Tag: emerging threats
3111 articles
Belgium Pursues $1.3B Counter-Drone Systems Upgrade
Belgium is taking a major leap in defense tech with a whopping $1.3 billion counter-drone systems upgrade, aiming to bolster its security with cutting-edge tech. The 10-year project, with an option for two more years, is part of a long-term plan to deploy robust counter-drone systems.
Air Force Accelerates Low-Cost Cruise Missile Buys
The Air Force is gearing up to supercharge its munitions inventory with a massive buy of nearly 27,000 low-cost cruise missiles, dubbed the Family of Affordable Mass Missile, with a whopping $12 billion allocated to stockpile the game-changing weapon. This aggressive plan aims to rapidly replenish stockpiles and expand production.
Pakistan ARFC Deploys Fatah-II Missile in Training Launch
Pakistan's Army Rocket Force Command has successfully launched the Fatah-II missile in a training exercise, showcasing its unique trajectory and marking a significant milestone in crew proficiency and readiness. This latest test validates the system's technical capabilities and paves the way for enhanced accuracy and survivability.
EU Advances Mandatory Online Age Verification Despite Security Risks
The European Commission's recent findings have revealed that Meta failed to protect minors, with a staggering 12% of European children under 13 reportedly accessing Facebook or Instagram, sparking concerns over online safety. This has led to a push for mandatory online age verification, despite security risks.
Firefox Exposed: AI Model Uncovers 271 Zero-Day Vulnerabilities
Meet the AI model that just supercharged Firefox security, uncovering a whopping 271 zero-day vulnerabilities that have now been squashed in the latest update to Firefox 150. This game-changing collaboration between Firefox and Anthropic's cutting-edge tools has made the browser safer than ever.
CISA Warns of Data Theft Bug in NSA-Built OT Networking Tool
A critical vulnerability, CVE-2026-6807, has been discovered in an NSA-built networking tool that could allow hackers to steal sensitive information by exploiting an XML parsing weakness. If left unpatched, this flaw could lead to devastating data breaches.
Malware Targets SAP npm Packages in Supply Chain Attack
A new supply-chain attack campaign, dubbed mini Shai-Hulud, is targeting SAP-related npm packages, delivering credential-stealing malware that threatens JavaScript and cloud applications. This sneaky attack puts sensitive data at risk, and experts are warning of a potentially massive impact.
cPanel Rushes Emergency Update to Fix Auth Bypass Bug
A critical security vulnerability in cPanel software has been discovered, allowing unauthorized access to the control panel, prompting immediate action from providers like Namecheap to protect customers. cPanel has since rushed out an emergency update to fix the authentication bypass bug affecting all currently supported versions.
North Korea Targets Developers with AI-Generated npm Malware
Security researchers have uncovered a sneaky malware campaign targeting developers, involving a malicious npm package called @validate-sdk/v2 that's designed to steal sensitive secrets, including crypto-wallet credentials. This tainted package, linked to a North Korean threat actor, was cleverly disguised as a utility SDK for legitimate tasks like hashing and validation.
Cursor Flaw Exposes Developer API Keys to Unrestricted Access
A single design flaw in the AI-powered development tool Cursor has been found to expose developer API keys to unrestricted access, earning a high-severity CVSS score of 8.2. This vulnerability stems from Cursor's weak storage design, which stores sensitive authentication data in a locally accessible SQLite database without proper protection.
Ransomware Drives 90% of Manufacturing Cyber Losses
Ransomware is wreaking havoc on the manufacturing sector, responsible for a staggering 90% of total cyber losses - despite accounting for just a small fraction of claims. When ransomware strikes, the financial blow is severe, highlighting the urgent need for robust security measures.
Police Disrupt €50 Million Crypto Investment Fraud Ring
A massive €50 million crypto investment fraud ring has been dismantled thanks to a joint investigation by Austrian and Albanian authorities, supported by Europol and Eurojust, resulting in the arrest of 10 suspects and the seizure of cash and electronic devices. The alleged scammers, operating from call centres in Albania, left a trail of financial devastation across Italy, Germany, Greece, Spain, Canada, and the UK.
