Cloud Security Office Hours Banner

Cloud Security News

Latest news, vulnerabilities, and developments in cloud security. Stay informed about the rapidly evolving cloud threat landscape.

RSS Feed
Cloud security news velocity is high; signal-to-noise is low. This page is the curated middle. - what this feed is for
Adult reading a newspaper with breakfast in modern kitchen, morning sunlight
Photo by cottonbro studio on Pexels

July 04, 2026 · 6 articles

BleepingComputer

JadePuffer ransomware used AI agent to automate entire attack

Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent. [...] (BleepingComputer)

Ransomware AI
The Hacker News

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negoti... (The Hacker News)

Cloud Security
The Hacker News

North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign

The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist,... (The Hacker News)

Threat Research
The Register - Security

Confidential computing's core trust mechanism is broken. The fix may not exist

Attested TLS: the handshake that can't prove who's on the other end (The Register - Security)

Cloud Security
Security Affairs

FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials

FBI says TeamPCP poisoned trusted developer tools to steal cloud credentials, spread malware through software updates, and extort victims. On July 2, 2026, the FBI published a F... (Security Affairs)

Scam
FortiGuard Labs

Ivanti Sentry Pre-Authentication RCE

What is the Vulnerability? FortiGuard Labs continues to observe exploitation attempts targeting CVE-2026-10520 following the public release of technical details and proof-of-con... (FortiGuard Labs)

Vulnerability

July 03, 2026 · 29 articles

SecurityWeek

Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices

NetNut rented access to millions of compromised devices, allowing cybercriminals and nation-state actors to mask their identities during attacks. The post Google, FBI Disrupt Ne... (SecurityWeek)

Cloud Security
Rapid7 Blog

Weekly Metasploit Update: Modules for SMB-to-Meterpreter, Peyara Remote Mouse RCE exploit, and more

It's Time to Upgrade Your SMB Session This week, Metasploit contributor Dean Welch has added an SMB to Meterpreter session upgrade module. It uses PsExec to facilitate the upgra... (Rapid7 Blog)

Vulnerability
The Hacker News

Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and... (The Hacker News)

Cloud Security
Security Affairs

Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds

A former EU lawmaker was hacked with Pegasus spyware while investigating its use, according to Citizen Lab. The Citizen Lab published a report documenting one of the more darkly... (Security Affairs)

Cloud Security
The Hacker News

New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android

A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux deskt... (The Hacker News)

Vulnerability
The Hacker News

New Avalon Malware Framework Packs CrownX Ransomware Capabilities

Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of a multi-stage phishing chain capabl... (The Hacker News)

Ransomware Phishing
The Hacker News

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data... (The Hacker News)

Threat Research
SecurityWeek

In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting

Noteworthy stories that might have slipped under the radar: Anonymous-linked Canadian hacker jailed, researcher drops zero-days in open source projects, Venezuelans sentenced in... (SecurityWeek)

Vulnerability
The Register - Security

AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data

Third-party contractor compromise exposed health information and insurance billing passwords (The Register - Security)

Breach
BleepingComputer

ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit

A new phishing-as-a-service (PhaaS) platform dubbed "ARToken" appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extens... (BleepingComputer)

Azure Phishing
The Hacker News

Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Bra... (The Hacker News)

Threat Research
Infosecurity Magazine

Qilin Dominates Ransomware Market Amid Growing Cybercrime Consolidation

The ransomware landscape is reconsolidating around major players, with Qilin emerging as the leading RaaS operation, researchers say (Infosecurity Magazine)

Ransomware
The Register - Security

NetNut cracked as Google and FBI target 2 million-device botnet

Other residential proxy brands may rely on the same network (The Register - Security)

Cloud Security
Infosecurity Magazine

Warning Over “Industrialized” Cyber-Attacks After Ransomware Gang Partners With TeamPCP

Researchers warn that collaboration could lead to “unprecedented” ransomware attacks, as FBI also issues warning (Infosecurity Magazine)

