Skip to content
View in the app

A better way to browse. Learn more.

hosang I.T.

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Security

2445 tech articles in this category

  1. CSOonline ·
    I’ve spent two years doing incident response and threat intel, and the one habit I’d keep if I had to give up every other is also the most boring. I don’t act on a piece of intelligence until I’ve checked it against the thing it claims to describe. It’s slow. It’s tedious. Almost nobody does it, because checking costs the exact time the feed was supposed to save. So, we read the report, nod and move on. That works fine most weeks. The weeks it doesn’t are the ones I remember, and the one I keep
    • 0 comments
    • 10 views
  2. CSOonline ·
    With change a constant, cybersecurity professionals looking to improve their careers can benefit from the latest insights into employers’ needs. Data from Foote Partners on the skills and certification most in demand today may provide helpful signposts. Analyzing more than 660 certifications as part of its 2Q 2026 “IT Skills Demand and Pay Trends Report,” Foote Partners calculated the most valuable IT security certifications to pursue right now based on two dimensions. The first, the average
    • 0 comments
    • 13 views
  3. CSOonline ·
    With change a constant, cybersecurity professionals looking to improve their careers can benefit from the latest insights into employers’ needs. Data from Foote Partners on the skills and certification most in demand today may provide helpful signposts. Analyzing more than 660 certifications as part of its 2Q 2026 “IT Skills Demand and Pay Trends Report,” Foote Partners calculated the most valuable IT security certifications to pursue right now based on two dimensions. The first, the average
    • 0 comments
    • 10 views
  4. Hacker News ·
    Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw that lets any logged-in user take full root control of a machine that has not been patched. The vulnerable code has shipped by default in essentially every mainstream distribution since 2011. The flaw needs no special permission, no unusual settings, and no networkView the full article
    • 0 comments
    • 19 views
  5. Hacker News ·
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2026-48282 (CVSS score: 10.0) - A path traversal vulnerability in Adobe ColdFusion that could lead to arbitrary code execution in the context of theView the full article
    • 0 comments
    • 22 views
  6. CSOonline ·
    A critical vulnerability in the Kernel-based Virtual Machine (KVM) module of the Linux kernel allows attackers with root access in a guest VM to execute arbitrary code on the host system. This violates the most important security boundary that cloud providers and enterprises rely on to isolate sensitive processes on servers. The vulnerability, tracked as CVE-2026-53359, stems from a use-after-free memory bug in the shadow MMU emulation of KVM on x86 CPU architecture. According to Hyunwoo Kim
    • 0 comments
    • 24 views
  7. CSOonline ·
    Palo Alto Networks’ security division, Unit 42, is warning of yet another campaign targeting Microsoft Teams users. The new campaign begins with Teams users receiving an email asking if they would like to participate in a survey. If they open the attached PDF file, they will shortly thereafter receive a voice call purporting to be from Microsoft Support. The fake support representative then attempts to gain permission to install a remote access tool, and in the process, Ether RAT — a T
    • 0 comments
    • 11 views
  8. compuquip ·
    Faster detection and response are two of the clearest promises in the move toward an agentic SOC, but speed on its own is not the point. What matters is whether managed SOC providers can reduce the time it takes to qualify, investigate, escalate, and act without making the workflow harder to trust. In this blog, we look at how agentic workflows can improve MTTD and MTTR, and what that actually means in day-to-day managed security operations. View the full article
    • 0 comments
    • 14 views
  9. CSOonline ·
    The Gentlemen ransomware underscores a challenge many CISOs face: stopping attackers after they gain an initial foothold. Researchers say the malware can spread across enterprise networks using legitimate Windows management tools while simultaneously attempting to weaken security and recovery systems. A report from Picus Security shows the malware combines self-propagation with the abuse of trusted administrative tools and attempts to impair recovery systems before encryption begins. The rep
    • 0 comments
    • 21 views
  10. CSOonline ·
    At some point, every security leader gets asked a version of the same question: Are we good? It tends to arrive when something is at stake and the person asking needs to know they can rely on the answer. I learned what that question really means at a firm I was with earlier in my career. We had received intelligence that threat actors were preparing to go after financial services firms over the holidays, counting on skeleton staffing and slower response times. We had procedures for exactly t
    • 0 comments
    • 17 views
  11. Hacker News ·
    Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. "An attacker can exploit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification processView the full article
