We compared the price histories of the products that ZDNET experts recommend to help you find the best deals while shopping during Amazon Prime Day.

Read more →

Plus, tech job cuts, Sam Altman’s web of investments and Asia’s stock-market fever.

Read more →

Make your car feel high tech without breaking the bank. Shop our favorite Bluetooth adapters, chargers, and more.

Read more →

Read more →

Two members of the ‘Scattered Spider’ cybercrime group pleaded guilty to hacking the Transport for London (TfL) systems in 2024. […]

Read more →

I live in San Francisco, but as a founder serving large enterprises, I now travel quite a bit. When you get outside of the Bay Area, the first thing you notice is that there are no billboards screaming about AI, and no buses advertising agents for SDR, customer success, or finance. Three weeks ago, I…

Read more →

Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the firm tested it against marked it safe. The payload was harmless by design: it collected the user’s email address and…

Read more →

President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems to post-quantum cryptography. Key establishment must move by December 31, 2030; digital signatures by December 31, 2031. EO 14409 leaves national security systems on a separate track. The deadlines matter because of a threat that…

Read more →

JFrog found an npm package impersonating postcss-selector-parser to drop a multi-stage Windows RAT

Read more →

A massive credential-harvesting campaign targeting FortiGate firewalls has exposed thousands of organizations to potential network compromise, and a trove of attacker tools, scripts, and credentials left inadvertently exposed on a server has given researchers an unusually detailed look at how the operation worked. Analysts from ZenoX and CloudSEK have pieced together the full attack chain…

Read more →

An Algerian man known online as “SPOX” was extradited from Spain and charged with running a black-market cybercrime operation that prosecutors say defrauded thousands of victims and funneled roughly $900,000 through a cryptocurrency account over a three-year period. Abdellah Belmili, 26, made his initial appearance Monday in the U.S. District Court for the Western District…

Read more →

Amazon Prime Day is packed with affordable tech deals, from Bluetooth speakers and chargers to streaming devices.

Read more →

I’m a health and wearables editor, and these are some of the top smartwatch, smart ring, and wellness deals I’ve found for Prime Day.

Read more →

OpenAI expanded Daybreak with a full GPT-5.5-Cyber release to help defenders patch software flaws

Read more →

N-able has announced the availability of Shadow AI Visibility across its Unified Endpoint Management (UEM) solutions, N‑central and N‑sight, and its Security Operations platform, Adlumin. The new capability helps organizations identify, classify, and monitor AI tool usage across managed environments, providing IT and security teams with the visibility needed to address a rapidly growing operational…

Read more →

Attackers can now weaponize newly disclosed vulnerabilities far faster than most organizations can patch them. Picus Security explains how security teams can validate exploitability before a public exploit even exists. […]

Read more →

LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company’s OAuth tokens in the Klue supply chain attack earlier this month. […]

Read more →

Dragos has announced the release of EmberAI, an OT-native AI built on the Dragos Intelligence Fabric. EmberAI gives every analyst immediate access to Dragos’s OT-specific intelligence, gained from more than a decade of OT operations, activity, and expertise. Putting historical and real-time intel in the hands of every security analyst, EmberAI enables teams to gain…

Read more →

SocGholish uses traffic distribution systems (TDSs) to provide initial access into victims’ networks for cybercrime groups such as the notorious Evil Corp.

Read more →

A Reddit comment that takes only a few seconds to write can end up influencing the answers generated by AI research tools. A Cornell Tech study found that a short snippet of user-generated text, sometimes as little as 13 words, was enough to affect the output of deep-research agents, AI systems that search the web,…

Read more →

Meta has paused a controversial employee‑tracking program after an internal security review found that highly granular keystroke and screen‑capture data from staff laptops was far more widely accessible inside the company than intended. The program was part of Meta’s Model Capability Initiative (MCI), which collected mouse movements, click locations, keystrokes, and screen content from employees’…

Read more →

Healthcare leaders are overwhelmingly confident in their tech vendors’ cybersecurity, right up until those vendors get hacked and freeze their cash flow. A report released today by managed IT and security provider Omega Systems reveals a massive visibility gap in the healthcare digital supply chain.  While 70% of healthcare leaders express confidence in their vendors’…

Read more →

Cybercriminals launch fake GTA 6 pre-order sites offering early access for crypto payments

Read more →

The threat actors engineered a Golang-based sniffer to target 430,000 FortiGate firewalls and identify 110 million credentials in the ongoing global campaign.

Read more →

The RayNeo Air 4 Pro project your phone or laptop screen into a 201-inch virtual display with surprisingly vivid picture quality.

Read more →

Emergency alert systems work because people believe them. Every time one of these systems issues a false alert – whether through negligence or a deliberate attack – trust erodes. Read more in my article on the Hot for Security blog.

