Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin
Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. [...]
Aggregator
Instructure Pays ShinyHunters Ransom to Little Likely Return
1 month ago
Hackers Constantly Break 'Confirmation of Data Destruction' Promises
When a business that stores children's personal data gets hit by data-leaking extortionists, what should it do? For Instructure, which develops online learning platform Canvas, the answer was to pay a ransom, and tell victims, straight-faced, to have "digital confirmation of data destruction."
When a business that stores children's personal data gets hit by data-leaking extortionists, what should it do? For Instructure, which develops online learning platform Canvas, the answer was to pay a ransom, and tell victims, straight-faced, to have "digital confirmation of data destruction."
The AI Trust Gap: How to Ensure Your Security Stack is Ready for Autonomous Agents
1 month ago
Webinar | Inside FortiSASE Sovereign: Architecting Private, Compliant SASE at Scale
1 month ago
Cisco CEO Robbins Ties AI Push to Unpatchable Tech Risk
1 month ago
Chuck Robbins Warns Customers Face Growing Exposure From Equipment Past Support
Cisco is embedding Anthropic's Claude Mythos Preview into internal security operations to test code, accelerate patching and push infrastructure upgrades, even as it lays off 4,000 employees to redirect spending toward AI, silicon, optics and security.
Cisco is embedding Anthropic's Claude Mythos Preview into internal security operations to test code, accelerate patching and push infrastructure upgrades, even as it lays off 4,000 employees to redirect spending toward AI, silicon, optics and security.
Cryptohack Roundup: Banking Trojan Targets Crypto Firms
1 month ago
Also: Indictments in Theft Case, KelpDAO Restarts Operations
This week, banking Trojan TCLBanker targeted crypto platforms, three people indicted in a violent digital assets-related robbery, Kelp DAO restarted services after the $292 million hack and the U.S. Department of the Treasury tightened oversight of Binance.
This week, banking Trojan TCLBanker targeted crypto platforms, three people indicted in a violent digital assets-related robbery, Kelp DAO restarted services after the $292 million hack and the U.S. Department of the Treasury tightened oversight of Binance.
Understanding the Hidden Cost of Faster Payments
1 month ago
As Regulators Tighten Liability Rules, Banks Face Pressure to Justify Fraud Losses
So far, banks have managed to strike a balance between fraud prevention and customer convenience, often accepting a certain level of loss rather than introducing controls that could slow payments, increase false declines or drive customers to competitors.
So far, banks have managed to strike a balance between fraud prevention and customer convenience, often accepting a certain level of loss rather than introducing controls that could slow payments, increase false declines or drive customers to competitors.
ECB: AI Means European Banks Must Hasten Cybersecurity Pace
1 month ago
France's Mistral Makes Digital Sovereignty Case for a European Mythos
The European Central Bank added to mounting warnings sent to financial institutions that they must urgently act to protect their systems from artificial intelligence-enabled cyberattacks. British experts warned that gains in AI models' cyber capabilities appear to be accelerating.
The European Central Bank added to mounting warnings sent to financial institutions that they must urgently act to protect their systems from artificial intelligence-enabled cyberattacks. British experts warned that gains in AI models' cyber capabilities appear to be accelerating.
SecurityScorecard Snags Driftnet to Level Up Threat Intelligence
1 month ago
The acquisition looks to boost visibility into third-party ecosystems, which are becoming a bigger concern as vectors for supply chain attacks.
Arielle Waldman
Pentagon cyber official calls advanced AI ‘revolutionary warfare’
1 month ago
Paul Lyons, principal deputy assistant secretary for cyber policy, also discussed the importance of cyber offense.
The post Pentagon cyber official calls advanced AI ‘revolutionary warfare’ appeared first on CyberScoop.
Tim Starks
OpenAI asks macOS users to update after TanStack npm supply chain attack
1 month ago
The actions are being taken in light of an expanding supply chain campaign impacting the popular open-source library TanStack and additional npm and PyPI packages tied to several AI companies.
Maximum Severity Cisco SD-WAN Bug Exploited in the Wild
1 month ago
This is the second time this year a threat actor has leveraged a CVSS 10.0 vulnerability in Cisco's network control system.
Nate Nelson
CVE-2026-20182: Critical Cisco SD-WAN Auth Bypass Under Active Exploitation
1 month ago
Cisco has disclosed and patched CVE-2026-20182, a maximum-severity authentication bypass affecting Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager.
Dark Web Informer
White House cyber official: identity security matters more than ever in the age of AI
1 month ago
While AI tools present unique cybersecurity threats, they still rely on poor identity security by organizations to do the most damage, a White House official said Thursday.
The post White House cyber official: identity security matters more than ever in the age of AI appeared first on CyberScoop.
djohnson
Sandworm Hackers Pivot From Compromised IT Systems Toward Critical OT Assets
1 month ago
A Russian state-sponsored hacking group known as Sandworm has been caught making a calculated pivot from compromised IT networks into operational technology systems that control physical infrastructure. The campaign is alarming because it does not rely on cutting-edge exploits. Instead, Sandworm walks through doors that were already left open, turning unresolved vulnerabilities into launchpads for […]
The post Sandworm Hackers Pivot From Compromised IT Systems Toward Critical OT Assets appeared first on Cyber Security News.
Tushar Subhra Dutta
Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
1 month ago
Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks that allowed attackers to gain administrative privileges on compromised devices. [...]
Lawrence Abrams
Tenable security advisory (AV26-472)
1 month ago
Canadian Centre for Cyber Security
Chinese APT Hackers Exploit Microsoft Exchange to Breach Energy Sector Network
1 month ago
A Chinese state-linked hacking group known as FamousSparrow has quietly infiltrated an Azerbaijani oil and gas company, exploiting an unpatched Microsoft Exchange server to plant multiple backdoors inside the network. The attack ran from late December 2025 through late February 2026 and stands as one of the most detailed Chinese APT intrusions targeting energy infrastructure […]
The post Chinese APT Hackers Exploit Microsoft Exchange to Breach Energy Sector Network appeared first on Cyber Security News.
Tushar Subhra Dutta
INC
1 month ago
You must login to view this content
cohenido
Burkina Faso Passport & ID Records Allegedly Leaked: 50K+ Scanned Identity Documents Exposed Online
1 month ago
A threat actor is advertising a massive collection of allegedly leaked Burkina Faso identity documents, claiming the archive contains more than 50,000 scanned passports and national ID cards in original PDF quality.
Dark Web Informer