Cybersecurity

Antivirusbedrijf Kaspersky heeft in de firmware van verschillende Androidtablets een backdoor gevonden die aanvallers volledige ...

Er moeten effectieve waarborgen komen om te voorkomen dat aanbieders van chatdiensten en andere communicatieplatforms ...

De Britse overheid is een nieuwe bewustzijnscampagne voor het mkb gestart genaamd "lock the door" om ervoor te zorgen dat ...

In de Tweede Kamer zijn vragen aan demissionair ministers Karremans van Economische Zaken gesteld over het grote datalek bij ...

Onderzoek dat de AP deed naar logging, monitoring en autorisatiebeheer binnen de Belastingdienst wordt niet openbaar gemaakt. ...

Ouderenbond ANBO-PCOB hekelt de opkomst van winkels waar klanten alleen door middel van pin kunnen betalen. "Voor een groep ...

Telecombedrijf Odido bewaart gegevens van overgestapte klanten langer dan afgesproken, zo meldt het Financieele Dagblad ...

Het gebruik van experimentele AI-assistenten zoals OpenClaw brengt grote risico’s met zich mee, zoals datalekken en gekaapte ...

De persoonlijke gegevens van Interrail-klanten die criminelen wisten te stelen worden op internet te koop aangeboden, zo laat ...

118 mensen hebben aangifte gedaan bij het Openbaar Ministerie (OM) wegens het gevoelige datalek bij het medische laboratorium ...

An anonymous reader quotes a report from the Associated Press: Agrochemical maker Bayer and attorneys for cancer patients announced a proposed $7.25 billion settlement Tuesday to resolve thousands of U.S. lawsuits alleging the company failed to warn people that its popular weedkiller Roundup could cause cancer. The proposed settlement comes as the U.S. Supreme Court is preparing to hear arguments in April on Bayer's assertion that the U.S. Environmental Protection Agency's approval of Roundup without a cancer warning should invalidate claims filed in state courts. That case would not be affected by the proposed settlement. But the settlement would eliminate some of the risk from an eventual Supreme Court ruling. Patients would be assured of receiving settlement money even if the Supreme Court rules in Bayer's favor. And Bayer would be protected from potentially larger costs if the high court rules against it. Germany-based Bayer, which acquired Roundup maker Monsanto in 2018, disputes the assertion that Roundup's key ingredient, glyphosate, can cause non-Hodgkin lymphoma. But the company has warned that mounting legal costs are threatening its ability to continue selling the product in U.S. agricultural markets. "Litigation uncertainly has plagued the company for years, and this settlement gives the company a road to closure," Bayer CEO Bill Anderson said Tuesday. The proposed settlement could total up to $7.25 billion over 21 years and resolve most of the remaining U.S. lawsuits surrounding the cancer-related harms of Roundup. The report notes that more than 125,000 claims have been filed since 2015, and while many have already been settled, this deal aims to cover most outstanding and future claims tied to past exposure. Individual payouts would vary widely based on exposure type, age at diagnosis, and cancer severity. Bayer can also cancel the deal if too many plaintiffs opt out.

Read more of this story at Slashdot.

Anthropic has released Claude Sonnet 4.6, the first upgrade to its mid-tier AI model since version 4.5 arrived in September 2025. The new model features a "1M token context window" and delivers a "full upgrade of the model's skills across coding, computer use, long-context reasoning, agent planning, knowledge work, and design." From Anthropic: Sonnet 4.6 brings much-improved coding skills to more of our users. Improvements in consistency, instruction following, and more have made developers with early access prefer Sonnet 4.6 to its predecessor by a wide margin. They often even prefer it to our smartest model from November 2025, Claude Opus 4.5. Performance that would have previously required reaching for an Opus-class model -- including on real-world, economically valuable office tasks -- is now available with Sonnet 4.6. The model also shows a major improvement in computer use skills compared to prior Sonnet models. The free tier now uses Sonnet 4.6 by default and with "file creation, connectors, skills, and compaction" included.

Read more of this story at Slashdot.

According to Bloomberg's Mark Gurman (paywalled), Apple is reportedly developing AI-powered smart glasses, a wearable pendant, and camera-equipped AirPods that connect to the iPhone and use "visual context" to let Siri perform real-world actions. The Verge reports: Apple is reportedly aiming to start production of its smart glasses in December, ahead of a 2027 launch. The new device will compete directly with Meta's lineup of smart glasses and is rumored to feature speakers, microphones, and a high-resolution camera for taking photos and videos, in addition to another lens designed to enable AI-powered features. The glasses won't have a built-in display, but they will allow users to make phone calls, interact with Siri, play music, and "take actions based on surroundings," such as asking about the ingredients in a meal, according to Bloomberg. Apple's smart glasses could also help users identify what they're seeing, reference landmarks when offering directions, and remind wearers to complete a task in specific situations, Bloomberg reports. The company is reportedly planning to develop the frames for the smart glasses in-house, instead of partnering with a third-party company like Meta does with Ray-Ban and Oakley. Prototypes of the glasses use a cable to connect to a battery pack and an iPhone, but Bloomberg reports that "newer versions have the components embedded in the frame." Apple reportedly wants to make its smart glasses stand out by offering a high-quality build and advanced camera technology. The company is still working on AI-powered smart glasses with a display, though their launch "remains many years away," Bloomberg says. Apple's plans for AI hardware don't end there, as the company is expected to build upon its Google Gemini-powered Siri upgrade with an AirTag-sized AI pendant that people can either wear as a necklace or a pin. This device would "essentially serve as an always-on camera" for the iPhone and has a microphone for prompting Siri, Bloomberg reports. The pendant, which The Information first reported on last month, is rumored to come with a built-in chip, but will mainly rely on the iPhone's processing power. The device could arrive as early as next year, according to Bloomberg.

Read more of this story at Slashdot.

Following backlash over Discord's global rollout of strict age-verification checks, users are flocking to rival platform TeamSpeak and overwhelming its servers. According to PC Gamer, the Discord alternative said its hosting capacity has been maxed out in a number of regions including the U.S. From the report: [A]s I saw for myself while testing out free Discord alternatives, it's hard to deny the appeal of TeamSpeak. It's quick and easy to make an account, join or start a group chat, or join a massive, game-based community voice server, and at no point does TeamSpeak cheekily ask if it can scan your wizened visage. During my testing, I was able to dive into 18+ group chats without tripping over an age gate. However, there's no guarantee TeamSpeak won't have to deploy its own age verification mechanism in the future. In the UK at least, the Online Safety Act makes those sorts of checks a legal obligation, with Prime Minister Keir Starmer recently stating "No social media platform should get a free pass when it comes to protecting our kids." Besides all of that, if you'd rather not chat to randoms who also happen to have an unhealthy obsession with Arc Raiders, you'll likely need to pay an admittedly small subscription fee to rent your own ten-person community voice server. By that point, you're handing over card details and essentially fulfilling an age assurance check anyway. If you'd rather limit how much info your chat platform of choice has about you, there are arguably better options out there.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Washington Post: David Greene had never heard of NotebookLM, Google's buzzy artificial intelligence tool that spins up podcasts on demand, until a former colleague emailed him to ask if he'd lent it his voice. "So... I'm probably the 148th person to ask this, but did you license your voice to Google?" the former co-worker asked in a fall 2024 email. "It sounds very much like you!" Greene, a public radio veteran who has hosted NPR's "Morning Edition" and KCRW's political podcast "Left, Right & Center," looked up the tool, listening to the two virtual co-hosts -- one male and one female -- engage in light banter. "I was, like, completely freaked out," Greene said. "It's this eerie moment where you feel like you're listening to yourself." Greene felt the male voice sounded just like him -- from the cadence and intonation to the occasional "uhhs" and "likes" that Greene had worked over the years to minimize but never eliminated. He said he played it for his wife and her eyes popped. As emails and texts rolled in from friends, family members and co-workers, asking if the AI podcast voice was his, Greene became convinced he'd been ripped off. Now he's suing Google, alleging that it violated his rights by building a product that replicated his voice without payment or permission, giving users the power to make it say things Greene would never say. Google told The Washington Post in a statement on Thursday that NotebookLM's male podcast voice has nothing to do with Greene. Now a Santa Clara County, California, court may be asked to determine whether the resemblance is uncanny enough that ordinary people hearing the voice would assume it's his -- and if so, what to do about it. Greene's lawsuit cites an unnamed AI forensic firm that used its software to compare the artificial voice to Greene's. It gave a confidence rating of 53-60% that Greene's voice was used to train the model, which it considers "relatively high" confidence. "If I was David Greene I would be upset, not just because they stole my voice," but because they used it to make the podcasting equivalent of AI "slop," said Mike Pesca, host of "The Gist" podcast and a former colleague of Greene's at NPR. "They have banter, but it's very surface-level, un-insightful banter, and they're always saying, 'Yeah, that's so interesting.' It's really bad, because what do we as show hosts have except our taste in commentary and pointing our audience to that which is interesting?"

