SecOps News

Get this as an RSS feed

  • Axios npm hack used fake Teams error fix to hijack maintainer account (3 hours ago)
  • Device code phishing attacks surge 37x as new kits spread online (9 hours ago)
  • Netflix, Meta, and IBM speakers: AI will make anyone a 10x programmer, but with 10x the cleanup (10 hours ago)
  • European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack (13 hours ago)
  • PrismML debuts energy-sipping 1-bit LLM in bid to free AI from the cloud (15 hours ago)
  • Crunchyroll - 1,195,684 breached accounts (19 hours ago)
  • SongTrivia2 - 291,739 breached accounts (22 hours ago)
  • Trump wants to take a battle axe to CISA again and slash $707M from budget (1 days ago)
  • Netflix - yes Netflix - jumps on the AI bandwagon with video editor (1 days ago)
  • LinkedIn secretly scans for 6,000+ Chrome extensions, collects data (1 days ago)
  • Hims & Hers warns of data breach after Zendesk support ticket breach (1 days ago)
  • China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing (1 days ago)
  • NHS staff resist using Palantir software (1 days ago)
  • Die Linke German political party confirms data stolen by Qilin ransomware (1 days ago)
  • Hybrid work, expanded risk: what needs to change (1 days ago)
  • Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers (1 days ago)
  • Evolution of Ransomware: Multi-Extortion Ransomware Attacks (1 days ago)
  • TrueConf Zero-Day Exploited in Asian Government Attacks (1 days ago)
  • In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware (1 days ago)
  • Critical ShareFile Flaws Lead to Unauthenticated RCE (1 days ago)
  • Microsoft still working to fix Exchange Online mailbox access issues (1 days ago)
  • UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack (1 days ago)
  • Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture (1 days ago)
  • Mobile Attack Surface Expands as Enterprises Lose Control (1 days ago)
  • React2Shell Exploited in Large-Scale Credential Harvesting Campaign (1 days ago)
  • T-Mobile Sets the Record Straight on Latest Data Breach Filing (1 days ago)
  • North Korean Hackers Drain $285 Million From Drift in 10 Seconds (1 days ago)
  • Nigerian romance scammer jailed after being caught out by fellow fraudster (1 days ago)
  • New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images (1 days ago)
  • Man admits to locking thousands of Windows devices in extortion plot (1 days ago)
  • Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK (1 days ago)
  • Microsoft now force upgrades unmanaged Windows 11 24H2 PCs (1 days ago)
  • CERT-EU: European Commission hack exposes data of 30 EU entities (1 days ago)
  • SEC Consult SA-20260401-0 :: Broken Access Control in Open WebUI (1 days ago)
  • SEC Consult SA-20260326-0 :: Local Privilege Escalation in Vienna Assistant (MacOS) - Vienna Symphonic Library (1 days ago)
  • Apple OHTTP Relay: 14 Third-Party Endpoints, 6 Countries, Zero User Visibility (1 days ago)
  • [KIS-2026-06] MetInfo CMS <= 8.1 (weixinreply.class.php) PHP Code Injection Vulnerability (1 days ago)
  • [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability (1 days ago)
  • AI models will deceive you to save their own kind (2 days ago)
  • Disruption with some GitHub services (2 days ago)
  • Google battles Chinese open-weights models with Gemma 4 (2 days ago)
  • Claude Code leak used to push infostealer malware on GitHub (2 days ago)
  • Microsoft shivs OpenAI with three new AI models for speech and images (2 days ago)
  • Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials (2 days ago)
  • Drift loses $280 million as North Korean hackers seize Security Council powers (2 days ago)
  • Critical Vulnerability in Claude Code Emerges Days After Source Leak (2 days ago)
  • They thought they were downloading Claude Code source. They got a nasty dose of malware instead (2 days ago)
  • They thought they were downloading Claude Code source. They got a nasty dose of malware instead (2 days ago)
  • Even Microsoft knows Copilot shouldn’t be trusted with anything important (2 days ago)
  • Copilot Coding Agent failing to start some jobs (2 days ago)
  • Apple Rolls Out DarkSword Exploit Protection to More Devices (2 days ago)
  • Forking frenzy ensues after Euro-Office launch sparks OnlyOffice backlash (2 days ago)
  • Artemis II astronaut: ‘I have two Microsoft Outlooks, and neither one of those are working’ (2 days ago)
  • Residential proxies evaded IP reputation checks in 78% of 4B sessions (2 days ago)
  • Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise (2 days ago)
  • Cloudflare previews ‘EmDash’ – an AI-driven rebuild of WordPress in TypeScript (2 days ago)
  • Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime (2 days ago)
  • New Progress ShareFile flaws can be chained in pre-auth RCE attacks (2 days ago)
  • Microsoft veteran says some ‘broken by update’ PCs were already doomed (2 days ago)
