Russian GRU hackers used outdated routers to redirect DNS and steal Microsoft Office OAuth tokens from 200+ organizations and 5,000 devices without malware.
Microsoft fixed 167 bugs including SharePoint zero-day, Windows Defender BlueHammer, Adobe Reader flaw, and Chrome zero-day. Second-largest Patch Tuesday ever.
Tyler 'Tylerb' Buchanan, senior Scattered Spider member, pleads guilty to wire fraud and identity theft for 2022 SMS phishing attacks on Twilio, LastPass, etc., stealing $8M in crypto. Faces 20+ years.
A DDoS protection firm, Huge Networks, was found to have enabled massive attacks on Brazilian ISPs due to a breach, exposing misconfigured routers and DNS vulnerabilities.
A step-by-step guide for cybersecurity professionals to adapt to AI-discovered vulnerabilities, covering risk assessment, prioritization, automation, and defense strategies based on Anthropic's Mythos announcement.
Learn from Firefox's success using AI to find 271 zero-days. Step-by-step guide to deploy frontier models for vulnerability discovery.
LeafKVM is an open source KVM switch built on Rust and Buildroot. It offers remote control via web or touchscreen, with HDMI capture up to 4K, low latency, and PoE support. Priced at $119 on Crowd Supply.
Developer creates ThreatLens CLI for log triage after Event Viewer fails on 400MB EVTX. Tool supports multiple log formats, Sigma rules, and lightweight Elasticsearch output.
Learn from NSA ex-chief Chris Inglis on preventing insider threats via enculturation, monitoring, and media disclosure protocols—with practical code and step-by-step guidance for CISOs.
Python releases security patches for versions 3.9-3.12, fixing vulnerabilities in XML, archive, and HTML parsing modules, plus a setuptools update for 3.11.14.
Python 3.14.2 and 3.13.11 are expedited releases fixing regressions in multiprocessing, dataclasses, insertdict, and re.Scanner, plus security fixes for CVE-2025-12084 and http server/client denial of service.
10 actionable strategies for embedding safety into tech design, from research and archetypes to testing and culture change—turning intention into ethical outcomes.
Learn how to spot insider threats, manage media disclosures, and build a culture of security from NSA's mistakes, distilled into seven actionable steps for CISOs.
Session timeouts disproportionately affect users with disabilities, but inclusive design solutions like extended timeouts and progress saving can mitigate barriers.
GitHub's swift response to a critical RCE vulnerability in the git push pipeline, with details on attack mechanics, fix deployment, and CVE-2026-3854.
Python releases urgent security patches (3.12.12, 3.11.14, 3.10.19, 3.9.24) fixing critical XML, archive, and HTML parser vulnerabilities. Upgrade now to prevent remote code execution.
Python 3.14.2 and 3.13.11 emergency releases fix critical regressions and security flaws including CVE-2025-12084. Upgrade immediately.
Python released security updates for 3.9‑3.12, fixing XML, archive, and HTML parsing vulnerabilities, plus a setuptools patch for 3.11.14.
Python 3.14.2 and 3.13.11 are expedited releases fixing critical regressions in multiprocessing, dataclasses, insertdict, and re.Scanner, plus security patches for CVE-2025-12084 and HTTP DoS vulnerabilities.
CVE-2023-29489 in cPanel allows attackers to bypass 2FA by brute-forcing codes without rate limit; patch immediately.