Information Security News Blog
-
A compact library for managing memory cards and USB drives has become a shared risk point. Researchers at runZero have shown it puts an entire class of embedded devices at risk. Specifically, they disclosed...
-
The Gentlemen ransomware syndicate has starkly illuminated the escalating peril of an age-old Windows vulnerability involving compromised drivers. In a recent attack, the threat actors eschewed conventional user-mode evasion tactics. Instead, they descended into...
-
A modest $3,000 server recently enabled ethical hackers to uncover an Aptos Move VM vulnerability that could have transformed the Aptos blockchain into a critical flashpoint. This flaw potentially threatened to destabilize the cryptocurrency...
Legacy components can survive in the Linux kernel for decades. They often outlast the very systems that once depended on them. Yet the EFS file system appears set to finally depart. According to a...
PolinRider is no longer a story about a handful of malicious npm packages. Researchers at Socket uncovered 162 malicious release artifacts spread across 108 packages and browser extensions. The campaign now reaches multiple open-source...
A critical vulnerability has been unearthed within the Linux kernel. This flaw empowers an ordinary user to escalate their privileges to root. It threatens not merely servers and workstations, but also Android devices. Designated...
A digital signature should prove that an Android app truly comes from its original developer. New research shows how a single leaked signing key can turn that trust mechanism into a supply-chain weakness. According...
An innocuous cloud-based file collaboration platform recently became the conduit for a sophisticated espionage operation. The notorious Chinese threat actor, Mustang Panda, orchestrated targeted attacks against Indian government agencies and the energy sector, exploiting...
An email masking service fundamentally exists to sever the link between an individual and their authentic electronic identity. However, a critical security flaw recently discovered within Apple’s Hide My Email feature completely undermines this...
Recent revelations have surfaced regarding the notorious FortiBleed malicious operation. Researchers have definitively linked this campaign to more than mere credential harvesting. Instead, they attribute it directly to the Lynx/INC ransomware syndicate. Security experts...
AI browsers are taking on increasingly ambitious roles as autonomous agents. Yet the more they act on a user’s behalf, the more dangerous blind trust in page context becomes. Researchers at LayerX have described...
Strix are autonomous AI penetration testing agents that act just like real hackers – they run your code dynamically, find vulnerabilities, and validate them through actual proof-of-concepts. Built for developers and security teams who...
In a normal war, diplomats at least mark pauses on paper. In cyberspace, though, attacks run nonstop, with no clear front line. Israel has seen a sharp rise in Iran-linked cyber incidents during the...
The United States Department of Homeland Security is actively investigating a severe security breach. Unknown assailants compromised one of their primary information-sharing platforms, the Homeland Security Information Network (HSIN). This critical system allows federal...
Japanese manufacturing giant Nidec Corporation recently disclosed a significant cybersecurity incident affecting its Taiwanese subsidiary, Nidec Chaun Choung Technology. On June 22, 2026, IT specialists discovered the devastating remnants of a sophisticated ransomware attack...