Latest from todaySecurity lapse lets researchers view React2Shell hackers’ dashboardThe campaign is stealing credentials from unpatched servers at scale, due to “neglect and efficiency,” says analyst, and the damage 'could be absolute.'By Howard SolomonApr 3, 20265 minsCybercrimeMalwareSecurity A core infrastructure engineer pleads guilty to federal charges in insider attackBy Evan SchumanApr 3, 20263 minsCyberattacksCybercrimeLegal Google patches fourth Chrome zero-day so far this yearBy Maxwell CooterApr 3, 20262 minsBrowser SecurityEndpoint ProtectionVulnerabilitiesInternet Bug Bounty program hits pause on payoutsBy Maxwell Cooter Apr 3, 20262 minsBugsOpen SourceVulnerabilities Claude Code is still vulnerable to an attack Anthropic has already fixedBy Maxwell Cooter Apr 3, 20262 minsCode SecurityDevelopment ToolsVulnerabilities CERT-EU blames Trivy supply chain attack for Europa.eu data breachBy John E. Dunn Apr 3, 20264 minsCloud SecurityCode SecuritySecurity Cloudflare’s new CMS is not a WordPress killer, it’s a WordPress alternativeBy Evan Schuman Apr 2, 20267 minsBusinessEnterpriseInternet Security Cisco fixes critical IMC auth bypass present in many productsBy Lucian Constantin Apr 2, 20264 minsNetwork SecuritySecurityVulnerabilities EvilTokens abuses Microsoft device code flow for account takeoversBy Shweta Sharma Apr 2, 20264 minsPhishingSecuritySocial Engineering Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both A simple prompt sent Claude Code on a mission that uncovered major security vulnerabilities in popular text editors — and then suggested ways to exploit them. By John E. Dunn Apr 1, 2026 4 mins Code Editors Development Tools Vulnerabilities WhatsApp malware campaign uses malicious VBS files to gain persistent access The attack chain relies on delayed execution, trusted Windows utilities, and legitimate hosting services to maintain persistence and evade detection. By Shweta Sharma Apr 1, 2026 3 mins Cybercrime Malware Security Anthropic employee error exposes Claude Code source A version of the AI coding tool in Anthropic's npm registry included a source map file, which leads to the full proprietary source code. By Howard Solomon Mar 31, 2026 5 mins Artificial Intelligence Data Breach Security Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem. By Lucian Constantin Mar 31, 2026 7 mins Cyberattacks DevSecOps Node.js 5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild Reclassified as a remote code execution flaw, the F5 BIG-IP APM vulnerability has been upgraded to CVSS 9.8, requiring immediate patching and compromise assessment. By Lucian Constantin Mar 31, 2026 4 mins Security Vulnerabilities OpenAI patches twin leaks as Codex slips and ChatGPT spills Command injection in Codex and a hidden outbound channel in ChatGPT exposed risks of credential theft and covert data exfiltration. By Shweta Sharma Mar 31, 2026 4 mins Artificial Intelligence Security Vulnerabilities Fortinet hit by another exploited cybersecurity flaw A critical SQL injection flaw in FortiClient EMS allows remote code execution and data exfiltration, leaving thousands of internet facing systems at risk. By Taryn Plumb Mar 30, 2026 5 mins Security Vulnerabilities LangChain path traversal bug adds to input validation woes in AI pipelines The path traversal flaw, allowing access to arbitrary files, adds to a growing set of input validation issues in AI pipelines. By Shweta Sharma Mar 30, 2026 4 mins Security Vulnerabilities Leak reveals Anthropic’s ‘Mythos,’ a powerful AI model aimed at cybersecurity use cases The draft blog post describes a compute‑intensive LLM with advanced reasoning that Anthropic plans to roll out cautiously, starting with enterprise security teams. By Anirban Ghoshal Mar 30, 2026 5 mins Artificial Intelligence Security European Commission data stolen in a cyberattack on the infrastructure hosting its web sites The Commission says its internal IT systems weren’t affected, but it is still working to determine the attack’s impact. By Howard Solomon Mar 27, 2026 5 mins Cloud Security Cyberattacks Cybercrime Lloyds Bank reveals how IT bug exposed transaction data