Read more of this story at Slashdot.

A proposal within the Fedora Linux community suggests improving the kernel's DRM Panic screen to a more user-friendly, BSOD-style experience. Phoronix reports: Open-source developer Jose Exposito proposed today a nicer experience for DRM Panic integration on Fedora. Rather than using DRM Panic with just the kernel log contents being encoded in the QR code displayed when a kernel panic occurs, the proposal is to have a customized Fedora web-page with the encoded QR contents to be shown on that web page. Besides having a more pleasant UI/UX, from this web page the intent would also be to make it easier to report this error to the Fedora BugZilla. Being able to easily pass the kernel log to the Fedora bug tracker could help in making upstream aware of the problem(s) and seeing if other users are also encountering similar panics. Right now this idea was just raised earlier today as a "request for comments" on the Fedora mailing list. While a prototype at this point, Exposito already developed a basic web interface for demoing the solution.

Read more of this story at Slashdot.

Longtime Slashdot reader jrepin writes: KDE Plasma is a popular desktop (and mobile too) environment for GNU/Linux and other UNIX-like operating systems. Among other things, it also powers the desktop mode of the Steam Deck gaming handheld. The KDE community today announced the latest release: Plasma 6.6. In this new major release, Spectacle can recognize texts from screenshots, a new on-screen keyboard and new login manager are available for testing, and a first-time wizard Plasma Setup was added. Your current theme can be saved as a new global theme, which can also be used for the day and night theme-switching feature. Emoji selector got a new easier way to select skin tone. If your computer has a camera available, you can now connect to a Wi-Fi network by scanning a QR code. Application sound volume can now be changed by scrolling over an application taskbar button via mouse wheel. When screencasting and sharing your desktop, you can now filter windows so they are not shared. A setting was added to enable having virtual desktops only on the primary screen. If your device has an ambient light sensor, you can enable automatic screen brightness adjustment. Game controllers can now be used as regular input devices. For complete list of new features and changes, check out the KDE Plasma 6.6 release announcement and the complete changelog.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: More than two years after Broadcom took over VMware, the virtualization company's customers are still grappling with higher prices, uncertainty, and the challenges of reducing vendor lock-in. Today, CloudBolt Software released a report, "The Mass Exodus That Never Was: The Squeeze Is Just Beginning," that provides insight into those struggles. CloudBolt is a hybrid cloud management platform provider that aims to identify VMware customers' pain points so it can sell them relevant solutions. In the report, CloudBolt said it surveyed 302 IT decision-makers (director-level or higher) at North American companies with at least 1,000 employees in January. The survey is far from comprehensive, but it offers a look at the obstacles these users face. Broadcom closed its VMware acquisition in November 2023, and last month, 88 percent of survey respondents still described the change as "disruptive." Per the survey, the most cited drivers of disruption were price increases (named by 89 percent of respondents), followed by uncertainty about Broadcom's plans (85 percent), support quality concerns (78 percent), Broadcom shifting VMware from perpetual licenses to subscriptions (72 percent), changes to VMware's partner program (68 percent), and the forced bundling of products (65 percent). When Broadcom bought VMware, some customers shared horror stories about receiving quotes that showed prices increasing by as much as 1,000 percent. CloudBolt's survey paints a more modest picture. Fourteen percent of respondents said their VMware costs have at least doubled, while 12 percent reported increases of 50-99 percent, 33 percent reported increases of 24-49 percent, and 31 percent reported increases of less than 25 percent. Despite survey participants suggesting smaller price hikes than originally anticipated under Broadcom, companies are still struggling with the pricing changes. Eighty-five percent are concerned that VMware will become even more expensive, according to CloudBolt's survey. [...] CloudBolt's survey also examined how respondents are migrating workloads off of VMware. Currently, 36 percent of participants said they migrated 1-24 percent of their environment off of VMware. Another 32 percent said that they have migrated 25-49 percent; 10 percent said that they've migrated 50-74 percent of workloads; and 2 percent have migrated 75 percent or more of workloads. Five percent of respondents said that they have not migrated from VMware at all. Among migrated workloads, 72 percent moved to public cloud infrastructure as a service, followed by Microsoft's Hyper-V/Azure stack (43 percent of respondents). Overall, 86 percent of respondents "are actively reducing their VMware footprint," CloudBolt's report said.

Read more of this story at Slashdot.

A US law firm has accused Lenovo of violating Justice Department strictures about the bulk transfer of data to foreign adversaries, namely China. From a report: The case filed by Almeida Law Group on behalf of San Francisco-based "Spencer Christy, individually and on behalf of all others similarly situated" centers on the Data Security Program regulations implemented by the DOJ last year. According to the suit, these were "implemented to prevent adversarial countries from acquiring large quantities of behavioral data which could be used to surveil, analyze, or exploit American citizens' behavior." The complaint states the DOJ rule "makes clear that sending American consumers' information to Chinese entities through automated advertising systems and associated databases with the requisite controls is prohibited." The case states the threshold for "covered personal identifiers" is 100,000 US persons or more and lists a range of potential identifiers, from government and financial account numbers to IMEIs, MAC, and SIM numbers, demographic data, and advertising IDs.

Read more of this story at Slashdot.

Residents of Potters Bar, a small town just north of London, are trying to block what would be one of Europe's largest data centers from being built on 85 acres of rolling farmland that separates their community from the neighboring village of South Mimms. Multinational operator Equinix acquired the land last October after the local council granted planning permission in January 2025, and the company intends to break ground this year on a development it estimates will cost more than $5 billion. The UK government's decision to classify data centers as "critical national infrastructure" and a new "gray belt" land designation that loosens building restrictions on underperforming greenbelt parcels helped clear the path for approval -- even though objections from locals outweighed signatures of support by nearly two-to-one during the public consultation. A protest group of more than 1,000 residents has since appealed to a third-party ombudsman and the UK's Office of Environmental Protection, but has so far failed to overturn the decision.

Read more of this story at Slashdot.

Sees little enterprise AI adoption other than coding assistants, buys Koi for what comes next

If enterprises are implementing AI, they’re not showing it to Palo Alto Networks CEO Nikesh Arora, who on Tuesday said business adoption of the tech lags consumer take-up by at least a couple of years – except for coding assistants....

Full scale of infections remains 'unknown'

China-linked attackers exploited a maximum-severity hardcoded-credential bug in Dell RecoverPoint for Virtual Machines as a zero-day since at least mid-2024. It's all part of a long-running effort to backdoor infected machines for long-term access, according to Google's Mandiant incident response team....

Plus 3 new goon squads targeted critical infrastructure last year

Three new threat groups began targeting critical infrastructure last year, while a well-known Beijing-backed crew - Volt Typhoon - continued to compromise cellular gateways and routers, and then break into US electric, oil, and gas companies in 2025, according to Dragos' annual threat report published on Tuesday....

Keep behavioral tracking American? PC giant says the claim is 'false'

A US law firm has accused Lenovo of violating Justice Department strictures about the bulk transfer of data to foreign adversaries, namely China....

Police say seized kit contained logins, passwords, and server IP addresses

Polish police have arrested and charged a man over ties to the Phobos ransomware group following a property raid....

