The Underminr vulnerability allows attackers to hide malicious connections behind trusted domains, potentially affecting 88 million domains worldwide.
Researchers at Rutgers University have developed VitalID, a biometric authentication system that uses low-frequency skull vibrations generated by breathing and heartbeat to verify the identity of XR headset users without requiring any additional hardware.
Most AI detection systems learn from post-compromise artifacts, but new data from GreyNoise reveals that attacker behavior — including fresh infrastructure and behavioral spikes — frequently surfaces well before a breach is confirmed.
Fortinet has released an emergency hotfix for CVE-2026-35616, a critical 9.1-scored authentication bypass flaw in FortiClient EMS that is already being exploited in the wild. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog, mandating federal agencies patch by April 9.
A new Ekoparty report based on 605 LatAm cybersecurity professionals reveals the region faces 40% more cyberattacks than the global average while struggling to tap its largely self-trained talent pool.
OpenAI has introduced a new $100 monthly Pro subscription for ChatGPT, directly mirroring Anthropic Claude's pricing structure and targeting coders and enterprise users who need advanced AI capabilities.
The threat group TeamPCP is leveraging credentials harvested from supply chain attacks on open source projects to rapidly breach AWS, Azure, and SaaS environments, with some victims compromised within 24 hours of initial theft.
Healthcare professionals are turning to unsanctioned AI tools to manage crushing workloads, creating dangerous visibility gaps that compound ransomware recovery challenges. Experts say denial is no longer viable — containment and discovery are now the priority.
The OWASP Foundation has released updated AI security guidance splitting recommendations into generative AI and agentic AI tracks, while cataloguing 21 data security risks and expanding its solutions matrix from 50 to more than 170 providers.
The Kimwolf IoT botnet has been hammering the I2P anonymity network since early February 2026 after its operators attempted to enroll 700,000 infected devices as network nodes, overwhelming the system and cutting connectivity roughly in half.