Midday – Authorization Bypass
Midday - Authorization Bypass On midday, the 'updateMember' tRPC mutation allows any authenticated team member to modify the role of any other member within...
UK government lacks ambition to fight tax fraud, says PAC
The Public Accounts Committee says the UK government has dropped the ball on the use of data analytics to tackle tax fraud and error,...
Almost half a million Lloyds customers had personal data exposed in IT glitch
Letter from group published by MPs blames 12 March glitch on software update to its mobile banking appsLloyds Banking Group exposed the personal data...
Lloyds admits coding fault exposed customer transactions
The bank has responded to the Treasury Committee’s request for information on a major data breach in its banking app - Read more
BreachForums Version 5 – 339,778 breached accounts
In March 2026, a breach of one of the many iterations of the BreachForums hacking forum known as "Version 5" was publicly disclosed. The...
Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8561
A look at how Kubernetes CVE-2020-8561 works - Read more
Preparing for agentic AI: A financial services approach
Deploying agentic AI in financial services requires additional security controls that address AI-specific risks. This post walks you through comprehensive observability and...
TP-Link, Canva, HikVision vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a vulnerability in HikVision, as well as 10 in TP-Link, and 19 in Canva.The vulnerabilities...
Millions of UK iPhone Users Will Need to Verify Their Age — Here’s Why
Apple’s latest iOS update adds some new features and fixes several bugs — but it also introduces mandatory age verification for users in the...
A puppet made me cry and all I got was this t-shirt
Welcome to this week’s edition of the Threat Source newsletter. Anyone who spoke with me in the last several weeks has had to deal with me loudly waiting in anticipation for the long-awaited “Project...
Latest article
Security posture improvement in the AI era
It’s only been a few weeks since Anthropic announced the Claude Mythos Preview model and launched Project Glasswing with AWS and other...
Metasploit Wrap-Up 05/01/2026
MCP serverThis release our very own cdelafuente-r7 finished implementing the Metasploit MCP Server (msfmcpd), bringing Model Context Protocol support to Metasploit Framework. MCP lets AI applications...
Windows shell spoofing vulnerability puts sensitive data at risk
Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) have sounded the alarm about a Windows shell spoofing vulnerability...
Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations
Torrance, United States / California, May 1st, 2026, CyberNewswire Criminal IP partners with Securonix to integrate Criminal IP’s Threat Intelligence into ThreatQ, allowing organizations...
