RondoDox Botnet Operators Set React2Shell Flaw in Their Sights
The bad actors behind the RondoDox botnet are showing themselves to be highly adaptable and able to embrace changing...
#featured
Malware Campaign Abuses Booking.com Against Hospitality Sector
An evolving multi-stage campaign likely run by Russian threat actors that uses a fake Booking.com reservation cancellation message for...
Best of 2025: Huge Food Wholesaler Paralyzed by Hack — is it Scattered Spider Again?
We were warned this would happen. And now here we are.United Natural Foods (UNFI) has had to switch off systems after...
Best of 2025: NIST Launches Updated Incident Response Guide
The National Institute of Standards and Technology (NIST) has released a long-awaited update to its incident response guidance: Special...
Best of 2025: CVE-2025-29927 – Understanding the Next.js Middleware Vulnerability
When security vulnerabilities appear in popular frameworks, they can affect thousands of websites overnight. That’s exactly what’s happening with...
Best of 2025: News alert: SquareX research finds browser AI agents are proving riskier than human employees
Palo Alto, Calif., Jun. 30, 2025, CyberNewswire–Every security practitioner knows that employees are the weakest link in an organization,...
Best of 2025: NOT-So-Great Firewall: China Blocks the Web for 74 Min.
HTTPS connections on port 443 received forged replies.Chinese web users couldn’t access websites outside the People’s Republic yesterday. The outage...
Widely Used Malicious Extensions Steal ChatGPT, DeepSeek Conversations
Two malicious extensions made to look like a legitimate tool and installed more than 900,000 times were used by...
Best of 2025: Oracle Breach: The Impact is Bigger Than You Think | Grip
More than 140,000 cloud tenants potentially compromised. Over 6 million sensitive records exposed, including encrypted SSO, LDAP passwords, Java...
2026 Kubernetes Playbook: AI at Scale, Self‑Healing Clusters, & Growth
In 2026, the question isn’t whether Kubernetes wins – it already has. And yet, many organizations are running mission-critical...
Best of 2025: Indirect prompt injection attacks target common LLM data sources
While the shortest distance between two points is a straight line, a straight-line attack on a large language model...
Best of 2025: Oracle Hack: From ‘Deny-Deny-Deny’ to ‘Oops-Oops-Oops’
Larry’s PR angels desperately dance on the head of a pin.Oracle is now admitting that, yes, an Oracle cloud service...
Best of 2025: UNC6395 and the Salesloft Drift Attack: Why Salesforce OAuth Integrations are a Growing Risk
Is your Salesforce environment integrated with third-party apps like Salesloft Drift? If so, your organization could be at risk...
Best of 2025: Ukraine Pwns Russian Drone Maker — Gaskar is ‘Paralyzed’
Ukrainian Cyber Alliance and Black Owl team up to hack manufacturer of Russian military drones, sources say.Gaskar Group, Russian designer...
Best of 2025: LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49112
SafeBreach Labs Researchers have developed a zero-click PoC exploit that crashes unpatched Windows Servers using the Windows Lightweight Directory...
