Real-time cybersecurity news from 130+ sources. Updated every 5 minutes.
Threat actors hijacked the npm account of Axios to distribute RAT malware via malicious package updates. Threat actors compromised the npm account of Axios, a widely used library with over 100M weekly...
Google on Monday said it's officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while "hiding behind anonymity." The de...
No, the sky isn't falling, but Q Day is coming, and it won't be as expensive as thought.
Last month in February 2026, the Wordfence Bug Bounty Program received 1078 vulnerability submissions from our growing community of security researchers working to improve the overall security posture...
Rec Room, the social platform for user-generated games and virtual experiences, will shutter on June 1.
Amazon has the Coway Airmega Mighty marked down to two-thirds its normal price.
Empresas de inteligencia de amenazas advierten que ciberdelincuentes han comenzado a explotar una vulnerabilidad crítica en Fortinet FortiClient EMS. FortiClient EMS, un servidor de administraci...
Elastic Security Labs analyzes a supply chain compromise of the axios npm package delivering a unified cross-platform RAT
All your data remains intact, and you can go back to your original address at any time.
U.S. Attorney Jay Clayton said Spalletta “repeatedly hacked smart contracts to steal millions of dollars’ worth of other people’s money for himself, and destroyed a cryptocurrency exchange in the proc...
Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to...
CVE ID :CVE-2025-62184 Published : March 31, 2026, 5:52 p.m. | 27 minutes ago Description :Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerabi...
You’ve probably had the same Gmail address for years. Now, it’s easy to make a name change without worrying about the transition.
SANS findings highlight the real issue, compromised credentials enable access long before traditional security controls detect a problem. The post 2026 SANS Identity Threats Report: Why Attacks Still ...
CVE ID :CVE-2026-33415 Published : March 31, 2026, 5:42 p.m. | 37 minutes ago Description :Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, ...
CVE ID :CVE-2026-33300 Published : March 31, 2026, 5:42 p.m. | 37 minutes ago Description :Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, ...
CVE ID :CVE-2026-33185 Published : March 31, 2026, 5:41 p.m. | 37 minutes ago Description :Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, ...
You can now order from Uber Eats and Grubhub using Alexa+, an experience Amazon says will be similar to chatting with a waiter at a restaurant or placing an order at a drive-thru.
CVE ID :CVE-2026-33074 Published : March 31, 2026, 5:41 p.m. | 37 minutes ago Description :Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, ...
CVE ID :CVE-2026-32951 Published : March 31, 2026, 5:41 p.m. | 37 minutes ago Description :Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, ...
CVE ID :CVE-2026-32620 Published : March 31, 2026, 5:41 p.m. | 38 minutes ago Description :Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, ...
CVE ID :CVE-2026-32618 Published : March 31, 2026, 5:40 p.m. | 38 minutes ago Description :Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, ...
CVE ID :CVE-2026-32619 Published : March 31, 2026, 5:40 p.m. | 38 minutes ago Description :Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, ...
CVE ID :CVE-2026-32615 Published : March 31, 2026, 5:40 p.m. | 39 minutes ago Description :Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, ...
CVE ID :CVE-2026-32607 Published : March 31, 2026, 5:40 p.m. | 39 minutes ago Description :Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, ...
CVE ID :CVE-2026-32273 Published : March 31, 2026, 5:39 p.m. | 39 minutes ago Description :Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, ...
CVE ID :CVE-2026-32143 Published : March 31, 2026, 5:39 p.m. | 39 minutes ago Description :Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, ...
CVE ID :CVE-2026-32113 Published : March 31, 2026, 5:39 p.m. | 39 minutes ago Description :Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, ...
CVE ID :CVE-2026-33073 Published : March 31, 2026, 5:38 p.m. | 40 minutes ago Description :Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, ...
The GPS Next-Generation Operational Control System was due for completion in 2016. Ten years later, the software for controlling the military’s GPS satellites still doesn’t work.
OkCupid and Match settle with Trump FTC, don't have to pay any financial penalty.
