Bearlyfy hits Russian firms with custom GenieLocker ransomware
A pro-Ukrainian group, Bearlyfy, has launched over 70 attacks on Russian firms using GenieLocker, a custom ransomware designed for maximum disruption.
Telegram's zero-click scare: A tale of two vulnerabilities
A critical Telegram Desktop flaw was patched a month before a separate, unverified claim caused widespread confusion. We unravel the details of what r
How AI coding tools crushed the endpoint security fortress
A researcher's DEF CON presentation reveals how AI assistants can generate endless polymorphic malware, bypassing traditional signature-based EDR and
FCC enforces ban on high-risk foreign network equipment, citing national security
The FCC is not banning all foreign routers, but enforcing a targeted ban on new equipment from high-risk firms like Huawei and ZTE to mitigate nationa
From Trivy to broad OSS compromise: TeamPCP hits Docker Hub, VS Code, and PyPI
A deep dive into the threat actor TeamPCP, their claims of a broad OSS supply chain compromise, and how to defend your development pipeline.
European Commission investigating breach after Amazon cloud hack
The EU's executive body is investigating a breach of its AWS infrastructure, raising serious questions about cloud security for high-profile governmen
AI in the SOC: what could go wrong?
Two cybersecurity leaders tested AI in their SOCs for six months. Their findings reveal the promise and peril, from AI 'hallucinations' to new skill d
Weekly recap: Telecom sleeper cells, LLM jailbreaks, and Apple's forced U.K. age checks
This week saw quiet but significant moves: state-sponsored threats burrow deeper into telecom networks, AI models face new jailbreaks, and Apple confr
Axios NPM package compromised in targeted supply chain attack
The popular Axios NPM package was briefly compromised in a targeted supply chain attack designed to steal AWS credentials, highlighting ongoing securi
Vertex AI vulnerability exposes Google Cloud data and private artifacts
A security blind spot in Google's Vertex AI lets attackers weaponize AI agents to bypass user permissions and steal sensitive cloud data via misconfig
A weaponized gaze: How Israel allegedly turned Iran's own surveillance cameras into a targeting tool
Iran's vast surveillance network, meant for dissent control, was allegedly compromised by Israel and used in the assassination of a top nuclear scient
BlueDelta’s persistent campaign against UKR.NET
Recorded Future links BlueDelta to a persistent phishing campaign targeting UKR.NET users, with broad espionage implications for Ukraine.