Ransomware
SecurityWeek

Agentic AI Used to Conduct Ransomware Attack via Langflow

Attack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions. The post Agentic AI Used to Co... (SecurityWeek)

Vulnerability Ransomware AI
Security Affairs

The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident

Vercel breach happened after an employee used an unvetted AI tool. Attackers exploited it as a trusted link to access systems, steal data, and extort $2M. The Vercel breach of A... (Security Affairs)

Vulnerability Breach AI
SecurityWeek

Medtronic Data Breach Impacts 3.8 Million People

In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information. The post Medtronic Data Breach Impacts 3.8 Million Peopl... (SecurityWeek)

Breach
SecurityWeek

Alleged Scattered Spider Hacker Extradited to US

Prosecutors say 19-year-old Peter Stokes was a member of Scattered Spider, the hacking group linked to more than 100 network intrusions and over $100 million in ransom payments.... (SecurityWeek)

Cloud Security
The Hacker News

PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords

Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The... (The Hacker News)

Cloud Security
Security Affairs

Government and Healthcare Are the Weakest Links in Global Email Security

Government and healthcare sectors have weak email security. Many domains lack SPF, DMARC, DKIM, and MTA-STS, leaving them open to phishing attacks. Comparitech analyzed live DNS... (Security Affairs)

Phishing
SecurityWeek

Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution

The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system. The post Cri... (SecurityWeek)

AI
Help Net Security

Intezer helps SOC teams automate custom security tasks

Intezer has announced Custom Agents, a new capability that lets security teams build their own AI agents directly inside the Intezer platform. The launch builds on Intezer’s cor... (Help Net Security)

AI
The Register - Security

User swore hacker called General Failure had invaded his PC

Maybe they were looking for Private Data (The Register - Security)

Cloud Security
Help Net Security

Non-interactive SSH attacks dominate after login

Anyone who runs a server with SSH exposed to the internet sees the same pattern in the logs. A steady stream of automated scanners tries to log in, hour after hour, from address... (Help Net Security)

Breach
Help Net Security

Geopolitical cyber threats are turning HR into a security front line

In this Help Net Security video, Roman Sannikov, Global Research Coordinator at iCOUNTER, explains why geopolitics belongs in every security team’s threat model. With open and s... (Help Net Security)

Cloud Security
Help Net Security

Organizations struggle to prioritize known cyber risks

Organizations collect more cyber risk data than ever, with many still struggling to build a unified view of their exposure. The latest State of Threat Management report from Fil... (Help Net Security)

Cloud Security
Help Net Security

New infosec products of the week: July 3, 2026

Here’s a look at the most interesting products from the past week, featuring releases from Digi International, iboss, Jamf, and Netzilo. Digi International’s DANI automates netw... (Help Net Security)

Cloud Security
BleepingComputer

Claude Fable 5 isn’t permanently leaving subscriptions, Anthropic says

Anthropic says Claude Fable 5 won't be accessible via Claude subscriptions after July 7, but it's not a permanent change, and the company expects the model to return outside the... (BleepingComputer)

Cloud Security
BleepingComputer

Claude Fable relaunch disappoints users with nerfed performance

Claude Fable, the company's most powerful model, is now available to all users, but early impressions are disappointing, as it appears to be nowhere near the original release. [... (BleepingComputer)

Cloud Security

July 02, 2026 · 44 articles

Orca Security Blog

FortiBleed Campaign Harvests 110M+ Credentials, Fuels Ransomware Operations

A critical credential-harvesting campaign dubbed “FortiBleed” has been exposed, systematically targeting over 430,000 FortiGate firewalls worldwide and exploiting CVE-2026-35616... (Orca Security Blog)

Vulnerability Breach Ransomware
Orca Security Blog

ITDR for the Cloud: Identity Threat Detection and Response Explained

Key Takeaways ITDR (Identity Threat Detection and Response) detects and responds to identity-based attacks in real time: credential theft, token abuse, anomalous privilege use,... (Orca Security Blog)