  • Bringing in the experts; Having our Passkeys implementation Security Tested (2 days ago)
  • ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories (2 days ago)
  • Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners (2 days ago)
  • The State of Trusted Open Source Report (2 days ago)
  • WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action (2 days ago)
  • SystemRescue 13 lands with Linux 6.18 and bcachefs support (2 days ago)
  • The company’s biggest security hole lived in the breakroom (2 days ago)
  • Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit (2 days ago)
  • AI recruiting biz Mercor says it was ‘one of thousands’ hit in LiteLLM supply-chain attack (3 days ago)
  • Disruption with GitHub’s code search (3 days ago)
  • Smashing Security podcast #461: This man hid $400 million in a fishing rod. Then it vanished (3 days ago)
  • Google’s TurboQuant saves memory, but won’t save us from DRAM-pricing hell (3 days ago)
  • Claude Code bypasses safety rule if given too many commands (3 days ago)
  • Amazon security boss: AI makes pentesting 40% more efficient (3 days ago)
  • OpenAI gets $122B to ‘just build things’ as the world blows them up (3 days ago)
  • GitHub audit logs are unavailable (3 days ago)
  • CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails (3 days ago)
  • Ruby Central report reopens wounds over RubyGems repo takeover (3 days ago)
  • ‘People’s Panel’ to check if UK wants controversial Digital ID will cost £630K (3 days ago)
  • Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass (3 days ago)
  • Block the Prompt, Not the Work: The End of “Doctor No” (3 days ago)
  • Incident with Copilot (3 days ago)
  • Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures (3 days ago)
  • New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released (3 days ago)
  • One in seven Americans are ready for an AI boss, but they might not trust it (3 days ago)
  • 3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming) (3 days ago)
  • Alleged RedLine malware developer extradited to United States (3 days ago)
  • UK manufacturers under cyber fire with 80% reporting attacks (3 days ago)
  • Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069 (3 days ago)
  • Claude Code source leak reveals how much info Anthropic can hoover up about you and your system (3 days ago)
  • SUCCESS - 253,510 breached accounts (3 days ago)
  • Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms (3 days ago)
  • Incident with Pull Requests: High percentage of 500s (4 days ago)
  • Don’t open that WhatsApp message, Microsoft warns (4 days ago)
  • Gmail celebrates 22 years by finally letting users change their addresses (4 days ago)
  • Iran targets M365 accounts with password-spraying attacks (4 days ago)
  • Android Developer Verification Rollout Begins Ahead of September Enforcement (4 days ago)
  • Oracle cuts jobs across sales, engineering, security (4 days ago)
  • Anthropic goes nude, exposes Claude Code source by accident (4 days ago)
  • Leaked memo suggests Red Hat’s chugging the AI Kool-Aid (4 days ago)
  • TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks (4 days ago)
  • EDB Postgres AI for WarehousePG: Reclaiming control of the enterprise data warehouse (4 days ago)
  • Issues with metered billing report generation (4 days ago)
  • Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts (4 days ago)
  • The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority (4 days ago)
  • Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines (4 days ago)
  • Iranian hackers breach FBI director’s personal email, and post his CV and photos online (4 days ago)
  • Cuties AI - 144,250 breached accounts (4 days ago)
  • Weekly Update 497 (4 days ago)
  • OpenAI patches ChatGPT flaw that smuggled data over DNS (5 days ago)
  • HIBP Mega Update: Passkeys, k-Anonymity Searches, Massive Speed Enhancements and a Bulk Domain Verification API (5 days ago)
  • Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach (5 days ago)
  • Are Cookies Personal Data under the GDPR? A Guide to Cookie Compliance (5 days ago)
  • Citrix NetScaler bug exploited in days, may be multiple flaws in a trench coat (5 days ago)
  • How Long Does a Penetration Test Take? (5 days ago)
  • Elevated delays in Actions workflow runs and Pull Request status updates (5 days ago)
  • European Commission admits attackers broke into public web systems, but says little else (5 days ago)
  • Launching Passkeys support on Report URI! 🗝️ (5 days ago)
  • Security contractor blew the whistle on support crew’s viral indifference (5 days ago)
  • US foreign router ban criticized for being ‘industrial policy disguised as cybersecurity’ (5 days ago)
  • APPLE-SA-03-24-2026-10 Xcode 26.4 (6 days ago)
  • APPLE-SA-03-24-2026-9 Safari 26.4 (6 days ago)
  • APPLE-SA-03-24-2026-8 visionOS 26.4 (6 days ago)