    • 0 comments
    • 18 views
  12. Hacker News ·
    BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices. The vulnerabilities are listed below - CVE-2026-40138 (CVSS score: 9.2) - A pre-authentication vulnerability exists in theView the full article
    • 0 comments
    • 22 views
  13. CSOonline ·
    Most software composition analysis tools read what developers declare. Insignary Clarity’s patented binary-first platform analyzes what is actually built, shipped, and deployed — including the open-source components that never appear in any manifest. Insignary, Inc., whose patented binary fingerprint technology has been cited in four Gartner research reports, today announced its recognition as a Sample Vendor for Reachability Analysis in the Gartner Hype Cycle for Secure Software Engineering
    • 0 comments
    • 13 views
  14. CSOonline ·
    In a test of major LLMs, Zscaler found that some autonomous AI agents fell victim to frauds, reinforcing how easily some high-end enterprise agents can be conned by schemes that would fool few, if any, humans. The security vendor looked at various forms of indirect prompt injection (IPI) traps and found that, whereas many models fell victim to the schemes, some of the lower-level LLMs fared better than their pricier siblings.  The Zscaler testing found, for example, that four models were
    • 0 comments
    • 13 views
  15. CSOonline ·
    Some autonomous AI agents fell victim to frauds, reinforcing how easily some high-end enterprise agents can be conned by schemes that would fool few, if any, humans, Zscaler found in a test of major LLMs. The security vendor looked at various forms of indirect prompt injection (IPI) traps and found that, whereas many models fell victim to the schemes, some of the lower-level LLMs fared better than their pricier siblings.  The Zscaler testing found, for example, that four models were foun
    • 0 comments
    • 12 views
  16. Hacker News ·
    An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations. The activity, which has primarily singled out IT providers and government sectors, has been attributed to a threat cluster tracked by Check Point ResearchView the full article
    • 0 comments
    • 20 views
  17. CSOonline ·
    Stephen Wilson, field chief technology officer for HashiCorp, an IBM company, likens AI agents to “really smart kindergartners.” “They know how to do something, but they have no clue as to why they should do it,” Wilson says. This combination of superior execution power and lack of judgment can create a significant challenge for organizations trying to fit AI agents into their existing zero trust architectures. In a robust zero trust environment, Wilson notes, human users are first authe
    • 0 comments
    • 19 views
  18. CSOonline ·
    Existing security controls weren’t designed for AI agents. Static credentials and standing privileges aren’t sufficient for an emerging model where organizations need to rapidly authorize, limit, and revoke permissions from autonomous agents, sometimes more than once within a single workflow. Agentic AI requires organizations to carefully consider how to govern agentic identity, agent-to-agent communication, secrets management, privileged access, and workforce identity. Agentic ident
    • 0 comments
    • 19 views
  19. CSOonline ·
    Ever since ChatGPT made its public debut nearly four years ago, governance and security have largely lagged behind AI adoption. Eager to experiment with AI tools and find ways to improve their work and personal lives, users have uploaded corporate data, financial records, and even their own health information to large language models (LLMs). While this freewheeling activity presents obvious risks, many users and businesses have so far been spared from catastrophic consequences. Stephen W
    • 0 comments
    • 19 views
  20. Hacker News ·
    A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became a routing cover. Clean code pulled dirt from a dependency. Identity shortcuts aged badly. AI systems trusted the wrong instructions. Same soft spot throughout: trustView the full article
    • 0 comments
    • 17 views
  21. CSOonline ·
    A fully autonomous AI agent conducted an end-to-end cyber intrusion and extortion campaign after exploiting a vulnerable Langflow server, demonstrating how large language models could accelerate ransomware operations, according to research published by Sysdig. Sysdig detailed the operation in a research paper, saying the AI agent, dubbed JadePuffer, completed the entire intrusion chain, from initial access to database extortion, using an LLM to adapt its actions and execute more than 600 coo
    • 0 comments
    • 11 views
  22. Hacker News ·
    Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted onto a legacy SIEM to agent platforms that run detection, triage, investigation, and response on their own data foundation. Whether a platform will materially change outcomes forView the full article
    • 0 comments
    • 15 views
  23. Hacker News ·
    A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts. The multi-stage campaign, codenamed Operation DragonReturn by Seqrite Labs, involves sending spear-phishing emails impersonating the Income Tax Department of India.View the full article
    • 0 comments
    • 11 views
  24. CSOonline ·
    Higher education has consolidated its entire academic operation into a handful of massive SaaS platforms. The LMS manages instruction, grading and communication. The SIS owns enrollment, records and financial aid. Identity and productivity live in a small number of cloud providers. These are not peripheral tools — they are the operational infrastructure of the institution. As IT stewards, we manage platforms we do not own, cannot restore ourselves and cannot directly control — which makes contin
    • 0 comments
    • 15 views
  25. CSOonline ·
    If you wanted to become a basketball star, how would you get started? You wouldn’t read a book on basketball and take an online course. You’d set up a hoop in your driveway, join a local team to train, and play in real matches. So why do we expect cybersecurity professionals to learn their skills from theory and static training? The cybersecurity industry talks constantly about the “skills gap.” The recent World Economic Forum’s Global Cybersecurity Outlook report revealed skills and budgets
    • 0 comments
    • 16 views
  26. Hacker News ·
    Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific data from the pages a victim visits. In a proof of concept, they reconstructed a signed-in user's full Gmail address from a single visit, with no click. Opera has patched the flaw and says it found no evidence thatView the full article
    • 0 comments
    • 16 views
  27. CSOonline ·
    A cyber risk assessment helps security teams identify, estimate, and prioritize potential threats and vulnerabilities to key enterprise digital and physical assets. Yet, despite its importance, many CISOs fall victim to several types of “gotchas” that prevent them from fully achieving their risk assessment goals. An assessment should be an essential part of every organization’s overall cybersecurity strategy. The process helps security leaders understand risks to business objectives, evaluat
    • 0 comments
    • 26 views
  28. Hacker News ·
    Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology. Their strongest trick slipped past every scanner tested more than 90% of the time, and the same team built a runtime checker that catches most of theView the full article
    • 0 comments
    • 19 views
  29. Hacker News ·
    A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left. The odd part: the group that took the money calls itself Kairos, but it may not be a ransomware gang at all. Krishnan found no sign that it ever locked a singleView the full article
    • 0 comments
    • 28 views
  30. Hacker News ·
    The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist, Go, and Google Chrome as part of an ongoing activity referred to as PolinRider. "The campaign remains active, and new malicious packages are likely to continue appearing as threat actors compromise maintainer accounts,View the full article
    • 0 comments
    • 27 views
  31. Hacker News ·
    Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards. The flaws matter because FatFs is nearly everywhere. It ships inside the firmware that runs security cameras, drones, industrial controllers, hardware crypto wallets, and other devices built onView the full article
    • 0 comments
    • 39 views
  32. Hacker News ·
    A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out. Bad Epoll sits in the same small stretch of kernel code where Anthropic's most powerful AI model, Mythos, recently found a different bug. The AI caught one flaw and missedView the full article
    • 0 comments
    • 18 views
  33. Hacker News ·
    Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls. Avalon combines credential collection, lateral movement, remote access, recovery disruption, and ransomware execution, bringing together diverse functions under oneView the full article
    • 0 comments
    • 21 views
  34. Hacker News ·
    Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft. According to JFrog, the packages "rollup-packages-polyfill-core" and "rollup-runtime-polyfill-core" mimic the legitimate "rollup-plugin-polyfill-node" project, down to the description, repository metadata, andView the full article
    • 0 comments
    • 27 views
  35. CSOonline ·
    Microsoft users have been hit by a massive, automated password spray attack. Among those targeted by the attack were clients of security company Huntress. It reported that the attackers made 81 million attempts to log into its customers’ accounts between June 12 and 26 — and succeeded in at least 78 cases. And that’s just the attacks on Microsoft account holders who also happen to be Huntress customers: The number of compromised accounts could be much higher, as it’s in the nature of a p
    • 0 comments
    • 16 views
  36. CSOonline ·
    Adobe will now issue security patches for its products twice as often to deal with the increasing pace of software vulnerability discovery and exploitation. This follows Oracle’s decision to increase its quarterly patch program to a monthly one. Adobe issues patches on the second Tuesday of each month, as do Microsoft and SAP. Starting in July, it will also issue them on the fourth Tuesday of each month, it said in a blog post. As an early indicator of the need for the faster rhythm,
    • 0 comments
    • 19 views
  37. Hacker News ·
    A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "Armored Likho blends financially motivated campaigns targeting private individuals with targeted cyber espionage aimed at organizations," Kaspersky said in a technical analysis published today. "View the full article
    • 0 comments
    • 16 views
  38. CSOonline ·
    Citrix NetScaler appliances have been a constant target for attackers in recent years, most recently through an information leak vulnerability dubbed CitrixBleed 3, the latest in a series of NetScaler memory overreads going back to 2023. This week, Citrix patched yet another CitrixBleed-like vulnerability and there are signs of in-the-wild exploitation already. The new memory overread vulnerability, tracked as CVE-2026-8451, was found by researchers from security firm watchTowr who published
    • 0 comments
    • 22 views
  39. Krebs ·
    The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity published findings from multiple security firms connecting NetNut to the Popa botnet, a collection of at least two million devices that have been compromised by malicious software wi
    • 0 comments
    • 38 views
  40. Hacker News ·
    Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people's traffic. Working with the FBI, Lumen, and others, Google's Threat Intelligence Group (GTIG) said this week it had reduced the network's pool of usable devices by millions. Google identifies NetNut, also tracked as Popa, as a network spread across homeView the full article
    • 0 comments
    • 30 views
  41. Hacker News ·
    Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. "Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateralView the full article
    • 0 comments
    • 29 views
  42. Hacker News ·
    This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one big break. It is small permissions, weak checks, open systems, and normal tools doing things they were allowed to do. That same pattern runsView the full article
    • 0 comments
    • 28 views
  43. CSOonline ·
    A newly disclosed vulnerability in Argo CD is drawing attention to the security risks of GitOps platforms, with researchers warning that the flaw could allow attackers who gain a foothold inside a Kubernetes cluster to execute code and manipulate application deployments. Security firm Synacktiv said in a report that the flaw affects Argo CD’s repo-server component, which fetches content from Git repositories and generates Kubernetes manifests used to deploy resources in a cluster. Argo CD is
    • 0 comments
    • 18 views
  44. Hacker News ·
    Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing credentials, moving deeper into the network, then encrypting and wiping a company's production database. Ransomware has alwaysView the full article
    • 0 comments
    • 23 views
  45. Hacker News ·
    The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. "An operator tied to FortiBleed's infrastructure was found actively working negotiation panels for both groups, tying mass FortiGate credential theft directly to ransomware deploymentView the full article
    • 0 comments
    • 26 views
  46. Hacker News ·
    Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs. Run one, and it quietly lifts your saved passwords, browser cookies, and files, then hands the attacker a shell on your machine. YesWeHack andView the full article
    • 0 comments
    • 18 views
  47. Hacker News ·
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a case of remote code execution arising from the deserialization of untrusted data. The issueView the full article
    • 0 comments
    • 28 views
  48. CSOonline ·
    Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) that can be exploited through prompt injection to achieve remote code execution (RCE). The two flaws, tracked as CVE-2026-50548 and CVE-2026-50549, allow attackers to break out of Cursor’s command execution sandbox, the protective layer that’s supposed to prevent the internal AI agent from performing rogue actions on the underlying operating system. “The exploit r
    • 0 comments
    • 29 views
  49. Hacker News ·
    Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component's internal network port. Synacktiv, which found the bug, says it can lead to a full cluster takeover. There is no fix and no CVE. The firm says it reported the flaw to Argo CD's maintainers inView the full article
    • 0 comments
    • 23 views
  50. Hacker News ·
    A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, computer intrusion, and fraud, the U.S. Department of Justice announced on July 1. Peter Stokes, 19, a dual U.S. and Estonian citizen, appeared in a Chicago federal court on June 30, where a judge ordered him held in custody. Finnish policeView the full article
    • 0 comments
    • 24 views
  51. CSOonline ·
    Detection engineering, which was once a niche practice among mostly large companies, appears to have evolved into a capability that organizations across industries now consider essential to their security operations. What is detection engineering? Detection engineering is about creating and implementing systems to identify potential security threats within an organization’s specific technology environment without drowning in false alarms. It’s about writing smart rules that can tell when
    • 0 comments
    • 43 views
  52. Hacker News ·
