General cybersecurity industry news, market trends, and analysis
Delayed IR access and 14-day logs limit visibility during breaches, increasing attacker dwell time and recovery costs.
Attackers could inject prompts into a GitHub issue and take over the AI agent designed to automatically triage the issue.
ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems
Dragos has published a report describing how threat actors used Claude AI in an attack on a water and drainage utility in Mexico.
12 vm2 flaws (CVSS up to 10.0) enable sandbox escape in ≤3.11.1, causing remote code execution risk; patched in 3.11.2.
Meta’s smart glasses promise privacy “designed for you” – but everything they record was being beamed off to workers in Nairobi to label by hand.
Authors of the VoidStealer Trojan uncovered a way to get around Google's App-Bound Encryption (ABE), opening the door to infostealers.
ShinyHunters' attack on Instructure, which owns the widely used Canvas learning management system (LMS), carries big questions about the trust educational institutions put into their vendors.
xlabs_v1 botnet exploits ADB port 5555 to recruit IoT devices, enabling 21 DDoS methods and bandwidth-tiered attacks on gaming servers
The company raised another $35 million as an extension to its previously announced Series C funding round.
The startup will invest in expanding its training categories, optimizing video generation, and growing its partnership ecosystem.
Likely perpetrated by MuddyWater, the attack combined social engineering, persistence, credential harvesting, and data theft.
