Dataproof Communications

An amendment to the Cyber Security and Resilience Bill proposes giving the government a ‘kill switch’ to close datacentres hosting AI if they pose a critical threat to UK infrastructure or national security - Read more

By Cobi Aloia, Cofense Phishing Defense CenterAs with most things, change is inevitable - especially for threat actors operating in a rapidly evolving threat landscape. What starts as a familiar Zoom invite can quickly escalate into a full-blown compromise. Recently, the Cofense Phishing Defense Center (PDC) has observed a shift in which traditional credential-harvesting phishing campaigns and familiar social...

Introducing Pathfinding Labs, a collection of intentionally vulnerable AWS environments for red teamers and blue teamers to deploy, exploit, and use for detection validation. - Read more

Information published. - Read more

Businesses are advised against paying – but many are prepared to deal to protect users’ privacyAfter a week of outages, hundreds of millions of students’ data stolen, delayed assignment due dates and school login pages being defaced by hackers, the US tech firm Instructure – which operates the education platform Canvas, used by education providers worldwide – announced it...

Pwn2Own Berlin 2026 is rapidly escalating into one of the most intense offensive security contests in recent years, with Day Two delivering a fresh wave of critical zero-day exploits targeting enterprise software, AI tools, and operating systems. Security researchers demonstrated real-world attack scenarios against high-value targets, including Microsoft Exchange, Windows 11, and AI coding platforms, highlighting the growing...

TL;DR: Researchers recently disclosed CVE-2026-42945, a critical heap-based buffer overflow vulnerability affecting both NGINX Open Source and NGINX Plus. The flaw exists within the ngx_http_rewrite_module component and can allow unauthenticated attackers to trigger denial-of-service conditions and potentially achieve remote code execution (RCE) using specially crafted HTTP requests. Imperva Threat Research Group analyzed the vulnerability and associated exploitation techniques. Imperva...

A popular npm package called node-ipc has been compromised, with hackers publishing malicious versions that bundle credential stealing malware. The root cause of the compromise was an expired domain name that attackers managed to register in order to hijack a maintainer’s account. The node-ipc package has had malware added to its code in the past....

This vibe coding cheat sheet explains how plain-language prompts can build apps fast, plus the planning, testing, and security checks needed. The post Vibe Coding Cheat Sheet: Tools, Prompts, Security Tips, and More appeared first on TechRepublic. - Read more

Weaponizing a text editor for fun and profitGather round, dear readers, because today, we (by we, we mean @h00die) dropped the ultimate persistence mechanism: Vim plugin persistence. And honestly, calling it "persistence" feels redundant — Vim is already the most persistent thing ever. Somewhere, somehow, there will still be a Vim session open since 2011, because no one has...