    Anthropic is putting Claude Fable 5 back online worldwide. On June 30, the U.S. Commerce Department lifted the export controls it had imposed on Fable and its more tightly controlled sibling Mythos 5 about two and a half weeks earlier. Fable 5 returns to users on Wednesday, July 1, across Claude.ai, the Claude Platform, Claude Code, and Claude Cowork. Export controls restrict who canView the full article
    • 0 comments
    • 29 views
  53. Hacker News ·
    Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface (CLI), compromising dozens of accounts in the process. The activity, per Huntress, originates from an IPv6 address range (2a0a:d683::/32) controlled by internet infrastructure provider LSHIY LLC (AS32167). "Between June 12 and June 26, the threatView the full article
    • 0 comments
    • 32 views
  54. Hacker News ·
    ClickFix, the trick that fools people into running malware by hand, has quietly grown a back office. New research shows the malicious commands behind its fake "prove you're human" pages are now handed out by API-driven servers that give each visitor the same malware in a different disguise. The same research also turned up a new delivery method built to slip past Windows' script scanning.View the full article
    • 0 comments
    • 25 views
  55. Hacker News ·
    Citrix on Tuesday released security updates to address multiple flaws in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that could be exploited by an attacker to facilitate arbitrary file reads or trigger a denial-of-service (DoS) condition. The vulnerabilities are listed below - CVE-2026-8451 (CVSS score: 8.8) - An insufficient input validationView the full article
    • 0 comments
    • 29 views
  56. Hacker News ·
    Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner. The activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, indicating threat actors are scanning and targeting exposed artificial intelligence (AI)View the full article
    • 0 comments
    • 62 views
  57. compuquip ·
    Trust is one of the biggest barriers to adoption in autonomous security operations, and it is rarely solved by messaging alone. It is earned when the workflow proves it can operate with speed, visibility, and accountability at the same time. In this blog, we look at what actually builds trust in autonomous security operations, why human validation still matters, and what IT leaders should expect before giving AI-driven workflows more responsibility. View the full article
    • 0 comments
    • 20 views
  58. CSOonline ·
    Google has removed a malicious browser extension masquerading as Perplexity AI after Microsoft researchers found it was intercepting users’ search traffic and routing queries through attacker-controlled servers before forwarding them to legitimate search engines. Microsoft Threat Intelligence said the extension masqueraded as the AI-powered answer engine to trick users into installing it. Based on its analysis, the company said the extension’s primary objective was to intercept search traffi
    • 0 comments
    • 19 views
  59. Hacker News ·
    Convince an AI browser that it is playing a game, and it can hand over your login details. That is the finding behind BioShocking, a technique from security firm LayerX that tricked six AI browsers and assistants into copying a user's credentials and sending them to an attacker. The targets included OpenAI's ChatGPT Atlas, Perplexity's Comet, and Anthropic's Claude browser extension. AnView the full article
    • 0 comments
    • 19 views
  60. Hacker News ·
    A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037, carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run LoadMaster with the API enabled, update now. Progress published its advisory on JuneView the full article
    • 0 comments
    • 21 views
  61. Hacker News ·
    Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence (AI) tools like Anthropic Claude and OpenAI Codex Security. The WebKit vulnerabilities are listed below - CVE-2026-43707 - A memory corruption issue that could result in anView the full article
    • 0 comments
    • 25 views
  62. Hacker News ·
    A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances. "Easily exploitable vulnerability allowsView the full article
    • 0 comments
    • 19 views
  63. Hacker News ·
    New findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cross-platform application development framework called DCloud Uni-App. The templates power bogus cryptocurrency exchanges, multi-language pig-butchering operations, WhatsApp phishing networks, fake gambling platforms, brand-impersonationView the full article
    • 0 comments
    • 20 views
  64. Hacker News ·
    Today’s encrypted data, such as credentials, may no longer remain confidential in the future because the public-key cryptography protecting it will soon be broken by quantum computers. Although no machine today can break elliptic curve cryptography or RSA, quantum hardware is advancing rapidly and will inevitably change how organizations protect their data. Ciphertext and credentials captured byView the full article
    • 0 comments
    • 19 views
  65. Hacker News ·
    A Russian advanced persistent threat (APT) group has continued to evolve and expand its malware arsenal as part of its ongoing cyber onslaught against Ukraine throughout 2025. Slovakian cybersecurity company ESET said it observed 35 distinct spear-phishing campaigns mounted by Gamaredon against new targets, with most of them taking place in the second half of the year. Primary targets of theseView the full article
