Latest stories — Page 21

Policy & Regulation

White House Orders Federal Agencies to Migrate Cryptography by 2030, Signals Contractor Reckoning

Two executive orders set hard federal deadlines for post-quantum cryptography adoption and launch a government-wide quantum R&D program — with ripple effects for every contractor touching federal networks.

3 min
AI Security

Fake Agent Skill Slips Past Every Scanner, Lands on 26,000 AI Agents

A red-team experiment by AIR pushed a booby-trapped skill through a popular marketplace and an Instagram ad. The skill marketplaces' security scanners shrugged.

2 min
Policy & Regulation

Executive Order 14409 Locks In Federal PQC Deadlines: 2030 for Key Establishment, 2031 for Signatures

The June 22 order sets binding migration dates for high-value assets and high-impact systems, while leaving national security systems on a parallel track.

2 min
Identity & Access

Two Scattered Spider Members Plead Guilty as London Trial Opens

Thalha Jubair and Owen Flowers admitted roles in the TfL intrusion and a sprawling SIM-swap and SMS-phishing operation that turned harvested SSO credentials into nine-figure ransom payouts.

3 min
AI Security

Dify AI Platform Carried Multi-Tenant Flaws Exposing Private Chats and Internal APIs

Cross-tenant data leakage vulnerabilities in Dify's cloud service let attackers read other users' conversations, preview documents, and probe internal API endpoints.

2 min
Vulnerabilities

GitHub Hardens actions/checkout Against Pwn Request Exploits

Blocking malicious code execution from pull_request_target workflows.

2 min
Vulnerabilities

Samsung KNOX Use-After-Free Bug Sat in Galaxy Devices for Eight Years Before Patch

A high-severity kernel-level flaw in Samsung's KNOX security framework affected Galaxy handsets from the S9 through the S25 — a product window spanning nearly a decade.

2 min
Opinion

One Executive, Two Hats: Carl Froggett on Running Security and IT at Deep Instinct

The former Citi CISO talks about what happens when security leadership and infrastructure ownership collapse into a single role.

2 min
AI Security

Email security teams are buried in alerts. Behavioral AI vendors say they have an answer.

Phishing, BEC and account takeover noise keeps SOCs busy. A new webinar pitches behavioral detection as the way to cut through it.

3 min
Opinion

When the Trigger Pulls Itself: Agentic AI and the End of the Human-in-the-Loop

Every weapon in history extended a human decision. Agentic systems are the first that try to replace it — and the security implications are not theoretical.

2 min
Ransomware

Double Trouble: Two Unrelated Attacks Thrive on Unpatched SharePoint

Microsoft DART uncovers dual intrusions on same server, complicating response efforts.

2 min
Threat Intelligence

Three npm Packages Squat PostCSS Names to Drop a Windows RAT

Typosquatted utilities pulled roughly a thousand combined downloads before researchers flagged them. The payload targets Windows developer machines, which is exactly where the credentials live.

2 min
Policy & Regulation

White House Sets Hard Clock on Post-Quantum Migration for Federal Systems

An executive order mandates that high-value federal assets shift to post-quantum cryptography by 2030–2031. For identity infrastructure, that deadline is closer than it looks.

2 min
Opinion

From Prevention to Resilience: Cybersecurity’s New Paradigm

As breaches become inevitable, organizations must focus on operational resilience, not just perimeter defense.

2 min
Threat Intelligence

WhatsApp DMs Push VBScript Loaders That Deploy Legitimate RMM Tools

An active campaign abuses WhatsApp Desktop and Web to distribute scripted droppers that install commercial remote-management software across at least ten jurisdictions.

2 min
AI Security

OpenAI Hands GPT-5.5-Cyber to 'Trusted Defenders' Under Daybreak

The model is pitched at deep codebase analysis and vuln patching. The interesting part is who gets access — and what shows up in the post-mortem when they don't.

2 min
AI Security

Five Eyes to CSOs: AI Has Already Changed Your Threat Model — Act Now

A joint advisory from CISA and four allied agencies demands strategic action on AI-amplified threats. Experts say the advice is late, vague, and misses the real risk sitting inside your own network.

3 min
Vulnerabilities

GitHub Tightens Security to Counter Pwn Request Attacks

GitHub introduces actions/checkout v7 to block insecure pull request workflows.

2 min
Vulnerabilities

PixelSmash Bug in FFmpeg Decoder Opens RCE Path on Jellyfin

A newly disclosed flaw in FFmpeg's PixletVideo decoder enables remote code execution against Jellyfin under specific conditions, with denial-of-service fallout for Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio.

3 min
Threat Intelligence

ShapedPlugin's Update Channel Hijacked, Pro Plugins Shipped with Backdoor

Attackers slipped malicious code into licensed Pro releases by compromising the vendor's own build pipeline — a clean supply-chain hit on WordPress installs.

2 min
AI Security

AutoJack: A Drive-By to RCE Hiding in AutoGen Studio's Dev UI

A prototyping tool nobody treated as production becomes a one-click code execution chain. The fix is out. The pattern is not.

2 min
© 2026 Threat Vectr