Latest stories — Page 25

The Exposures Defenders Will Be Cleaning Up in 2026
From memory-leak bugs like MongoBleed to forgotten admin panels, the attack surface keeps growing faster than patch cycles.

Fifteen Rogue JetBrains Plugins Posed as DeepSeek Assistants to Siphon AI Keys
A coordinated campaign on the JetBrains Marketplace dressed up credential stealers as LLM-powered coding helpers. The payload? Your provider keys.

DBIR 2026: Vulnerabilities and Ransomware Shape Incident Readiness
Verizon's latest report reveals exploitation of vulnerabilities and rising ransomware as key challenges. Preparation is crucial.

Oracle's June 2026 CPU: 245 Patches Across Communications, EBS, and Enterprise Manager
Oracle's second monthly Critical Patch Update ships a significant fix load. If you're running EBS or Enterprise Manager in AWS or on-prem, your change window just got scheduled for you.

Old Risk Frameworks Can't Handle AI. Here Are the New Ones That Try.
From ISO 42001 to NIST's AI RMF and ENISA's layered playbook, a clutch of frameworks is competing to define how organizations govern AI risk — each targeting a different gap.

Someone Wallpapered the @mastra npm Namespace With Malicious Builds
A hijacked maintainer account pushed 144 booby-trapped packages across the Mastra AI framework before anyone noticed. The attacker called it 'easy-day-js.' It was.

CISA Flags Joomla Content Editor Bug as Actively Exploited; CVSS 10.0
CVE-2026-48907 in Widget Factory's JCE extension hands attackers arbitrary file actions on unpatched Joomla sites. Federal agencies get the standard three weeks.

Microsoft's Email Security Claims Under Scrutiny: Experts Weigh In
Microsoft's latest data suggests a single-vendor approach may be enough for email security, but experts urge caution.

'Pickle in the Middle': Vertex AI SDK Bug Let Outsiders Hijack Model Uploads
Unit 42 researchers describe a bucket-squatting flaw in Google's Python SDK that handed code execution inside Vertex AI's serving stack to attackers with no project access.

Three New Loaders Ride the ClickFix Wave: BabaDeda, Lorem Ipsum, and Potemkin
Separate research teams have pinned three distinct loader families on the same social-engineering pattern, with education and finance taking the brunt of the April 2026 activity.

UK's Under-16 Social Media Ban Turns Every Signup Into an Identity Checkpoint
Spring 2027 rules will force ID uploads or face scans at account creation. The IAM bill comes due — and so does the breach surface.

Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Researchers at Zimperium's zLabs catalogued 137 remote commands in the new malware, including PIN capture and clipboard hijacking against crypto wallets.

AI in Cybersecurity: What Security Leaders Actually Need to Know
Dozens of experts weigh in on how artificial intelligence is reshaping both offense and defense — and why the gap between the two may be widening faster than policy can close it.

Ent Raises $100 Million Seed Round to Build Intent-Aware Endpoint Security
The stealth-mode startup says its platform reads behavioral intent before risky actions execute — a bet that pre-action inference can replace post-breach detection.

TrustCloud Wants to Kill the Security Questionnaire. Here's the Pitch.
Continuous analysis of security, infrastructure, and governance data sounds compelling. Whether it replaces the questionnaire grind depends on what 'real-time' actually means at the data layer.

UNC6508 Spent a Year Inside US and Canadian Research Networks via Trojanized REDCap
A China-linked espionage group hijacked REDCap's own upgrade process to plant persistent malware across academic, medical, and defense-adjacent research environments.

Anonymized Infrastructure Now Touches 94% of Incidents, and Most SOCs Are Still Playing Catch-Up
Survey data points to a persistent gap between IP enrichment volume and the analyst's ability to answer a simple question: who's actually on the other end?

CISA Sets Three-Day Patch Deadline for Actively Exploited LiteSpeed cPanel Plugin Flaw
CVE-2026-54420 lands on the KEV catalog, triggering a BOD 22-01 remediation clock for federal civilian agencies.

SprySOCKS Crosses Over: Windows Variants Surface With Driver-Level Hiding
Two undocumented Windows builds of the China-linked backdoor — tagged WIN_DRV and WIN_PLUS — extend a toolset previously seen only on Linux.

Three FortiSandbox Bugs Under Active Exploitation, Including a 9.1 Path Traversal
Threat intel firm flags in-the-wild abuse of CVE-2026-39813, CVE-2026-39808 and CVE-2026-25089 within a 24-hour window.

Cisco's SD-WAN Manager Has a Write-to-Root Problem — and Attackers Found It First
CVE-2026-20262 lets an authenticated attacker overwrite arbitrary files on Cisco Catalyst SD-WAN Manager, with a clear path to root. No workaround exists. Exploitation is already underway.