    • 0 comments
    • 22 views
  66. Hacker News ·
    Microsoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font files, then woke up days after install to steal credentials and run ad fraud. The company calls it StegoAd, a mash-up of steganography and adware, and ties 119 extensions to a single threat actor it says has been active since at least 2021.View the full article
    • 0 comments
    • 21 views
  67. Hacker News ·
    A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and including 1.11.1 and carries a CVSS 4.0 score of 9.2. libssh2 is a client-side SSH library, not a server.View the full article
    • 0 comments
    • 20 views
  68. Hacker News ·
    Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycle scripts, perhaps in an attempt to remain 'compatible' with npm v12's security hardenings," JFrog said in aView the full article
    • 0 comments
    • 41 views
  69. Hacker News ·
    OpenAI on Friday released three versions of GPT-5.6, called Sol, Terra, and Luna, as a limited preview to a small number of companies as part of an ongoing engagement with the U.S. government. While Sol is the latest flagship model and the most powerful, Terra strikes a balance between efficiency and power, and Luna is fine-tuned for speed and affordability. "GPT‑5.6 Sol launches with our mostView the full article
    • 0 comments
    • 36 views
  70. CSOonline ·
    Hackers are exploiting a critical vulnerability recently patched in PTC Windchill and FlexPLM, two product lifecycle management solutions used by organizations across a range of industries, including defense, aerospace, automotive, medical, electronics, industrial machinery, and consumer goods. The vulnerability, tracked as CVE-2026-12569, is an unsafe deserialization flaw that enables remote code execution. It’s located in the web-based Windchill PDMLink product data management component an
    • 0 comments
    • 29 views
  71. CSOonline ·
    Enterprises that have turned to AI in order to boost their security defenses may have to reconsider their approach. Malware containing code that commands LLM-assisted products to abort their analysis or refuse to implement it is already circulating, according to a post from security company SentinelLabs. SentinelLabs thinks it knows who’s responsible for the malware, which attacks MacOS systems. “Apple’s XProtect detects the sample under the rule MACOS_BONZAI_COBUCH, and SentinelLabs ass
    • 0 comments
    • 23 views
  72. CSOonline ·
    Australia’s Security Intelligence Organization (ASIO) has uncovered an attack on a critical infrastructure operator’s network. State-sponsored actors had compromised the network and were preparing to sabotage it, according to its director general, Mike Burgess. Other countries face similar cyber-threats to critical infrastructure. It’s impossible to exaggerate the danger that the country is facing from cyberattacks on its infrastructure, he said, presenting ASIO’s annual threat assessme
    • 0 comments
    • 21 views
  73. CSOonline ·
    I work as a principal specialist at a pipeline operator where Operational Technology (OT) is the backbone of the business. I do not report to the board or act as a CISO, but the issues that get raised to those levels affect my job every single day. Since the Colonial pipeline ransomware incident in 2021, it has become apparent that our industry has started posing different tones of “Are we zero trust yet?” I frequently witness its intense significance through auditing requests, TSA security
    • 0 comments
    • 21 views
  74. CSOonline ·
    US lawmakers on Thursday introduced a bill that would require developers of advanced AI models to report major safety and security incidents to the Commerce Department, establishing a federal oversight framework for high-risk AI systems. The proposed AI Incident Reporting Act would mandate that developers of designated “covered models” disclose incidents within seven days of knowing, or reasonably believing, that one has occurred. For incidents posing an imminent or ongoing risk of serious h
    • 0 comments
    • 23 views
  75. CSOonline ·
    When a new AI capability starts making headlines, I see the same pattern play out in boardrooms and executive staff meetings. The technology is introduced as a looming breakthrough for attackers. The conversation quickly shifts to worst-case scenarios. Then security leaders are asked some version of the same question: Are we suddenly exposed in ways we were not exposed before? My answer is usually no. In most organizations, the bigger issue is not that a frontier model such as Mythos wil
    • 0 comments
    • 15 views
  76. Hacker News ·
    Russian authorities used Cellebrite's UFED forensic tools to break into the iPhone of detained opposition activist Andrey Pivovarov in June 2021, three months after Cellebrite said it would stop selling its tools and services to Russia and Belarus. The finding, published June 25 by the Citizen Lab, rests on two things that rarely line up: traces on the phone itself and an official RussianView the full article
    • 0 comments
    • 19 views
  77. CSOonline ·
