106 stories from 29 sources
Critical Everest Forms Pro flaw exploited to take over WordPress sites Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a…
Cisco warns of unpatched SD-WAN zero-day exploited in attacks On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attac…
Chrome 149 Patches 429 Vulnerabilities Over 100 bugs are critical or high-severity, mainly use-after-free and insufficient validation of untrusted input flaws. The post Chrome 149 Patches 429 Vulnerabilities appeared fi…
Over 900 US gas station tank gauge systems exposed to attacks Over 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure…
Project Glasswing: what Mythos showed us In recent weeks, we pointed Mythos and other security-focused LLMs at live code across critical parts of our infrastructure. We share what we observed, the models’ strengths and…
Hola Browser for Windows compromised to deliver cryptominer The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cr…
UN food agency discloses breach affecting 600,000 Gaza households The United Nations' World Food Programme (WFP), the world's largest humanitarian organization, revealed over the weekend that its self-registration appli…
DentaQuest data breach exposed info of 2.6 million accounts A data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts. [...]
Chinese APT deploys new malware to keep access to hacked networks A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malw…
Google and FBI warn of ransomware group that sends fake IT workers to hack victims in person Cybercriminals, part of a gang known as Silent Ransom Group, have sent people pretending to be IT support employees to law fir…
New IronWorm malware hits 36 packages in npm supply-chain attack A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. [...]
OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds CVE Lite CLI is a free, open-source command line tool that scans your projects in seconds and tells you exactly which included pac…
Investigation update: GitHub Enterprise Server signing key rotation GitHub Enterprise Server customers need to take immediate action. The post Investigation update: GitHub Enterprise Server signing key rotation appeared…
Age requirements for apps distributed in Brazil, Australia, Singapore, Utah, and Louisiana Today we’re providing an update on the tools available for developers to meet their age assurance obligations under upcoming U.S…
Update on age requirements for apps distributed in Texas A recent injunction issued by a district court suspended enforcement of Texas state law SB2420, which introduced age assurance requirements for app marketplaces a…
NIST Consortium and Draft Guidelines Aim to Improve Security in Software Development NIST is soliciting comments from the public on the draft until Sept. 12, and the agency is planning a virtual event to showcase the pr…
NIST Submits Annual Report to Congress Summarizing FY 2025 Progress on National Construction Safety Team Investigations The report includes an overview of work completed on the Champlain Towers South investigation.
CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers CISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. [...]
DOJ Task Force Freezes $3.8M in Illicit Crypto—With Help From Coinbase, SpaceX and Meta Some of America's biggest companies helped squash crypto fraud stemming from organized crime in Southeast Asia.
Anthropic to Open Mythos AI to EU's ENISA The European security agency's entry to Project Glasswing is the result of "strong bilateral cooperation" between the European Commission and Anthropic.
CISA, National Cyber Security Centre (NCSC) UK, and Global Partners Issue Advisory on Chinese Government-Linked Covert Cyber Networks
Immediate Action Required: CISA Issues Emergency Directive to Secure Cisco SD-WAN Systems
CISA, US and International Partners Release Guide to Secure Adoption of Agentic AI
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories runnin…
CISA Urges Stronger Security for Automatic Tank Gauge Systems
Zero knowledge verification for frontier AI training is possible arXiv:2606.05433v1 Announce Type: new Abstract: Frontier AI governance frameworks increasingly use cumulative training compute as the primary criterion fo…
Output Type Before Quality: A Standards-Derived XAI Admissibility Rubric for Autonomous-Driving Safety arXiv:2606.05461v1 Announce Type: new Abstract: Safety standards for ML-based autonomous driving specify the kind of…
WorldFly: A World-Model-Based Vision-Language-Action Model for UAV Navigation arXiv:2606.06147v1 Announce Type: new Abstract: End-to-end Vision-Language-Action (VLA) models have shown promise in UAV navigation. However,…
Unsupervised Pattern Analysis in Japanese Veterinary Toxicology: A Regulatory-Compliant Framework for Cross-Species Risk Assessment arXiv:2606.06207v1 Announce Type: new Abstract: Veterinary pharmacovigilance systems ar…
Risk Assessment of Autonomous Driving: Integrating Technical Failures, Ethical Dilemmas, and Policy Frameworks arXiv:2606.06396v1 Announce Type: new Abstract: Autonomous driving technology has the potential to reduce th…
LoRi: Low-Rank Distillation for Implicit Reasoning arXiv:2606.05315v1 Announce Type: cross Abstract: Implicit chain-of-thought (iCoT) methods aim to internalize reasoning in large language models, but often underperform…
Pattern Selectivity is Not Task-Causal Structure: A Cross-Architecture Mechanistic Study of Composed-Task Circuits in 1B-Class Language Models arXiv:2606.05378v1 Announce Type: cross Abstract: We test whether a single s…
Safe Embodied AI for Long-horizon Tasks: A Cross-layer Analysis of Robotic Manipulation arXiv:2606.05660v1 Announce Type: cross Abstract: Embodied AI systems are increasingly expected to reason and act over extended hor…
