Appears on
Articles7
CISA folds its own hard-won lessons into coordinated vulnerability disclosure guidance
On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and four allied cyber authorities published a guide telling software vendors how to build a coordinated vulnerability disclosure (CVD) program. Six days earlier, CISA published a blog post explaining how a security researcher had tried and failed, repeatedly, to report a serious p
Romania’s land registry hit by cyber attack, data allegedly for sale
Romania’s National Agency for Cadastre and Land Registration (ANCPI) suffered a major disruption on Tuesday, July 14, when its e-Terra cadastre and land registry app became unavailable to users. What was first declared to be a “major technical incident” has now been confirmed as a cyber attack. While the circumstances are still being investigated by the comp
Threat actor impersonated hundreds of brands on GitHub to push infostealer malware
A financially motivated threat actor is impersonating hundreds of brands on GitHub and pushing a smash-and-grab infostealer masquerading as legitimate downloads of popular software, Arctic Wolf threat researchers have warned. “The 292 impersonated repositories span security tooling, fintech and personal finance, cryptocurrency wallets and exchanges, develope
AI-driven bug hunting fuels record Microsoft Patch Tuesday
Microsoft has released patches for 570+ vulnerabilities on July 2026 Patch Tuesday, including two that are being leveraged by attackers (CVE-2026-56155 and CVE-2026-56164), and one that was previouly disclosed (CVE-2026-50661). The release was once again followed by Nightmare Eclipse publishing a stripped down proof-of-concept exploit for an unpatched Window
SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)
SonicWall has fixed two actively exploited vulnerabilities (CVE-2026-15409, CVE-2026-15410) affecting its Secure Mobile Access (SMA) 1000 Series appliances, and is urging customer organizations to upgrade to a fixed firmare version and search for evidence of potential compromise. If the outlined indicators of compromise are present on the system, the company
“Context bombs” can frustrate AI-driven attacks, researchers found
A new approach tried out by Tracebit researchers has proven very effective at stopping AI agents from fully compromising targeted environments. What makes it notable isn’t the technique – prompt injection is old news – but the direction it’s pointed: not to hijack AI agents, but to defend against them. Canaries with context bombs Tracebit offers customers a
Security threat prompts Progress to disable ShareFile accounts, tell customers to shut down servers
A “credible external security threat” targeting Progress Software’s ShareFile Storage Zone Controllers (SZC) – the on-premises, customer-managed server components where organizations store files shared via this popular enterprise platform – has spurred the company to disable access to ShareFile accounts that are using them. The warning was sent to customers