Digital burglaries remain routine, and data shows most corps still don't stick to basic infosec standards

Britain is telling businesses to "lock the door" on cybercrims as new government data suggests most still haven't even found the latch....

Social media platform’s legal eagles prepare to fight ever-growing number of countries

The Irish Data Protection Commission (DPC) is the latest regulator to open an investigation into Elon Musk's X following repeated reports of harmful image generation by the platform's Grok AI chatbot....

Top brass splash cash on acoustic targeting, hypersonic missiles...and Red Hat

Keir Starmer could ramp up the UK's defense spending plans faster than planned as the MoD reeled off new purchases for Britain's armed forces....

Fashion brand latest to succumb to ShinyHunters' tricks

Canada Goose says an advertised breach of 600,000 records is an old raid and there are no signs of a recent compromise....

Bungled link handed over sensitive docs, and when recipient didn't cooperate, police opted for cuffs

Dutch police have arrested a man for "computer hacking" after accidentally handing him their own sensitive files and then getting annoyed when he didn't hand them back....

NCEES explains why licensure matters for engineers and answers your top questions about the FE and PE exams. Source Views: 14

La entrada Thinking About Becoming a Licensed Engineer? Start Here. se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

View our compilation of online stories and resources highlighting the Hispanic community and their contributions to STEM. Source Views: 12

La entrada Celebrate Hispanic Heritage Month With SWE se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.cyberdefensemagazine.com – Author: News team Software supply chain attacks have emerged as a serious threat in the rapidly evolving field of cybersecurity, especially in medical devices. As these devices become more and more interconnected and dependent on complex software ecosystems, the potential for exploitation through the supply chain has grown exponentially. One powerful tool […]

La entrada The Critical Role of Sboms (Software Bill of Materials) In Defending Medtech From Software Supply Chain Threats – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.cyberdefensemagazine.com – Author: News team It’s common knowledge in the cybersecurity industry that ransomware is on the rise, with median demands rising 20% year-over-year across virtually all industries. But it’s not only the ransom sums themselves that are escalating; threat actors are engaging in increasingly aggressive tactics and techniques to extort their victims. It’s […]

La entrada Ransomware Tactics Are Shifting. Here’s How to Keep Up – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Rob Wright CERT-FR’s advisory follows last month’s disclosure of a zero-day flaw Apple said was used in “sophisticated” attacks against targeted individuals. Original Post URL: https://www.darkreading.com/vulnerabilities-threats/french-sheds-light-apple-spyware-activity Category & Tags: – Views: 9

La entrada French Advisory Sheds Light on Apple Spyware Activity – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Riaz Lakhani Together, we can foster a culture of collaboration and vigilance, ensuring that we are not just waiting for a hero to save us, but actively working to protect ourselves and our communities. Original Post URL: https://www.darkreading.com/cyberattacks-data-breaches/without-federal-help-cyber-defense-cisa Category & Tags: – Views: 19

La entrada Without Federal Help, Cyber Defense Is Up to the Rest of Us – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Gaurav Banga Here’s a scenario security teams increasingly face. A user—or an attacker pretending to be one—types something like: This is how many prompt injection attempts begin. The phrase looks harmless, but it’s a red flag: the user is telling the AI to forget its built‐in rules. What follows is often […]

La entrada Safer Conversational AI for Cybersecurity: The BIX Approach – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Sofia Naer Introduction On July 16, 2025, Europol revealed the details of Operation Eastwood, a coordinated international strike against one of the most active pro-Russian cybercrime groups, NoName057(016). The announcement promised a major disruption to the group’s activities. In this blog, we explore whether Operation Eastwood had any real impact on […]

La entrada Operation Eastwood: Measuring the Real Impact on NoName057(16) – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Jeffrey Burt Five months after the future of the CVE program was thrown in doubt, CISA this week released a roadmap that calls for steps to take for its new “quality era,” which includes public sponsorship, expanded public-private partnership, and modernization. The post CISA Lays Out Roadmap for CVE Program’s ‘Quality […]

La entrada CISA Lays Out Roadmap for CVE Program’s ‘Quality Era’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Marc Handelman via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Dual Roomba’ appeared first on Security Boulevard. Original Post URL: https://securityboulevard.com/2025/09/randall-munroes-xkcd-dual-roomba/?utm_source=rss&utm_medium=rss&utm_campaign=randall-munroes-xkcd-dual-roomba Category & Tags: Humor,Security Bloggers Network,Randall Munroe,Sarcasm,satire,XKCD – Humor,Security Bloggers Network,Randall Munroe,Sarcasm,satire,XKCD Views: 8

La entrada Randall Munroe’s XKCD ‘Dual Roomba’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

New York, USA, 17th February 2026, CyberNewswire

SINGAPORE, Singapore, 17th February 2026, CyberNewswire

Washington DC, USA, 17th February 2026, CyberNewswire

PDF security guide covering redaction, metadata risks, compliance standards, and safe editing of password-protected files to prevent data leaks.

Boston, Massachusetts, 17th February 2026, CyberNewswire

Forcepoint X-labs reveals how hackers use fake SSA emails and hijacked ScreenConnect tools to bypass Windows security to target UK, US, and Canadian organisations.

Cybersecurity experts at Moonlock Lab have discovered a new ClickFix attack. Hackers are using hijacked Google Ads and fake Claude AI guides to trick Mac users into installing the data-stealing MacSync malware.

New investigation by Q Continuum reveals 287 Chrome extensions leaking the private browsing data of 37.4 million users to firms like Similarweb and Alibaba. Learn how these harmless tools turn your history into a product.

Healthcare interoperability improves care but expands attack surfaces, increasing data exposure, compliance risk, and security challenges across connected systems.

AI-driven crypto scams surge as cybercrime hits $17B, with deepfakes, fraud kits, and industrial social engineering reshaping digital asset threats and defenses.

A vulnerability was found in isaacs node-tar up to 7.5.7 and classified as critical. This vulnerability affects unknown code of the component Extraction Handler. Such manipulation leads to path traversal. This vulnerability is listed as CVE-2026-26960. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in Ultimate Member Plugin up to 2.11.1 on WordPress and classified as problematic. This affects the function filter_first_name of the component Filter Handler. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2026-1404. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability, which was classified as problematic, was found in Complianz Plugin up to 7.4.3 on WordPress. Affected by this issue is some unknown functionality of the component Shortcode Handler. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2025-11185. The attack can be executed remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, has been found in Community Events Plugin up to 1.5.7 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation of the argument ce_venue_name leads to cross site scripting. This vulnerability is referenced as CVE-2026-1649. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as problematic was found in Video Share VOD Plugin up to 2.7.11 on WordPress. Affected is an unknown function of the component Setting Handler. Executing a manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2025-13727. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in WP Event Aggregator Plugin up to 1.8.7 on WordPress. This impacts the function wp_events of the component Shortcode Handler. Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-1941. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as problematic has been identified in Booking Calendar Plugin up to 10.14.14 on WordPress. This affects the function handle_ajax_save of the component Setting Handler. Such manipulation leads to improper control of resource identifiers. This vulnerability is uniquely identified as CVE-2026-2230. The attack can be launched remotely. No exploit exists.

A vulnerability marked as critical has been reported in Bookster Plugin up to 2.1.1 on WordPress. The impacted element is an unknown function. This manipulation of the argument raw causes sql injection. This vulnerability is handled as CVE-2025-8781. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as critical has been found in RegistrationMagic Plugin up to 6.0.6.9 on WordPress. The affected element is the function process_paypal_sdk_payment of the component Payment Handler. The manipulation results in improper authentication. This vulnerability is known as CVE-2025-14444. It is possible to launch the attack remotely. No exploit is available.

