A newly disclosed Dell BIOS password-storage flaw can allow attackers with physical access to recover administrator and user passwords from SPI flash dumps in milliseconds. Tracked as CVE-2026-40639 and addressed in Dell Security Advisory DSA-2026-197, the issue affects certain Dell…
Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions
Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described as a case of stored cross-site scripting (XSS) that could…
Forg365 Phishing Platform Using AI to Attack Microsoft 365 Accounts
Forg365 is a phishing-as-a-service platform that targets Microsoft accounts, combining AI-powered phishing, session theft, and post-compromise mailbox access in a single operator panel The platform is reportedly distributed through Telegram, where criminals can access a 30-day trial, pay about per…
AI Export Controls, FortiBleed, Third-Party Breaches & CISO Burnout | Cybersecurity Today Panel
Can governments decide who gets access to advanced AI models? Are third-party breaches becoming impossible to control? And why are so many CISOs reaching burnout? In this special Cybersecurity Today Month in Review Panel, host Jim Love is joined by…
CISA Details “Lessons from a Cyber Incident” After AWS GovCloud Credentials Leak
CISA has published a candid after-action account revealing that a contractor accidentally exposed the agency’s own AWS GovCloud credentials and Infrastructure-as-Code repositories in a personal, public GitHub account, triggering an internal incident response and a rare public “lessons learned” disclosure…
IT Security News Hourly Summary 2026-07-11 06h : 2 posts
2 posts were published in the last hour 4:4 : 281 Popular VPN Apps from the Google Play Store Leak Sensitive Data, Transfer Data Unencrypted 4:4 : Dell BIOS Flaw Lets Attackers Recover Admin Passwords From SPI Flash in Milliseconds
281 Popular VPN Apps from the Google Play Store Leak Sensitive Data, Transfer Data Unencrypted
A new security study has found serious privacy and security issues in 281 popular Android VPN applications available on the Google Play Store. Researchers discovered that dozens of these apps transfer data without encryption, leak user traffic outside the VPN…
Dell BIOS Flaw Lets Attackers Recover Admin Passwords From SPI Flash in Milliseconds
A critical flaw in how Dell stores BIOS administrator and user passwords allows full password recovery from a flash dump in milliseconds, with no brute force required. The vulnerability, tracked as CVE-2026-40639 (DSA-2026-197), stems from a broken XOR encryption scheme…
US cybersecurity agency CISA had to build its incident playbook during the incident, agency reveals
Independent cybersecurity journalist Brian Krebs reported in May that a security researcher with cyber firm GitGuardian alerted him to reams of exposed passwords stored in a publicly accessible GitHub repository, which an employee of a CISA contractor had uploaded. This…
US cyber agency CISA had to build its incident playbook during the incident, agency reveals
CISA said it “missed” an opportunity to get ahead of the security incident by not creating a response plan ahead of time. This article has been indexed from Security News | TechCrunch Read the original article: US cyber agency CISA…
IT Security News Hourly Summary 2026-07-11 03h : 1 posts
1 posts were published in the last hour 0:54 : Exposed Server Reveals 25,000 Compromised WordPress Websites
Exposed Server Reveals 25,000 Compromised WordPress Websites
An exposed WP-SHELLSTORM server revealed tools, logs, cloud credentials, and thousands of webshells used in a large website hacking campaign. The post Exposed Server Reveals 25,000 Compromised WordPress Websites appeared first on TechRepublic. This article has been indexed from Security…
ClickFix and removable media lead malware delivery methods
<p>When it comes to malware delivery methods, attackers are sticking with what works — even as they rely on a rapidly revolving door of payloads.</p> <p>That’s according to a report from the ReliaQuest Threat Research Team, which tracks threat activity…
No Manners Here: The Ruthless Rise of The Gentlemen Ransomware
Unit 42 explores The Gentlemen ransomware operations, revealing the affiliate model driving its rapid growth. Learn more here. The post No Manners Here: The Ruthless Rise of The Gentlemen Ransomware appeared first on Unit 42. This article has been indexed…
Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes
Zimbra addressed a critical stored XSS vulnerability in its Classic Web Client that lets malicious emails execute code when opened. Zimbra has released version 10.1.19 to fix a critical stored XSS vulnerability in its Classic Web Client, which is widely…
IT Security News Hourly Summary 2026-07-11 00h : 7 posts
7 posts were published in the last hour 21:55 : IT Security News Daily Summary 2026-07-10 21:32 : New York Bans Smart Glasses Across 1,240 Courts 21:32 : Chrome 150 Adds Android Back Button, Major Security Fixes 21:32 : Massive…
IT Security News Daily Summary 2026-07-10
149 posts were published in the last hour 21:32 : New York Bans Smart Glasses Across 1,240 Courts 21:32 : Chrome 150 Adds Android Back Button, Major Security Fixes 21:32 : Massive Telstra Outage Hits Mobile Networks, Rail, and Payments…
New York Bans Smart Glasses Across 1,240 Courts
New York will ban Meta and other smart glasses from all 1,240 state courts starting July 20 over privacy and recording concerns. The post New York Bans Smart Glasses Across 1,240 Courts appeared first on TechRepublic. This article has been…
Chrome 150 Adds Android Back Button, Major Security Fixes
Chrome 150 adds an in-menu back button to Android, reorganizes several controls, and delivers important browser security fixes. The post Chrome 150 Adds Android Back Button, Major Security Fixes appeared first on TechRepublic. This article has been indexed from Security…
Massive Telstra Outage Hits Mobile Networks, Rail, and Payments in Australia
A Telstra software defect disrupted mobile services, rail communications, payments, and emergency calls across Australia, exposing infrastructure risks. The post Massive Telstra Outage Hits Mobile Networks, Rail, and Payments in Australia appeared first on TechRepublic. This article has been indexed…
Claude Code Espionage Campaign Exposes a New Enterprise AI Risk
Anthropic’s AI-run espionage report shows why enterprises need stronger governance for AI agents, MCP connectors, and enterprise data access. The post Claude Code Espionage Campaign Exposes a New Enterprise AI Risk appeared first on TechRepublic. This article has been indexed…
Friday Squid Blogging: “Squidbleed” Vulnerability
In a rare combined cybersecurity/squid post, a twenty-nine-year-old squid proxy bug can leak HTTP requests. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.…
The Department of Know: France gets ready for quantum, JadePuffer ransomware, UK’s Cyber Shield
Link to the episode This week’s Department of Know is hosted by Rich Stroffolino, with guests Davi Ottenheimer, principal, Flying Penguin, and Chris Ray, field CTO, GigaOm. Missed the live show? Check it out on YouTube. The Department of Know…
WP-SHELLSTORM Exposed: Hackers Backdoored Thousands of WordPress Websites
An exposed WP-SHELLSTORM server revealed how attackers used known vulnerabilities to automate large-scale WordPress website compromises. The post WP-SHELLSTORM Exposed: Hackers Backdoored Thousands of WordPress Websites appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…