Credential-stealing crew spoofs Ivanti, Fortinet, Cisco VPNs
…remind employees NOT to store workplace credentials in browsers or password vaults secured with personal credentials. ® vpn security microsoft cybercrime cyber-crime
Search
All sources
bleepingcomputer.com
17
theregister.com
15
amd.com
10
phoronix.com
9
tomshardware.com
8
notebookcheck.net
5
hothardware.com
5
wired.com
5
windowscentral.com
4
theverge.com
4
androidauthority.com
4
tweaktown.com
3
Videos
More videos
Dirty Frag Won't Be The Last Exploit
CopyFail Compromises The Last 9 Years Of Linux Distros
The First Exploit - Pwn2Own Documentary (Part 2)
The World's Hardest Hacking Competition - Pwn2Own Documentary (Part 1)
Another Linux Distro Dropped Deepin Desktop
This Linux Bug Gives Attackers Root
IPv8 Changes Everything We Know About IP
Top stories
X.Org Server Starts June With Nine New Security Vulnerabilities Discovered Via AI
4d agoMicrosoft threatened a security researcher with criminal charges, and the cybersecurity community isn't having it
6d agoMicrosoft faces security community backlash over Nightmare Eclipse
6d agoMicrosoft under fire for threatening security researcher with criminal investigation | TechCrunch
1w agoElon Musk ends dispute over Twitter stake with SEC, refuses to admit wrongdoing
…Securities and Exchange Commission (SEC) for $1.5 million over his delayed disclosure of a major stake in Twitter. 2 VIEW GALLERY - 2 IMAGES The agreement, reached without Musk admitting fault, marks…
r/WallStreetBets really hates the SEC's proposal to weaken quarterly reporting | TechCrunch
The Securities and Exchange Commission officially proposed last week to weaken the quarterly reporting standards for publicly traded companies. So far, public comments submitted to the financial regulator about the idea are…
Intel Antitrust Rulings
…locking out AMD to secure total Intel exclusivity, delaying the purchase or use of AMD microprocessors, limiting, delaying or constraining marketing, promotion, launch, advertising, production, distribution, sale or branding of any product…
Discussions and forums
Researcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft’s Disclosure Process
https://securityaffairs.com/193128/security/researcher-drops-a-new-vs-code-zero-day-after-losing-trust-in-microsofts-disclosure-process.html
Microsoft vs Chaotic Eclipse: three zero-days now actively exploited
This one has been building for a month and it came to a head this week. A researcher going by Chaotic Eclipse has released six Windows zero-days publicly over the past several weeks, covering Defender, BitLocker, and Win…
The compression of the exploit timeline: Why n-day gaps and 90-day embargoes are failing in practice.
The traditional vulnerability disclosure timeline relies on a fundamental assumption: exploit development and vulnerability discovery take time. Over the last 12 months the integration of LLMs into offensive tooling has …
NGINX CVE-2026-42945 (ngx_http_rewrite_module) — patched boundary is 1.30.1 / 1.31.0
Disclosure: I work on Forkline, which maintains a fork of the retired Kubernetes ingress-nginx controller. NGINX published a security advisory for ngx_http_rewrite_module. The affected versions are NGINX Open Source belo…
NGINX CVE-2026-42945 (rewrite module) — check your version if you are below 1.30.1 or 1.31.0
TL;DR: If you are running NGINX Open Source below 1.30.1 or 1.31.0, you are affected by the current ngx_http_rewrite_module CVE batch. For Kubernetes ingress-nginx users this is especially relevant — the retired controll…
Ubuntu Core 26 targets IoT devices and embedded systems, offers up to 15 years of security maintenance - CNX Software
…rooted security – Canonical assumes Manufacturer responsibilities under the CRA for the operating system’s release cycle by providing security maintenance for its core modules, continuous CVE monitoring and coordinated disclosure, and compliance…
Gartner suggests Friday afternoon Copilot ban
Security Gartner suggests Friday afternoon Copilot ban because tired users may be too lazy to check its mistakes Admins may be even more exhausted by then, because securing Microsoft’s AI helper…
Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything
…coordinated vulnerability disclosure, the process of giving developers time to patch a bug before it is publicly discussed. “We've seen Mythos Preview accomplish things that a senior security researcher would be…
Exploit released for new PinTheft Arch Linux root escalation flaw
…These disclosures also follow reports that threat actors have started actively exploiting the Copy Fail vulnerability in attacks. The Cybersecurity and Infrastructure Security Agency (CISA) has added Copy Fail to its list…
Microsoft unveils new security tools for IT admins and developers building AI products
…Together, the production signal enrichment, AI-assisted remediation, and secure handling of findings within a single workflow help security and developer teams focus on real risk and act quickly. Furthermore, as more…
Microsoft's massive Patch Tuesday: It's raining bugs
…While Microsoft doesn't mention this in its advisory, other security shops pointed out that the Defender bug matches exploit code called BlueHammer , published on GitHub earlier this month by a disgruntled…