A vulnerability identified as problematic has been detected in Blog2Social Plugin up to 8.7.4 on WordPress. Impacted is the function curationDraft. The manipulation of the argument ID leads to missing authorization. This vulnerability is traded as CVE-2026-1942. It is possible to initiate the attack remotely. There is no exploit available.

https://security-tracker.debian.org/tracker/DSA-6138-1

https://security-tracker.debian.org/tracker/DSA-6137-1

https://security-tracker.debian.org/tracker/DSA-6136-1

https://security-tracker.debian.org/tracker/DSA-6135-1

https://security-tracker.debian.org/tracker/DSA-6134-1

https://security-tracker.debian.org/tracker/DSA-6133-1

https://security-tracker.debian.org/tracker/DSA-6132-1

https://security-tracker.debian.org/tracker/DSA-6131-1

https://security-tracker.debian.org/tracker/DSA-6130-1

https://security-tracker.debian.org/tracker/DSA-6129-1

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information. Google is aware that an exploit for CVE-2026-2441 exists in the wild.

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Updated information to include CVSS scores. This is an informational change only.

Download links fixed

Apple heeft kwetsbaarheden verholpen in iOS en iPadOS. De kwetsbaarheden omvatten verschillende problemen zoals geheugenbeschadiging, bufferoverloop, en gebruik na vrijgave, die konden leiden tot ongeautoriseerde toegang tot gevoelige gegevens, onverwachte procescrashes en andere stabiliteitsproblemen. De kwetsbaarheden werden voornamelijk veroorzaakt door inadequate invoervalidatie en kwetsbaarheden in de verwerking van schadelijke inhoud. De updates zijn gericht op het verbeteren van de beveiliging en stabiliteit van de betrokken besturingssystemen. Apple meldt dat zij een rapport hebben ontvangen dat de kwetsbaarheid met kenmerk CVE-2026-20700 mogelijk is misbruikt bij een zeer gerichte aanval, waarbij een iOS device met versienummer vóór 26 het slachtoffer is. Meer detailinformatie is niet vrijgegeven. De kwetsbaarheid stelt een kwaadwillende in staat om willekeurige code uit te voeren. Voor succesvol misbruik moet de kwaadwillende voorafgaande rechten hebben om geheugen te mogen beschrijven.

Apple heeft kwetsbaarheden verholpen in macOS, inclusief versies Sequoia 15.7.4, Tahoe 26.3 en Sonoma 14.8.4. De kwetsbaarheden omvatten onder andere problemen met geheugencorruptie, ongeautoriseerde toegang tot gevoelige gebruikersdata, en logboekproblemen die konden leiden tot ongeautoriseerde toegang tot locatie-informatie. De updates bevatten verbeterde validatieprocessen en state management om deze risico's te mitigeren.

BeyondTrust heeft een kwetsbaarheid verholpen in BeyondTrust Remote Support en enkele oudere versies van Privileged Remote Access. De kwetsbaarheid bevindt zich in de pre-authenticatie van de software, waardoor niet-geauthenticeerde aanvallers in staat zijn om besturingssysteemcommando's uit te voeren door speciaal vervaardigde verzoeken naar de getroffen systemen te sturen. **Update 13 02 2026:** Voor de kwetsbaarheid CVE-2026-1731 is recentelijk publieke proof-of-concept code verschenen en ook actief misbruik waargenomen. Deze factoren verhogen aanzienlijk het risico op misbruik.

GitLab heeft kwetsbaarheden verholpen in GitLab CE/EE (Specifiek voor versies vóór 18.6.6, 18.7.4, en 18.8.4). De kwetsbaarheden omvatten server-side request forgery, ongeautoriseerde toegang tot interne netwerkservices, injectie van kwaadaardige inhoud, ongeautoriseerde acties via de GLQL API, ongeautoriseerde informatie openbaarmaking via de API, en denial of service door overmatige GraphQL-queries. Authenticated gebruikers konden misbruik maken van deze kwetsbaarheden, wat leidde tot risico's zoals ongeautoriseerde toegang, manipulatie van gebruikersacties, en verstoring van de beschikbaarheid van systemen. Daarnaast konden ongeauthenticeerde gebruikers ook denial of service veroorzaken door het uploaden van schadelijke bestanden. De kwetsbaarheden zijn opgelost in de laatste updates, waardoor gebruikers van de getroffen versies niet langer risico lopen op deze specifieke exploits.

Fortinet heeft kwetsbaarheden verholpen in FortiOS (Versies 7.0 tot 7.6.4, 7.4.0 tot 7.4.9, en 7.2.0 tot 7.2.11). De kwetsbaarheden omvatten een Authentication Bypass die ongeauthenticeerde aanvallers in staat stelt om LDAP-authenticatie te omzeilen voor Agentless VPN of FSSO-beleid, afhankelijk van specifieke configuraties van de LDAP-server. Daarnaast kunnen ongeauthenticeerde aanvallers gevoelige informatie blootleggen door patches te omzeilen via speciaal gemaakte HTTP-verzoeken. Er is ook een kwetsbaarheid die geauthenticeerde beheerders in staat stelt om ongeautoriseerde code uit te voeren via speciaal gemaakte configuraties, en een andere die geauthenticeerde gebruikers in staat stelt om FSSO-beleid configuraties te exploiteren voor ongeautoriseerde toegang tot beschermde netwerkbronnen. Beide kwetsbaarheden kunnen worden misbruikt via speciaal gemaakte verzoeken.

Fortinet heeft kwetsbaarheden verholpen in FortiSandbox (versies 4.4.8 en 5.0.5), FortiAuthenticator (versies 6.3 tot 6.6.6) en FortiClient (versies 7.0, 7.2 en 7.4). De kwetsbaarheid in FortiSandbox betreft Cross-site Scripting, waardoor niet-geauthenticeerde aanvallers willekeurige commando's kunnen uitvoeren via speciaal gemaakte verzoeken. De kwetsbaarheid in FortiAuthenticator betreft een ontbrekende autorisatie die het mogelijk maakt voor alleen-lezen gebruikers om lokale gebruikersaccounts te wijzigen via een onbeveiligd bestand upload endpoint. De kwetsbaarheid in FortiClient stelt lokale aanvallers met lage privileges in staat om willekeurige bestandswijzigingen uit te voeren met verhoogde rechten door middel van speciaal gemaakte named pipe berichten, wat ongeautoriseerde toegang tot systeem bestanden mogelijk maakt.

Ivanti heeft kwetsbaarheden verholpen in Ivanti Endpoint Manager (Specifiek voor versies vóór 2024 SU5). De kwetsbaarheid met kenmerk CVE-2026-1603 betreft een authenticatie-bypass die het mogelijk maakt voor externe, niet-geauthenticeerde aanvallers om toegang te krijgen tot bepaalde opgeslagen inloggegevens, wat kan leiden tot compromittering van gevoelige data. De kwetsbaarheid met kenmerk CVE-2026-1602 betreft een SQL-injectie die het mogelijk maakt voor externe, geauthenticeerde aanvallers om willekeurige SQL-query's uit te voeren, wat kan leiden tot ongeautoriseerde toegang tot gevoelige database-informatie. Beide kwetsbaarheden kunnen de integriteit en vertrouwelijkheid van de gegevens in het systeem in gevaar brengen.

