Tag: emerging threats
3090 articles
Phishing Campaigns Exploit Vercel's AI Tools
Scammers are using Vercel's AI tools to create super-realistic phishing sites that mimic popular brands, making it easier for them to trick victims into handing over sensitive info. This clever tactic allows attackers to quickly recreate malicious pages, even if they're taken down.
vm2 Library Vulnerabilities Enable Sandbox Escape and Code Execution
A dozen critical vulnerabilities in the vm2 Node.js library can be exploited by hackers to break free from sandbox restrictions and run malicious code on vulnerable systems. This serious security flaw has been assigned high CVSS scores, emphasizing the urgent need for users to patch their systems.
US Unveils Cyberattacks as Counterterrorism Tool
The US has officially added cyberattacks to its counterterrorism arsenal, vowing to use offensive cyber operations against those who plan to harm Americans or support terrorist plots. This bold move is part of a new strategy that combines diplomatic, financial, and covert actions to disrupt and deter threats to US interests.
Agentic AI Empowers Cyber Criminals with Nation-State Capabilities
The Department of Defense is leveraging agentic AI tools to revolutionize its operations, with Emil Michael reporting that tasks that once took two weeks can now be completed in just three hours, freeing up teams to focus on high-priority work. This game-changing tech has already shown tremendous success since its rollout on the GenAI.mil platform in December.
Palo Alto Networks Discloses Zero-Day Flaw in PAN-OS Software
Palo Alto Networks has issued a warning about a zero-day flaw in its PAN-OS software, tracked as CVE-2026-0300, which allows unauthenticated remote code execution with root privileges. This buffer overflow vulnerability in the User-ID Authentication Portal poses a high risk to PA-Series and VM-Series firewalls.
Australia's Security Architecture Needs Diversity to Counter Complex Threats
Australia's national security ecosystem is drowning in data, but struggling to cut through complexity - and simply adding more information can make things worse, not better. To stay ahead of evolving threats, its security architecture needs a fresh approach that prioritises what matters most.
US-Led Drills Target Ship in Strategic Luzon Strait
In a display of military precision, a US-led live-fire exercise sank a decommissioned Philippine Navy patrol corvette, BRP Quezon, in the strategic Luzon Strait, roughly 50 miles offshore. The vessel, a former World War II-era minesweeper, met its target fate near the Paoay Sand Dunes on Luzon's coast.
Palo Alto Networks Zero-Day Exploited in Wild, Firm Warns
Palo Alto Networks has warned of a critical zero-day vulnerability, CVE-2026-0300, being exploited in the wild, allowing unauthenticated attackers to execute code with root privileges on certain firewalls. This flaw affects a limited number of customers with exposed User-ID Authentication Portals.
US Disables Iranian-Flagged Ship With F/A-18 Cannon Fire
The US military has taken a firm stance against Iranian-flagged vessels, as demonstrated by the recent disabling of the oil tanker M/T Hasna with F/A-18 cannon fire, after it ignored warnings to halt its journey to an Iranian port. The US blockade on Iranian ports remains firmly in place.
Malaysia Seeks Clarifications as Norway Weighs Backing Out of Missile Deal
Malaysia is taking a proactive approach to resolve a potential hiccup in its missile purchase deal with Norway, with Defence Minister Mohamed Khaled Nordin vowing to seek clarifications through diplomatic channels. The country is keen to find a solution that serves its best interests and ensures its defense readiness remains on track.
Defense Contractor Exposes Military Training Data Through API Flaw
A defense contractor's careless API flaw left sensitive military training data vulnerable, sparking a 152-day saga between the contractor and the open-source security project Strix that ultimately led to the exposure being patched. The breach was caused by a low-privilege account having broad access to user records and training materials due to lax authorization checks.
Turkey Unveils Intercontinental Missile with 6,000km Range
Turkey has just unveiled its latest game-changer: the Yildirimhan, an intercontinental missile with a staggering 6,000km range, capable of reaching across Europe and deep into eastern Asia. This powerful new weapon can travel at speeds of up to Mach 25, powered by four rocket engines.