    Ten years have passed since the General Data Protection Regulation (GDPR) came into force, and the results are mixed. While data protection has become more firmly established in European companies — and beyond — than ever before, the business world remains critical of the regulation due to increasing bureaucracy, legal uncertainty, and competitive disadvantages. From a data protection perspective, this is a success story. According to a 2018 Bitkom study, shortly before GDPR came into effect
    • 0 comments
    • 24 views
  78. Hacker News ·
    The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy. Describing the Windows backdoor as continually developed by the hacking group, Google Threat Intelligence Group (View the full article
    • 0 comments
    • 24 views
  79. compuquip ·
    AI SOC triage agents are getting a lot of attention, but the market is still ahead of the standard many buyers are using to evaluate them. In this blog, we look at what a triage agent should actually do inside real security operations, where it should create measurable value, and where it should stop short of replacing analyst judgment. The goal is not a faster interface. It is better triage, better case quality, and less wasted analyst effort. View the full article
    • 0 comments
    • 22 views
  80. CSOonline ·
    The new CIO mandate is clear: facilitate AI adoption across the enterprise at speed. According to CIO.com’s State of the CIO survey, CEOs’ top priority for their IT executives is to capitalize on AI. From researching to evaluating AI products, CIOs are now the central figures in their organizations’ AI strategies. And company leaders are looking for real outcomes. Almost two-thirds of senior leaders report there is more pressure to prove ROI on their AI investments than a year ago, accor
    • 0 comments
    • 20 views
  81. CSOonline ·
    We are auditing a curated version of history. I’ve worked in security long enough now to know something most of us don’t really say out loud. A lot of compliance is theatre. Not all of it, and not all auditors or frameworks, but enough of it that most experienced CISOs know exactly what I mean. If you understand how audits work, know how controls are interpreted and can manage scope and narrative well enough, you can often steer things where you need them to go. That’s uncomfortable to a
    • 0 comments
    • 23 views
  82. Hacker News ·
    An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, tracked as CVE-2026-20245 (CVSS score: 7.8), allows an authenticated, local attacker to execute arbitrary commands with elevated privilegesView the full article
    • 0 comments
    • 25 views
  83. CSOonline ·
    Researchers have identified a new backdoor program that has been used in enterprise intrusions since April and appears to be linked to an initial access broker that sells network footholds to ransomware gangs. Dubbed Mistic by researchers from Symantec, the malware program has been deployed on networks belonging to organizations from multiple sectors, including insurance, education, IT, and professional services. In some cases it has been used alongside ModeloRAT, a piece of malware written
    • 0 comments
    • 32 views
  84. CSOonline ·
    Two members of the Scattered Spider cybercrime collective have admitted launching a cyberattack against Transport for London (TfL) that caused millions in damages. Thalha Jubair, 20, from East London, and Owen Flowers, 18, from Walsall, West Midlands, were due to stand trial for computer hacking offences at Woolwich Crown Court on Monday but changed their pleas to guilty on the first day of what was scheduled to be a six-week trial. Sentencing for the pair is due to take place in the sam
    • 0 comments
    • 22 views
  85. CSOonline ·
    A critical Cisco Unified CM vulnerability is now under active exploitation, weeks after the company issued patches warning it could allow attackers to gain root access. Threat intelligence firm Defused reported the exploitation on June 23. The company said it observed the activity over the weekend. “This is currently being exploited from a single source using an unvetted PoC, with genuinely-formatted file:// file-write payloads landing on our decoys,” Defused said on X. The flaw is t
    • 0 comments
    • 19 views
  86. CSOonline ·
    A fake AI agent skill that passed security checks reached over 26,000 users through Instagram, highlighting new risks as enterprises rely on AI-driven tools. Some of the agents involved were tied to corporate accounts, AIR said. The company said a similar attack could have exposed private conversations and internal systems. AIR said no agents were harmed in the research and that the test payload collected only users’ email addresses so they could be notified. The experiment centered on a
    • 0 comments
    • 22 views
  87. CSOonline ·
    Security awareness training as a defense against phishing is dead. It has been dead for a while. The industry never held a funeral because the training budget is comfortable, the compliance box gets checked and no CISO wants to tell the board that the program everyone funds does not work. The premise was simple. With enough education, users would learn to spot the tells. Misspelled words. Awkward phrasing. Sender domains that looked almost right. URLs that revealed something suspicious on ho
    • 0 comments
    • 30 views
  88. CSOonline ·
