General cybersecurity industry news, market trends, and analysis
Thursday’s discussion comes as leaders on Capitol Hill grapple with the dizzying pace of global developments in which technology plays a central role.
The remote code execution vulnerability tracked as CVE-2026-34197 came to light in early April.
Kejia Wang and Zhenxing Wang compromised the identities of dozens of US persons to help land jobs at over 100 companies.
The malware is configured to operate on systems associated with Israeli water treatment and desalination plants.
An indirect prompt injection could be chained with a sandbox bypass and Cursor’s remote tunnel feature for shell access to machines.
NIST limits CVE enrichment after 263% surge since 2020, prioritizing KEV and federal software, shifting thousands to “Not Scheduled.”
Authorities in 21 countries participated in a coordinated action against DDoS-for-hire services.
53 DDoS domains seized in Operation PowerOFF across 21 countries, exposing 3 million accounts and disrupting 75,000 users' attacks.
CVE-2026-34197 exploited in Apache ActiveMQ; CISA KEV listing sets April 30, 2026 patch deadline, increasing enterprise RCE risk.
The National Institute of Standards and Technology carved a new path for vulnerability remediation by changing the way it prioritizes software flaws.
Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.
A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to be excluded from Windows Defender.
