The Underminr vulnerability allows attackers to hide malicious connections behind trusted domains, potentially affecting 88 million domains worldwide.
A new phishing-as-a-service platform called Starkiller dynamically loads authentic login pages through a reverse proxy, capturing credentials and MFA tokens in real time while rendering traditional detection methods largely ineffective.
RSAC 2026 placed artificial intelligence front and center, with more than two-thirds of sessions featuring an AI component, yet the conference's own theme — 'The Power of Community' — served as a pointed reminder that human oversight remains non-negotiable. A conspicuous absence of the US federal government added further tension to an already charged event.
The compromise of the Axios JavaScript library by suspected North Korean threat group UNC1069 exposes how sophisticated, slow-burn social engineering campaigns are being scaled to target open source maintainers with massive downstream reach.
Open-source intelligence and breach data link Kimwolf botnet operator 'Dort' to Jacob Butler, an Ottawa, Canada resident born in August 2003, who has since orchestrated DDoS attacks, doxing, and a swatting incident against those who exposed the botnet.
Autonomous AI assistants like OpenClaw are transforming productivity for developers and IT workers, but security researchers warn they are simultaneously creating one of the largest attack surfaces the internet has ever seen.
A cluster of software supply chain incidents — including Anthropic's accidental publication of over 500,000 lines of Claude Code source, plus attacks on Trivy, Axios, and KICS — reveal systemic failures in how development pipelines are secured.
Microsoft addressed 77 security vulnerabilities this Patch Tuesday, with no active zero-days but notable fixes including privilege escalation bugs, critical Office RCE flaws, and a first-of-its-kind CVE discovered by an autonomous AI penetration testing agent.
Data privacy labels on major app stores were meant to empower consumers, but experts say inconsistent standards, inaccuracies, and poor design leave users no better protected than before.
Full Sail University is opening an on-campus IBM Cyber Defense Range powered by AWS and Cloud Range in April 2026, giving cybersecurity and IT students hands-on experience in realistic attack-and-defense simulations.