Cybersecurity

XRING bug lets attackers crash XQUIC servers with legal traffic

A remote crash vulnerability dubbed XRING affects all versions of Alibaba's XQUIC library, disclosed July 8.The flaw requires only 260 bytes of legitimate QPACK...

npm 12 disables install scripts, phases out 2FA bypass tokens

GitHub released npm version 12 with install scripts disabled by default, making previously automatic behaviors like dependency lifecycle scripts opt-in.Granular Access Tokens (GATs) designed...

New Webinar: Outpace AI Attacks with Zero Trust

AI-powered attacks, like the Mythos model, now execute in minutes what previously took attackers days.Traditional network-based defenses lag behind because they were built for...

RoguePlanet Microsoft Defender Flaw Patched After Month Delay

Microsoft patched a Defender privilege escalation flaw called RoguePlanet, tracked as CVE-2026-50656, nearly a month after public disclosure.The vulnerability, rated 7.8 on the CVSS...

Lurking Lizard uses fake 7-Zip installer to build proxy botnet

Threat actor Lurking Lizard has operated a residential proxy business since August 2022, using over 230 lookalike domains.The group lures victims with trojanized installers...

AI coding agents trigger security alarms by mimicking hackers

AI coding agents like Claude Code, Cursor, and OpenAI Codex are triggering endpoint detection rules designed for human attackers, according to a seven-day Sophos...

Ubiquiti patches critical flaws in UniFi products

Ubiquiti released emergency patches for seven critical vulnerabilities across its UniFi product line, with CVSS scores ranging from 9.0 to 10.0.The flaws affect UniFi...

Chinese APT UAT-7810 Refines Malware for ORB Network

Chinese APT group UAT-7810 is expanding its LapDogs ORB network by compromising networking devices with custom malwareThe group developed new malware variants including LONGLEASH,...

Latest news

Nebius signs initial deals under asset-light AI model

Nebius announced a new strategy allowing outside partners to build and own data centers supporting its AI cloud platform.The...

Korean Investor Stabs YouTuber After Market Losses, Market Crash

A 20-year-old investor allegedly stabbed a YouTube stock adviser in Busan after suffering major losses from following his recommendations.The...

AMLA warns MiCA migration may strain EU crypto compliance

The MiCA transitional period ended July 1, forcing all crypto firms serving EU customers to obtain licenses or wind...