Read more →

What began as a routine ransomware investigation uncovered two unrelated attackers operating inside the same victim network at the same time, each obscuring the other’s activity and complicating the response. The discovery emerged during a Microsoft Detection and Response Team (DART) engagement involving Storm-2603, a threat actor associated with ransomware deployment. Investigators initially believed they…

Read more →

Microsoft researchers warn of a new dual-action cryptocurrency clipper (CryptoBandits Malware) spreading through USB devices to alter wallet addresses and steal crypto assets.

Read more →

Enterprise data teams may finally have a way to tap into vast stores of unstructured data without spending months moving files around. Komprise today announced Transparent File Tables, a new capability that exposes enterprise file data as queryable Apache Iceberg tables for AI, analytics, and business intelligence platforms, including Snowflake and Databricks. The launch addresses…

Read more →

Once you ingest major telemetry sources, how can we add value for our Threat Hunters? Check out how we brought in potentially malicious sandbox submissions to the analysts’ queue for triage.

Read more →

The cyber attacks timeline for 1-15 June 2026 is out with 80 confirmed events dominated by cyber crime, malware, and exploitation of public-facing applications. Information & Communication led the most targeted sectors, while supply chain was under fire.

Read more →

Here’s why the next social engineering wave won’t hit inboxes – it will just simply call employees on the phone.

Read more →

OpenAI has launched a program with cybersecurity firm Trail of Bits to use AI to find and fix vulnerabilities in widely used open-source software, as enterprises face growing risks from flaws buried deep in their software supply chains. The initiative, called Patch the Planet, uses AI-assisted vulnerability research alongside human review to help turn security…

Read more →

Scam websites are circulating across the internet with a pitch aimed at millions of gamers: a way to play Grand Theft Auto VI before its release. The pages promise early access for a few hundred dollars in cryptocurrency, ask buyers to enter a payment code, and claim the game will then unlock. These offers deliver…

Read more →

You can change a password and cancel a card. But replacing a passport or driver’s license number every time someone leaves yours unsecured in a vendor database isn’t so easy. More than three million Texans are facing that problem after a data breach involving a vendor used by the Texas Parks and Wildlife Department (TPWD)…

Read more →

Xsolis disclosed a breach affecting 1.4M people after a phishing attack exposed personal and health data from its hospital clients’ systems. Healthcare tech company Xsolis, Inc. has disclosed a data breach impacting nearly 1.4 million individuals. The Tennessee-based firm provides utilization management and revenue cycle solutions for healthcare providers. The company became aware of an…

Read more →

Two teenagers face sentencing after admitting to a massive Scattered Spider cyberattack that hit Transport for London (TfL) and US healthcare networks.

Read more →

Here’s how to adjust your TV colors so they look more realistic than what’s shown on the retail floor.

Read more →

Two members of the notorious hacker group Scattered Spider have pleaded guilty to charges related to a 2024 cyberattack on Transport for London (TfL) that resulted in £29 million in loss and recovery costs. Thalha Jubair, 20, from London, and Owen Flowers, 18, from Walsall, pleaded guilty at a court hearing in London to offences…

Read more →

The chip maker can get its mojo back, but it must overcome technical challenges that have dogged it in the past.

Read more →

Two young British men have pleaded guilty to hacking Transport for London as part of a Scattered Spider plot

Read more →

Omada has introduced Omada Identity Sovereign, a new solution that enables organizations to take direct control over where and how their identity governance is deployed. The solution addresses the digital sovereignty requirements, including data, operational, and jurisdictional control, that regulated organizations cannot meet with standard cloud deployments. Digital sovereignty is moving from preference to procurement…

Read more →

A new wave of scam websites is offering something millions of people want: a way to play Grand Theft Auto VI before it comes out. “Get GTA 6 before everyone else.” “Buy VIP early access.” Pay a few hundred dollars in cryptocurrency, enter a payment code, and supposedly unlock the game. But it’s a scam.…

Read more →

Hack The Box (HTB) has announced new capabilities to help security leaders gain greater visibility into skills, performance and operational readiness. As AI transforms cyberattacks and cybersecurity operations, HTB is expanding its cyber readiness platform to help organizations identify gaps, evaluate team performance and strengthen organizational resilience. By combining hands-on Security Operations Center (SOC) training,…

Read more →

Mavenir has announced its Agentic Service Assurance Framework, a TM Forum IG1251/IG1453-aligned, multi-agent system that automates complex network operations across multiple domains without replacing existing systems. The framework pairs an Intent Orchestrator with a multi-layer agentic ecosystem in which AI helps detect, diagnose, recommend, and resolve network faults, improving operator productivity and accelerating the path…

Read more →

Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The list of identified packages, is below – aes-decode-runner-pro (145 downloads) postcss-minify-selector (256 downloads) postcss-minify-selector-parser (615 downloads) All the packages were published over the past month by an npm user named

Read more →

OpenAI expanded Daybreak, its cybersecurity initiative that combines AI models, Codex Security, security researchers, maintainers, industry partners, and access controls to support vulnerability discovery and remediation. Organizations can use the initiative to identify, validate, and fix software vulnerabilities, while developers, maintainers, and security teams can use its tools to strengthen defensive security capabilities. Codex Security…

Read more →