News
Data
Blog
Tools
Pwnsy
News
EN
CN
Main
Social
Enterprise
Research
AI Security
Offensive
Privacy
Vendors
Tools
DARK READING
Weak Security Continues to Fuel Russian Cyberattacks
1h
'Yellow Teams' Are Defining the Future of AI Security
5h
GigaWiper Lets Threat Actors Choose Their Own Destructive Attack
6h
MORE
···
CYBERSCOOP
States are building their own election defense networks as federal support evaporates
2h
Europe strikes out against Russia’s Turla over espionage, ‘destructive attacks’
6h
Officials once again warn defenders that Russian hackers are targeting network devices
8h
MORE
···
BLEEPINGCOMPUTER
Japan's largest taxi operator shuts systems after cyberattack
3h
Hackers backdoor Jscrambler npm package with infostealer malware
3h
New CrashStealer malware poses as Apple crash reporting tool
4h
MORE
···
THE HACKER NEWS
Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
2d
Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns
2d
Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions
2d
MORE
···
TLDR INFOSEC
ShareFile Emergency Shutdown ⚠️, Injective npm Key Theft 🪙, NSA Revives TAO Name 🏢
23h
npm 12 Reduces Supply Chain Risk ⛓️, 130 Exploits Published 👿, Linux Distro Sabotage 💣
3d
AI Breaches AWS Environment ☁️, Accenture Data Breach 🔓, AI For Blue Teams 🟦
4d
MORE
···
THE RECORD
EU leaders eye social media ban for children under age 13
2h
VPN service favored by ransomware groups is sanctioned by US
4h
Russian celebrity journalist Ksenia Sobchak says hackers accessed Telegram channels via email breach
6h
MORE
···
INFOSECURITY
Open Directory Exposes Three Evilginx Phishing Operators
7h
Pakistani Police Systems Hit by Chinese and Indian Espionage
8h
Novel OAuth Client ID Spoofing Technique Targets Cloud Environments
10h
MORE
···
SECURITYWEEK
Hacker Conversations: Jesse McGraw (GhostExodus), From Blackhat Hacker to Redemption
8h
Cybersecurity M&A Roundup: 37 Deals Announced in June 2026
11h
RabbitMQ Vulnerability Threatens Enterprise Systems
11h
MORE
···
HELP NET SECURITY
Tidal Cyber connects assets, vulnerabilities, and threats through Threat-Led Defense
9h
Cloudflare Precursor uses continuous behavioral analysis to stop advanced bots
9h
Lumen expands managed detection and response with Cortex XSIAM integration
10h
MORE
···
GRAHAM CLULEY
Invited to a “job interview” with Netflix or OpenAI? Beware! Your Google password could be at risk
4d
Smashing Security podcast #475: JadePuffer – the AI that ran a ransomware attack all by itself
5d
Two arrested over credit card phishing – as the Netherlands is named Europe’s worst for payment fraud
6d
MORE
···
SOPHOS
Sophos named a 2026 Gartner® Peer Insights™ Customers’ Choice for Email Security
3d
When AI agents look like attackers: what behavioral telemetry tells us
6d
"Exploit mitigation" stalled around 2008. The attacks didn't.
7d
MORE
···
KREBS ON SECURITY
Lessons Learned from CISA’s Recent GitHub Leak
8h
Felons, Fraudsters Flog Offensive Cybersecurity Startup
5d
FBI Seizes NetNut Proxy Platform, Popa Botnet
11d
INDICATOR
Oktoberfest upskirting videos are being monetized on Meta, TikTok, and YouTube
12h
No code, no budget: 7 web scrapers put to the test
6d
Briefing: X tries to undo its monetization mess
10d
SOCIAL
R/HACKING
sandisk cruzer profile
54min
💬 0
▲ 5
Thinning out my badge collection. Any interest?
2h
💬 7
▲ 9
Talk: How Sascha P kept a BBS legend from the trash, hacked and revived it, and became a dial‑up sysop in 2023.
9h
💬 0
▲ 7
MORE
···
R/PRIVACY
With Flock Safety cameras everywhere, is truly anonymous interstate travel still possible in the US?
1h
💬 22
▲ 33
It's starting in Texas. Bluesky is now requiring 3rd party verifications.
1h
💬 18
▲ 88
What will you do if/when online privacy becomes impossible?
3h
💬 120
▲ 128
MORE
···
R/CYBERSECURITY
Why do some companies prefer small internal SOC etc over external managed services like Managed SOC, MDR or MSS etc?
4h
💬 37
▲ 23
Now, defenders are embracing the prompt injection, too
7h
💬 9
▲ 79
World Cup grudge attackers may have scored Argentine FA access via year-old infostealer infection
7h
💬 0
▲ 8
MORE
···
R/REVERSEENGINEERING
A technical analysis of a LinkedIn scam spreading malware to developers
8h
💬 0
▲ 7
TTF2PFR: A Python script that converts TrueType TTF fonts to Bitstream's failed "Portable Font Resource" format used in Netscape 4.
10h
💬 0
▲ 6
LIEF v1.0.0: Brand-new Runtime API and DWARF/PDB -> C/C++ generation!
17h
💬 0
▲ 17
MORE
···
R/NETSEC
Dell BIOS Passwords: Weak XOR Encryption Allows Recovery from SPI Flash (CVE-2026-40639)
13h
💬 8
▲ 59
Vulnerability in Realtek driver allows DMA controller abuse from user mode with no additional hardware or driver
1d
💬 2
▲ 26
Scanning malicious websites with arbitrary number of VPN tunnels (Part 2)
2d
💬 1
▲ 9
MORE
···
R/ASKNETSEC
how are people approaching agentic iam and agent identity..not just the humans behind them
16h
💬 5
▲ 8
Any recommendations for validating security controls against real TTPs?
1d
💬 8
▲ 8
Did anyone actually add a second endpoint vendor after the CrowdStrike outage?
3d
💬 35
▲ 35
MORE
···
R/INFOSECNEWS
Microsoft Warns of New GigaWiper Backdoor Built to Destroy Windows PCs
4d
💬 2
▲ 7
AI Gateway Connected to Amazon Bedrock Hijacked for Cryptomining
4d
💬 0
▲ 13
GhostApproval Vulnerabilities Let Top AI Coding Tools Write Outside Workspaces
4d
💬 0
▲ 6
R/MALWARE
Google "Sponsored" ad for "Claude mac app" leads to a fake install guide hosted as a shared Claude chat and the terminal command installs malware
1d
💬 7
▲ 84
SpectrePaste: TA leveraged AI for entire orchestration and development of their malware ecosystem
6d
💬 3
▲ 6
ENTERPRISE
ZDNET SECURITY
I tested COSMIC's new Frosted Glass effect, and it's way better than MacOS' Liquid Glass
2h
Is that QR code a trap? How to spot quishing scams before it's too late
5h
Windows questions? How Copilot can analyze your PC settings now
6h
MORE
···
FEDERAL NEWS CYBER
Pentagon suspends CMMC phase two requirements, launches review of program
2h
Why Medicaid fraud enforcement alone cannot solve a $37B problem
3h
The challenges, opportunities of open source intelligence for cyber defenders
19h
MORE
···
TECHCRUNCH SECURITY
Apple says former employee exploited ‘rare’ bug to download confidential files after leaving for OpenAI
3h
LAPD lets contract with surveillance giant Flock expire, citing ‘serious concerns’ over civil liberties and privacy
9h
US cybersecurity agency CISA had to build its incident playbook during the incident, agency reveals
2d
MORE
···
THE REGISTER SECURITY
EU and UK officially blame Russian spies for cyberattack on Poland's power grid
7h
Progress orders emergency ShareFile server shutdown over mystery security threat
12h
Destructive Windows backdoor stuffs multiple wipers and ransomware code into a single package
3d
MORE
···
CYBERSECURITY DIVE
US authorities warn that state-linked hackers are targeting vulnerable networking devices
8h
Hackers find a new trick to collect Microsoft Entra user data without raising red flags
8h
When cybercriminals outrun the feed
14h
MORE
···
CSO ONLINE
RabbitMQ flaws expose OAuth secrets, risk complete takeover of the broker
11h
Jurassic Park, cybersecurity and the dangerous myth of control
13h
Your AI risk register is not an incident response plan
14h
MORE
···
NEXTGOV CYBER
Russian hackers exploit weak router security to breach critical infrastructure, Western allies warn
3h
DHS network intrusion was twice ruled a false positive before breach confirmed
8h
Pentagon opens applications for cyber apprenticeship program
5d
MORE
···
RESEARCH
SANS ISC
Someone Is Scanning for Your MCP Servers and AI Assistant Credentials, (Mon, Jul 13th)
19h
ISC Stormcast For Monday, July 13th, 2026 https://isc.sans.edu/podcastdetail/10004, (Mon, Jul 13th)
21h
Wireshark 4.6.7 Released, (Sat, Jul 11th)
2d
MORE
···
ARXIV SECURITY
Entropy Bootstrapping for Wireless Embedded Systems
19h
Proof-of-Continuity: A Temporal Model for Authority Propagation in Distributed Systems and AI Agents
19h
SeedSmith: LLM-Driven Seed Synthesis for Directed Fuzzing
19h
MORE
···
SCHNEIER ON SECURITY
AI Data Centers and the Concentration of Wealth
12h
Friday Squid Blogging: “Squidbleed” Vulnerability
3d
AI Surveillance and Social Progress
3d
MORE
···
MICROSOFT SECURITY
Defending SaaS-based applications against ShinyHunters OAuth abuse
1h
Microsoft Entra ID security updates: Passkeys are the default authentication method in Entra ID
6h
Securing our future: July 2026 progress report on Microsoft’s Secure Future Initiative
3d
MORE
···
NIST NEWS
New Fabric Test Material Could Help Strengthen Domestic Supply Chain for Textiles and Clothing
4d
Arvind Raman Confirmed as the 18th NIST Director
7d
TROY HUNT
Weekly Update 511: Live from my Riad in Marrakech
5d
Swimming Pools, Pee, and Trying to Delete Your Data From the Internet
10d
NCSC UK
UK and Allies urge critical sectors to improve defences against Russian intelligence targeting
11h
AI SECURITY
SIMON WILLISON
DOOMQL
50min
datasette code-frequency chart on GitHub
1h
Directly Responsible Individuals (DRI)
23h
MORE
···
XBOW
Resources
8h
Grok 4.5 for Offensive Security: Performance vs. Cost
3d
Human-in-the-Loop AI Pentesting: What It HIL in Pentesting & Why It Works
3d
MORE
···
ADVERSA AI
Top AI Coding Agent security resources — July 2026
4d
Top MCP security resources — July 2026
7d
Top Agentic AI security resources — July 2026
11d
OFFENSIVE
HACKING ARTICLES
Windows Privilege Escalation: SeTakeOwnershipPrivilege
10h
Windows Privilege Escalation: SeDebugPrivilege
5d
Wireless Pentesting with Claude Using the Aircrack MCP Server
5d
0XDF
HTB: CCTV
2d
HTB: Abducted
6d
HTB: DevArea
9d
PRAETORIAN
Bluetooth Low Energy Security Testing, Consolidated: Introducing Caeruleus
3d
FreeBSoD: Leveraging Language Models to Find and Exploit Kernel Bugs (Part 2 of 2)
7d
Knossos: Procedurally Generated Decoy Environments
11d
SPECTEROPS
Finding SOCKS with Proxywatch
4d
Building a Mental Model for Kubernetes Security Research
5d
How to Set Red Team Objectives that Produce Value
6d
TRUSTEDSEC
Vulnify: Giving Your Agents a CVE Brain
4d
Welcoming ObfusGit
6d
Inheriting the Receipts: Securing the AI Your Company Already Adopted
11d
BLACK HILLS INFOSEC
Finding the “Goldilocks” Zone: A Practical Approach to Alert Triage
5d
PRIVACY
EFF DEEPLINKS
Sony Nerfs Videogame Ownership
5h
Building Our Future Together
3d
Automated Moderation Is Here to Stay—Accountability Must Keep Pace
3d
MORE
···
FLOCK SAFETY
Evidence Management Best Practices for Law Enforcement
23h
How Flock's Audio Detection Works, and the Concerns We Hear Most
3d
What the Supreme Court's Chatrie Decision Means for ALPR Technology
4d
THE MARKUP
Kaiser Permanente nurses say technology is making their jobs — and patient care — worse
4d
CITIZEN LAB
AI Surveillance Is Being Supercharged–And It Will Chill Social Progress
5d
TOR PROJECT
New Alpha Release: Tor Browser 16.0a8
11d
VENDORS
MANDIANT
$4.7T
The ‘Ghost’ in the Database: Recovering Active ADFS Signing Keys via Machine DPAPI
6d
Google’s Continued Disruption of Malicious Residential Proxy Networks
11d
CISCO TALOS
$475B
WolfSSL, GeoVision, VTK vulnerabilities
4d
Winning 54% of the time
4d
UAT-7810 continues building ORB networks using new malware
6d
MORE
···
UNIT 42
$228B
No Manners Here: The Ruthless Rise of The Gentlemen Ransomware
3d
Vidar Stealer Unmasked: Code Signing Abuse, Go Loaders and File Inflation
6d
How We Added WebAuthn to a Browser-Based RDP Client
11d
CROWDSTRIKE
$186B
Why AI Governance Without Guardrails Is Theater
4d
Falcon Secure Access Sets the Standard for Zero Trust Browser Security
5d
CrowdStrike Uncovers New Prompt Injection Techniques
6d
MORE
···
CLOUDFLARE
$85B
Introducing Precursor: detecting agentic behavior with continuous client-side signals
10h
Improving Smart Tiered Cache for Public Cloud Regions
3d
Why we cannot wait for better post-quantum signature algorithms
4d
MORE
···
DATADOG SECURITY LABS
$85B
Not-so-anonymous telemetry: The @injectivelabs/sdk-ts backdoor
4d
Coordinated GitHub API enumeration and access token abuse
5d
Entra Agent ID: Protect, detect, respond
7d
WIZ
$32B
Why IaC Coverage Belongs on Your Security Dashboard
10h
How ProdSec uses Wiz
4d
Wiz in the Verizon DBIR: How AI Acceleration and Cloud Sprawl Impact Modern Defense
4d
MORE
···
ZSCALER
$23B
Formula One and Cybersecurity in the AI Era
10h
Why Do F1 Teams Need Cybersecurity, and How Is AI Changing the Threat Landscape?
4d
Kainos Shares Five Essential Tips for Your Zscaler Deployment at Scale
4d
MORE
···
CHECK POINT RESEARCH
$14B
13th July – Threat Intelligence Report
10h
Cavern Manticore: Exposing Iran-Linked Modular C2 Framework
7d
6th July – Threat Intelligence Report
7d
SNYK
$7.4B
Symlinks Are Still Scary (And Yes, You Can Commit Them to Git)
4d
SENTINELONE
$6.2B
One Target, Two Flags | Rival Espionage Actors Converge On Pakistani Law Enforcement
4d
HPC AI Workloads Need Runtime Security. The Architecture Already Exists.
5d
Context Engineering | Compaction & Agent Memory for Automated Malware Analysis
11d
ELASTIC SECURITY
$5.7B
ClickFix to Cash-Out: Anatomy of a Mexican Banking-Fraud Toolkit
5d
Inside Elastic InfoSec's agentic SOC: cutting alert triage from 30 minutes to under 3
11d
QUALYS
$3.85B
How to Meet a 3-Day Remediation SLA & Comply with CISA BOD 26-04
4d
When AI-Accelerated Discovery Outruns Patching, Exploitability Proof Decides What Gets Fixed First
5d
FortiBleed: Credential Reuse, Legacy Hashes, and the Risk of Internet-Exposed FortiGate Devices
5d
MORE
···
TENABLE
$3.1B
Why cloud security is mission-critical for federal civilian and defense agencies
9h
OMB M-26-14: Why federal agencies must fix asset visibility first
6d
RECORDED FUTURE
$2.65B
June 2026 CVE Landscape
3d
RiskX interview video featuring Colin Mahony and Mastercard's Aditi Sawhney
4d
The Threat Isn’t the Frontier Model
5d
EXPEL
$1B
The “first” fully agentic ransomware is here, but we aren’t panicking (yet): Meet JadePuffer
7d
RAPID7
$440M
Weekly Metasploit Update: Exploits for FlowiseAI CSV Agent and MacOS Package Kit
2d
Security Teams Are Ready To Become More Preemptive. What’s Holding Them Back?
5d
A Day With Your Vector Command Red Team Pod
7d
MORE
···
OX SECURITY
Malware-Slop: Crypto Stealer Impersonating Polymarket Exposes Its Own Credentials
1d
AI Pentesting vs Traditional Pentesting: Where Each Wins
3d
Continuous Pentesting: From Annual Audit to Always-On
3d
MORE
···
REVERSINGLABS
AI-BOM push borrows from the SBOM playbook
4d
Spectra Analyze in Action: Hunting Device Code Phishing Pages
5d
‘Download pumping’ joins the trust-abuse bandwagon
6d
MORE
···
KASPERSKY SECURELIST
Threat landscape for industrial automation systems. Q1 2026
6d
When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website
7d
Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign
10d
MORE
···
WELIVESECURITY
ESET Threat Report H1 2026
5d
Cyber readiness for SMBs: Getting the basics right
10d
TOOLS
ZERO DAY INITIATIVE
$4.9B
CVE-2026-47291: Remote Code Execution in the Windows HTTP.sys
3d
FULL DISCLOSURE
[REVIVE-SA-2026-003] Revive Adserver Vulnerabilities
4d
OPNsense XPATH Injection (CVE-2026-53582)
6d
SCHUTZWERK-SA-2025-001: Authentication Bypass for SafeLine SL6 and SL6+
6d
MORE
···
EXPLOIT-DB
[webapps] Krayin CRM v2.2.x - Authenticated Remote Code Execution
5d
[webapps] Atarim WordPress Plugin 4.2.2 - Sensitive Information Exposure
5d
[webapps] Langflow 1.9.0 - RCE
5d
MORE
···
PROJECTDISCOVERY
Community Spotlight: Rishi (@rxerium)
17h