110 stories from 30 sources
CISA flags new SD-WAN flaw as actively exploited in attacks CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploit…
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is sti…
Actively exploited Apache ActiveMQ flaw impacts 6,400 servers Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high…
Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report) OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: whil…
UK government says 100 countries have spyware that can hack people’s phones The U.K.'s cybersecurity chief warned that U.K. businesses and critical infrastructure are underestimating the threat from spyware attacks and…
French govt agency confirms breach as hacker offers to sell data France Titres, the government agency in France for issuing and managince administrative documents has disclosed a data breach after a threat actor claimed…
Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain One employee at Vercel adopted an AI tool. One employee at that AI vendor got hit with an infostealer.
New Lotus data wiper used against Venezuelan energy, utility firms A previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations in Venezuel…
Former ransomware negotiator pleads guilty to BlackCat attacks 41-year-old Angelo Martino, a former employee of cybersecurity incident response company DigitalMint, has pleaded guilty to targeting U.S. companies in Blac…
New GoGra malware for Linux uses Microsoft Graph API for comms A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery. [...]
Behind the unraveling of Dan Crenshaw In 2019, a 36-year-old Rep. Dan Crenshaw (R-TX), newly elected to Congress, was photographed for the inaugural Time 100 Next List, wearing a dashing eye patch and looking upwards wi…
Developer policy update: Intermediary liability, copyright, and transparency We’re sharing recent policy updates that developers should know about, updating our Transparency Center with the full year of 2025 data, and l…
Banning New Foreign Routers Mistargets Products to Fix Real Problem On March 23, the FCC issued an update to their Covered List, a list of equipment banned from obtaining regulatory approval necessary for U.S. sale (and…
Age requirements for apps distributed in Brazil, Australia, Singapore, Utah, and Louisiana Today we’re providing an update on the tools available for developers to meet their age assurance obligations under upcoming U.S…
Update on age requirements for apps distributed in Texas A recent injunction issued by a district court suspended enforcement of Texas state law SB2420, which introduced age assurance requirements for app marketplaces a…
Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox The Firefox team doesn’t think emerging AI capabilities will upend cybersecurity long term, but they warn that software developers are likely in for a…
Microsoft Patch Tuesday, March 2026 Edition Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software.
NIST Consortium and Draft Guidelines Aim to Improve Security in Software Development NIST is soliciting comments from the public on the draft until Sept. 12, and the agency is planning a virtual event to showcase the pr…
NIST Ion Clock Sets New Record for Most Accurate Clock in the World This new result contributes to the international effort to define the second with a much greater level of accuracy than before, enabling new scientific…
NIST Submits Annual Report to Congress Summarizing FY 2025 Progress on National Construction Safety Team Investigations The report includes an overview of work completed on the Champlain Towers South investigation.
SEC ‘on the cusp’ of onchain tokenized securities exemption: Atkins SEC Chair Paul Atkins says the SEC is “on the cusp” of an innovation exemption to enable compliant onchain trading of tokenized securities.
Investors lost billions on Trump’s memecoin. Another gala won’t fix that.
CISA Releases Product Categories List to Propel Post-Quantum Cryptography Adoption Pursuant to President Trump’s Executive Order 14306
Immediate Action Required: CISA Issues Emergency Directive to Secure Cisco SD-WAN Systems
Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to be…
Why Most AI Deployments Stall After the Demo The fastest way to fall in love with an AI tool is to watch the demo. Everything moves quickly.
Spain dismantles major $4.7M manga piracy platform, arrests four The Spanish police have dismantled the largest Spanish-language manga piracy platform, operating since 2014, with millions of monthly users from around th…
Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process Fraud operations now operate like call centers, complete with hiring, training, and performance tracking. Flare reveals how cybercriminals manage "…
Russia advances crypto bill that could pave way for criminal penalties Russian lawmakers passed a first reading of a bill regulating crypto through licensed intermediaries, with key rules set to take effect in July 2026…
New npm supply-chain attack self-spreads to steal auth tokens A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages publ…
Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says British businesses need to prepare themselves to defend against cyberattacks because the U.K. could be targeted “at scale,” if i…
Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data Researcher says the missing piece is a governance-driven intelligence layer that turns SBOM and VEX data into explainable security d…
التجسس لقمع المعارضة: هجمة تصيّد إلكتروني مأجورة تستهدف المجتمع المدني في منطقة الشرق الأوسط وشمال أفريقيا كشف تحقيق جديد أجراه فريق خط المساعدة للأمن الرقمي التابع لمنظمة أكسس ناو عن هجمة تصيّد إلكتروني مأجورة، استهدفت…
Los Angeles is finally going underground Los Angeles deserves its reputation as the quintessential car city—the rhythms of its 2,200 square miles are dictated by wide boulevards and concrete arcs of freeways. But it onc…
Plausible Reasoning and First-Order Plausible Logic arXiv:2604.19036v1 Announce Type: new Abstract: Defeasible statements are statements that are likely, or probable, or usually true, but may occasionally be false. Plau…
Has Automated Essay Scoring Reached Sufficient Accuracy? Deriving Achievable QWK Ceilings from Classical Test Theory arXiv:2604.19131v1 Announce Type: new Abstract: Automated essay scoring (AES) is commonly evaluated on…
From Craft to Kernel: A Governance-First Execution Architecture and Semantic ISA for Agentic Computers arXiv:2604.18652v1 Announce Type: cross Abstract: The transition of agentic AI from brittle prototypes to production…
A Proxy Consistency Loss for Grounded Fusion of Earth Observation and Location Encoders arXiv:2604.18881v1 Announce Type: cross Abstract: Supervised learning with Earth observation inputs is often limited by the sparsit…
Taming Actor-Observer Asymmetry in Agents via Dialectical Alignment arXiv:2604.19548v1 Announce Type: cross Abstract: Large Language Model agents have rapidly evolved from static text generators into dynamic systems cap…
Memory Assignment for Finite-Memory Strategies in Adversarial Patrolling Games arXiv:2505.14137v2 Announce Type: replace Abstract: Adversarial Patrolling games form a subclass of Security games where a Defender moves be…
GeoLaux: A Benchmark for Evaluating MLLMs' Geometry Performance on Long-Step Problems Requiring Auxiliary Lines arXiv:2508.06226v2 Announce Type: replace Abstract: Geometry problem solving (GPS) poses significant challe…
CHRONOS: A Hardware-Assisted Phase-Decoupled Framework for Secure Federated Learning in IoT arXiv:2604.19053v1 Announce Type: new Abstract: We propose CHRONOS, a hardware-assisted framework that decouples the cryptograp…
Primitive-Root Determinant Densities over Prime Fields and Implications for PRIM-LWE arXiv:2603.11196v4 Announce Type: replace Abstract: For a prime $p$, let $c_n(p)$ denote the fraction of $n\times n$ matrices over $\m…
Bitcoin-IPC Whitepaper: Scaling Bitcoin with a Network of Proof-of-Stake Subnets arXiv:2512.23439v2 Announce Type: replace-cross Abstract: We introduce Bitcoin-IPC, a software stack and protocol that scales Bitcoin towa…
Secure Multi-User Linearly-Separable Distributed Computing arXiv:2602.02489v2 Announce Type: replace-cross Abstract: The introduction of the new multi-user linearly-separable distributed computing framework, has recentl…
Accelerating Frontier Transformation with Microsoft partners AI has moved quickly from experimentation to production. Customers want measurable business outcomes, along with security, governance and responsible AI built…
Stopping Fraud at Each Stage of the Customer Journey Without Adding Friction Fraud prevention and user experience don't have to be a tradeoff. IPQS shows how combining identity, device, and network signals stops fraud w…
UK probes Telegram, teen chat sites over CSAM sharing concerns Ofcom, the United Kingdom's independent communications regulator, has launched an investigation into Telegram based on evidence suggesting it's being used t…
US speeds research into mind-altering drugs — including mysterious ‘ibogaine’ Nature, Published online: 21 April 2026; doi:10.1038/d41586-026-01286-1 Some researchers are delighted at an executive order to streamline in…
Building the agentic cloud: everything we launched during Agents Week 2026 Agents Week 2026 is a wrap. Let’s take a look at everything we announced, from compute and security to the agent toolbox, platform tools, and th…
Friday Squid Blogging: New Giant Squid Video Pretty fantastic video from Japan of a giant squid eating another squid. As usual, you can also use this squid post to talk about the security stories in the news that I have…
US lawmakers intensify scrutiny of scientific-publishing practices Nature, Published online: 17 April 2026; doi:10.1038/d41586-026-01251-y A congressional hearing covered the rise of paper mills and the costs of open-ac…
How Push Notifications Can Betray Your Privacy (and What to Do About It) A phone’s push notifications can contain a significant amount of information about you, your communications, and what you do throughout the day. T…
300-unit-per-second roll-to-roll manufacturing of visible metalenses Nature, Published online: 15 April 2026; doi:10.1038/s41586-026-10369-y This work demonstrates industrial-scale roll-to-roll fabrication of high-effic…
Empty Attestations: OT Lacks the Tools for Cryptographic Readiness OT asset owners are being asked by regulators to attest to their post-quantum cryptographic readiness without the appropriate tooling, resulting in pape…
Espionage for repression: hack-for-hire phishing campaign targets civil society in MENA A new investigation by Access Now’s Digital Security Helpline has exposed a hack-for-hire campaign targeting two prominent Egyptian…
Espionage for repression: hack-for-hire phishing campaign targets civil society in MENA A new investigation by Access Now’s Digital Security Helpline has exposed a hack-for-hire campaign targeting two prominent Egyptian…
‘CanisterWorm’ Springs Wiper Attack Targeting Iran A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud ser…
Secure remote access without the ‘portal tax’: Boundary vs other vendors HashiCorp Boundary makes a clean break with traditional PAM and VPNs — unlike its other secure remote access competitors. Learn how Boundary stand…
Price updates for apps, In-App Purchases, and subscriptions The App Store is designed to make it easy to sell your digital goods and services globally, with support for 43 currencies across 175 storefronts. From time to…