A contractor working with the Cybersecurity and Infrastructure Security Agency (CISA) inadvertently exposed Amazon Web Services (AWS) GovCloud credentials on a public GitHub repository. The leaked keys provided access to sensitive federal government cloud infrastructure, raising serious questions ab
A sophisticated Android ad fraud operation called “Trapdoor” has been discovered operating through 455 malicious apps on Google Play Store, generating fake ad clicks to defraud advertisers. The campaign remained undetected for months, affecting millions of users who unknowingly participated in large
Popular @antv npm packages were compromised to inject malicious code that steals CI/CD credentials, environment variables, and Git tokens from developer systems. Over 1.5 million weekly downloads put thousands of organizations at risk of supply chain attacks targeting their build pipelines and deplo
CISA has added seven actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including critical flaws in Microsoft Windows, Webmin, Fortinet FortiOS, and others. Federal agencies have until specified deadlines to patch these vulnerabilities, and private sector organi
Google plans to fundamentally redesign its search engine with agentic AI capabilities by 2026, introducing autonomous agents that can perform multi-step tasks on behalf of users. This transformation raises critical cybersecurity concerns around data privacy, authentication, API security, and the exp
Microsoft has released RAMPART and Clarity, two open-source security tools designed to help developers build safer AI agents. RAMPART provides a security testing framework for AI agents, while Clarity offers risk assessment and monitoring capabilities. These tools address growing concerns about AI a
Drupal has released a critical security update addressing a vulnerability with high exploitation potential in its core CMS platform. All site administrators running Drupal 10.2.x, 10.3.x, and 11.x versions must patch immediately to prevent potential remote code execution and data compromise.
Cybercriminals are weaponizing legitimate remote access tools like ScreenConnect and AnyDesk through phishing campaigns using fake Word documents. These attacks exploit enterprise trust relationships and security blind spots, allowing attackers to establish persistent remote access while evading tra
A new privilege escalation vulnerability dubbed PinTheft affects Arch Linux’s sudo implementation, allowing attackers to bypass PIN authentication and gain root access. Public exploit code is now available, and administrators must update immediately or implement specific workarounds to prevent unaut
Microsoft patches YellowKey BitLocker bypass after public disclosure. CVE-2026-45585 lets attackers circumvent disk encryption security features. Update now.