Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw. […]
Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks Read More »
Imagine a world where hackers don’t sleep, don’t take breaks, and find weak spots in your systems instantly. Well, that world is already here. Thanks to AI, attackers are now launching automated, large-scale exploits faster than ever before. The time you have to fix a vulnerability before it gets attacked is shrinking to zero. We
[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed Read More »
Microsoft says IT administrators can now uninstall the AI-powered Copilot digital assistant from enterprise devices using a new policy setting, which has become broadly available after the April 2026 Patch Tuesday. […]
Microsoft now lets admins uninstall Copilot on enterprise devices Read More »
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. […]
Hackers exploit file upload bug in Breeze Cache WordPress plugin Read More »
The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects. […]
Bitwarden CLI npm package compromised to steal developer credentials Read More »
Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public release. Instead, the company has given access to Apple, Microsoft, Google, Amazon, and a coalition of others to find and patch bugs before adversaries can. Mythos Preview, the model that
Project Glasswing Proved AI Can Find the Bugs. Who’s Going to Fix Them? Read More »
Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently. […]
Trigona ransomware attacks use custom exfiltration tool to steal data Read More »
Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. […]
New Checkmarx supply-chain breach affects KICS analysis tool Read More »
Dutch cosmetics giant Rituals disclosed a data breach after attackers stole the personal information of an undisclosed number of customers from its “My Rituals” membership database. […]
Cosmetics giant Rituals discloses data breach affecting customers Read More »
Password resets are one of the easiest ways for attackers to bypass security controls. Specops Software shows how helpdesk social engineering turns a seemingly legitimate reset request into full account compromise. […]
Regular Password Resets Aren’t as Safe as You Think Read More »