Microsoft heeft kwetsbaarheden verholpen in Office componenten. Een kwaadwillende kan de kwetsbaarheden misbruiken om beveiligingsmaatregelen te omzeilen, zoch voor te doen als andere gebruiker en zich zo verhoogde rechten toe te kennen en toegang te krijgen tot gevoelige gegevens. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden en malafide bestand te openen of link te volgen. Van de kwetsbaarheid met kenmerk CVE-2026-21511 meldt Microsoft informatie te hebben dat deze besproken wordt op fora. De kwetsbaarheid stelt een kwaadwillende in staat om middels een malafide bericht een NTLM-authenticatie te initiëren naar een server onder controle van de kwaadwillende, waarmee de kwaadwillende authenticatiegegevens kan bemachtigen. Er is (nog) geen publieke Proof-of-Concept-code beschikbaar en misbruik vereist een speciaal ingerichte server. Grootschalig misbruik is hiermee niet waarschijnlijk. ``` Microsoft Office Word: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21514 | 7.80 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| Microsoft Office Excel: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21259 | 7.30 | Verkrijgen van verhoogde rechten | | CVE-2026-21258 | 5.50 | Toegang tot gevoelige gegevens | | CVE-2026-21261 | 5.50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Microsoft Office Outlook: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21260 | 7.50 | Voordoen als andere gebruiker | | CVE-2026-21511 | 7.50 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| ```

Microsoft heeft kwetsbaarheden verholpen in diverse Azure componenten. Een kwaadwillende kan de kwetsbaarheden misbruiken om zich voor te doen als andere gebruiker, zich mogelijk verhoogde rechten toe te kennen en zo willekeurige code uit te voeren of toegang te krijgen tot gevoelige gegevens. Van de kwetsbaarheden met kenmerk CVE-2026-21532, CVE-2026-24300 en CVE-2026-24302 meldt Microsoft dat deze in hun centrale Azure-infrastructuur zijn verholpen en dat deze kwetsbaarheden geen actie van gebruikers vereist. Deze kwetsbaarheden zijn ter informatie opgenomen. ``` Azure Front Door (AFD): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-24300 | 9.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Azure Function: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21532 | 8.20 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Azure HDInsights: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21529 | 5.70 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| Azure Compute Gallery: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-23655 | 6.50 | Toegang tot gevoelige gegevens | | CVE-2026-21522 | 6.70 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Azure Local: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21228 | 8.10 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Azure Arc: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-24302 | 8.60 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Azure IoT SDK: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21528 | 6.50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Azure DevOps Server: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21512 | 6.50 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| Azure SDK: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21531 | 9.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| ```

Microsoft heeft kwetsbaarheden verholpen in diverse componenten van Visual Studio en .NET. Een kwaadwillende kan de kwetsbaarheden misbruiken om beveiligingsmaatregelen te omzeilen, zich verhoogde rechten toe te kennen en mogelijk willekeurige code uit te voeren met rechten van het slachtoffer. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden om malafide code te downloaden en uit te voeren. Omdat ontwikkelaars in ontwikkelomgevingen vaak met verhoogde rechten werken, is niet uit te sluiten dat de uitvoer van code ook plaatsvindt onder verhoogde rechten. ``` GitHub Copilot and Visual Studio: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21523 | 8.00 | Uitvoeren van willekeurige code | | CVE-2026-21257 | 8.00 | Verkrijgen van verhoogde rechten | | CVE-2026-21256 | 8.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| GitHub Copilot and Visual Studio Code: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21518 | 6.50 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| .NET and Visual Studio: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21218 | 7.50 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| Github Copilot: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21516 | 8.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------|

Het Centraal Bureau voor de Statistiek (CBS) onderzoekt elk jaar in welke mate het mkb bepaalde ICT-veiligheidsmaatregelen treft. Een paar cijfers: slechts 29% van de mkb-bedrijven maakt een risico-analyse en maar 9% doet aan verplichte trainingen voor medewerkers. Er valt dus nog veel te winnen op het gebied van digitale weerbaarheid. Hoe effectief is de inzet van samenwerkingsverbanden om het mkb hierin te stimuleren?

Nederlandse bedrijven zijn Europese koploper wat betreft het gebruik van clouddiensten en het benutten van data. We regelen vrijwel alles online en graag zo centraal mogelijk. Dat maakt bepaalde dataknooppunten extra gevoelig voor cybercriminelen. Dat ervaarde ook een aanbieder van een landelijke dienst, waar iets kleins als een cookie-instelling, tot grote problemen leidde.

Het Nationaal Cyber Security Centrum (NCSC) vervult al jarenlang een centrale rol als meldpunt voor kwetsbaarheden binnen de digitale infrastructuur van de Rijksoverheid en vitale organisaties. Securityonderzoekers van buiten het NCSC leveren daarbij een onmisbare bijdrage. Met hun expertise fungeren zij als verlengstuk van ons Fusion Centre en helpen zij actief mee om digitale risico’s tijdig te signaleren. Hun CVD-meldingen dragen aantoonbaar bij aan het versterken van de digitale weerbaarheid van Nederland.

Er zijn ernstige kwetsbaarheden in FortiOS, FortiProxy, FortiWeb en FortiSwitchManager gevonden medio december 2025. Onderzoekers meldden toen actief misbruik van de kwetsbaarheden met kenmerk CVE-2025-59718 en CVE-2025-59719. Update: de beveiligingsupdates bieden onvoldoende bescherming.

Stel je voor: het is maandagochtend. Terwijl de meeste teams nog opstarten, komt er in jouw sector een melding binnen over een nieuwe ransomware-campagne. Een paar uur later volgen de eerste bevestigingen: meerdere organisaties zijn al geraakt en de impact loopt snel op. De indicators of compromise (IOC’s), zoals IP-adressen, domeinnamen en file-hashes worden gedeeld, maar nog via losse spreadsheets, pdf'jes, CSV’s of e-mails. Tegen de tijd dat jouw Security Operations Center (SOC) deze informatie handmatig heeft overgenomen en in de beveiligingstools heeft geladen, is de aanval alweer een stap verder in de aanvalsketen.

Op donderdag 29 januari van 11:00 tot 12:00 uur organiseren we samen met de NCTV een tweede webinar over de Cyberbeveiligingswet. Dit keer zoomen we in op de zorgplicht - één van de kernverplichtingen uit de Cyberbeveiligingswet - en bespreken we de bestuurlijke verantwoordelijkheid & opleidingsplicht.

Business Email Compromise (BEC) is op dit moment een van de snelst groeiende vormen van digitale oplichting. Bij BEC doen criminelen zich voor als een persoon die binnen een organisatie wordt vertrouwd - vaak een directeur of leidinggevende (CEO-fraude). In dit artikel lees je meer over hoe BEC-aanvallen typisch verlopen, hoe je ze kunt herkennen en op welke manieren je jouw organisatie hiertegen kunt wapenen.

Ein Angreifer kann eine Schwachstelle in Google Chrome und Microsoft Edge ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, möglicherweise beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder Daten zu manipulieren.

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Roundcube ausnutzen, um Sicherheitsvorkehrungen zu umgehen und um die Darstellung von E-Mails zu verfälschen.

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in GNU libc ausnutzen, um einen Denial of Service Angriff durchzuführen.

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in GNU libc ausnutzen, um Informationen offenzulegen.

Ein lokaler Angreifer kann eine Schwachstelle in GNU libc ausnutzen, um beliebigen Programmcode auszuführen.

Ein Angreifer kann mehrere Schwachstellen in Node.js ausnutzen, um beliebigen Code auszuführen, erweiterte Berechtigungen zu erlangen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren und vertrauliche Informationen offenzulegen.

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL und LibreSSL ausnutzen, um potentiell beliebigen Code auszuführen, einen Denial of Service-Zustand zu verursachen und vertrauliche Informationen offenzulegen.

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Pega Platform ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.

Ein Angreifer kann eine Schwachstelle in Apache Nifi ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Ein lokaler Angreifer kann eine Schwachstelle in iba AG ibaAnalyzer ausnutzen, um seine Privilegien zu erhöhen.

De multiples vulnérabilités ont été découvertes dans Mitel Micollab. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

De multiples vulnérabilités ont été découvertes dans Mattermost Server. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.

De multiples vulnérabilités ont été découvertes dans les produits Axis. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

De multiples vulnérabilités ont été découvertes dans MongoDB. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.

De multiples vulnérabilités ont été découvertes dans Synology Storage Manager. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.

De multiples vulnérabilités ont été découvertes dans les produits HPE Aruba Networking. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une falsification de requêtes côté serveur (SSRF).

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.

Cloud attacks move fast — faster than most incident response teams. In data centers, investigations had time. Teams could collect disk images, review logs, and build timelines over days. In the cloud, infrastructure is short-lived. A compromised instance can disappear in minutes. Identities rotate. Logs expire. Evidence can vanish before analysis even begins. Cloud forensics is fundamentally

Cybersecurity researchers have disclosed that artificial intelligence (AI) assistants that support web browsing or URL fetching capabilities can be turned into stealthy command-and-control (C2) relays, a technique that could allow attackers to blend into legitimate enterprise communications and evade detection. The attack method, which has been demonstrated against Microsoft Copilot and xAI Grok

A new Android backdoor that's embedded deep into the device firmware can silently harvest data and remotely control its behavior, according to new findings from Kaspersky. The Russian cybersecurity vendor said it discovered the backdoor, dubbed Keenadu, in the firmware of devices associated with various brands, including Alldocube, with the compromise occurring during the firmware build phase.

Cybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context Protocol (MCP) server associated with Oura Health to deliver an information stealer known as StealC. "The threat actors cloned a legitimate Oura MCP Server – a tool that connects AI assistants to Oura Ring health data – and built a deceptive

My objectiveThe role of NDR in SOC workflowsStarting up the NDR systemHow AI complements the human responseWhat else did I try out?What could I see with NDR that I wouldn’t otherwise?Am I ready to be a network security analyst now? My objective As someone relatively inexperienced with network threat hunting, I wanted to get some hands-on experience using a network detection and response (

New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence (AI) chatbots via the "Summarize with AI" button that's being increasingly placed on websites in ways that mirror classic search engine poisoning (SEO). The new AI hijacking technique has been codenamed AI Recommendation Poisoning by the Microsoft Defender Security Research Team. The tech giant

Apple on Monday released a new developer beta of iOS and iPadOS with support for end-to-end encryption (E2EE) in Rich Communications Services (RCS) messages. The feature is currently available for testing in iOS and iPadOS 26.4 Beta, and is expected to be shipped to customers in a future update for iOS, iPadOS, macOS, and watchOS. "End-to-end encryption is in beta and is not available for all

Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration environment. "This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI [

A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. "The attacks range in severity from integrity violations to the complete compromise of all vaults in an organization," researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson said.

This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used side by side, whichever path

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

The post Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware appeared first on TechRepublic.

A fake Android antivirus app called TrustBastion is spreading malware and stealing banking credentials. Here’s how it works and how to stay protected.

The post Fake ‘Antivirus’ App Spreads Android Malware, Steals Banking Credentials appeared first on TechRepublic.

A viral AI caricature trend may be exposing sensitive enterprise data, fueling shadow AI risks, social engineering attacks, and LLM account compromise.

The post Viral AI Caricatures Highlight Shadow AI Dangers appeared first on TechRepublic.

Ransomware attacks surged 52% in 2025, with supply chain breaches nearly doubling as groups like Qilin drive record monthly incidents worldwide.

The post Ransomware Groups Claimed 2,000 Attacks in Just Three Months appeared first on TechRepublic.

Apple urges users to update after patching CVE-2026-20700, a zero-day flaw exploited in sophisticated targeted attacks across multiple devices.

The post Critical Apple Flaw Exploited in ‘Sophisticated’ Attacks, Company Urges Rapid Patching appeared first on TechRepublic.

Microsoft patches 58 vulnerabilities, including six actively exploited zero-days across Windows, Office, and RDP, as CISA sets a March 3 deadline.

The post Microsoft’s February Patch Tuesday Fixes 6 Zero-Days Under Attack appeared first on TechRepublic.

Microsoft patches CVE-2026-21525, an actively exploited RasMan flaw that can crash Windows VPN services and disrupt remote access.

The post Microsoft Patches Windows Flaw Causing VPN Disruptions appeared first on TechRepublic.

The Conduent ransomware attack has grown to impact 25 million Americans, exposing Social Security numbers and medical data in one of 2025’s largest breaches.

The post From 10M to 25M: Conduent Breach Balloons Into One of 2025’s Largest appeared first on TechRepublic.

Google expands its “Results about you” tool to remove sensitive IDs and explicit images from Search, strengthening privacy protections amid rising identity theft.

The post Google Expands ‘Results About You’ to Shield IDs, Fight Deepfake Abuse appeared first on TechRepublic.

Hawaii plans to use "first responder" drones in Waikiki to reach crime scenes and emergencies faster, and privacy advocates are sounding the alarm.

The post Waikiki Drone Plan Sparks Privacy Pushback appeared first on TechRepublic.

A Spanish court has granted precautionary measures against NordVPN and ProtonVPN, ordering the two popular VPN providers to block 16 websites that facilitate piracy of football matches. [...]

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely. [...]

A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks that started in mid-2024. [...]

Notepad++ has adopted a "double-lock" design for its update mechanism to address recently exploited security gaps that resulted in a supply-chain compromise. [...]

​Microsoft is working to resolve an ongoing outage affecting Microsoft Teams users, causing delays and preventing some from accessing the service. [...]

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 million applications specifically looking for secrets hidden in JavaScript bundles. Here's what we learned. [...]

A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device brands, enabling it to compromise all installed applications and gain unrestricted control over infected devices. [...]

Polish police have detained a 47-year-old man suspected of ties to the Phobos ransomware group and seized computers and mobile phones containing stolen credentials, credit card numbers, and server access data. [...]

Ireland's Data Protection Commission (DPC), the country's data protection authority, has opened a formal investigation into X over the use of the platform's Grok artificial intelligence tool to generate non-consensual sexual images of real people, including children. [...]

The Washington Hotel brand in Japan has announced that that its servers were compromised in a ransomware attack, exposing various business data. [...]

An attacker’s initial access, whether through phishing, unmanaged devices, exploited vulnerabilities, or a compromised supply chain, marks the beginning of a dangerous chain of events.

The post Master XDR Investigations: A Deep Dive into the GravityZone XDR Demo Incident appeared first on Security Boulevard.

California regulators have issued their largest penalty yet under the California Consumer Privacy Act, announcing a $2.75 million settlement with The Walt Disney Company after investigators found that consumer opt-out requests were not consistently honored across devices and streaming platforms. The case centers on a straightforward expectation that is becoming harder for companies to meet: [...]

The post California Fines Disney $2.75 Million in Record CCPA Case appeared first on Centraleyes.

The post California Fines Disney $2.75 Million in Record CCPA Case appeared first on Security Boulevard.

Learn how to protect your AI infrastructure from quantum-enabled side-channel attacks using post-quantum cryptography and ai-driven threat detection for MCP.

The post AI-Driven Threat Detection for Quantum-Enabled Side-Channel Attacks appeared first on Security Boulevard.

What Are Non-Human Identities in Cybersecurity? Have you ever wondered what really goes on behind the scenes when machines communicate securely with one another? The answer resides in a concept known as Non-Human Identities (NHIs), which are critical for modern cybersecurity. These machine identities are not unlike human passports, paired with encrypted credentials or “secrets” [...]

The post Are the investments in Agentic AI security systems justified? appeared first on Entro.

The post Are the investments in Agentic AI security systems justified? appeared first on Security Boulevard.

What Are Non-Human Identities, and Why Are They Critical for Secure Cloud Environments? Ensuring the security of non-human identities (NHIs) is paramount for organizations operating in cloud environments. NHIs often refer to machine identities crucial for protecting sensitive data and maintaining the integrity of IT systems. With an increasing reliance on cloud computing, managing these [...]

The post How secure are Agentic AI-driven compliance audits? appeared first on Entro.

The post How secure are Agentic AI-driven compliance audits? appeared first on Security Boulevard.

How Can Automated Secrets Rotation Empower DevOps Teams? What happens when the seamless flow of DevOps is disrupted by security incidents? With DevOps teams continue to embrace the rapid deployment of applications and services across the cloud, the need for comprehensive secrets management becomes crucial. One modern solution is automated secrets rotation, a powerful tool [...]

The post How are DevOps teams empowered by automated secrets rotation? appeared first on Entro.

The post How are DevOps teams empowered by automated secrets rotation? appeared first on Security Boulevard.

How Do Non-Human Identities Impact Security in a Cloud Environment? Have you ever pondered how non-human identities (NHIs) play a role? Where organizations migrate to cloud-based systems, security is dramatically shifting. NHIs, essentially machine identities, are rapidly becoming crucial to maintaining robust security protocols. Understanding the Role of Non-Human Identities At the heart of this [...]

The post Can Agentic AI operate independently of continuous human oversight? appeared first on Entro.

The post Can Agentic AI operate independently of continuous human oversight? appeared first on Security Boulevard.

Explore User Managed Access (UMA) 2.0. Learn how this protocol enables granular sharing, party-to-party delegation, and secure AI agent authorization.

The post Understanding User Managed Access appeared first on Security Boulevard.

Announcing the launch of AI Agent Configuration Scanning.

The post Securing the New Control Plane: Introducing Static Scanning for AI Agent Configurations appeared first on Security Boulevard.

Session 12D: ML Backdoors

Authors, Creators & Presenters: Dazhuang Liu (Delft University of Technology), Yanqi Qiao (Delft University of Technology), Rui Wang (Delft University of Technology), Kaitai Liang (Delft University of Technology), Georgios Smaragdakis (Delft University of Technology)

PAPER
LADDER: Multi-Objective Backdoor Attack via Evolutionary Algorithm
Current black-box backdoor attacks in convolutional neural networks formulate attack objective(s) as single-objective optimization problems in single domain. Designing triggers in single domain harms semantics and trigger robustness as well as introduces visual and spectral anomaly. This work proposes a multi-objective black-box backdoor attack in dual domains via evolutionary algorithm (LADDER), the first instance of achieving multiple attack objectives simultaneously by optimizing triggers without requiring prior knowledge about victim model. In particular, we formulate LADDER as a multi-objective optimization problem (MOP) and solve it via multi-objective evolutionary algorithm (MOEA). MOEA maintains a population of triggers with trade-offs among attack objectives and uses non-dominated sort to drive triggers toward optimal solutions. We further apply preference-based selection to MOEA to exclude impractical triggers. LADDER investigates a new dual-domain perspective for trigger stealthiness by minimizing the anomaly between clean and poisoned samples in the spectral domain. Lastly, the robustness against preprocessing operations is achieved by pushing triggers to low-frequency regions. Extensive experiments comprehensively showcase that LADDER achieves attack effectiveness of at least 99%, attack robustness with 90.23% (50.09% higher than state-of-the-art attacks on average), superior natural stealthiness (1.12 times to 196.74 times improvement) and excellent spectral stealthiness (8.45 times enhancement) as compared to current stealthy attacks by the average l_2 - norm across 5 public datasets.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

---

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – LADDER: Multi-Objective Backdoor Attack Via Evolutionary Algorithm appeared first on Security Boulevard.

Topic: WordPress Plugin Ajax Upload for Gravity Forms - Arbitrary File Upload Risk: Low Text: ## # Exploit Title: WordPress Plugin Ajax Upload for Gravity Forms - Arbitrary File Upload (ZIP) # ...

Topic: Roundcube Webmail DOM-based XSS Exploit via SVG href Attribute Risk: Low Text:#!/usr/bin/env python3 # Exploit Title: Roundcube Webmail DOM-based XSS Exploit via SVG href Attribute # Author: Mohammed Idr...

Topic: WordPress Commentator Plugin - Arbitrary File Upload Risk: Medium Text: ## # Exploit Title: WordPress Commentator Plugin - Arbitrary File Upload # Date: 2026-02-05 # Exp...

Topic: motionEye 0.43.1b4 RCE Risk: High Text:# Exploit Title: motionEye 0.43.1b4 - RCE # Exploit PoC: motionEye RCE via client-side validation bypass (safe PoC) # Filena...

Topic: Siklu EtherHaul Series EH-8010 Remote Command Execution Risk: High Text:# Exploit Title:Siklu EtherHaul Series EH-8010 - Remote Command Execution # Shodan Dork: "EH-8010" or "EH-1200" # Date: 2025-...

Topic: ClipBucket 5.5.0 Arbitrary File Upload Risk: High Text:# Exploit Title: ClipBucket 5.5.0 - Arbitrary File Upload # Google Dork: N/A # Date: 2025-09-11 # Exploit Author: Muku...

Topic: Windows 11 25H2 Hyper-V CVE-2026-21248 Heap Overflow + Ghost Patch Exploit Framework Risk: High Text:Title: Windows 11 25H2 Hyper-V CVE-2026-21248 Heap Overflow + Ghost Patch Exploit Framework Author: nu11secur1ty Date: 2026-0...

Topic: ProgressBar 2 4.5.0 - Unbounded Resource Consumption DoS Risk: Medium Text:#!/usr/bin/env python3 """ Exploit Title: ProgressBar 2 4.5.0 - Unbounded Resource Consumption Denial of Service (DoS) The...

Topic: BoidCMS v1.0.1-authenticated-file-upload-RCE Risk: High Text:# Title: BoidCMS v1.0.1-authenticated-file-upload-RCE # Author: nu11secur1ty # Date: 02/05/2026 # Vendor: BoidCMS # Softwar...

Topic: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE Risk: High Text:# Exploit Title: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE # Date: 2025-10-07 # Exploit Author: Beat...

For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet's control servers.

Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild.

A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators... Read More »

The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that.

A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf's ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.

Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of the bugs fixed today.

Our first story of 2026 revealed how a destructive new botnet called Kimwolf rapidly grew to infect more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we'll dig through digital clues left behind by the hackers, network operators, and cybercrime services that appear to have benefitted from Kimwolf's spread.

The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it's time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal network behind your Internet router probably is now dangerously out of date.

KrebsOnSecurity.com celebrates its 16th anniversary today! A huge "thank you" to all of our readers -- newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a primary focus on entities that enabled complex and globally-dispersed cybercrime services.

The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president’s efforts to restrict free speech and freedom of the press, have come at such a rapid clip that many readers probably aren’t even aware of them all.

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

Well, the ESP32 Bluetooth bridge experiment was a complete failure. Not the radios themselves, they're actually pretty cool, but there's just no way I could get the Yale locks to be reliably operated by them. At a guess, BLE is a bit too passive to detect

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

A big "thank you" to everyone who helped me troubleshoot the problem with my "Print Screen" button on the new PC. Try as we all might, none of us could figure out why it refused to bind to SnagIt and instead insisted on dumping the entire

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

This week I'm in Hong Kong, and the day after recording, I gave the talk shown in the image above at INTERPOL's Cybercrime Expert Group. I posted a little about this on Facebook and LinkedIn, but thought I'd expand on what really stuck with

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

It's the discussion about the reaction of some people in the UK regarding their impending social media ban for under 16s that bugged me most. Most noteably was the hand-waving around "the gov is just trying to siphon up all our IDs" and "this means

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

I thought Scott would cop it first when he posted about what his solar system really cost him last year. "You're so gonna get that stupid AI-slop response from some people", I joked. But no, he got other stupid responses instead! And I got the AI-slop

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

I’m in Oslo! Flighty is telling me I’ve flown in or out of here 43 times since a visit in 2014 set me on a new path professionally and, many years later, personally. It’s special here, like a second home that just feels…

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

Remember the Ashley Madison data breach? That was now more than a decade ago, yet it arguably remains the single most noteworthy data breach of all time. There are many reasons for this accolade, but chief among them is that by virtue of the site being expressly designed to facilitate

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

15 mins and 40 seconds. That's how long it took to troubleshoot the first tech problem of 2026, and that's how far you'll need to skip through this video to hear the audio at normal volume. The problem Scott and I had is analogous

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

I think the start of this week's video really nailed it for the techies amongst us: shit doesn't work, you change something random and now shit works and yu have no idea why 🤷‍♂️ Such was my audio this week and apoligise to

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

Building out an IoT environment is a little like the old Maslow's Hierarchy of Needs. All the stuff on the top is only any good if all the stuff on the bottom is good, starting with power. This week, I couldn't even get that right, but

Here are three papers describing different side-channel attacks against LLMs.

“Remote Timing Attacks on Efficient Language Model Inference“:

Abstract: Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive body of work (e.g., speculative sampling or parallel decoding) that improves the (average case) efficiency of language model generation. But these techniques introduce data-dependent timing characteristics. We show it is possible to exploit these timing differences to mount a timing attack. By monitoring the (encrypted) network traffic between a victim user and a remote language model, we can learn information about the content of messages by noting when responses are faster or slower. With complete black-box access, on open source systems we show how it is possible to learn the topic of a user’s conversation (e.g., medical advice vs. coding assistance) with 90%+ precision, and on production systems like OpenAI’s ChatGPT and Anthropic’s Claude we can distinguish between specific messages or infer the user’s language. We further show that an active adversary can leverage a boosting attack to recover PII placed in messages (e.g., phone numbers or credit card numbers) for open source systems. We conclude with potential defenses and directions for future work...

