The industrial automation giant has fixed security holes in Logix, CompactLogix, Flex, RSLinx, and FactoryTalk products. The post Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
VelocityEHS uses QR codes to speed up incident reporting and risk response
VelocityEHS has announced the launch of QR Codes for Incident Management, a new feature designed to eliminate friction in safety reporting and help organizations surface incidents and near misses, identify risks, and take action. By enabling instant, mobile access to…
Sapphire Sleet macOS Malware Abuses curl-to-osascript Execution for Multi-Stage Payload Delivery
Sapphire Sleet’s latest macOS campaign uses crafted .scpt AppleScript lures that pipe curl output directly to osascript, enabling a compact, multi-stage payload chain that executes entirely within Script Editor and evades many built‑in macOS protections. The infection begins with a…
Hackers Target npm Ecosystem by Compromising 140+ Mastra Packages
A large-scale software supply chain attack has compromised more than 140 npm packages under the widely used Mastra namespace, exposing developers, CI/CD pipelines, and enterprise environments to a stealthy cross-platform infostealer. The campaign, uncovered by the Socket Research Team on…
Google Cloud Vertex AI Vulnerability Lets Attackers Take Over and Poison AI Models
A critical vulnerability in Google Cloud’s Vertex AI has been discovered, allowing attackers to hijack machine learning model uploads, poison artifacts, and achieve cross-tenant remote code execution (RCE) without any prior access to the victim’s environment. Dubbed “Pickle in the…
AI Red Teaming Makes the Unknowns Known
AI security is getting attention because AI has stopped being a side experiment. It is now part of how work gets done. Employees use copilots to write, research, code, and analyze. Product teams are adding AI into customer experiences. Developers are building…
New Rokarolla Android Trojan Targets 217 Banking and Crypto Apps
Rokarolla Android malware targets 217 banking and crypto apps, steals credentials, blocks bank calls, intercepts SMS, and disables Play Protect. Zimperium’s zLabs researchers have published a detailed analysis of Rokarolla, a new Android banking trojan named after its command-and-control infrastructure.…
AI Use by the US Government
On 14 April, the Trump administration quietly acknowledged the widespread use of AI to automate government processes. The office of management and budget (OMB) disclosed a staggering 3,611 active or planned use cases for AI across the federal government. The…
24 billion stolen records found in giant data dump. Check if you’re affected
Researchers found an exposed collection of 24 billion stolen records, including usernames, passwords, and other sensitive account data. This article has been indexed from Malwarebytes Read the original article: 24 billion stolen records found in giant data dump. Check if…
Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656)
Microsoft has acknowledged the local elevation of privilege issue in Microsoft Defender that can be triggered via the “RoguePlanet” exploit, and is “working to provide a high quality security update that addresses this vulnerability.” The vulnerability, which has been assigned…
Anthropic Pushes Back Against US Order Restricting Claude Fable 5, Backed by Cybersecurity Experts
Anthropic is challenging the US government’s order that restricts foreign nationals from using Claude Fable 5, with backing from many cybersecurity professional Thank you for being a Ghacks reader. The post Anthropic Pushes Back Against US Order Restricting Claude Fable…
ESET MDR vs Sophos MDR: Compared Time to discover and respond to a threat
A detailed ESET MDR vs Sophos MDR comparison covering tiers, response speed, coverage, threat intelligence, pricing, and breach warranties to help you choose. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the…
Attackers Exploit Cloud Logging Platforms to Hide Malicious Activity
Attackers are increasingly targeting cloud logging platforms to evade detection and maintain persistent visibility into compromised environments. The report highlights how critical services such as AWS CloudTrail and Google Cloud Logging, designed to provide comprehensive audit trails, are being actively…
Hackers Compromised 140+ Mastra npm Packages to Deploy Password-Stealing Malware
A sophisticated supply chain attack has targeted the Mastra-AI npm ecosystem, with researchers from Microsoft and Socket identifying over 141 compromised packages designed to silently deploy an infostealer payload on developer machines, CI/CD runners, and build environments. The campaign, detected…
U.S. Commerce Dept Imposes Export Controls on Anthropic’s Claude Mythos 5 and Fable 5
The Bureau of Industry and Security (BIS) has issued a landmark “Is Informed” letter to Anthropic CEO Dario Amodei, mandating that the company obtain an individually validated export license before sharing its Claude Mythos 5 and Claude Fable 5 AI…
Helpdesk scammers are making house calls to make their lies feel more real
15-year-old among six arrested after Dutch cops target suspected bank fraud call center This article has been indexed from www.theregister.com – Articles Read the original article: Helpdesk scammers are making house calls to make their lies feel more real
Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack
The attackers deployed a new Go-based backdoor that uses Microsoft Teams servers for command-and-control. The post Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
What’s new in Android 17? Anti-theft tools, scam detection, and parental controls
The Android 17 rollout has started for supported Pixel devices, delivering new security and privacy capabilities before expanding to other devices later this year. Security and privacy updates Google has improved location privacy features so users can choose to share…
The Top 10 Attack Surface Exposures in 2026
Breaches don’t always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like MongoBleed earlier this year, which let attackers pull credentials and session…
Malwarebytes earns AV-TEST Top Product award, aces other third-party tests
Malwarebytes got top marks in independent tests against malware, phishing, and other online threats. This article has been indexed from Malwarebytes Read the original article: Malwarebytes earns AV-TEST Top Product award, aces other third-party tests
How CVE-2026-20253 Turns Splunk’s PostgreSQL Sidecar Into an Open Door
CVE-2026-20253 is a CVSS 9.8 pre-auth flaw in Splunk Enterprise’s PostgreSQL sidecar service. An unauthenticated attacker can write files and chain the primitive to RCE. A public PoC exists; no workaround, patch only. How CVE-2026-20253 Turns Splunk’s PostgreSQL Sidecar Into…
Nmap for Beginners: Understanding Scans Before You Run Them
Nmap measures port states, service versions, and OS fingerprints by analyzing how targets respond to crafted packets. This guide explains the concepts behind each scan type so the output makes sense from the first run. Nmap for Beginners: Understanding Scans…
Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day
The public PoC code exploits a race condition in Microsoft Defender to spawn a command prompt with System privileges. The post Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
The Chainguard Athena coalition already shipped 2,000 patches across 500 open source projects
Chainguard launched Athena, an industry coalition that pools open source vulnerability findings and remediates them under embargo before public disclosure. The group went live with more than two dozen member organizations. Founding members include BNY, Chainguard, Cisco, Cloudflare, Corridor, DepthFirst,…