
The Australian Cyber Security Centre (ACSC) issued an alert about a global exploitation campaign targeting vulnerable content management systems (CMS) and plugins. […]


Apple surprised the tech industry after financial markets closed Friday with news the company has sued OpenAI, alleging theft of trade secrets for ChatGPT hardware. The lawsuit particularly targets some senior ex-Apple employees now working at OpenAI. Apple’s suit names two former employees — Chang Liu and Tang Tan, former vice president for product design, iPhone and…

Consumer electronics prices are shooting up. Energy prices are increasing fast. Even water bills are climbing. For a technology that promises “efficiency,” the ongoing AI gold rush seems to be taking things away, much like the proverbial gift that keeps on grabbing. With hundreds of billions in AI investment already racked up for 2026, it’s important to remember the entire…
Wireshark release 4.6.7 fixes 12 vulnerabilities and 16 bugs. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

A PNG hiding a prompt injection could steal your repo’s secrets, researchers demonstrate. The technique, dubbed ‘Ghostcommit,’ slipped past AI code reviewers CodeRabbit and Bugbot, which never open image files at all, then convinced a coding agent to read a repo’s .env and write every secret into the code as a list of numbers. […]

Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious scripts in a user’s session. It has yet…
Choosing a 360-degree camera often comes down to a simple tradeoff: convenience versus image quality in difficult conditions. For most users, the real challenge is not what…
Content delivery has become a control problem, not only an infrastructure problem. A single CDN can still move files closer to users, cache assets, and reduce origin load. But…
Six vulnerabilities in the widely used U-Boot bootloader have been discovered that could allow attackers to execute malicious code during device boot, potentially enabling stealthy firmware attacks that compromise security protections and install persistent malware. […]
Veeam Software has appointed former Commvault channel executive Michelle Graff as senior vice president of global partners and channel, putting her in charge of a worldwide ecosystem of more than 35,000 partners as the company expands its focus on data resilience, cybersecurity, and AI readiness. Veeam prioritizes a unified global partner experience The focus for…
Red Hat’s new Long-Life Add-On extends support on a specific release for as long as you’re willing to pay for it.
Zimbra addressed a critical stored XSS vulnerability in its Classic Web Client that lets malicious emails execute code when opened. Zimbra has released version 10.1.19 to fix a critical stored XSS vulnerability in its Classic Web Client, which is widely used to access Zimbra Collaboration. The flaw, which has not yet received a CVE ID,…
A simple operational mistake by a cybercrime group has provided researchers with an inside look at how large-scale website compromises are conducted. According to research from SOCRadar, an internet-exposed server belonging to a threat group tracked as WP-SHELLSTORM remained publicly accessible for approximately three weeks. “WP-SHELLSTORM is industrialized cybercrime made visible because someone left a…

An Armenian national who was extradited from Ukraine to the United States last year pleaded guilty to participating in a series of attacks in 2019 and 2020 involving Ryuk ransomware, the Justice Department said Thursday. Karen Serobovich Vardanyan pleaded guilty to computer fraud and conspiracy to commit fraud and extortion. He agreed to pay nearly…
On the heels of her recent honors as a Member of the Order of the British Empire (MBE), we take a look back at the events that shaped Ellis’ advocacy on behalf of security researchers.

A major credential leak spurred the Cybersecurity and Infrastructure Security Agency to strengthen protections for its sensitive materials, improve how researchers can report agency vulnerabilities and develop plans for similar incidents, the agency said in a forensic report released Thursday. The blog post outlines CISA’s response to the leak that the researcher who discovered it…
This is the final article in our series by Curt Aubley, CEO of Sevii. If you missed the prior installments, please read the first and second articles in the series. For too long, the security operations center (SOC) has resembled a M.A.S.H. unit. Relentless waves of enemies divide focus and drain resources. At the same…

Structured has expanded its AI-native partner marketing platform with nearly 60 new capabilities spanning AI-powered analytics, campaign automation, enterprise integrations, and pipeline reporting, marking its first major product update roughly 100 days after the platform’s launch. The updates introduce AI agents that answer campaign performance questions in natural language, deeper integrations with Salesforce and Adobe…
Flexible governance, not restriction, of AI agents preserves productivity while providing oversight and accountability.

