Google’s latest research suggests the cryptocurrency industry may have less time than expected to prepare for quantum computing. In a whitepaper, Google examines risks to elliptic curve cryptography, the system securing most blockchain networks. The researchers revisit earlier assumptions about…
Category: EN
Android Developer Verification Rollout Begins Ahead of September Enforcement
Google on Monday said it’s officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while “hiding behind anonymity.” The development comes ahead of a planned verification mandate that goes into…
Iran targets M365 accounts with password-spraying attacks
Researchers say some targets correlate with cities hit by Iranian missile strikes Suspected Iran-linked threat actors are conducting password-spraying attacks against hundreds of organizations, primarily Middle Eastern municipalities, in campaigns that security researchers believe may have been aimed at supporting…
North Korean hackers blamed for hijacking popular Axios open source project to spread malware
A hacker inserted malware in Axios, an open source web tool downloaded tens of millions of times weekly, in a widespread hack. This article has been indexed from Security News | TechCrunch Read the original article: North Korean hackers blamed…
Attackers hijack Axios npm account to spread RAT malware
Threat actors hijacked the npm account of Axios to distribute RAT malware via malicious package updates. Threat actors compromised the npm account of Axios, a widely used library with over 100M weekly downloads, and published malicious versions to spread remote…
Wordfence Bug Bounty Program Monthly Report – February 2026
Last month in February 2026, the Wordfence Bug Bounty Program received 1078 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by…
Google Drive Expands AI Ransomware Detection, File Recovery to More Users
Google expands Drive ransomware detection and file recovery with its latest AI model, which detects 14 times more infections as the features move beyond beta. The post Google Drive Expands AI Ransomware Detection, File Recovery to More Users appeared first…
DeepLoad Malware Found Stealing Browser Data Using ClickFix
A contemporary cyber campaign is using a deceptive method known as ClickFix to distribute a previously undocumented malware loader called DeepLoad, raising fresh concerns about newly engineered attack techniques. Researchers from ReliaQuest report that the malware is designed with…
The US Military’s GPS Software Is an $8 Billion Mess
The GPS Next-Generation Operational Control System was due for completion in 2016. Ten years later, the software for controlling the military’s GPS satellites still doesn’t work. This article has been indexed from Security Latest Read the original article: The US…
North Korean hackers blamed for hijacking popular Axios open-source project to spread malware
A hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack. This article has been indexed from Security News | TechCrunch Read the original article: North Korean hackers blamed for…
Axios Hijacked: npm Account Takeover Deploys Cross-Platform RAT to Millions
Axios Hijacked: npm Account Takeover Deploys Cross-Platform RAT to Millions The post Axios Hijacked: npm Account Takeover Deploys Cross-Platform RAT to Millions appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: Axios…
2026 SANS Identity Threats Report: Why Attacks Still Work
SANS findings highlight the real issue, compromised credentials enable access long before traditional security controls detect a problem. The post 2026 SANS Identity Threats Report: Why Attacks Still Work appeared first on Security Boulevard. This article has been indexed from…
Delve Faces Allegations of Fake Compliance Reports and Security Gaps Amid Customer Backlash
A whistleblower-style article on Substack has thrust Delve into scrutiny, alleging it misrepresented its alignment with key privacy frameworks like GDPR and HIPAA. Though unverified, the claims suggest numerous clients were led to believe they met regulatory requirements when…
VRP 2025 Year in Review
Posted by Dirk Göhmann, Tony Mendez, and the Vulnerability Rewards Program Team 2025 marked a special year in the history of vulnerability rewards and bug bounty programs at Google: our 15th anniversary 🎉🎉🎉! Originally started in 2010, our vulnerability reward…
WhatsApp malware campaign delivers VBScript and MSI backdoors
A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack leverages renamed Windows tools and cloud-hosted payloads to install MSI backdoors and maintain persistent access to compromised systems. The post WhatsApp malware…
Applying security fundamentals to AI: Practical advice for CISOs
Read actionable advice for CISOs on securing AI, managing risk, and applying core security principles in today’s AI‑powered environment. The post Applying security fundamentals to AI: Practical advice for CISOs appeared first on Microsoft Security Blog. This article has been…
The threat to critical infrastructure has changed. Has your readiness?
Five facts critical infrastructure (CI) leaders need to act on in 2026, grounded in what Microsoft Threat Intelligence is observing across sectors right now. The post The threat to critical infrastructure has changed. Has your readiness? appeared first on Microsoft…
Pondurance MDR Essentials uses autonomous SOC to tackle AI-driven attacks
Pondurance announced MDR Essentials, MDR Essentials, an MDR service providing an autonomous SOC that reduces the time from threat detection to containment by 90%. Threat actors today use AI to attack at machine-speed, making it difficult for traditional cybersecurity solutions…
TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 (CVSS…
PX4 Autopilot
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker with access to the MAVLink interface to execute arbitrary shell commands without cryptographic authentication. The following versions of PX4 Autopilot are affected: Autopilot v1.16.0_SITL_latest_stable (CVE-2026-1579) CVSS Vendor Equipment…