Tag: emerging threats
3070 articles
Cisco SD-WAN Flaw Actively Exploited for Admin Access
Cisco is urging customers to update their SD-WAN systems immediately due to a critical vulnerability that allows hackers to bypass authentication and gain admin access. This high-severity flaw, already being exploited, could put your entire system at risk if left unpatched.
OpenAI Breach Exposes Code-Signing Certificates in TanStack Supply Chain Attack
OpenAI revealed that two employee devices were compromised in a recent TanStack supply-chain attack, but fortunately, customer data, production systems, and intellectual property remained safe. The breach was limited to a small set of internal source code repositories and credentials.
European Banks Face AI-Driven Cyber Threats, Urged to Accelerate Defenses
European banks are being urged to rapidly bolster their cyber defenses as AI-driven threats escalate, with the ECB's vice-chair warning that inaction is not an option. Banks must adopt bank-specific, risk-based measures and redouble efforts to identify vulnerabilities using existing AI tools.
Security Researchers Expose Zero-Days in Windows 11, Microsoft Edge
Security researchers just scored a whopping $523,000 in cash awards by uncovering 24 unique zero-days, including a game-changing exploit that chained four logic bugs to break through Microsoft Edge's sandbox. This major breakthrough has set the stage for a new wave of powerful exploits, leaving users eager to see what's next.
Palo Alto Networks Exploits Critical PAN-OS Flaw in Limited Attacks
Palo Alto Networks has patched a critical flaw in its PAN-OS software, CVE-2026-0300, which allowed hackers to execute malicious code with root privileges - and the company says it's already been exploited in targeted attacks. The vulnerability, a buffer overflow in the User-ID Authentication Portal service, could be triggered by sending specially crafted packets.
Banking Trojan Targets Crypto Firms with Sophisticated Attacks
A new banking Trojan, dubbed TCLBanker, is wreaking havoc on crypto and finance platforms, allowing hackers to remotely control infected systems and steal sensitive info. This sophisticated attack, linked to North Korea's notorious Lazarus Group, has already led to the largest crypto platform hack of 2026.
Enterprises Lag in Securing Autonomous AI Agents
Most organizations are struggling to keep pace with the rapid evolution of autonomous AI agents, which can introduce new risks and behaviors at machine speed. As these agents increasingly handle sensitive data, enterprises face a pressing need to update their security strategies and tools to mitigate the emerging threats of shadow AI and over-permissioned agents.
Foxconn Cyberattack Exposes Supply Chain Risks
A massive cyberattack on Foxconn has exposed the dark underbelly of supply chain risks, with hackers claiming to have stolen a staggering 11 million files - including confidential data from tech giants like Intel, Apple, and Nvidia. This breach highlights the long-term architectural risks that ransomware attacks can pose to global supply chains.
NGINX Vulnerability Exposes Servers to DoS, Potential Code Execution
A critical vulnerability, CVE-2026-42945, has been lurking in NGINX's code for 18 years, exposing servers to potential DoS attacks and code execution - and affecting a staggering third of the top-ranked websites. This heap buffer overflow flaw, rated 9.2 in severity, is a wake-up call for NGINX users to take immediate action.
West Pharmaceutical Ransomware Attack Exposes Supply Chain Vulnerabilities
In the wake of a ransomware attack, West Pharmaceutical Services swiftly sprang into action, disclosing the breach and launching a thorough investigation with law enforcement and cyber-forensic experts. But despite their rapid response, the company's data loss has left many questions unanswered – and a glaring spotlight on supply chain vulnerabilities.
Cybercrime Tactics Disrupt $725 Million in Cargo Heists
Cargo thieves are getting smarter, with cybercrime tactics fueling a staggering $725 million in heists across North America in 2025, and experts warn that the true cost may be even higher. This sophisticated game plan typically starts with online snooping, using publicly available info to plot the perfect crime.
Ghostwriter Launches Geofenced PDF Phishing Against Ukraine Government
Meet FrostyNeighbor, a Belarus-aligned threat actor that's been wreaking havoc since 2016 with sophisticated cyber espionage and influence operations targeting Ukraine and beyond. This adaptive group has earned a reputation for evolving its tactics, using diverse lures and delivery mechanisms to stay one step ahead.
Mustang Panda Deploys Updated FDMTP Backdoor in Asia-Pacific Espionage
A sophisticated espionage campaign has been targeting organizations across Asia-Pacific and Japan for months, with researchers linking the activity to the notorious China-aligned group Mustang Panda with moderate confidence. The group's tactics may evolve, but their execution model remains eerily consistent.
Linux Flaw Exposes Local Users to Root Access
A newly discovered Linux flaw, dubbed Fragnesia, allows unprivileged local users to gain root access by exploiting a weakness in the kernel's handling of shared page fragments, putting all Linux kernels released before May 13, 2026, at risk. This vulnerability can be triggered through a simple sequence of operations, making it a serious threat to Linux users.
Social Engineering Exposes Vulnerability in Corporate Networks
A clever phone call can be all it takes to breach a corporate network - just ask Brandon Dixon, a former penetration tester who convinced an IT security team to hand over root access by pretending to be their boss. With a simple social engineering trick, Dixon was able to reset his "password" and gain unrestricted access to the network.
Google Unveils Spyware Forensics Tool for High-Risk Android Users
Google's new Android Intrusion Logging tool helps high-risk users detect spyware attacks by recording suspicious activity, but raises concerns about sensitive data sharing and consent. To use it effectively, users must balance protection with secure log sharing and informed consent.
Banks Face Growing Pressure to Justify Fraud Losses
As the Federal Reserve expands FedNow to handle higher-value transactions, banks face a daunting challenge: making split-second decisions to prevent fraud and money laundering, with transactions becoming irreversible in mere seconds. This heightened risk demands innovative solutions to safeguard against losses.
AI Hallucinations Expose Security Risks in Critical Infrastructure
Imagine a highly confident but fundamentally flawed advisor - that's what many AI models have become, with a staggering 36 out of 40 tested models more likely to provide incorrect answers with conviction than correct ones when faced with tough questions. This unsettling trend highlights a critical vulnerability in AI systems, particularly in high-stakes industries.
Threat Actors Exploit PraisonAI Auth Bypass Within Hours of Disclosure
Within hours of a security flaw being disclosed, threat actors were exploiting it - a stark reminder of the risks of a legacy Flask API server that ships with authentication disabled by default. This gaping hole allowed attackers to access sensitive endpoints and trigger workflows without a token, putting systems at risk.
KongTuke Hackers Exploit Microsoft Teams for Rapid Corporate Breaches
KongTuke hackers have found a lightning-fast way to breach corporations, exploiting Microsoft Teams to go from initial contact to persistent foothold in under five minutes. This alarming new tactic is part of KongTuke's evolving social engineering toolkit, complementing its previous web-based attacks.
Authorities Arrest Suspect Tied to Dream Market Operations
A suspect linked to the notorious Dream Market operations, Owe Martin Andresen, has been taken into custody on cross-border charges of money laundering, facing penalties in both the US and Germany. Authorities reportedly have him in custody, but few details about the case have been released.
Pentagon Accelerates Low-Cost Cruise Missile Procurement
The Pentagon is shaking things up with a bold new plan to supercharge the US military's strike capabilities, teaming up with innovative newcomers to produce over 10,000 low-cost cruise missiles in just three years. This game-changing move is set to revolutionize the military's arsenal, starting in 2027.
House Panel Scrutinizes Anthropic's Mythos Amid Cyber Risk Concerns
A recent closed-door briefing by Anthropic showed lawmakers firsthand how its advanced AI model, Mythos, can swiftly identify and reason through software vulnerabilities, highlighting the urgent need for federal agencies to access cutting-edge US models to stay ahead of cyber threats. This live demo reinforced the importance of responsible access to advanced AI for civilian cyber defenders to find and patch vulnerabilities before they can be exploited.
CIA's Mission Evolves Amid Turmoil and Distrust
In his gripping book, The Mission: the CIA in the 21st century, Pulitzer Prize winner Tim Weiner pulls back the curtain on the CIA's high-stakes world, revealing an agency under strain and struggling to stay true to its mission amidst turmoil and distrust. Through 100+ on-the-record interviews, Weiner exposes the CIA's perilous and often fraught operations.