The aviation and aerospace sector has become one of the most actively targeted industries by ransomware operators and data extortion groups in 2025 and 2026. From passenger-processing platforms to satellite-dependent navigation systems, attackers are finding that disrupting even a single vendor in t Source: Cybersecurity News
Containing fixes for critical-severity vulnerabilities, the monthly rollouts will focus on addressing priority issues faster. The post Oracle Debuts Monthly Critical Security Patch Updates appeared first on SecurityWeek. Source: Security Week
Researchers at cybersecurity firm ESET attributed the campaign to APT37 and said the hackers used a backdoor attached to a suite of card games from a company called Sqgame. Source: The Record
It is always a bit jarring when the "digital locksmiths" are the ones getting their locks picked. Cybersecurity firm Trellix on Saturday confirmed it suffered a breach involving its internal source code repositories, proving that even the defenders aren't immune to the threats they fight. The Incide Source: The Cyber Express
A Canvas cybersecurity incident has disrupted services at Instructure, the company behind the widely used Canvas platform, raising concerns among educational institutions over potential data exposure and service interruptions. The Canvas cybersecurity incident first came to light late Friday, when I Source: The Cyber Express
Attackers have found a way to intercept SMS-based one-time passwords from a victim's mobile device without deploying a single line of malware on the phone itself. Instead, they go through the Windows PC the phone is already connected to. Researchers documented an active intrusion campaign active sin Source: The Cyber Express
Qualcomm Technologies has released a critical security bulletin addressing multiple severe vulnerabilities in its proprietary and open-source software. These security updates are essential for protecting devices from severe flaws that threaten a vast ecosystem of hardware powered by Snapdragon proce Source: Cybersecurity News
A critical unauthenticated remote code execution vulnerability in the Weaver E-cology platform is currently being actively exploited in the wild. CVE-2026-22679 carries a maximum CVSS score of 9.8 and affects Weaver E-cology 10.0 builds released before 20260312. The security flaw exists in an expose Source: Cybersecurity News
Cisco has announced its intent to acquire Astrix Security Ltd., an industry leader in Non-Human Identity (NHI) security. This strategic acquisition aims to protect enterprise environments from the expanding attack surface created by the rapid deployment of AI agents. The modern workplace is undergoi Source: Cybersecurity News
GnuTLS version 3.8.13 has been officially released to patch a dozen security vulnerabilities, including critical flaws affecting secure network communications. The update is highly recommended for all systems using GnuTLS, as it addresses memory corruption, authentication bypasses, and certificate v Source: Cybersecurity News
Robust defense systems are built on a clear understanding of current threats and the ability to translate it into consistent decisions and measurable outcomes at optimal cost. High-performing SOCs achieve this by eliminating unnecessary work and operationalizing threat data. At the core of this mod Source: Cybersecurity News
Dubbed Bleeding Llama, the heap out-of-bounds read issue can be exploited remotely, without authentication. The post Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft appeared first on SecurityWeek. Source: Security Week
Deniss Zolotarjovs pleaded guilty in July 2025 to money laundering and wire fraud charges after being arrested in the country of Georgia. Source: The Record
Critical vulnerabilities can exist in open source software your scanners don't check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you can receive a free end-of-life scan for your projects. […] Source: BleepingComputer
A 23-year-old university student in Taiwan was arrested for interfering with the TETRA communication system used by the country's high-speed railway network (THSR). […] Source: BleepingComputer
A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky. "These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital certificates belonging t Source: The Hacker News
The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE). The vulnerability, tracked as CVE-2026-23918 (CVSS score: 8.8), has been des Source: The Hacker News
The seat of policy — bringing together MeitY, NIC, CERT-In, DSCI and leading Delhi-NCR universities for a dialogue that anchors industry insights into … Source: Techobserver
Tracking Advanced Persistent Threat (APT) groups has never been a simple task. For years, security organizations have relied on identifying consistent behaviors, tools, and infrastructure to pin activity to a known threat actor. But that approach is showing serious cracks, as APT groups are not the Source: Cybersecurity News
Threat actors are increasingly turning to Amazon’s own cloud email infrastructure to deliver phishing messages that look completely genuine, passing every standard security check along the way. Phishing has always been about deception. Attackers craft emails designed to look real, hoping recipients Source: Cybersecurity News