Coast Guard Launches Special Missions Command to Centralize Elite Units
The Coast Guard has launched a game-changing Special Missions Command, uniting its elite teams under one powerful umbrella to tackle high-stakes missions and protect the nation like never before. This bold move brings the best of the best together, ensuring they're equipped, trained, and ready to take on whatever comes next.
Australia Urges Shift to Battery-Electric Freight Trains
Australia's reliance on diesel for freight transport leaves it vulnerable to global fuel shocks, with road and rail using a whopping 20-25 billion litres of diesel each year. Shifting to battery-electric freight trains could be a game-changer, reducing the nation's exposure to international fuel disruptions.
Space Force Expands Satellite Surveillance Contract to $6.2 Billion
The Space Force is supercharging its satellite surveillance capabilities with a massive $4.4 billion boost to its Andromeda program, bringing the total contract value to a whopping $6.2 billion. This expansion will enable the military to stay ahead of emerging threats and support next-generation space domain awareness efforts.
Allianz Transfers Commercial Cyber Unit to Coalition
This game-changing partnership brings a fresh approach to commercial cyber insurance, elevating protection and benefits for customers. By joining forces, Allianz and Coalition are revolutionizing cyber coverage with a unique and robust offering.
Anthropic Exposes Tens of Thousands of Unpatched Flaws in Software Platforms
Tens of thousands of unpatched software flaws are lurking in the shadows, threatening cybersecurity, after Anthropic's AI tool Mythos uncovered nearly 300 vulnerabilities in Firefox alone. This astonishing discovery highlights the urgent need for rapid action to address the alarming gap in software security.
Mirai-Based xlabs_v1 Botnet Exploits ADB for IoT Hijacking
Meet xlabs_v1, a powerful botnet derived from Mirai that's hijacking IoT devices by exploiting exposed Android Debug Bridge (ADB) services on TCP port 5555. This sneaky malware infects devices like Android TV boxes and smart TVs, and can even measure a device's bandwidth to sell it on the black market.
Hackers exploit Google ads for ManageWP phishing scam
Beware of a sneaky phishing scam targeting ManageWP users, where hackers use Google ads to trick victims into divulging their login credentials on a fake website that looks identical to the real one. This clever attack can put hundreds of sites at risk, since each ManageWP account typically hosts multiple sites.
Employees Willingly Sell Work Credentials
A shocking 13% of employees admit to selling their work logins or knowing someone who has, revealing a surprisingly casual attitude towards protecting sensitive work credentials. This statistic raises serious concerns about workplace security and the vulnerability of company data.
FIS and Anthropic Unveil AI to Accelerate Money Laundering Probes
Imagine having an AI-powered ally that supercharges your money laundering investigations, automatically gathering evidence, detecting patterns, and prioritizing case files in minutes - not days. FIS and Anthropic have joined forces to bring you the Financial Crimes AI Agent, revolutionizing banking's most costly compliance challenge.
Arctic Wolf Slashes 250 Jobs to Fund AI Investments
Arctic Wolf is making a bold move to future-proof its business, cutting 250 jobs to free up resources for game-changing AI investments. The layoffs, which affect under 10% of its workforce, are a strategic cost-saving measure to drive innovation and growth.
Vm2 Sandbox Flaw Exposes Host Systems to Code Execution Risk
A critical vulnerability, CVE-2026-26956, in the popular vm2 Node.js library can allow attackers to break free from the sandbox and execute malicious code on your host system, putting your entire environment at risk. To stay safe, upgrade to vm2 version 3.10.5 or later, or 3.11.2 for the latest protection.
Cisco Discloses High-Severity DoS Flaw Requiring Manual Reboot
Beware: a high-severity flaw in Cisco's system could allow attackers to overwhelm your network, causing a manual reboot to regain control. This vulnerability can be exploited remotely with ease, putting your connection resources at risk of exhaustion and leaving you vulnerable to a denial-of-service condition.