In this post, I will show you how custom packaging strengthens brand recognition in the digital age. Businesses need to figure out how to be different from others and leave a lasting impact on clients in today’s extremely competitive industry. Packaging has developed into a potent branding tool that affects consumer perceptions and purchase decisions,…

In this post, I will show you why enterprise VR is gaining attention across industries. Virtual reality used to be discussed mostly in the context of gaming, tech demos, and big promises about the future. That has changed quite a bit. More businesses are now looking at VR as a practical tool rather than a…

Unknown threat actors compromised the Injective Labs SDK project’s GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/sdk-ts@1.20.21, came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets. The version was
It could mean faster internet for rural customers, but not everyone is happy.
Nextcloud is a free and open-source storage option that offers several advantages. Here’s how it works.
Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a “credible external security threat.” The company has temporarily disabled access to the affected accounts, a step it says it took “out of an abundance of caution” while…

Adversaries have no compliance reviews for their AI deployments. There are no approval chains, no token budgets and no governance committee debating whether a model is ready for autonomous action. They simply use AI aggressively and without constraint to overwhelm defenses. This is the second article in our series by Curt Aubley, CEO of Sevii.…

Amazon Web Services EMEA Sarl (AWS) has been designated as a critical third party (CTP) to the UK financial sector by HM Treasury. The CTP regime came into force on January 1, 2025, and establishes a framework through which the Bank of England, PRA, and FCA (collectively the UK regulators) can set requirements on and…

Researchers at firmware security firm Binarly have found six new flaws in U-Boot, the small program that starts up hardware as varied as home routers, smart cameras, and the management chips inside data-center servers. Four of the bugs can crash a device. The other two could let an attacker who slips a malicious image in front of…

Researchers at Ledger’s Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card’s password to anything the attacker picks. No old password. No backup card. Once it is reset, whoever did it controls the wallet and can move the coins out. This is…

Members of the European Parliament (MEPs) have failed to block a proposal extending the mass scanning of private communications, a measure they have previously rejected twice. This time too, more votes were cast against the proposal than in favor, but due to the absence of numerous MEPs on the eve of the summer recess, the…

It’s the end of the road for yet another facet of Exchange Server, Microsoft’s on-premises email and calendar system. The stripped-down version of its web client, Outlook Web App (OWA) Light, is being retired, forcing those Exchange Server users still using it to adopt the standard Outlook Web App instead. “OWA Light was created for…

Security company CrowdStrike has identified five new prompt injection techniques that could leave enterprises at risk. Prompt injections attacks exploit the growing use of AI within organizations . They work by tricking LLMs into accepting instructions that a human operator would recognize as dubious. The five new types of attack that CrowdStrike has added to…
Trustifi, an AI-driven, next-generation email cybersecurity solutions provider, has appointed Jeff Spirdgeon as its new CEO, a channel and technology industry veteran. Prior to joining Trustifi, Spridgeon was with Aware, an AI-powered collaboration security platform that protects unstructured data in workplace communications tools. Aware was acquired by Mimecast in 2024. In an interview with Channel…

Details have emerged about three now-patched security flaws in the OpenClaw personal artificial intelligence (AI) assistant that, if successfully exploited, could enable credential theft, privilege escalation, and arbitrary code execution on the host. A brief description of the high-severity vulnerabilities is as follows – GHSA-hjr6-g723-hmfm (CVSS score: 8.8) – An operating system

French AI company Mistral claims its latest AI model offers a more efficient way to train and operate robots. The model, Robostral Navigate, can guide a robot through plain language instructions, using a single RGB camera to find its way. Mistral said that this was a radical departure from most other models, which rely on…
AI agents are accelerating the growth of non-human identities, making it harder for organizations to understand what exists, who owns it, and what it can access. Netwrix explains why stronger visibility and identity governance are essential as AI expands the enterprise attack surface. […]
Organizations, and possibly ATMs, are at risk of compromise, thanks to holes in a Microsoft BitLocker security wrapper.

