Shai-Hulud Goes Open Source
A static analysis of the open-sourced Shai-Hulud offensive framework attributed to TeamPCP, covering its credential harvesting, supply chain poisoning, and exfiltration capabilities. -...
The Elasticsearch Agent Builder Hackathon
The Elasticsearch Agent Builder Hackathon showed AI agents built with Elastic tools to solve real-world problems. Winners include PHAROS (drug safety in <60s), Gauntlet...
AWS Security Agent full repository code scanning feature now available in preview
Today, we’re excited to announce the preview release of full repository code review, a new capability in AWS Security Agent that performs deep, context-aware...
Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities
By Jaeson Schultz Microsoft has released its monthly security update for May 2026, which includes 137 vulnerabilities affecting a range of products, including 31 that Microsoft marked as “critical”. In this month's...
Enabling AI sovereignty on AWS
Cloud and AI are transforming industries and societies at unprecedented speed, from accelerating research and enhancing customer experiences to optimizing business processes and enriching...
ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
View CSAF
Summary
ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves publicly reported...
State-sponsored actors, better known as the friends you don’t want
State-sponsored actors don't break in. They log in, and they use your own tools to stay invisible for months.Responding to a state-sponsored threat is nothing like responding to...
Hardcoded Encryption Key Used for VPN Saved Passwords
CVSSv3 Score: 2.1
A Missing Authorization in FortiClient Windows may allow an authenticated local attacker to decrypt a currently logged...
Incorrect global authorization
CVSSv3 Score: 9.1
A missing authorization vulnerability in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow an unauthenticated...
Arbitrary log file read in administrative interface
CVSSv3 Score: 4.0
An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in FortiDeceptor WEB UI may...
Latest article
GreatXML zero-day BitLocker bypass doesn’t seem to work, yet
A disgruntled researcher who has been publishing zero-day Microsoft Windows vulnerabilities for the past several months released a new exploit...
New Windows Zero-Day Claims BitLocker Bypass Amid Microsoft Disclosure Fight
A new Windows zero-day reportedly bypasses BitLocker, adding pressure on Microsoft as researchers debate the exploit’s real-world impact.
The post New Windows Zero-Day Claims BitLocker...
Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks
One of the most persistent hacking groups in the world has found a new way to stay hidden. The threat actor known as...
Ransomware Payment Crypto Laundering Platform Taken Out by FBI and Europol
Domain of dark web money laundering platform AudiA6 seized and suspects arrested in joint operation by the FBI, Europol and others - Read...
