Tag: emerging threats
3026 articles
DIU Bolsters Hermeus Contract for High-Speed Drone Development
Meet the Quarterhorse, a high-speed drone that's essentially an unmanned F-16, as described by its maker Hermeus - and the Defense Innovation Unit just supercharged its development with a $159 million contract boost. This massive investment is set to fund crucial flight tests and propel the drone from experimental flights to operational demonstrations.
Pentagon Accelerates $50 Billion Drone Warfare Spending Spree
The Pentagon is shaking up its approach to drone warfare, ditching the old system where units made small, isolated purchases from a limited vendor list that rarely changed. Now, with a $50 billion spending spree on the horizon, defense officials are clearing the way for more innovative and flexible drone acquisitions.
Travel Sector Braces for Cyberattacks as Summer Looms
As summer approaches, the travel sector is bracing for a surge in cyberattacks, with a staggering 92% of travel agencies experiencing some form of cyber threat in the last year. Ransomware, data breaches, and cyberattacks top the list of concerns, cited by 68% of agencies as the greatest threat to their success.
Zapier Fixes Bug Chain That Exposed Millions to Account Takeover Risk
A security firm recently uncovered a chain of five weaknesses in popular workflow automation service Zapier that could have put millions of users at risk of account takeover - and thankfully, the issue has now been fixed. The vulnerabilities were surprisingly easy to exploit, requiring only a free Zapier account to potentially gain unauthorized access to user accounts.
Cybercriminals, Hacktivists Target 2026 World Cup Infrastructure
The 2026 FIFA World Cup is set to draw massive crowds of up to six million fans across 104 matches in 16 host cities, making its complex infrastructure a prime target for cyber threats. With its far-reaching network of stadium operations, municipal services, and independent suppliers, the tournament's technical architecture is a vulnerable web waiting to be exploited.
China's Strategic Assertiveness Reshapes Global Order
The recent Trump-Xi summit marked a significant shift towards a "constructive China-US relationship of strategic stability," indicating a new era of managed competition between the two global powers. This pivotal meeting signaled a mutual acceptance that the rivalry between Washington and Beijing will be long-term, yet carefully navigated.
Navy Deploys Drones to Sink Warship in Live-Fire Exercise
In a thrilling display of modern naval power, the US Navy successfully sank a warship using drones in a live-fire exercise, marking a significant milestone in military technology. The operation, part of the UNITAS 2026 exercise, involved a littoral combat ship launching four aerial drones and a surface vessel to take down the decommissioned USS Simpson.
Fortinet Flaw Exploited to Deploy Credential Stealer
Hackers have exploited a critical Fortinet flaw, CVE-2026-35616, to turn trusted systems into a launchpad for a sneaky new credential-stealing campaign. This vulnerability, with a near-perfect CVSS score of 9.1, allowed attackers to bypass security and wreak havoc.
Malicious Packages Exploit Realistic Identities
Malicious open source packages are getting smarter, with 91% using realistic identities and naming-variant tactics to blend in with legitimate projects, making them harder to spot. This shift away from simple typosquatting tricks means developers need to be extra vigilant when adding dependencies to their workflows.
AI Agent Executes End-to-End Cyberattack in Under an Hour
In a chilling demonstration of speed and stealth, a sophisticated AI agent executed a devastating cyberattack from start to finish in under an hour, exploiting a vulnerable marimo notebook to gain code execution and ultimately exfiltrating a PostgreSQL database. This alarming intrusion highlights the lightning-fast potential of modern cyber threats.
Carnival Cruise Data Breach Exposes 6 Million Customers
A recent data breach at Carnival Cruise, affecting 6 million customers, highlights the vulnerability of traditional security controls to social engineering tactics, where a single compromised employee device can lead to devastating consequences. This incident serves as a stark reminder of the human factor in cybersecurity, where threat actors exploit trust and impersonation to gain access to sensitive information.
Gogs Zero-Day Flaw Enables Remote Code Execution on Exposed Servers
A zero-day flaw in Gogs, a self-hosted Git service, leaves exposed servers vulnerable to remote code execution - and it's surprisingly easy for attackers to exploit, as they can create an account and repository on default-configured instances. This critical-severity vulnerability affects the latest release versions and requires only an authenticated user without admin privileges to launch an attack.
