GPT-5.6 gets better at cybersecurity
OpenAI has started rolling out the GPT-5.6 series models in limited preview to a small group of trusted partners through the API and Codex. The series includes Sol as the …
DarkMoon: Open-source AI pentesting platform
Penetration testing has long run on expert time, with specialists spending days probing a network or web application by hand. Manual engagements stretch across weeks, expert …
Sycophantic chatbots and the harms that build over many chats
People use AI chatbots for company, advice, and emotional support, and these systems answer in ways meant to hold their attention. Researchers describe the resulting risks as …
Companies keep bolting AI onto their products, and the security bill is coming due
Companies keep bolting AI and LLM features onto their products, and the security results are starting to show a pattern. The vulnerabilities those features create get rated …
Most teams accept higher risk for faster AI database work
Database professionals are using AI for everyday work like writing queries, building schemas, and reviewing code, and a growing share rely on autonomous tools that act on the …
Week in review: Fortibleed campaign’s impact on orgs, Cisco Unified CM flaw exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Encrypted DNS still tells an eavesdropper where to look Encrypted DNS runs …
Critical open-source projects get a new security framework
Open source software projects are getting a new framework for handling security vulnerabilities as AI shortens the time between flaw discovery and exploitation. The Linux …
Synology issues critical fix for MailPlus Server vulnerabilities
Synology has has fixed critical vulnerabilities in MailPlus Server, a software package used to run private email infrastructure on Synology NAS devices. The security update …
Ransomware gangs find Europe’s weakest link in third-party suppliers
Ransomware attacks against European organizations increased during the first months of 2026, with third-party suppliers becoming a major entry point for attackers. Black Kite …
Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials
Mirage2FA, a phishing kit that combines short-lived HTML smuggling with obfuscated JavaScript loaders to deliver fake Microsoft 365 login pages and steal credentials during …
Mystery hackers use novel SharkLoader dropper against governments, software devs
Kaspersky researchers have uncovered a previously unknown cyberattack campaign that has compromised government organizations and software development companies in multiple …
SIM-swapping gang busted in international police operation
Officers from Poland’s Central Bureau for Combating Cybercrime (CBZC) arrested four suspected members of an organized cybercrime group accused of SIM swap attacks, …
Featured news
Resources
Don't miss
- DarkMoon: Open-source AI pentesting platform
- Sycophantic chatbots and the harms that build over many chats
- Companies keep bolting AI onto their products, and the security bill is coming due
- Synology issues critical fix for MailPlus Server vulnerabilities
- Mystery hackers use novel SharkLoader dropper against governments, software devs