Dataproof Communications

Exploitation activity targeting vulnerable Citrix NetScaler ADC and Gateway appliances remains persistent and widespread, with FortiGuard Labs telemetry continuously observing attack attempts from global sources probing exposed NetScaler SAML endpoints for vulnerable configurations. Analysis from FortiGuard IPS sensors shows sustained targeting of internet-facing NetScaler deployments configured as SAML Identity Providers (IdP). Attackers continue using malformed authentication requests to exploit...

Version 8.19.16 of the Elastic Stack was released today. We recommend you upgrade to this latest version. We recommend 8.19.16 over the previous versions 8.19.15 The 8.19.16 release contains fixes for potential security vulnerabilities. Please see our security advisory for more details. For details of the issues that have been fixed and a full list of changes for each product in...

CVE-2026-31431 (Copy Fail) lets any unprivileged user corrupt the Linux page cache via AF_ALG sockets to escalate privileges. This post covers the exploit mechanics and how Datadog Security Research used coding agents to ship a detection content pack in a single session. - Read more

CASI Leaderboard, Bias Jailbreak, and Three Coordinated Supply Chain Incidents - Read more

CISOs relying on LLM runtime guardrails and official safety scores when making security decisions about their organizations’ AI usage and model selection are due for a wakeup call. According to a new study from Cisco, frontier models from OpenAI, Anthropic, Google, xAI, and Amazon have significantly worse risk profiles when pressured in multi-turn attacks compared...

Anna Turley gives Reform leader 24 hours to report Russian hacking claim in ‘public and national interest’The Labour chair has given Nigel Farage 24 hours to report to security services the claim that his phone was hacked by Russia-linked actors or the party will do it for him.In a letter to the Reform UK leader, Anna Turley said it...

As the 2026 FIFA World Cup draws closer, cybercriminals are moving fast to cash in on the excitement. Researchers have uncovered a massive fraud operation targeting fans of the world’s biggest football tournament, with over 300 fake domains already live. The operation is sophisticated, well-funded, and built to deceive even cautious users. With billions of dollars at stake,...

Gladinet Triofox Server Agent Multiple Vulnerabilities Multiple vulnerabilities exist in Gladinet Triofox Server Agent 17.1.10488.57063. CVE-2026-8364 - Missing Authentication for Critical Function (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache. An unauthenticated remote attacker can interact with these...

AI coding tool flaws highlight the need for data-layer governance, access controls, encryption, and audit logs for AI agents. The post The Next AI Security Failure May Start With a Trusted Assistant appeared first on TechRepublic. - Read more

Cyber and Fraud Centre has supported community cyber resilience in Scotland to the tune of £3m in its first year operating as a social enterprise. - Read more