7+ hour, 30+ min ago  (334+ words) A high-severity flaw in Git Hub Copilot Chat recently allowed attackers to silently steal sensitive data like API keys and private source code. Tracked as CVE-2025-59145 with a critical CVSS score of 9. 6, this vulnerability required no malicious code execution. Instead,…...

11+ hour, 25+ min ago  (491+ words) Built by a veteran security team and led by a former Google and Mandiant executive, Mallory delivers intelligence that drives action for enterprise security teams. Mallory is launching a AI-native threat intelligence platform, purpose-built to answer the questions CISOs and…...

15+ hour, 14+ min ago  (346+ words) AWS recently issued a critical security bulletin addressing severe vulnerabilities in its Research and Engineering Studio (RES). RES is an open-source web portal that allows administrators to create and manage secure cloud-based research environments. Security researchers identified three major flaws…...

1+ day, 10+ hour ago  (366+ words) As cyberattacks become increasingly targeted, hackers are consistently focusing on the core systems that keep enterprise businesses running smoothly. Microsoft security researchers found that more than 78 percent of human-operated attack campaigns successfully compromise a critical asset, such as a domain…...

1+ day, 14+ hour ago  (441+ words) Palo Alto Networks has released a high-priority security update to address a serious vulnerability in its Cortex XSOAR and Cortex XSIAM platforms. Tracked as CVE-2026-0234, this security flaw exists within the Microsoft Teams integration. If successfully exploited, it allows an…...

1+ day, 12+ hour ago  (530+ words) A social engineering campaign is actively targeting open source developers through Slack. The warning was shared through the Open SSF Siren mailing list, a public threat intelligence platform designed to alert developers and security teams about active threats after initial…...

2+ day, 15+ hour ago  (670+ words) More than 1, 000 Comfy UI servers are currently reachable on the public Internet, even after filtering out honeypots, giving attackers a small but lucrative attack surface concentrated on GPU'rich cloud infrastructure. Once compromised, hosts are folded into two revenue streams: Monero…...

2+ day, 12+ hour ago  (717+ words) Hackers are rolling out a new 64bit infostealer dubbed'Remus. The code strongly suggests it is a direct successor to the notorious Lumma Stealer, arriving just months after lawenforcement disruption and public doxxing of Lumma's core operators in 2025. Remus is a 64bit information…...

2+ day, 6+ hour ago  (839+ words) Evil Tokens is a new Phishing-as-a-Service (Phaa S) platform that turns stolen Microsoft 365 tokens and AI into an end'to'end factory for Business Email Compromise (BEC) at scale. By combining device-code phishing, custom tooling, and large language models, it enables low- to…...

2+ day, 14+ hour ago  (534+ words) Internet users worldwide rely on fiber optic cables for blazing-fast and secure web connections. However, a groundbreaking discovery reveals that these very cables can be turned into covert listening devices. In a newly published 2026 cybersecurity research paper, experts demonstrated how…...