Microsoft and Resecurity disrupted Fox Tempest, a malware-signing service that used fake Microsoft certificates to make malware look legitimate. Resecurity supported Microsoft’s Digital Crimes Unit (DCU) in its disruption... Read more »

A critical FortiClient Endpoint Management Server (EMS) vulnerability patched in April has been exploited in fresh attacks to deploy information-stealing malware, Arctic Wolf reports. The flaw, tracked as CVE-2026-35616 (CVSS score... Read more »

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows... Read more »

A third-party UK visa site exposed passports and selfies on a public AWS server. It’s not official GOV.UK and affected at least 100,000 documents. UK Visa Portal is not... Read more »

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the LiteSpeed cPanel... Read more »

19.6 Billion files are exposed in misconfigured cloud buckets, including 685K credential files and nearly 1M database dumps. There’s a comfortable myth most people carry around: that the data... Read more »

Romanian hacker Catalin Dragomir (45) got 4 years and 8 months in prison for selling access to an Oregon state network. Romanian hacker Catalin Dragomir (45) will spend 4... Read more »

Iran’s “hacktivist” group Ababil of Minab, which hit LA Metro and wiped terabytes of data, is forensically linked to Iran’s intelligence service MOIS. In late March, a group calling... Read more »