Researchers at Rutgers University have developed VitalID, a biometric authentication system that uses low-frequency skull vibrations generated by breathing and heartbeat to verify the identity of XR headset users without requiring any additional hardware.
A new Ekoparty report based on 605 LatAm cybersecurity professionals reveals the region faces 40% more cyberattacks than the global average while struggling to tap its largely self-trained talent pool.
OpenAI has introduced a new $100 monthly Pro subscription for ChatGPT, directly mirroring Anthropic Claude's pricing structure and targeting coders and enterprise users who need advanced AI capabilities.
The threat group TeamPCP is leveraging credentials harvested from supply chain attacks on open source projects to rapidly breach AWS, Azure, and SaaS environments, with some victims compromised within 24 hours of initial theft.
Healthcare professionals are turning to unsanctioned AI tools to manage crushing workloads, creating dangerous visibility gaps that compound ransomware recovery challenges. Experts say denial is no longer viable — containment and discovery are now the priority.
The OWASP Foundation has released updated AI security guidance splitting recommendations into generative AI and agentic AI tracks, while cataloguing 21 data security risks and expanding its solutions matrix from 50 to more than 170 providers.
The Kimwolf IoT botnet has been hammering the I2P anonymity network since early February 2026 after its operators attempted to enroll 700,000 infected devices as network nodes, overwhelming the system and cutting connectivity roughly in half.
A new phishing-as-a-service platform called Starkiller dynamically loads authentic login pages through a reverse proxy, capturing credentials and MFA tokens in real time while rendering traditional detection methods largely ineffective.
RSAC 2026 placed artificial intelligence front and center, with more than two-thirds of sessions featuring an AI component, yet the conference's own theme — 'The Power of Community' — served as a pointed reminder that human oversight remains non-negotiable. A conspicuous absence of the US federal government added further tension to an already charged event.
The compromise of the Axios JavaScript library by suspected North Korean threat group UNC1069 exposes how sophisticated, slow-burn social engineering campaigns are being scaled to target open source maintainers with massive downstream reach.