ViCuR: Visual Cues as Recoverable Privilege for Multimodal On-Policy Distillation arXiv:2606.05718v1 Announce Type: cross Abstract: On-policy distillation (OPD) improves reasoning by training a student on trajectories s…
Former cyber executive turned whistleblower accuses IBM of covering up several data breaches IBM and two of its subsidiary companies were allegedly breached during the mid-2010s — a lawsuit filed by a former cybersecuri…
Crypto tax in Illinois FY2027 budget is one step away from becoming law The law, part of a budget plan passed by Illinois lawmakers, would put the burden of collecting a 0.2% tax on crypto transactions on a registered b…
Dark web Nemesis Market vendor gets 26 years for selling drugs A California man was sentenced to more than 26 years in federal prison for trafficking fentanyl and methamphetamine through Nemesis Market, one of the world…
What 2026 DBIR Confirms: Attacks Are Living in the Browser Phishing, shadow AI, malicious extensions, and credential theft increasingly happen inside the browser. Keep Aware explains what the 2026 Verizon DBIR reveals a…
Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities Posing as recruiters on online platforms, Chinese intelligence officers target personnel with access to classified or privileged inf…
Senate Republicans push finance watchdogs to clarify crypto capital rules Senator Cynthia Lummis has led a group of lawmakers urging financial regulators for “fair capital treatment for on-balance sheet treatment of dig…
Credit card theft campaign abuses Stripe to host stolen payment info A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. [.…
Republican Lawmaker Plans to Add Prediction Markets to Congressional Stock Ban Bill Rep. Bryan Steil said he'll add language to the House congressional stock ban bill to cover prediction markets like Polymarket and Kals…
Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones Code reviewed by WIRED uncovered an unreleased face-recognition system embedded in Meta’s smart glasses platform. It’s designed to id…
Hackers Are After the Gaps in Your Vulnerability Program: Here's Their Playbook Threat actors are actively teaching newcomers how to find, exploit, and profit from vulnerable systems. Flare explores what a popular under…
Device could sniff out fusion reactors secretly making material for a nuclear bomb Nature, Published online: 04 June 2026; doi:10.1038/d41586-026-01764-6 Antineutrinos made alongside the production of weapons-grade plut…
The Download: Trump’s new AI order, and smart glasses for warfare This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. 5 key points in…
Cold-induced peptide signalling secures pollen resilience and crop yield Nature, Published online: 03 June 2026; doi:10.1038/s41586-026-10603-7 A small-peptide signalling axis involving RGF family members controls resil…
Friday Squid Blogging: Another Squid Someone named “Squid” seems to be a “ West Country legend .” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog mo…
'The Com' Cyberattacks Support Violence & Sexploitation Your organization's security failures have consequences for everyone else as well since this criminal gang uses its cyber winnings to support more violent and wide…
Chilling Effects Younger Americans have soured on the second Donald Trump presidency , but they are not protesting it. Despite an unpopular Iran war and an even more unpopular Trump administration , college campus prote…
Digital security in war and conflict: challenges for civil society and tools for resilience Join the next webinar organized by the Digital Security Helpline, to discuss key trends and strategies to keep at-risk actors s…
Brazilian betting license requirement for App Store availability Following changes to Brazil’s fixed-odds betting regulation, apps with fixed-odds betting (gambling) features can now be distributed on the App Store in B…
LDAP secrets management now available in IBM Vault Enterprise 2.0 Learn to migrate LDAP static roles to IBM Vault Enterprise 2.0’s centralized rotation system, featuring self-managed flows and automated lifecycle manage…
Submission on amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“IT Rules, 2021”) The post Submission on amendments to the Information Technology (Intermediary…
Getting Digital Fairness Right: EFF's Recommendations for the EU's Digital Fairness Act Digital Fairness in the EU The next few years will be decisive for EU digital policymaking. With major laws like the Digital Servic…
How Meta Is Strengthening End-to-End Encrypted Backups The HSM-based Backup Key Vault Meta’s HSM-based Backup Key Vault provides the foundation for end-to-end encrypted backups for WhatsApp and Messenger. The system all…
The Internet Still Works: SmugMug Powers Online Photography SmugMug is a family-owned photo hosting and e-commerce platform that helps professional photographers run their businesses online. Founded in 2002, the company…
EFF to 9th Circuit (Again): App Stores Shouldn’t Be Liable for Processing Payments for User Content EFF filed an amicus brief for the second time in the U.S. Court of Appeals for the Ninth Circuit, arguing that allowing…
التجسس لقمع المعارضة: هجمة تصيّد إلكتروني مأجورة تستهدف المجتمع المدني في منطقة الشرق الأوسط وشمال أفريقيا كشف تحقيق جديد أجراه فريق خط المساعدة للأمن الرقمي التابع لمنظمة أكسس ناو عن هجمة تصيّد إلكتروني مأجورة، استهدفت…
Accelerating Frontier Transformation with Microsoft partners AI has moved quickly from experimentation to production. Customers want measurable business outcomes, along with security, governance and responsible AI built…