Cyberattacks Surge Across Middle East Infrastructure Providers
The Middle East's infrastructure providers are under siege, with a staggering 1,350 command-and-control servers detected across 98 providers in just three months - and a single carrier, Saudi Telecom Company, accounting for a whopping 72% of the malicious traffic.
Microsoft Opposes Public Zero-Day Disclosures, Cites Customer Risk
Microsoft is speaking out against public zero-day disclosures, warning that revealing vulnerabilities without prior notice can put customers at unnecessary risk. The tech giant is urging researchers to adopt Coordinated Vulnerability Disclosure, sharing findings with affected vendors before going public.
Romanian Hacker Sentenced for Breaching Oregon Govt Network
A Romanian hacker has been sentenced to 56 months in prison for breaking into Oregon's state emergency-management network, stealing sensitive personal data, and selling it to buyers in the US. Catalin Dragomir, 46, pleaded guilty to aggravated identity theft and computer intrusion charges.
Jinx-0164 Targets Crypto Developers with Custom macOS Malware
Beware of fake meetings on LinkedIn - cyber attackers are using them to trick crypto developers into installing custom macOS malware called Audiofix, which can steal sensitive info like passwords, SSH keys, and cryptocurrency wallet details. This sneaky malware is disguised as an audio fix, but its real goal is to harvest your valuable data.
Microsoft Decries Uncoordinated Zero-Day Disclosures
Microsoft slammed researchers who publicly revealed six zero-day vulnerabilities without giving the company a heads-up, putting customers at unnecessary risk. The tech giant named and shamed the flaws, including privilege escalation vulnerabilities in Microsoft Defender and a security feature bypass vulnerability in Windows BitLocker.
Enterprise AI Risk Concentrated Among Small Group of Power Users
Meet the AI power users: a small but mighty 5% of enterprise employees who are generating a whopping 144 conversations or more with AI tools, creating a concentrated risk that demands attention. These super-users are producing far more intense interactions, with 18 prompts per conversation compared to just 2.
Carnival Breach Exposes 6M Customer Records to ShinyHunters
A massive data breach at Carnival has exposed a staggering 6 million customer records, thanks to a cyberattack by the notorious hacker collective ShinyHunters. The travel and leisure giant confirmed the theft, which occurred in April, leaving millions of customers' sensitive information at risk.
Carnival Cruise Breach Exposes 6 Million in Data Heist
Millions of Carnival Cruise customers are reeling after a massive data breach exposed sensitive information, with 5.9 million individuals affected by the shocking incident. The breach, which occurred over a 12-day period, was sparked by a clever social engineering scam that duped an employee into handing over access to the company's IT systems.
GCHQ Chief Warns UK Businesses to Bolster Cyber Defenses as AI Reshapes Threats
Protecting your systems is now a front-line defence for our nation, economy, and way of life - it's time for UK businesses to treat cybersecurity as a national defence priority, not just an IT issue. With AI-driven threats evolving rapidly, the window to bolster your cyber defences is narrowing.
Cybersecurity Pros Prefer CISOs With Live Attack Response Experience
When it comes to cybersecurity leadership, professionals trust those who have been battle-tested, with 75% believing that experience in live attack response boosts a leader's credibility. Hands-on experience navigating high-pressure incidents gives leaders a unique perspective, composure, and trustworthiness.
Sextortionist sentenced to 33 years for targeting 145 children
A Canadian man has been sentenced to 33 years in prison for running an eight-year sextortion campaign that targeted children as young as six, forcing them to engage in sexually explicit acts during video chats. Ramanan Pathmanathan's heinous crimes involved coercing 145 minors into performing depraved acts, leaving a lasting impact on his young victims.
JINX-0164 Exploits Crypto Firms with Fake Recruiter Lures and macOS Malware
Meet JINX-0164, a cunning threat actor who's been targeting crypto developers with clever fake recruiter lures and custom macOS malware since mid-2025. By impersonating credible LinkedIn profiles and posing as recruiters, they've been tricking victims into virtual meetings that lead to rogue domains.