7 hard truths security pros should know: 2026 DevOps Threats Report
In 2025, trusted Git hosting platforms became a playground for cyber criminals. This is the main conclusion from the latest “DevOps Threat Unwrapped Report 2026” by …
AI shrinks vulnerability exploitation window to hours
Time has become organizations’ biggest vulnerability because the gap between vulnerability discovery and exploitation has narrowed to hours, according to Synack’s 2026 State …
Google researchers uncover criminal zero-day exploit likely built with AI
Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source …
Security teams are turning to AI to survive alert overload
The World Economic Forum white paper “Empowering Defenders: AI for Cybersecurity” identified AI as the biggest driver of change in cybersecurity for 94% of survey respondents. …
Roblox chat moderation gets bypassed by leet speak and code words
Roblox runs an automated chat filter at the scale of billions of messages per day. An independent audit of about two million chat messages from four of the platform’s …
CallPhantom Android scam reached 7.3 million downloads on Google Play
Scams targeting Android users in India and across the Asia-Pacific region have grown around a long-standing curiosity gap: the desire to look up call records tied to a phone …
Phishing can masquerade as emergency alerts for disasters, researchers warn
Emergency alerts for disasters like earthquakes and tsunamis are messages we hope we never see, and we trust them when they arrive. Researchers have shown that this trust can …
North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China
A gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts …
Attackers are handing off access in 22 seconds, Mandiant finds
Exploits remain the leading entry point for attackers for the sixth consecutive year, according to Mandiant’s M-Trends 2026 report, which draws on more than 500,000 …
Agentic attack chains advance as infostealers flood criminal markets
Cybercriminals spent much of 2025 automating their operations, shifting from one-off attacks to systems that can run entire intrusion cycles with minimal human input. Data …
Researchers uncover AI-powered vishing platform
A vishing-as-a-service platform that helps scammers carry out so-called “press 1” scams is misusing text-to-speech (TTS) capabilities provided by AI voice …
That attractive online ad might be a malware trap
Malware increasingly travels through the infrastructure that delivers online advertising. The Media Trust’s Global Report on Digital Trust, Ad Integrity, and the Protection of …
Featured news
Resources
Don't miss
- $20 per zero-day is already the WordPress plugin reality
- Deleted Google API keys keep working for up to 23 minutes, researchers warn
- Meet Fractal, an OS made for microarchitecture reverse engineering
- Microsoft open-sources tools for designing and testing AI agents
- GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise