34+ min ago  (296+ words) From service accounts to AI-driven processes, identity is evolving faster than most security programs can adapt. Discover strategies for reducing risk and regaining control. Live Webinar: May 7, 2026 at 1 PM ET "Register to Attend As organizations adopt cloud services, automation, machine…...

1+ hour, 9+ min ago  (550+ words) Two high-severity issues, tracked as CVE-2026-20034 and CVE-2026-20035, which could lead to server-side request forgery (SSRF) attacks, were resolved in Cisco Unity Connection. Rooted in the insufficient validation of user-supplied input and specific HTTP requests, the flaws could be exploited…...

1+ hour, 54+ min ago  (524+ words) Attackers could inject prompts into a Git Hub issue and take over the AI agent designed to automatically triage the issue. A critical vulnerability in Gemini CLI could have allowed attackers to mount a supply chain attack via indirect prompts…...

4+ hour, 58+ min ago  (762+ words) Dragos has published a report describing how threat actors used Claude AI in an attack on a water and drainage utility in Mexico. Cybersecurity firm Dragos has released a threat intelligence report detailing an intrusion into a municipal water and…...

19+ hour, 22+ min ago  (372+ words) The agency has issued guidance to help critical infrastructure operators prepare for cyberattacks by foreign threat actors. The Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidance warning that US critical infrastructure operators face relentless intrusion attempts from nation-state…...

23+ hour, 34+ min ago  (693+ words) The Iran-linked APT actor Muddy Water has been observed performing an intrusion masquerading as a ransomware attack, Rapid7 reports. As part of the intrusion observed in early 2026, the attackers relied on social engineering for initial access and performed operations typically associated…...

1+ day, 36+ min ago  (551+ words) Gavril Sandu, 53, was indicted in 2017, but was arrested and extradited to the United States only in 2026. A Romanian national was recently extradited to the United States for his role in a cybercrime scheme carried out 17 years ago, the Justice Department…...

1+ day, 2+ hour ago  (620+ words) A recently identified Linux backdoor was designed to steal developer credentials across the software supply chain, Trend Micro warns. Dubbed Quasar Linux (QLNX), the RAT has a modular architecture, uses multiple persistence and detection evasion mechanisms, packs a rootkit, and…...

1+ day, 4+ hour ago  (591+ words) While trojanized Daemon Tools versions were installed worldwide, a sophisticated backdoor was dropped only on a dozen systems. Government, scientific, manufacturing, and retail organizations have been targeted with a sophisticated backdoor in an ongoing supply chain attack involving the Daemon…...

1+ day, 6+ hour ago  (480+ words) Starting this month, Oracle is supplementing the quarterly Critical Patch Update (CPU) fixes with monthly security releases focused on high-priority vulnerabilities. The first monthly Critical Security Patch Update (CSPU) will roll out on May 28, addressing critical-severity vulnerabilities in the company's…...