Progressives are dreaming about a new political order that rights the wrongs of the Trump administration and the shortcomings of “Woke 1.” Does it have a shot?
CVE ID :CVE-2026-5206 Published : March 31, 2026, 5:30 p.m. | 49 minutes ago Description :A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This v...
Исследователи Solar 4RAYS (ГК «Солар») заметили, что хакеры скрывают адреса управляющих серверов стилера MaskGram в профилях Spotify и Chess[.]com. Вредонос использует технику Dead Drop Resolver (DDR)...
CVE ID :CVE-2026-2123 Published : March 31, 2026, 5:18 p.m. | 1 hour ago Description :A security audit identified a privilege escalation vulnerability in Operations Agent( Severity: 8.6 | ...
CVE ID :CVE-2026-5205 Published : March 31, 2026, 5:16 p.m. | 1 hour, 2 minutes ago Description :A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is th...
CVE ID :CVE-2026-34361 Published : March 31, 2026, 5:16 p.m. | 1 hour, 2 minutes ago Description :HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperabil...
CVE ID :CVE-2026-24165 Published : March 31, 2026, 5:16 p.m. | 1 hour, 2 minutes ago Description :NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrus...
CVE ID :CVE-2026-34359 Published : March 31, 2026, 5:16 p.m. | 1 hour, 2 minutes ago Description :HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperabil...
CVE ID :CVE-2026-24154 Published : March 31, 2026, 5:16 p.m. | 1 hour, 2 minutes ago Description :NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physica...
The first two launches of Orion felt hollow, but NASA is finally on a better course.
Five facts critical infrastructure (CI) leaders need to act on in 2026, grounded in what Microsoft Threat Intelligence is observing across sectors right now. The post The threat to critical infrastruc...
The electric-car maker says it happens rarely and at speeds below 10 mph. But the disclosure—in response to a US senator's questions—occasioned a call for more transparency.
The fitness tracking startup just closed a $575 million Series G with Cristiano Ronaldo and LeBron James among its investors. The obvious question looming over a round of this size at this valuation: ...
Posted by Dirk Göhmann, Tony Mendez, and the Vulnerability Rewards Program Team2025 marked a special year in the history of vulnerability rewards and bug bounty programs at Google: our 15th anniversar...
Project: To-do list application in Vue.js with source code The to-do list application is developed using Vue.js and bootstrap. Talking […] The post To-Do List Application In Vue.JS With Source C...
Pondurance announced MDR Essentials, MDR Essentials, an MDR service providing an autonomous SOC that reduces the time from threat detection to containment by 90%. Threat actors today use AI to attack ...
Caffeine is the original biohack for energy, focus, and alertness. But are you doing it wrong?
Uber and WeRide have launched robotaxi operations without a human safety operator in Dubai as part of a broader expansion in the Middle East.
Researchers at numerous firms are sounding warnings about the supply-chain attack on an open-source project with 100 million weekly downloads. The post Attack on axios software developer tool threaten...
CVE ID :CVE-2026-5087 Published : March 31, 2026, 4:16 p.m. | 1 hour, 2 minutes ago Description :PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random ...
CVE ID :CVE-2026-5203 Published : March 31, 2026, 4:16 p.m. | 1 hour, 2 minutes ago Description :A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function _copyFil...
CVE ID :CVE-2026-5204 Published : March 31, 2026, 4:16 p.m. | 1 hour, 2 minutes ago Description :A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLib...
CVE ID :CVE-2026-34595 Published : March 31, 2026, 4:16 p.m. | 1 hour, 2 minutes ago Description :Parse Server is an open source backend that can be deployed to any infrastructure that can r...
CVE ID :CVE-2026-4818 Published : March 31, 2026, 4:16 p.m. | 1 hour, 2 minutes ago Description :In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users...
CVE ID :CVE-2026-4819 Published : March 31, 2026, 4:16 p.m. | 1 hour, 2 minutes ago Description :In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user...
CVE ID :CVE-2026-34240 Published : March 31, 2026, 4:16 p.m. | 1 hour, 2 minutes ago Description :JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1,...
CVE ID :CVE-2026-34243 Published : March 31, 2026, 4:16 p.m. | 1 hour, 2 minutes ago Description :wenxian is a tool to generate BIBTEX files from given identifiers (DOI, PMID, arXiv ID, or p...
CVE ID :CVE-2026-34573 Published : March 31, 2026, 4:16 p.m. | 1 hour, 2 minutes ago Description :Parse Server is an open source backend that can be deployed to any infrastructure that can r...
CVE ID :CVE-2026-34221 Published : March 31, 2026, 4:16 p.m. | 1 hour, 2 minutes ago Description :MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map...
CVE ID :CVE-2026-34227 Published : March 31, 2026, 4:16 p.m. | 1 hour, 2 minutes ago Description :Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to ve...
CVE ID :CVE-2026-34231 Published : March 31, 2026, 4:16 p.m. | 1 hour, 2 minutes ago Description :Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Script...
CVE ID :CVE-2026-34235 Published : March 31, 2026, 4:16 p.m. | 1 hour, 2 minutes ago Description :PJSIP is a free and open source multimedia communication library written in C. Prior to vers...
CVE ID :CVE-2026-34220 Published : March 31, 2026, 4:16 p.m. | 1 hour, 2 minutes ago Description :MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map...
CVE ID :CVE-2026-34237 Published : March 31, 2026, 4:16 p.m. | 1 hour, 2 minutes ago Description :MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior ...
CVE ID :CVE-2026-34218 Published : March 31, 2026, 4:16 p.m. | 34 minutes ago Description :ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies...
CVE ID :CVE-2026-34219 Published : March 31, 2026, 4:16 p.m. | 34 minutes ago Description :libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to v...
CVE ID :CVE-2026-30284 Published : March 31, 2026, 4:16 p.m. | 34 minutes ago Description :An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to o...
Companies including Google, Microsoft, and Palantir were listed as targets by Iranian media as the conflict with Israel and the US spills into digital infrastructure.
AWS Security Agent on-demand penetration testing is now generally available, enabling you to run comprehensive security tests across all your applications, not only your most critical ones. This miles...
CMA to assess whether the company's terms unfairly favor Azure over rival platforms The UK's competition watchdog will investigate Microsoft's business software ecosystem over concerns that its licens...
Axios Hijacked: npm Account Takeover Deploys Cross-Platform RAT to Millions The post Axios Hijacked: npm Account Takeover Deploys Cross-Platform RAT to Millions appeared first on Security Boulevard.
Proposed class action accuses Costco of unjust enrichment.
A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubb...
A hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack.
Amazon’s latest AI capabilities bring on-demand penetration testing through the AWS Security Agent, alongside the AWS DevOps Agent. “These agents are changing the way we secure and operate softw...
Fitbit adds cycle, mental wellbeing & nutrition tools in Public Preview. Now available for those without a Premium membership.
Veo 3.1 Lite is now available in paid preview through the Gemini API and for testing in Google AI Studio.
Read actionable advice for CISOs on securing AI, managing risk, and applying core security principles in today’s AI‑powered environment. The post Applying security fundamentals to AI: Practical advice...
The latest funding round brings the total venture capital investment in Censys to $149 million. The post Censys Raises $70 Million for Internet Intelligence Platform appeared first on SecurityWeek.
SecWiki周刊(第630期) by ourrenLeakBase围剿复盘 by ourren更多最新文章,请访问SecWiki
FedEx recently announced a partnership with Berkshire Gray as the company works with external players to develop its automation tech.
Novos Fascículos da Cartilha de Segurança para Internet Fascículo Golpes: Não se Deixe Enganar Golpistas estão sempre criando novos truques para enganar e tirar vantagem, v...
Introduction Xloader is an information stealing malware family that evolved from Formbook and targets web browsers, email clients, and File Transfer Protocol (FTP) applications. Additionally, Xloader ...
Mar 31, 2026 - Jeremy Snyder - If you were at RSA Conference last year, you probably remember the goats. Or the puppies. Or the miniature petting zoos. It was a year of "over-the-top" spectacle. A bit...
Weibo Hot Search · 336K views · new · +100% velocity
Intruder's Chris Wallis argues mid-market teams should prioritize CVE remediation speed over vulnerability counts, while expanding defenses beyond CVEs to include attack surface management.
Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. The post The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust appeared...
Lumina Gray App Using HTML, CSS, and JavaScript with Source Code razormist Tue, 03/31/2026 - 23:31
Разработчики Apple добавили в macOS Tahoe 26.4 защитный механизм, который блокирует вставку и выполнение потенциально опасных команд в терминале. Нововведение направлено против атак типа ClickFix — по...
In a conversation with Dark Reading’s Terry Sweeney, DigiCert CEO Amit Sinha explains how AI-driven identities and quantum threats are reshaping the foundations of digital trust.
Codenotary launched AgentMon, an enterprise-grade monitoring designed specifically for agentic networks, providing organizations with real-time visibility into the security, performance and cost of AI...
Whack a Mole Game Using Tkinter in Python with Source Code razormist Tue, 03/31/2026 - 23:21
Report shows how industrialized credential theft underpins ransomware, SaaS breaches, and geopolitical attacks, shifting security focus from prevention to detecting misuse of legitimate access. The po...
DoControl announced new capabilities that provide visibility, monitoring, and automated control for Google Gemini Gems, a newly introduced feature within Google Gemini that enables teams to create cus...
The key is to evenly distribute elderly passengers, who move more slowly, among the aircraft cabins.
With AI ramping up risk, OWASP stepped up its project to help AppSec teams get up to speed — and take action.
The company turns footage from robots into structured, searchable datasets with a deep learning model.
Author, Creator & Presenter: Chris Beckman - Principal Security Engineer at TaxBit Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 conten...
The 13-year sales vet closed two deals worth $27 million, but ServiceNow has “nullified” his compensation saying he “overachieved” his quota. ServiceNow is refusing to pay a salesman commissions on mo...
Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan
Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan The post Axios supply chain attack chops away at npm trust appeared first on Securi...
Licensed malware with built-in persistence and automation enables attackers to continuously siphon credentials, session data, and cryptocurrency assets. The post Venom Stealer Raises Stakes With Conti...
CareCloud, a major provider of medical records storage, said hackers accessed one of its repositories of patient data earlier in March. It provides technology for more than 45,000 providers covering m...
Security researchers report a notable increase in device code phishing activity aimed at Microsoft 365 users, and have attributed this rise to the availability of EvilTokens, a new, specialized phishi...
CVE ID :CVE-2026-34532 Published : March 31, 2026, 2:42 p.m. | 37 minutes ago Description :Parse Server is an open source backend that can be deployed to any infrastructure that can run Node...
CVE ID :CVE-2026-4799 Published : March 31, 2026, 2:41 p.m. | 38 minutes ago Description :In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirec...
CVE ID :CVE-2026-34373 Published : March 31, 2026, 2:38 p.m. | 40 minutes ago Description :Parse Server is an open source backend that can be deployed to any infrastructure that can run Node...
CVE ID :CVE-2026-34363 Published : March 31, 2026, 2:35 p.m. | 43 minutes ago Description :Parse Server is an open source backend that can be deployed to any infrastructure that can run Node...
DoorDash joins Greenoaks Capital in another $200 million funding round for Also, bringing its total funding to more than $500 million.
The city will allow agencies to return to TikTok, but with strict new device and security rules.
Foxit Software introduced a new capability designed to uncover hidden security risks inside PDFs as part of its latest PDF Editor 2026.1 release for Windows and macOS. The update is led by PDF Action ...
"Things are certainly starting to feel real here at the Cape."
CVE ID :CVE-2026-0596 Published : March 31, 2026, 2:25 p.m. | 53 minutes ago Description :A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver...
CVE ID :CVE-2026-34224 Published : March 31, 2026, 2:25 p.m. | 53 minutes ago Description :Parse Server is an open source backend that can be deployed to any infrastructure that can run Node...
A site called Leak Bazaar pitches itself as something closer to a data-processing business than a typical hacking or ransomware-as-a-service operation.
The post <b>Synthetic Data and GDPR Compliance</b> appeared first on Sovy. The post Synthetic Data and GDPR Compliance appeared first on Security Boulevard.
With this new app, Roku says subscribers can access Howdy's library of content on the go.
CVE ID :CVE-2026-34156 Published : March 31, 2026, 2:16 p.m. | 1 hour, 2 minutes ago Description :NocoBase is an AI-powered no-code/low-code platform for building business applications and e...
CVE ID :CVE-2026-3308 Published : March 31, 2026, 2:16 p.m. | 1 hour, 2 minutes ago Description :An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows a...
CVE ID :CVE-2026-34155 Published : March 31, 2026, 2:16 p.m. | 1 hour, 2 minutes ago Description :RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bu...
Meta says these glasses are the most comfortable ones it has ever designed, as they're made for all-day comfort.
CVE ID :CVE-2026-34214 Published : March 31, 2026, 2:14 p.m. | 1 hour, 4 minutes ago Description :Trino is a distributed SQL query engine for big data analytics. From version 439 to before v...
ShinyHunters leaked 5.1M Panera accounts after extortion failed. Contact data can't be changed like passwords—it's permanent exposure fueling years of scams. The post Panera’s 5.1 Million User B...
DataDome stopped a 13-day, 80M-request scraping attack targeting a leading review platform. See how we blocked this attack with no friction for real users. The post How DataDome Blocked an 80M-Request...
Building the big electric SUV at two sites doesn't make sense anymore.
CVE ID :CVE-2026-34209 Published : March 31, 2026, 2:10 p.m. | 1 hour, 8 minutes ago Description :mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the t...
CVE ID :CVE-2026-34504 Published : March 31, 2026, 2:10 p.m. | 1 hour, 8 minutes ago Description :OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal pr...
CVE ID :CVE-2026-34503 Published : March 31, 2026, 2:10 p.m. | 1 hour, 8 minutes ago Description :OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are rem...
CVE ID :CVE-2026-33580 Published : March 31, 2026, 2:10 p.m. | 1 hour, 8 minutes ago Description :OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Ta...
CVE ID :CVE-2026-33581 Published : March 31, 2026, 2:10 p.m. | 1 hour, 8 minutes ago Description :OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that a...
CVE ID :CVE-2026-33579 Published : March 31, 2026, 2:10 p.m. | 1 hour, 8 minutes ago Description :OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve...
CVE ID :CVE-2026-33578 Published : March 31, 2026, 2:10 p.m. | 1 hour, 8 minutes ago Description :OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat a...
CVE ID :CVE-2026-33576 Published : March 31, 2026, 2:10 p.m. | 1 hour, 8 minutes ago Description :OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before valid...
CVE ID :CVE-2026-34210 Published : March 31, 2026, 2:10 p.m. | 1 hour, 9 minutes ago Description :mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the s...
CVE ID :CVE-2026-34377 Published : March 31, 2026, 2:05 p.m. | 1 hour, 13 minutes ago Description :ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-con...
La proliferación de secretos no se detiene: en 2025, se aceleró más de lo que la mayoría de los equipos de seguridad anticipaban. El informe "State of Secrets Sprawl 2026" de GitGuardian analizó...
CVE ID :CVE-2026-34202 Published : March 31, 2026, 2:02 p.m. | 1 hour, 16 minutes ago Description :ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-cha...
2023 study made a lot of assumptions about future "anticipated LLM-powered software."
AI was everywhere at RSAC 2026, but the real focus was operational security: managing agents, protecting secrets, and controlling trusted integrations at scale. The post Between AI Urgency and AI Fati...