Microsoft published new research on GigaWiper, a modular Golang backdoor for Windows that combines robust remote access with multiple ways to permanently destroy systems and data. GigaWiper is a Windows backdoor that Microsoft has observed in intrusions since October 2025. Rather than being a single-purpose wiper, it’s an operational platform that blends command‑and‑control (C2), data…
Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for payment security industry stakeholders to exchange information about how they are adopting and implementing artificial intelligence (AI) into their organizations.
The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan (RAR) called MODBEACON. Chinese cybersecurity company QiAnXin said that while the threat cluster may appear like a low-sophistication, high-activity operation that propagates malware via counterfeit installers using SEO poisoning techniques, it belies their true organizational

Apple has agreed to buy up to $30 billion-worth of additional chips and other wireless components from Broadcom over the next few years. The new agreement could lead to Broadcom making up to 15 billion more chips in the US, and enable it to modernize its manufacturing facilities in Fort Collins, Colorado, where it will…

Globant recently signed an agreement with AI giant Anthropic, bringing Latin America-based provider into the Anthropic Partner Program and expanding how the companies work together for mutual customers. In this interview with Channel Insider’s Victoria Durgin, Globant SVP of Digital Innovation Augstin Huerta discusses the company’s AI PODS model, how it manages token costs for…
AI coding tools cost $19-$200/month/user, but security scanning, remediation, and false positives add hidden costs. Are the productivity gains worth it?
AI’s ushered in a new era of reskilling. Here’s what the industry can learn from the last decade’s drive to put people in tech jobs.
Ransomware remains above 1,400 attacks yearly since 2023. Qilin leads in 2026, while the U.S. remains the main target. Ransomnews has independently confirmed 9,291 ransomware attacks worldwide between January 2018 and July 2026, tracking incidents only when verified through victim disclosures, regulatory filings, official statements, or credible press reporting. Leak-site listings alone don’t qualify, operators…

Incode has launched On-Device Age Estimation, an age verification capability that performs age estimation and liveness detection directly on the user’s device, without transmitting facial data off the device. The company’s age estimation models are now available to run entirely on-device. The solution combines on-device age estimation with deepfake and spoofing detection. More than 30…
A single wrong variable on one line in XQUIC, Alibaba’s QUIC and HTTP/3 library, lets any remote client crash the server with a short burst of completely legal traffic. There is no patch. FoxIO researcher Sébastien Féry disclosed the flaw on July 8 and nicknamed it XRING. He says it needs no login and no malformed packets:…
Most enterprises assume their asset inventory is close enough to accurate. The evidence suggests otherwise. According to a survey of over 600 security leaders in the 2026 Axonius Actionability Report, only 45% of organizations consolidate their asset and exposure data into a single view, and every downstream security program inherits whatever the inventory gets wrong.…

A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation’s inner workings: the hacking tools, the activity logs, and target lists naming more than 1.4 million websites. Far fewer were actually broken into, but the exposed files showed researchers how a mass site-hacking…

Mule betting or third-party betting account scams are a form of money mule scam where criminals recruit or coerce people into opening gambling accounts in their own name. The criminals then use those accounts to place bets to help launder money and obscure the source or ownership of funds. The UK Gambling Commission describes “mule”…
We tested the top wireless chargers from brands like Anker and Nomad to find the ones that make powering your devices easier than ever.
Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install a VPN for, i.e., keeping their traffic private and secure. The apps flagged with at least one problem have been installed more than 2.4 billion…

Updating Chrome is becoming an almost daily task lately. But it’s too important to ignore. On Wednesday, July 8, Google released another Chrome update, just one day later after the previous one. Between them, the two updates fixed 27 security vulnerabilities, including two critical flaws that could be exploited to compromise Chrome. Google says both…

A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion attacks. The threat actor, tracked by Okta under the moniker O-UNC-066, has deployed a panel-controlled phishing kit that’s capable of targeting…

Researchers uncovered 222 GitHub repositories spreading malware through fake Go packages, delivering loaders, stealers, RATs, and cryptominers. Socket’s security research team started with the investigation of a single malicious Go module: github[.]com/kaleidora/dnsub-scanning-tool, which presented itself as a DNS and subdomain scanning utility. Pulling on that thread exposed something significantly larger: a network of 222 confirmed…

Meta has unveiled Muse Spark 1.1, saying the frontier AI model rivals leading LLMs on coding, computer use, and agentic AI benchmarks while undercutting OpenAI and Anthropic on API pricing, potentially lowering the cost of deploying AI agents in enterprises. Meta unveiled Muse Spark 1.1 on Thursday, pairing frontier-model performance with aggressive pricing in a…
If you need more power than shared hosting services can provide, the top VPS hosting providers can give you the dedicated resources and scalability needed to push your project to the next level.