Attacks against modern generative artificial intelligence (AI) large language models (LLMs) pose a real threat. Yet discussions around these attacks and their potential defenses are dangerously myopic. The dominant narrative focuses on “prompt injection,” a set of techniques to embed instructions into inputs to LLM intended to perform malicious activity. This term suggests a simple, singular vulnerability. This framing obscures a more complex and dangerous reality. Attacks on LLM-based systems have evolved into a distinct class of malware execution mechanisms, which we term “promptware.” In a ...

This is a current list of where and when I am scheduled to speak:

• I’m speaking at Ontario Tech University in Oshawa, Ontario, Canada, at 2 PM ET on Thursday, February 26, 2026.
• I’m speaking at the Personal AI Summit in Los Angeles, California, USA, on Thursday, March 5, 2026.
• I’m speaking at Tech Live: Cybersecurity in New York City, USA, on Wednesday, March 11, 2026.
• I’m giving the Ross Anderson Lecture at the University of Cambridge’s Churchill College at 5:30 PM GMT on Thursday, March 19, 2026.
• I’m speaking at RSAC 2026 in San Francisco, California, USA, on Wednesday, March 25, 2026...

An exploration of the interesting question.

New York is contemplating a bill that adds surveillance to 3D printers:

New York’s 2026­2027 executive budget bill (S.9005 / A.10005) includes language that should alarm every maker, educator, and small manufacturer in the state. Buried in Part C is a provision requiring all 3D printers sold or delivered in New York to include “blocking technology.” This is defined as software or firmware that scans every print file through a “firearms blueprint detection algorithm” and refuses to print anything it flags as a potential firearm or firearm component...

I just noticed that the ebook version of Rewiring Democracy is on sale for $5 on Amazon, Apple Books, Barnes & Noble, Books A Million, Google Play, Kobo, and presumably everywhere else in the US. I have no idea how long this will last.

Also, Amazon has a coupon that brings the hardcover price down to $20. You’ll see the discount at checkout.

Interesting research: “CHAI: Command Hijacking Against Embodied AI.”

Abstract: Embodied Artificial Intelligence (AI) promises to handle edge cases in robotic vehicle systems where data is scarce by using common-sense reasoning grounded in perception and action to generalize beyond training distributions and adapt to novel real-world situations. These capabilities, however, also create new security risks. In this paper, we introduce CHAI (Command Hijacking against embodied AI), a new class of prompt-based attacks that exploit the multimodal language interpretation abilities of Large Visual-Language Models (LVLMs). CHAI embeds deceptive natural language instructions, such as misleading signs, in visual input, systematically searches the token space, builds a dictionary of prompts, and guides an attacker model to generate Visual Attack Prompts. We evaluate CHAI on four LVLM agents; drone emergency landing, autonomous driving, and aerial object tracking, and on a real robotic vehicle. Our experiments show that CHAI consistently outperforms state-of-the-art attacks. By exploiting the semantic and multimodal reasoning strengths of next-generation embodied AI systems, CHAI underscores the urgent need for defenses that extend beyond traditional adversarial robustness...

In 2023, the science fiction literary magazine Clarkesworld stopped accepting new submissions because so many were generated by artificial intelligence. Near as the editors could tell, many submitters pasted the magazine’s detailed story guidelines into an AI and sent in the results. And they weren’t alone. Other fiction magazines have also reported a high number of AI-generated submissions.

This is only one example of a ubiquitous trend. A legacy system relied on the difficulty of writing and cognition to limit volume. Generative AI overwhelms the system because the humans on the receiving end can’t keep up...

This is amazing:

Opus 4.6 is notably better at finding high-severity vulnerabilities than previous models and a sign of how quickly things are moving. Security teams have been automating vulnerability discovery for years, investing heavily in fuzzing infrastructure and custom harnesses to find bugs at scale. But what stood out in early testing is how quickly Opus 4.6 found vulnerabilities out of the box without task-specific tooling, custom scaffolding, or specialized prompting. Even more interesting is how it found them. Fuzzers work by throwing massive amounts of random inputs at code to see what breaks. Opus 4.6 reads and reasons about code the way a human researcher would­—looking at past fixes to find similar bugs that weren’t addressed, spotting patterns that tend to cause problems, or understanding a piece of logic well enough to know exactly what input would break it. When we pointed Opus 4.6 at some of the most well-tested codebases (projects that have had fuzzers running against them for years, ...

This is a video of advice for squid fishing in Puget Sound.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

Hackers used a fake Oura MCP server to trick users into downloading malware that installs the StealC info-stealer. Straiker’s AI Research (STAR) Labs team uncovered a SmartLoader campaign in which attackers cloned a legitimate MCP server linked to Oura Health to spread the StealC information stealer. The fake project appeared credible, complete with bogus forks […]

Officers from Poland’s Central Bureau of Cybercrime Control (CBZC) police arrested a 47-year-old man linked to the Phobos ransomware operation. Polish authorities arrested a 47-year-old man suspected of involvement in cybercrime and linked him to the Phobos ransomware operation. Police said they discovered evidence of illegal activities on his seized devices. “Officers from the Central […]

Attackers used a fake PDF incident report hosted on AWS to scare victims into enabling 2FA, though a poorly crafted phishing campaign. Freelance security consultant Xavier Mertens reported a phishing campaign using a fake PDF security incident report hosted on AWS to scare victims into enabling 2FA. The researchers pointed out that the campaign appears poorly […]

South Korea fined Dior, Louis Vuitton, and Tiffany $25M after hackers breached their Salesforce systems, exposing customer data. South Korea’s Personal Information Protection Commission fined luxury brands including Dior, Louis Vuitton, and Tiffany & Co. a total of 36 billion Korean won ($25 million) after hackers compromised their Salesforce systems. The attack, linked to Scattered […]

Apple is testing end-to-end encrypted Rich Communications Services (RCS) messaging in the iOS 26.4 developer beta. Apple has added end-to-end encrypted RCS messaging to the iOS and iPadOS 26.4 developer beta. The feature, still in testing, will roll out in a future update across iOS, iPadOS, macOS, and watchOS. Apple notes that E2EE is not […]

Researchers found an infostealer stole a victim’s OpenClaw configuration, marking a shift toward targeting personal AI agents. Cybersecurity researchers have uncovered a new information stealer that exfiltrated a victim’s OpenClaw configuration environment, previously known as Clawdbot and Moltbot. According to cybersecurity firm Hudson Rock, the case highlights a new shift in infostealer activity, moving beyond […]

Eurail B.V. revealed that traveler data were stolen in a recent security breach, and are now being sold on the dark web. Eurail B.V. confirmed that the traveler data stolen in a breach earlier this year is now being offered for sale on the dark web. The company disclosed the development as part of its […]

A security flaw at DavaIndia Pharmacy exposed customer data and gave outsiders full admin control of its systems. DavaIndia is a large Indian pharmacy retail chain focused on selling affordable generic medicines. Operated by Zota Health Care Ltd., the brand promotes low-cost alternatives to branded drugs to make healthcare more accessible across India. DavaIndia runs […]

ShinyHunters leaked 600,000+ Canada Goose customer records, though the company insists its systems were not breached. Data extortion group ShinyHunters has published over 600,000 Canada Goose customer records on its data leak site. Canada Goose is a Canadian luxury outerwear company best known for high‐end, cold‐weather jackets and parkas. Founded in 1957 and headquartered in […]

Microsoft warns of a new ClickFix variant that tricks users into running DNS commands to fetch malware via nslookup. Microsoft has revealed a new ClickFix variant that deceives users into running a malicious nslookup command through the Windows Run dialog to retrieve a second-stage payload via DNS. ClickFix typically uses fake CAPTCHA or error messages […]