HEIDI: Free IDE security plugin for open-source vulnerability checks
Open-source dependencies make up a large percentage of the code in production applications, and most vulnerability checks still run late in the pipeline, inside CI/CD systems …
The hidden smart fridge risks that emerge years after purchase
Household refrigerators are built to last more than a decade. The software, cloud services, and mobile apps that control them are not. A new analysis from Erik Buchmann at …
Cybersecurity jobs available right now: May 12, 2026
Application Security Engineer Total Quality Logistics | USA | On-site – No longer accepting applications As an Application Security Engineer, you will design, implement, …
iOS 26.5 is out, bringing encrypted RCS messaging to iPhone and Android users
Apple is bringing long-awaited end-to-end encryption to Rich Communication Services (RCS) messaging between iPhone and Android users in iOS 26.5. The feature is launching in …
Poor security left hackers inside water company network for nearly two years
The UK’s data protection regulator, the Information Commissioner’s Office (ICO), fined South Staffordshire Water’s parent company £963,900 over security failures linked to a …
Google researchers uncover criminal zero-day exploit likely built with AI
Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source …
Linux developers weigh emergency “killswitch” for vulnerable kernel functions
Linux kernel developers are reviewing a proposal for an emergency risk mitigation mechanism (“Killswitch”) that would allow administrators to disable vulnerable …
Police take down relaunched criminal marketplace with 22,000 users, €3.6 million in revenue
German authorities shut down a relaunched version of the criminal marketplace Crimenetwork and arrested its suspected operator. The domain seizure notice (Source: BKA) A …
Instagram messaging encryption removed, and privacy advocates are pushing back
After introducing optional end-to-end encrypted messaging in 2023, Instagram announced in March 2026 that encryption for direct messages would be discontinued, and the feature …
The scam economy has found its AI upgrade
Scam attempts continue to reach consumers via email, text messages, social media, online advertising, and phone calls. The volume of exposure has remained stable over the past …
Rustinel: Open-source endpoint detection for Windows and Linux
Open-source endpoint detection has long been split between Windows-focused tools built around Sysmon and Linux tools built around eBPF or auditd. Defenders running mixed …
Review: Foundations of Cybersecurity, 2nd edition
Jason Andress has refreshed his introductory security text for No Starch Press. He writes in the introduction that the term security now extends past data center servers to …
Featured news
Resources
Don't miss
- This AI model backdoor attack stays hidden until you customize the model
- Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089)
- How NIST fumbled management of the National Vulnerability Database
- Hackers are exploiting Palo Alto GlobalProtect VPN authentication bypass (CVE-2026-0257)
- NVIDIA goes open source with a big batch of physical AI agent tools