AI agent risk isn't equal, it scales with access to systems and level of autonomy. Token Security explains how CISOs should categorize agents and prioritize what to secure first. [...]
Runway is launching a $10 million fund and startup program to back companies building with its AI video models, as it pushes toward interactive, real-time “video intelligence” applications.
A robot could apparently drive this million-dollar supercar faster than a fleshy human, but the unbelievable experience would be entirely lost on it.
The merger is a sign that the fitness industry is continuing to move toward consolidation to compete at a larger scale. Recent moves include MyFitnessPal acquiring Cal AI, an AI calorie counting app, ...
Lloyds Banking Group data incident exposed transactions of ~450,000 mobile banking users due to a faulty update. A faulty software update at Lloyds Banking Group exposed transaction details of nearly ...
Lloyds Banking Group data incident exposed transactions of ~450,000 mobile banking users due to a faulty update. A faulty software update at Lloyds Banking Group exposed transaction details of nearly ...
US prosecutors have charged a Maryland man in connection with two hacks of the Uranium Finance cryptocurrency exchange that led to losses exceeding $50 million. Jonathan Spalletta, also known as “Cthu...
CVE ID :CVE-2026-34200 Published : March 31, 2026, 1:57 p.m. | 1 hour, 21 minutes ago Description :Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nho...
After validating stolen credentials using TruffleHog, the hacking group started AWS services enumeration and lateral movement activities. The post TeamPCP Moves From OSS to AWS Environments appeared f...
Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. [...]
CVE ID :CVE-2026-20915 Published : March 31, 2026, 1:51 p.m. | 1 hour, 28 minutes ago Description :Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2 allows aut...
Axios npm Package compromised in a supply chain attack, exposing developers to malware, data theft, and full system takeover risks worldwide.
A severe and sophisticated supply chain attack has struck the widely used Axios HTTP client on the npm registry, exposing millions of developers worldwide to a cross-platform remote access trojan (RAT...
Chip shipments overtake boards and modules as industrial demand grows, raising questions about hobbyist roots Raspberry Pi has reported impressive revenue and profit growth, but its hobbyist origins r...
A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack leverages renamed Windows tools and cloud-hosted payloads to install MSI backdo...
Vessels are increasingly being abandoned during the war on Iran, revealing a hidden failure in the global systems that keep goods—and people—moving.
Tehran hopes to stoke fear and extract intel in a series of cyber attacks.
Attackers can exploit the bugs through prompt injection, chaining them together to escape the sandbox and execute arbitrary code. The post CrewAI Vulnerabilities Expose Devices to Hacking appeared fir...
Iranian APTs are blurring the lines between state-sponsored and cybercriminal activities to target high-impact US organizations.
Всем привет! Меня зовут Александр Барыков, я руковожу платформенной командой DevOps и являюсь лидером DevOps-комьюнити в нашей компании.Сегодня хочу поделиться опытом, который мы накопили за последние...
Bitdefender has announced the Bitdefender Internal Attack Surface Assessment, a complimentary evaluation that helps organizations identify and reduce hidden internal cyber risks caused by unnecessary ...
В этом месяце: исследователи изучили сторонние клиенты Telegram; группировка TeamPCP скомпрометировала сканер Trivy, ИБ‑компанию Checkmarx и библиотеку LiteLLM; в Android ограничат доступ к Accessibil...
Security researchers have disclosed two high-severity vulnerabilities in libpng, the widely deployed reference library used for processing Portable Network Graphics (PNG) image files. These critical f...
It's the fourth major airport Waymo is serving, adding to Phoenix Sky Harbor, San Francisco, and San Jose international airports.
StepSecurity informerar om ett skadligt Axios JavaScript-bibliotek som funnits tillgängligt för nedladdning via NPM. [1] Enligt Socradar rör det sig om uppskattningsvis knappt tre timmar innan det tog...
Key Points Introduction At the beginning of 2026, Check Point Research observed a series of targeted attacks against government entities in Southeast Asia carried out via a legitimate TrueConf softwar...
