Cybersecurity

624 articles in this category (Page 3 of 26)

AI NewsCybersecuritySoftware Engineering

Hardening Windows Processes with an explorer.exe Watchdog

Carlos releases a C++ library that injects a watchdog thread into explorer.exe to protect userland processes from debugging and memory manipulation.

Apr 12, 2026

AI NewsHealthcare ITCybersecurity

2026 HIPAA Security Rule Changes: A Technical Guide for FQHC IT Teams

IT teams at FQHCs serving 30 million patients must adapt to 2026 HIPAA rules mandating encryption, MFA, and biannual vulnerability scans.

Apr 10, 2026

AI NewsCybersecurityOpen Source

Claude Code Unearths 23-Year-Old Linux Zero-Day Amid 500+ Discoveries

Anthropic's Claude Code identifies 500+ high-severity vulnerabilities, including a 23-year-old Linux NFS buffer overflow hidden since 2003.

Apr 8, 2026

AI NewsAI & CloudCybersecurity

AI-Driven Autonomy: Tanium Launches New Security Operations Tools at RSAC 2026

Tanium unveils AI-powered autonomous systems at RSAC 2026 as 50% of organizations now pilot autonomous endpoint management solutions.

Apr 8, 2026

AI NewsCybersecurityDevOps

Exposed SaaS Vulnerabilities: Common Infrastructure Security Failures

SaaS infrastructure often exposes Postgres on port 5432 and Redis on 6379 to the public internet, creating immediate security risks.

Apr 4, 2026

AI NewsCybersecurityIoT

Mongoose Library Vulnerabilities: Critical RCE and mTLS Bypass Risks

Critical vulnerabilities in Mongoose library versions ≤ 7.20 expose millions of IoT devices to RCE and mTLS bypass; patching to 7.21+ is mandatory.

Apr 2, 2026

AI NewsCybersecurityAI

Monitoring LLM Agent Degradation: Why a 'Nervous System' is Critical for AI Safety

GnomeMan introduces zer0DAYSlater, a monitoring system that triggers a HALT command when LLM agent drift reaches a 1.0 critical threshold.

Apr 1, 2026

AI NewsCybersecurityDevOps

Engineer's Guide to OSPS: Navigating Global Cyber Compliance

Cybercrime costs are projected to hit $10.5 trillion annually, driving the OpenSSF OSPS Baseline to translate global regulations into 40 mandatory technical requirements.

Mar 31, 2026

AI NewsCybersecurityAI Development

OpenAI Codex Command Injection Vulnerability: Protecting GitHub Tokens

BeyondTrust discovered a command injection bug in OpenAI Codex where unsanitized branch names could steal GitHub OAuth tokens with full write access.

Mar 30, 2026

AI NewsDevOpsCybersecurity

The Evolution of DevOps to InvisibleOps: AI and Automated Security in 2030

Future platforms will automate 90% of pipelines as DevSecOps evolves into 'InvisibleOps' where security is baked deeply into background systems.

Mar 28, 2026

AI NewsCybersecurityMalware

GlassWorm Malware: Solana Dead Drops and Browser Data Theft via Rogue Extensions

GlassWorm exploits Solana blockchain memos and Google Calendar to deliver data-stealing RATs targeting developers via compromised npm and MCP packages.

Mar 25, 2026

AI NewsCybersecurityLegal

LeakBase Admin Arrested: Russian Law Enforcement Dismantles Major Stolen Credential Marketplace

Russian authorities arrested the alleged administrator of LeakBase, a cybercrime forum hosting hundreds of millions of stolen credentials and bank details.

Mar 25, 2026

AI NewsCybersecurityDevOps

LiteLLM Supply Chain Attack: How Unpinned Dependencies Compromised 3.4M Daily Downloads

On March 24, 2026, LiteLLM (3.4M daily downloads) was backdoored via PyPI. Attackers harvested cloud credentials, SSH keys, and Kubernetes tokens via a poisoned build.

Mar 24, 2026

AI NewsCybersecurityCloud Computing

Navigating Multi-Stage Security Attacks: Insights from AWS Security Leadership

AWS VP Gee Rittenhouse discusses the rising complexity of multi-stage attacks and the dual role of AI in cloud defense and vulnerability creation.

Mar 24, 2026

AI NewsCybersecuritySoftware Development

CVE-2026-32278: Critical File Upload Flaw in Connect-CMS Enables Administrative Session Hijacking

Connect-CMS versions up to 1.41.0 and 2.41.0 are vulnerable to a CVSS 8.2 Stored XSS flaw where unauthenticated file uploads lead to administrative account takeover.

Mar 23, 2026

AI NewsCybersecurityDevOps

Democratizing Vulnerability Intelligence with RiskScore.dev

Riskscore.dev launches an affordable vulnerability intelligence platform offering a free dashboard and API to help security teams prioritize hundreds of annual CVEs for under $30/month.

Mar 22, 2026

AI NewsArticleCybersecurity

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Russian-linked phishing campaigns have compromised thousands of Signal and WhatsApp accounts by impersonating support services to seize control of high-value targets' communications.

Mar 21, 2026

AI NewsCybersecurityIdentity Management

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle fixes critical CVE-2026-21992 (CVSS 9.8), an unauthenticated remote code execution flaw in Identity Manager and Web Services Manager.

Mar 21, 2026

AI NewsCybersecurityWeb Development

Understanding Device Fingerprinting for Persistent User Identification

Device fingerprinting identifies unique users by collecting hardware and browser data points, bypassing traditional cookie-based tracking limitations.

Mar 21, 2026

AI NewsCybersecurityDevOps

Trivy GitHub Actions Compromised: 75 Tags Hijacked to Steal CI/CD Secrets

Attackers hijacked 75 tags in the Trivy GitHub Action to distribute an infostealer, compromising CI/CD secrets and establishing persistence on developer machines.

Mar 20, 2026

AI NewsCybersecurityIAM

The Credential That Never Expires: Moving Beyond Static Privilege

Eliminate standing privilege with PAM to reduce access-related incidents by 70% using just-in-time access and ephemeral credentials for secure production.

Mar 19, 2026

AI NewsOpen SourceCybersecurity

Addressing Open Source Sustainability and Security with Trusted Stewardship

Chainguard announces new security initiatives at its Assemble conference to address open source sustainability issues including funding and maintainer burnout.

Mar 17, 2026

AI NewsArticleCybersecurity

GlassWorm Campaign: 72 Malicious Open VSX Extensions Target Developers

GlassWorm campaign abused 72 malicious Open VSX extensions and 151 GitHub repositories to steal secrets using stealthy transitive dependencies.

Mar 14, 2026

AI NewsCybersecurityArtificial Intelligence

OpenClaw AI Agent Flaws Enable Prompt Injection and Data Exfiltration

CNCERT warns that OpenClaw's weak security defaults enable prompt injection and data leaks, leading China to restrict its use on government systems.

Mar 14, 2026