News & Updates
The latest announcements, product releases, and platform updates.
Coca-Cola Suspends Fairlife Dairy Production After Ransomware Attack
Coca-Cola halts Fairlife dairy operations in the U.S. following a ransomware attack affecting production systems.
Two 'Scattered Spider' Hackers Sentenced for £29 Million TfL Cyberattack
Two hackers, Owen Flowers and Thalha Jubair, have been sentenced to five and a half years for a 2024 cyberattack on Transport for London (TfL).
OpenAI Unveils GPT-Red for Enhanced AI Security
OpenAI introduces GPT-Red, an AI tool to strengthen defenses against cyberattacks, while heat pumps surge in US sales despite tax credit expiration.
SonicWall Warns of Active Exploitation of Two Zero-Day Vulnerabilities in SMA 1000 Series
SonicWall warns of active exploitation of two zero-day vulnerabilities in SMA 1000 series appliances, urging immediate patching.
Microsoft Patches Record 622 Flaws in July Patch Tuesday
Microsoft releases its largest Patch Tuesday ever, fixing 622 vulnerabilities, including two actively exploited zero-day flaws in SharePoint and Active Directory.
Uber's Product Chief on Expansion into Hotels, Robotaxis, and Strategic Focus
Uber's Chief Product Officer Sachin Kansal discusses the company's expansion into hotels, boat rentals, and AI-driven features, while clarifying its strategic focus.
Google and Microsoft Remove ModHeader Extension Over Hidden Data Collection
Google and Microsoft have removed the ModHeader browser extension after researchers discovered a hidden browsing-history collector inside it.
CrashStealer: New macOS Malware Targets Sensitive Data with Sophisticated Techniques
A newly discovered macOS malware, CrashStealer, steals sensitive data, bypasses Gatekeeper, and uses advanced encryption techniques.
Silver Fox Group Deploys New MODBEACON RAT Using gRPC Streaming
The China-linked Silver Fox group has introduced MODBEACON, a new Rust-based remote access trojan using gRPC streaming for encrypted communications.
Unpatched XRING Flaw in XQUIC Allows Remote Server Crashes
A critical flaw in Alibaba's XQUIC library allows remote clients to crash servers with legal HTTP/3 traffic. No patch is available.
Three Critical Vulnerabilities in OpenClaw AI Assistant Patched
OpenClaw AI assistant patched three high-severity flaws enabling credential theft, privilege escalation, and arbitrary code execution.
Laser Attack Resets Tangem Wallet Passwords, Researchers Warn
Researchers demonstrate a laser attack on Tangem crypto wallet cards, allowing attackers to reset passwords and gain control.
Critical Zimbra Flaw Could Allow Arbitrary Code Execution via Crafted Emails
Zimbra warns of a critical stored XSS vulnerability in its Classic Web Client that could lead to arbitrary code execution through crafted emails.
Compromised jscrambler 8.14.0 npm Release Contains Malicious Infostealer
Version 8.14.0 of the jscrambler npm package was released with a malicious preinstall hook that deploys an infostealer targeting developer secrets.
Progress Software Orders Shutdown of ShareFile Servers Amid Security Threat
Progress Software has instructed ShareFile customers to shut down Windows servers running Storage Zone Controllers due to a credible security threat.
Injective Labs GitHub Compromise Exposes Cryptocurrency Wallets to Theft
Unknown threat actors compromised Injective Labs’ GitHub repository, publishing a malicious npm package to steal cryptocurrency wallet keys.
npm 12 Disables Install Scripts by Default, Deprecates Granular Access Tokens
GitHub releases npm 12 with install scripts disabled by default and deprecates granular access tokens to enhance security.
OpenAI Launches GPT-5.6 and ChatGPT Work After Government Approval
OpenAI's GPT-5.6 and ChatGPT Work are now publicly available after receiving government approval, aiming to set new standards in AI capabilities.
GhostApproval Flaw in AI Coding Assistants Puts Developers at Risk
Researchers at Wiz uncover a symlink flaw in popular AI coding assistants that could allow attackers to take control of a developer's computer.
OnlyFans Creators' DMCA Requests Expose Hacked Government Websites
Adult content creators' DMCA takedown requests inadvertently reveal widespread hacking of government and university websites.
AI Coding Agents Trigger False Alarms in Cybersecurity Systems
AI coding agents like Claude Code and OpenAI Codex are triggering cybersecurity alarms by mimicking attacker behaviors during routine tasks.
Open Source Collaboration Surges in Q1 2026, Driven by Global Growth and Platform Improvements
Open source collaboration on GitHub saw a 16% quarter-over-quarter growth in Q1 2026, with significant contributions from emerging economies like Syria.
Google Disrupts NetNut Residential Proxy Network in Collaboration with FBI
Google and the FBI have disrupted NetNut, a massive residential proxy network, reducing its pool of usable devices by millions.
U.S. Government Entity Paid $1 Million to Prevent Data Leak by Kairos Group
A U.S. government entity paid $1 million to the Kairos group to prevent stolen files from being leaked, raising questions about the nature of the attack.
North Korean Hackers Publish 108 Malicious Packages in Ongoing Campaign
North Korean hackers linked to the Contagious Interview campaign have published 108 malicious packages and extensions across npm, Packagist, Go, and Chrome.
EU Politician Investigating Pegasus Spyware Hacked by the Same Tool
Greek politician Stelios Kouloglou, a member of the EU's PEGA Committee investigating Pegasus spyware, was himself hacked by the same tool.
Unpatched Flaws in FatFs Filesystem Library Pose Risks to Millions of Devices
Security firm runZero discloses seven vulnerabilities in FatFs, a widely used filesystem library, impacting devices like security cameras, drones, and crypto wallets.
New 'Bad Epoll' Linux Kernel Flaw Allows Full System Takeover
A critical Linux kernel flaw, 'Bad Epoll,' enables attackers to gain root access on affected systems, including desktops, servers, and Android devices.
Former EU Parliament Member Targeted with Pegasus Spyware
A report reveals former EU Parliament member Stelios Kouloglou's phone was hacked with Pegasus spyware while investigating its misuse.
North Korea-Linked Malicious npm Packages Mimic Rollup Polyfill Tools
North Korea-linked threat actors have uploaded malicious npm packages masquerading as Rollup polyfill tools to steal data and enable remote access.