AI-Assisted Code Targets Crypto Wallets via Malicious npm Dependency
Researchers have uncovered a sneaky malicious npm campaign, dubbed PromptMink, linked to North Korean hackers Famous Chollima, which targets crypto developers with fake utility packages that secretly steal sensitive info and funds. The campaign's clever tactics even involve an AI-assisted code commit to fly under the radar.
OAuth Breach Risks Expose AI-Driven Enterprise Vulnerability
A single misstep with a trial AI tool led to a major breach: a Vercel employee's casual OAuth grant to Context.ai created a lasting vulnerability that attackers exploited when Context.ai was compromised. This incident highlights the alarming ease with which AI-driven tools can become enterprise security weak spots.
Cybercriminals Exploit 2.9 Billion Compromised Credentials
Imagine 2.9 billion personal login details floating around in the dark corners of the internet, vulnerable to exploitation by cybercriminals - that's the staggering reality revealed by a recent threat intelligence analysis. This massive cache of compromised credentials, tracked globally in 2025, is a goldmine for hackers leveraging stolen logins, malware, and AI to wreak havoc.
AI-Assisted Bug Hunt Exposes High-Severity GitHub Flaw
In a thrilling example of AI-powered detective work, a team of researchers uncovered a high-severity flaw in GitHub's infrastructure, dubbed CVE-2026-3854, which could have allowed hackers to access private repositories with just one command. The researchers cracked the code in under 48 hours, and GitHub swiftly patched the issue within six hours of disclosure.
GitHub swiftly patches flaw exposing millions of private repos
GitHub quickly squashed a massive security flaw, CVE-2026-3854, that could have let hackers access millions of private repositories with just one sneaky git push. The vulnerability allowed attackers to inject malicious code by exploiting how GitHub handled user-supplied options during git push operations.
Exposure Management Platforms Face Validation Test
Are you tired of filling dashboards with green and closing hundreds of tickets, only to wonder if your organization is truly safer? The harsh reality is that most exposure management platforms fall short in connecting remediation to real risk reduction.
cPanel Discloses Authentication Flaw, Urges Immediate Server Updates
cPanel has uncovered a critical authentication flaw that could let hackers gain unauthorized access to your control panel, and is urging immediate server updates to protect against this threat. Check if your version is vulnerable and update to a patched build right away.
Vect Ransomware Exposes Flaw, Turns into Data-Destroying Wiper
Researchers uncovered a critical flaw in Vect Ransomware that unexpectedly turns it into a data-destroying wiper, permanently destroying files over 128KB instead of encrypting them. This shocking misfire stems from a faulty ChaCha20‑IETF implementation that strips away crucial security protections.
GoDaddy Domain Transfer Exposes Non-Profit to Security Risks
A shocking security breach occurred when a 27-year-old domain was transferred from a GoDaddy account to another customer without any authentication checks, putting a non-profit at risk. The alarming transfer was completed in just four minutes, raising serious concerns about GoDaddy's domain transfer process.
CISA Orders Federal Agencies to Patch Exploited Windows Flaw
Federal agencies are on high alert: a critical Windows vulnerability, CVE-2026-32202, must be patched by May 12 to prevent zero-click credential theft via malicious LNK files. CISA has ordered all Federal Civilian Executive Branch agencies to secure their Windows endpoints and servers within two weeks.
Healthcare Sector Grapples with Rising Medical Device Cyberattacks
A staggering one in four healthcare organizations have fallen victim to cyberattacks that compromised their medical devices in the past year, posing a significant threat to patient care. This alarming trend highlights a pressing need for robust medical device cybersecurity measures to prevent delayed treatments and critical care interruptions.
CISA Flags Actively Exploited ConnectWise, Windows Flaws
The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged two major vulnerabilities, including a critical flaw in ConnectWise ScreenConnect and a Microsoft Windows Shell bug, as actively exploited by hackers. These flaws could allow attackers to execute remote code, access confidential data, and compromise critical systems.