Пытаемся найти логику в очередном наезде Трампа и Карра на иностранные гаджеты.Вы наверняка слышали: правительство США запретило потребительские Wi-Fi роутеры иностранного производства из-за «угроз на...
Speechify just launched a native Windows app that employs locally stored models to enable dictation and transcription across apps.
Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unaut...
The bug enables threat actors to send requests that disclose sensitive information and carries a severity score of 9.3 out of 10, indicating a critical risk.
OpenAI has patched vulnerability, which Check Point said was because of a DNS loophole
New research from the 2026 SANS Identity Threats & Defenses Survey shows that 55% of organizations experienced an identity-related compromise last year, while 26% reported MFA fatigue as a factor...
Cores it's got what agents crave Interview In recent weeks, the likes of Nvidia and Arm have revealed CPUs designed expressly to run AI agents like OpenClaw.…
Most software teams don't start out planning to adopt an enterprise artifact repository. The post Is Your Repository Ready for What’s Next? appeared first on Security Boulevard.
Initial Access Brokers (IABs) are a key component of the cybercrime ecosystem, offering hassle-free building blocks for ransomware, data theft, and extortion. Rapid7’s analysis of H2 2025 activity acr...
Magic Transit customers can now program their own DDoS mitigation logic and deploy it across Cloudflare’s global network. This enables precise, stateful mitigation for custom and proprietary UDP proto...
Initial Access Brokers (IABs) are a key component of the cybercrime ecosystem, offering hassle-free building blocks for ransomware, data theft, and extortion. Rapid7’s analysis of H2 2025 activity acr...
Weather forecasting has gotten a big boost from machine learning. How that translates into what users see can vary.
Stop the noise and scale your cloud security. Our latest updates introduce custom policy automation via Explorer, AWS ABAC support for true least privilege, and research-backed protection against crit...
Ring's app store will allow the company to target broader use cases beyond security, like elder care or business needs.
Hackers are increasingly turning legitimate Windows administration tools into stealthy weapons to disable antivirus and EDR before launching ransomware, making attacks faster, quieter, and harder to s...
Microsoft released Windows 11 Insider Preview Build 29558.1000 to the Canary Channel, part of the optional 29500 build series. The build carries a set of changes focused on the Windows Console, a hand...
Apple has added a new security feature in macOS Tahoe 26.4 that warns users before they enter commands in Terminal that could cause harm. The goal is to stop ClickFix attacks, a social engineering tri...
A severe supply chain attack has compromised the widely used Axios HTTP client on the npm registry. Attackers injected a malicious dependency into specific Axios releases, exposing millions of develop...
Users will be able to change their username only once every 12 months. Plus, they won't be able to delete their new email address for that period of time.
Европейская комиссия сообщила об утечке данных после взлома облачной инфраструктуры, на которой размещены сайты платформы Europa[.]eu. Инцидент обнаружили еще 24 марта, и атака затронула как минимум о...
Factory Zero went idle on March 16, workers expected to return April 13.
Классическая архитектура сетевой безопасности строилась вокруг одной предпосылки: существует чёткая граница между «внутри» и «снаружи». Межсетевой экран нового поколения (NGFW) стоит на этой границе и...
CVE ID :CVE-2026-3139 Published : March 31, 2026, 12:16 p.m. | 1 hour, 28 minutes ago Description :The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Edi...
CVE ID :CVE-2026-3191 Published : March 31, 2026, 12:16 p.m. | 1 hour, 28 minutes ago Description :The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ver...
CVE ID :CVE-2026-4267 Published : March 31, 2026, 12:16 p.m. | 1 hour, 28 minutes ago Description :The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnera...
CVE ID :CVE-2026-5198 Published : March 31, 2026, 12:16 p.m. | 1 hour, 28 minutes ago Description :A vulnerability was determined in code-projects Student Membership System 1.0. The impacted...
CVE ID :CVE-2026-32988 Published : March 31, 2026, 12:16 p.m. | 1 hour, 28 minutes ago Description :OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge st...