    Security awareness training as a defense against phishing is dead. It has been dead for a while. The industry never held a funeral because the training budget is comfortable, the compliance box gets checked and no CISO wants to tell the board that the program everyone funds does not work. The premise was simple. With enough education, users would learn to spot the tells. Misspelled words. Awkward phrasing. Sender domains that looked almost right. URLs that revealed something suspicious on ho
    • 0 comments
    • 19 views
  89. Hacker News ·
    The U.S. Department of Justice (DoJ) on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury unveiled fresh sanctions against nine individuals and 26 entities linked to Prince Group. "These subsidiaries are alleged to have assisted individuals and organizations in transferring proceeds ofView the full article
    • 0 comments
    • 25 views
  90. CSOonline ·
    Widespread enterprise adoption of AI has created a pressing need for security solutions — a tall order given that AI’s reach into organizational infrastructure and data is enormous and continues to grow. Moreover, where an organization sits on the AI maturity curve impacts its security needs. Trail of Bits CEO Dan Guide describes the AI journey as a migration from AI-assisted, where AI tools are used on existing workflows; through AI-augmented, which uses new workflows based on AI; to the AI
    • 0 comments
    • 26 views
  91. CSOonline ·
    Widespread enterprise adoption of AI has created a pressing need for security solutions — a tall order given that AI’s reach into organizational infrastructure and data is enormous and continues to grow. Moreover, where an organization sits on the AI maturity curve impacts its security needs. Trail of Bits CEO Dan Guide describes the AI journey as a migration from AI-assisted, where AI tools are used on existing workflows; through AI-augmented, which uses new workflows based on AI; to the AI
    • 0 comments
    • 19 views
  92. Hacker News ·
    Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The vulnerability, tracked as CVE-2026-20230 (CVSS score: 8.6), is a case of improper input validation for specific HTTP requests that could allow an unauthenticated, remoteView the full article
    • 0 comments
    • 22 views
  93. CSOonline ·
    US President Donald Trump on Monday signed a pair of executive orders aimed at accelerating the federal government’s transition to post-quantum cryptography while expanding US investment in quantum technologies, establishing what the administration describes as a coordinated strategy to prepare for the opportunities and risks posed by quantum computing. The actions include an executive order, “Securing the Nation Against Advanced Cryptographic Attacks,” and a companion order, “Ushering in th
    • 0 comments
    • 28 views
  94. Hacker News ·
    A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls globally. The campaign, active since February 2026, involves collecting credential lists, searching for exposed services, brute-forcing accessible systems, and deploying bespokeView the full article
    • 0 comments
    • 23 views
  95. Krebs ·
    Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members of a prolific cybercrime group known as Scattered Spider, and their guilty pleas came on the first day of what was expected to be a six-week trial. Owen Flowers (left) 18, and Thalha Jubair, 20. Image: UK National Crime Agency (NCA). Tha
    • 0 comments
    • 27 views
  96. Hacker News ·
    GitHub is moving to strengthen software supply chain security by updating "actions/checkout" to block pwn request attacks that exploit the risky use of the "pull_request_target workflow" trigger to run malicious code with the workflow's full privileges. Effective June 18, 2026, the latest version of "actions/checkout," the official GitHub action for checking out a repository into theView the full article
    • 0 comments
    • 24 views
  97. CSOonline ·
    What began as a routine ransomware investigation uncovered two unrelated attackers operating inside the same victim network at the same time, each obscuring the other’s activity and complicating the response. The discovery emerged during a Microsoft Detection and Response Team (DART) engagement involving Storm-2603, a threat actor associated with ransomware deployment. Investigators initially believed they were tracking a single intrusion before identifying a separate attack chain involving
    • 0 comments
    • 22 views
  98. CSOonline ·
    OpenAI has launched a program with cybersecurity firm Trail of Bits to use AI to find and fix vulnerabilities in widely used open-source software, as enterprises face growing risks from flaws buried deep in their software supply chains. The initiative, called Patch the Planet, uses AI-assisted vulnerability research alongside human review to help turn security findings into tested fixes that can be disclosed through existing project channels. Initial participants include Python, Go, cURL
    • 0 comments
    • 22 views
  99. Hacker News ·
    Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The list of identified packages, is below - aes-decode-runner-pro (145 downloads) postcss-minify-selector (256 downloads) postcss-minify-selector-parser (615 downloads) All the packages were published over the past month by an npm user namedView the full article
    • 0 comments
    • 18 views

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.