also interesting: Cybersecurity Snapshot: Study Raises Open Source Security…
-
Critical Zoom Flaw Could Let Attackers Take Over Windows Accounts
Zoom patched a critical Windows flaw that could enable remote account takeover, along with three high-severity privilege-escalation vulnerabilities. The post Critical Zoom Flaw Could Let Attackers Take Over Windows Accounts appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-zoom-windows-account-takeover-vulnerability/ also interesting: Iranian hackers now exploit Windows flaw to elevate privileges Micropatchers share…
-
Microsoft’s ‘Project Perception’ Could Challenge Anthropic’s Mythos in AI Security
Microsoft is reportedly developing Project Perception, a lower-cost AI security tool that would use multiple models to identify enterprise vulnerabilities. The post Microsoft’s ‘Project Perception’ Could Challenge Anthropic’s Mythos in AI Security appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-project-perception-ai-security-tool/ also interesting: Microsoft Sentinel: A cloud-native SIEM with integrated GenAI North…
-
23andMe Agrees to $18M Settlement With 43 States Over 2023 Data Breach
23andMe will pay $18 million to settle claims from 43 states over its 2023 data breach, which exposed genetic information tied to nearly 7 million people. The post 23andMe Agrees to $18M Settlement With 43 States Over 2023 Data Breach appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-23andme-18-million-settlement-2023-genetic-data-breach/ also interesting: Nearly…
-
AI Takes On the Cyclospora Outbreak
Tags: aiLabs Use AI to Speed Testing as Experts Explore Broader Public Health Potential. It’s been the most explosive U.S. public health crisis so far this summer: An outbreak of extreme intestinal illness caused by Cyclospora is sickening thousands of people across dozens of states. Experts say AI is playing a role in the investigation could…
-
The Zoom hack that says, ‘Don’t record me’
Tags: unclassifiedIf every meeting, watercooler conversation, and date gets transcribed and summarized, who’s actually reading any of it? First seen on techcrunch.com Jump to article: techcrunch.com/2026/07/17/the-zoom-hack-that-says-dont-record-me/ also interesting: Grow Your Best Employees or Lose Them Websites eines brasilianischen Bundesstaates entstellt Digitale-Dienste-Gesetz: Experten streiten über Abschaffung des NetzDG eLearning-Kurs für die Beschäftigung von ‘Hidden Talents” in der…
-
OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests
Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts.OpenSSL shipped the HollowByte fix in June with no CVE, no advisory, and no changelog entry pointing at it. Okta’s…
-
Inc Ransomware Exploits SonicWall SMA Zero-Days
When chained together, the two vulnerabilities allow threat actors to gain root-level capabilities on SonicWall’s mobile access appliances. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/inc-ransomware-exploits-sonicwall-sma-zero-days also interesting: Zero-day exploits hit enterprises faster and harder Clop Ransomware Claims Broadcom Breach Through E-Business Suite 0-Day Fortinet hit by another exploited cybersecurity flaw As the NVD scales…
-
OpenAI Warns GPT-5.6 File Deletions Stem From Full Access Mode
Persistent AI Coding Model Prompted Safeguard Changes After Rare File Loss. OpenAI is tightening safeguards after some GPT-5.6 users reported that Codex accidentally deleted local files while operating in full access mode. The company said the incidents were rare but acknowledged the model’s persistence led it to take unintended actions without seeking user confirmation. First…
-
CISA Adds FortiSandbox Bugs to KEV Catalog
Agencies Have Until Sunday to Patch Two Critical Command Injection Flaws. CISA added two critical FortiSandbox command injection vulnerabilities to its Known Exploited Vulnerabilities catalog after evidence of active attacks. Experts warn that unauthenticated remote code execution could let attackers compromise malware analysis systems and pivot deeper into enterprise networks. First seen on govinfosecurity.com Jump…
-
Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT
Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack.The malicious package campaign, codenamed ViteVenom by Checkmarx, marks an expansion of ChainVeil, which was observed using an “unprecedented” four-tier blockchain-based command-and-control (C2) infrastructure spanning Tron, First seen on thehackernews.com Jump…
-
Attackers are Exploiting Trust in 2026, not Just Technology
Attackers are exploiting trust, not just technology, making continuous identity verification more critical than ever. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/attackers-are-exploiting-trust-in-2026-not-just-technology/ also interesting: Black Hat Europe preview: Cryptographic protocol attacks and AI in the spotlight Fueling the Fight Against Identity Attacks Frequently Asked Questions About Iranian Cyber Operations AWS leans on prior ingenuity…
-
ISMG Pulse Report: The AI Tsunami
Infosecurity 2026: What Security Leaders Agree on as AI Reshapes Enterprise Risk. AI has broken the speed of attack, but not the fundamentals of defense. Drawing on interviews with security leaders at Infosecurity Europe 2026, ISMG’s Pulse Report explores the collapse of the vulnerability window, rise of AI agents, erosion of digital trust and disciplines…
-
ISMG Editors: AI Phishing Kits Go Mainstream
Also: Potential Fallout From HIPAA Rule Delay, AI Identity Governance Challenges. In this week’s panel, four ISMG editors discussed the rise of artificial intelligence-powered phishing toolkits, potential fallout from the U.S. government’s decision to delay a major overhaul of the HIPAA Security Rule and what security leaders see as the defining AI security challenges of…
-
A cyberattack hit Nichirei, one of Japan’s largest food companies
Tags: cyberattackA cyberattack hit one of Japan’s largest food companies, Nichirei, disrupting logistics and shipments. The company is gradually restoring operations. Nichirei is one of Japan’s largest food companies, best known for its frozen food business. Founded in 1942 and headquartered in Tokyo, it operates globally through dozens of subsidiaries. The food giant confirmed that the…
-
GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft
Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine.Expel, which shared technical details of the event, described the threat actor as a sub-group of GoldenEyeDog (aka APT-Q-27, Dragon Breath, and Miuuti Group), a Chinese cybercrime group known for its targeting of the gambling and gaming sectors using…
-
New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens
A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator’s own dashboard claims 3,811 unique AWS keys.A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the image generators, local model runners, and workflow builders that teams stand up fast and…
-
The Real AI Threat Is Blind Trust
AI models left to both interpret and execute commands eliminate critical cybersecurity oversight. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/real-ai-threat-blind-trust also interesting: From Managing Vulnerabilities to Managing Exposure: The Critical Shift You Can’t Ignore AI is changing cybersecurity roles, and entry-level jobs are at risk Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters,…

