OpenAI on Friday released three versions of GPT-5.6, called Sol, Terra, and Luna, as a limited preview to a small number of companies as part of an ongoing engagement with… Read More »OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards
An active phishing campaign has been targeting hotel and other hospitality organizations across Europe and Asia since April 2026, using photo-themed ZIP files to drop a Node.js implant and dig… Read More »Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant
Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm… Read More »Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
AI agents are moving through enterprise environments, inheriting permissions, traversing systems, and executing decisions at machine speed with minimal oversight. The identity infrastructure built to govern human access wasn’t designed… Read More »Guardian Agents: The Next Layer of Identity Governance
DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration for this… Read More »New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management (PDM) and… Read More »CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer’s cloud credentials. The path was short: a developer opens the repo, trusts the… Read More »Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs
A flaw in the Linux kernel’s traffic-control subsystem can let a local unprivileged user gain root on affected systems. CVE-2026-46331, nicknamed “pedit COW,” is an out-of-bounds write in the packet-editing… Read More »New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries
A Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks aimed at government entities and critical infrastructure in… Read More »Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign
A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts.… Read More »New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks