A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from… Read More »The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
It’s been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there’s a supply chain attack kit in a public… Read More »ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New Stories
Most good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories. The reason… Read More »Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories
For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was… Read More »AI Broke Vulnerability Management. That’s Why CISOs Are Moving Budget to BAS.
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve… Read More »OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack
GitHub has announced what it said are “breaking changes” coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The… Read More »GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
Cybersecurity researchers have warned of a “resurgence and expansion” of JDY, a covert network associated with China-nexus state-sponsored threat actors. “The JDY botnet comprises over 1,500 SOHO [small office and… Read More »China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The list of vulnerabilities… Read More »CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
A high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck.… Read More »Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE
Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet… Read More »Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities