Cybersecurity
69 articles RSS
Critical Citrix NetScaler Flaw Draws Active Reconnaissance as Security Firms Warn of Imminent Exploitation
CVE-2026-3055, a CVSS 9.3 memory overread in NetScaler ADC and Gateway, echoes the 2023 CitrixBleed vulnerability that led to mass exploitation, with over 30,000 instances exposed online.
Iran-Linked Handala Hackers Breach FBI Director Kash Patel's Personal Email as Retaliation Escalates Between Washington and Tehran
Pro-Iranian hacking group Handala published over 300 emails and personal photos from FBI Director Kash Patel's Gmail account, claiming retaliation after the DOJ seized four of the group's domains.
Three Vulnerabilities in LangChain and LangGraph Expose Files, API Keys, and Databases Across Millions of AI Deployments
Security researchers disclose a critical deserialization flaw and two high-severity bugs in the most widely downloaded AI framework on PyPI, with patches now available.
European Commission Confirms Cyberattack on AWS Cloud Account as Hacker Claims 350 GB of Stolen Data
The EU's executive arm is investigating a breach of its Amazon Web Services account that exposed Europa.eu infrastructure, the second cloud incident to hit the institution in 2026.
TeamPCP Supply Chain Attack Reaches LiteLLM as Compromised AI Proxy Package Triggers 500,000 Credential Exfiltrations
Threat actor TeamPCP used credentials stolen in the Trivy compromise to backdoor LiteLLM versions 1.82.7 and 1.82.8 on PyPI, deploying a multi-stage credential stealer across an estimated 500,000 environments.
Iranian Drone Strikes on AWS Data Centers Mark the First Wartime Attack on Hyperscale Cloud Infrastructure
Iranian drones struck three AWS facilities in the UAE and Bahrain, knocking two availability zones offline and challenging the cloud industry's core resilience assumptions.
RSAC 2026 Reveals an Industry Racing to Secure AI Agents It Has Barely Begun to Deploy
The cybersecurity industry's largest conference was dominated by agentic AI security products, even as data shows only 5 percent of enterprises have moved AI agents into production.
Crunchyroll Confirms Data Breach Exposing 6.8 Million Users After Hacker Compromises Telus Outsourcing Partner
Sony's anime streaming service confirmed a breach of customer service ticket data after a threat actor compromised a Telus International support agent's credentials, claiming to have stolen 100 GB of user data.
Cegedim Sante Breach Exposes 15.8 Million French Medical Records, 16 Months After CNIL Fined the Company for Data Violations
Attackers stole 15.8 million patient files, including doctors' notes with HIV status and sexual orientation, from a French health-tech vendor already fined for mishandling medical data.
Suspected Chinese Hackers Breach FBI Wiretap Network Through Supply Chain Backdoor as FISA Reauthorization Debate Intensifies
U.S. investigators believe China-affiliated hackers penetrated the FBI's Digital Collection System Network, which manages FISA warrants and wiretap surveillance, by exploiting a commercial ISP vendor relationship.
HackerOne Discloses Employee Data Breach After Third-Party Benefits Provider Navia Exposes 2.7 Million Records
Bug bounty platform HackerOne confirms 287 employees had Social Security numbers and personal data exposed through a BOLA vulnerability at benefits administrator Navia, part of a broader breach affecting 2.7 million people.
Oracle Issues Rare Emergency Patch for Critical Pre-Auth RCE in Identity Manager as Second Out-of-Band Fix in Four Months Signals Persistent Middleware Risk
Oracle releases out-of-band patch for CVE-2026-21992, a CVSS 9.8 unauthenticated RCE flaw in Identity Manager and Web Services Manager, just months after a similar vulnerability was actively exploited in the wild.