The bank is still investigating full details of a glitch that showed users of its mobile app transaction data belonging to other customers. By Maxwell Cooter Mar 27, 2026 2 mins Banking Data Privacy Financial Services Industry Attackers exploit critical Langflow RCE within hours as CISA sounds alarm Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch deadline. By Shweta Sharma Mar 27, 2026 4 mins Security Vulnerabilities Zero-Day Vulnerabilities Google: The quantum apocalypse is coming sooner than we thought The company has advanced its timeline for viable quantum computing, and thus the necessity of migrating to quantum-safe encryption, to 2029. By Maria Korolov Mar 26, 2026 4 mins Data and Information Security Encryption Security Databricks pitches Lakewatch as a cheaper SIEM — but is it really? The agentic SIEM shifts costs from ingestion to compute, promising cheaper retention and deeper analytics on enterprise security data. By Anirban Ghoshal Mar 26, 2026 4 mins Analytics Security Information and Event Management Software Security Software GitHub phishers use fake OpenClaw tokens to drain crypto wallets Attackers exploit OpenClaw hype with fake “CLAW” airdrops, luring developers from GitHub into wallet-draining phishing sites. By Shweta Sharma Mar 26, 2026 4 mins Cybercrime Phishing Social Engineering New critical Citrix NetScaler hole of similar severity to CitrixBleed2, says expert Unpatched, it allows an unauthenticated remote attacker to leak potentially sensitive information from the appliance's memory. By Howard Solomon Mar 25, 2026 4 mins Network Security Security Vulnerabilities Chained vulnerabilities in Cisco Catalyst switches could induce denial-of-service A weakness in a humble lobby account enabled Opswat researchers to elevate privileges. By John E. Dunn Mar 25, 2026 4 mins Network Security Security Vulnerabilities Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave Socket and Wiz confirm widespread credential theft and worm‑like propagation, with cached malicious Trivy artifacts still circulating across mirror infrastructure despite takedowns. By Gyana Swain Mar 25, 2026 5 mins Cybercrime Malware Security PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed. By Shweta Sharma Mar 25, 2026 4 mins Cybercrime Malware Security HP launches TPM Guard to help defeat physical TPM attacks Current TPMs can be compromised with $20 of hardware, allowing attackers to bypass BitLocker and access encrypted content. By Lynn Greiner Mar 24, 2026 4 mins Endpoint Protection Laptop Security Security Hardware 12345678910…424 Show me morePopularArticlesPodcastsVideos opinion Authentication is broken: Here’s how security leaders can actually fix it By Bhanu HandaApr 6, 20269 mins Access ControlAuthenticationIdentity and Access Management feature 6 ways attackers abuse AI services to hack your business By John LeydenApr 6, 20267 mins Artificial IntelligenceCyberattacksCybercrime opinion Escaping the COTS trap By Anant WairagadeApr 6, 20269 mins Artificial IntelligenceEnterprise ArchitectureSecurity Software podcast CSO Executive Sessions ASEAN: From Compliance to Cyber Resilience-Securing Patient Trust in Southeast Asia’s Hospitals By Estelle QuekFeb 24, 202623 mins CyberattacksCybercrimeRansomware podcast How Intelligence and AI Are Changing Cyber Defense | Erin Whitmore, Former CIA By Joan GoodchildFeb 4, 202628 mins CyberattacksCybercrime podcast Inside the SMB Threat Landscape: AT&T’s Senthil Ramakrishnan on Why Small Businesses Are Cybercrime’s Favorite Target By Joan GoodchildJan 13, 202623 mins CybercrimeSmall and Medium Business video CSO Executive Sessions ASEAN: From Compliance to Cyber Resilience-Securing Patient Trust in Southeast Asia’s Hospitals By Estelle QuekFeb 24, 202623 mins CSO and CISOElectronic Health RecordsRansomware video How Intelligence and AI Are Changing Cyber Defense | Erin Whitmore, Former CIA By Joan GoodchildFeb 4, 202628 mins CyberattacksCybercrime video Inside the SMB Threat Landscape: AT&T’s Senthil Ramakrishnan on Why Small Businesses Are Cybercrime’s Favorite Target By Joan GoodchildJan 13, 202623 mins CybercrimeSmall and Medium Business