  • APPLE-SA-03-24-2026-7 watchOS 26.4 (6 days ago)
  • APPLE-SA-03-24-2026-6 tvOS 26.4 (6 days ago)
  • APPLE-SA-03-24-2026-5 macOS Sonoma 14.8.5 (6 days ago)
  • APPLE-SA-03-24-2026-4 macOS Sequoia 15.7.5 (6 days ago)
  • APPLE-SA-03-24-2026-3 macOS Tahoe 26.4 (6 days ago)
  • APPLE-SA-03-24-2026-2 iOS 18.7.7 and iPadOS 18.7.7 (6 days ago)
  • APPLE-SA-03-24-2026-1 iOS 26.4 and iPadOS 26.4 (6 days ago)
  • AFC Ajax drops ball as flaws let hackers play admin with tickets and bans (8 days ago)
  • Iran war drives urgent need to counter underwater attack drones (8 days ago)
  • Security boffins scoured the web and found hundreds of valid API keys (8 days ago)
  • Incident with Copilot (8 days ago)
  • BreachForums Version 5 - 339,778 breached accounts (8 days ago)
  • World Leaks data extortion: What you need to know (9 days ago)
  • Cyber Security for Companies: The Essential Guide to Getting Secure in 2026 (9 days ago)
  • When Trusted Tools Become the Attack Vector: What the Trivy and LiteLLM Attacks Mean for You (9 days ago)
  • Brit lawmaker targeted by AI deepfake fails to get answers from US Big Tech (9 days ago)
  • Smashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfie (9 days ago)
  • UK wants to know if banning under-16s from social media does anything useful (9 days ago)
  • Scuf Gaming - 128,683 breached accounts (9 days ago)
  • Indian government probes CCTV espionage operation linked to Pakistan (9 days ago)
  • Sound Radix - 292,993 breached accounts (10 days ago)
  • AI supply chain attacks don’t even require malware…just post poisoned documentation (10 days ago)
  • Scammers have virtual smartphones on speed dial for fraud (10 days ago)
  • The Socio-Technical Playbook: Practical Patterns for Security Culture (10 days ago)
  • The Complete Guide to Conducting a GDPR and Data Protection Audit (10 days ago)
  • How one man used 10,000 bots to steal $8,000,000 from music artists (10 days ago)
  • Disruption with some GitHub services (11 days ago)
  • Teams Github Notifications App is down (11 days ago)
  • When “One in a Billion” Happens Every Day: Scaling Redis at Report URI (11 days ago)
  • Weekly Update 496 (11 days ago)
  • RuneScape Boards - 222,762 breached accounts (12 days ago)
  • How Penetration Testing Works (And How Cyber Attacks Really Happen) (12 days ago)
  • ‘CanisterWorm’ Springs Wiper Attack Targeting Iran (12 days ago)
  • Disruption with some GitHub services (13 days ago)
  • Denver’s crosswalks hacked to broadcast anti-Trump messages (15 days ago)
  • LeakNet ransomware: what you need to know (15 days ago)
  • Disruption with Copilot Coding Agent Sessions (15 days ago)
  • Feds Disrupt IoT Botnets Behind Huge DDoS Attacks (15 days ago)
  • Git operations for users in the west coast are experiencing an increase in latency (16 days ago)
  • Issues with Copilot Coding Agent (16 days ago)
  • Disruption with Copilot Coding Agent sessions (16 days ago)
  • Disruption with some GitHub services (16 days ago)
  • Smashing Security podcast #459: This clever scam nearly hijacked a tech CEO’s Apple ID (16 days ago)
  • Webhook delivery is delayed (17 days ago)
  • Leverage our treasure trove of Threat Intelligence data (17 days ago)
  • Aura - 903,080 breached accounts (17 days ago)
  • CCTV and Data Protection: A Practical Guide for Businesses (18 days ago)
  • Weekly Update 495 (18 days ago)
  • Free parking in Russia after Distributed Denial-of-Service attack knocks city’s parking system offline (19 days ago)
  • Errors starting and connecting to Codespaces (19 days ago)
  • Divine Skins - 105,814 breached accounts (20 days ago)
  • Baydöner - 1,266,822 breached accounts (20 days ago)
  • Degraded performance for various services (22 days ago)
  • Degraded Codespaces experience (23 days ago)
  • Fraudsters are using public planning records to target permit applicants (23 days ago)
  • Your Signal account is safe – unless you fall for this trick (23 days ago)
  • Actions failures to download (401 Unauthorized) (23 days ago)
  • Disruption with some GitHub services (23 days ago)
  • Smashing Security podcast #458: How not to steal $46 million from the US government (23 days ago)
  • Cyber Security for Schools: A Simple Guide to Staying Safe Online (24 days ago)
  • Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker (24 days ago)
  • Degraded experience with Copilot Code Review (24 days ago)
  • Incident with API Requests (24 days ago)
  • Microsoft Patch Tuesday, March 2026 Edition (24 days ago)
  • Twitter suspended 800 million accounts last year – so why does manipulation remain so rampant? (25 days ago)
  • XSS Ranked #1 Top Threat of 2025 by MITRE and CISA (25 days ago)
  • Weekly Update 494 (25 days ago)
  • How AI Assistants are Moving the Security Goalposts (27 days ago)
  • How hackers bypassed MFA with a $120 phishing kit – until a global takedown shut it down (29 days ago)