Identity Scam
Orca Security Blog

Cloud Least Privilege: Principles, Best Practices & How to Enforce It

Key Takeaways In the cloud, identities accumulate permissions they never use, and every unused permission is a reachable path for an attacker who lands on that identity. Most of... (Orca Security Blog)

Identity
Security Affairs

U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and I... (Security Affairs)

Azure CISA Vulnerability
Infosecurity Magazine

Cybercriminals Pose as Interpol in Phishing Emails to Infect Victims With Ransomware

Bitdefender researchers warned of curious ransomware campaign which has targeted businesses around the world (Infosecurity Magazine)

Ransomware Phishing Threat Research
BleepingComputer

Opera rolls out Paste Protect feature to fight ClickFix attacks

Opera has introduced Paste Protect, a security feature designed to block ClickFix-style attacks that trick users into executing malicious commands through social engineering. [...] (BleepingComputer)

Scam
BleepingComputer

Cisco finally confirms attackers exploiting Unified CM flaw

Cisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June. [...] (BleepingComputer)

Vulnerability
The Register - Security

Startup sues Palo Alto Networks' Koi Security, saying an AI-hallucinated report falsely linked it to Chinese espionage

MeetingTV wants to see the evidence (The Register - Security)

AI
Dark Reading

Apple Reverses Age-Old Patch Policy to Keep Up With AI

Expect more compressed patching cycles from Apple going forward, as attackers leverage artificial intelligence to reduce time to exploit. (Dark Reading)

Vulnerability AI
KrebsOnSecurity

FBI Seizes NetNut Proxy Platform, Popa Botnet

The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service... (KrebsOnSecurity)

Cloud Security
Orca Security Blog

CIEM vs IAM vs PAM: What’s the Difference (and Do You Need All Three)?

Key Takeaways IAM, PAM, and CIEM all manage “access,” which is exactly why teams confuse them. The acronyms sound interchangeable, and every vendor draws the lines a little diff... (Orca Security Blog)

Identity
Orca Security Blog

Best CIEM Tools in 2026: The Cloud Infrastructure Entitlement Management Buyer’s Guide

Key Takeaways CIEM tools find, prioritize, and right-size the permissions attached to cloud identities. They matter because cloud environments have become increasingly driven by... (Orca Security Blog)

Cloud Security
Cisco Talos

Catan and Mouse

What do board games and cybersecurity have in common? Pattern recognition. Strategy. Adaptation. In this week’s Threat Source Bill explores why curiosity may be a defender’s mos... (Cisco Talos)

Cloud Security
The Register - Security

Ctrl+Alt+Oops: FortiBleed criminal's logins stitch two gangs together

Researchers scoured logs, finding opsec fail for at least one person who was working with INC and Lynx simultaneously (The Register - Security)

Cloud Security
The Hacker News

ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories

This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal... (The Hacker News)

Ransomware AI
SecurityWeek

New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure

Hackers are targeting NetScaler appliances using public PoC code to retrieve arbitrary memory content in the HTTP response. The post New CitrixBleed Vulnerability Exploited Imme... (SecurityWeek)

Vulnerability
BleepingComputer

ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds

ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to defend against them.... (BleepingComputer)

Azure
Rapid7 Blog

Formalizing Red Teaming Offensive Methodology as a Multi-Agent AI Architecture

Threat actors are integrating AI into their exploit chains, accelerating reconnaissance, automating vulnerability discovery, and scaling social engineering in ways that compress... (Rapid7 Blog)

Vulnerability AI Scam
SecurityWeek

How to Conduct a Successful Audit of AI-Driven Software Development

As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach pro... (SecurityWeek)

AI
The Hacker News

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Goo... (The Hacker News)

Threat Research
SentinelLabs

Context Engineering | Compaction & Agent Memory for Automated Malware Analysis

Compaction cut input tokens 86% across long-running agent evals with no quality loss. Context discipline matters as much as model selection. (SentinelLabs)

Cloud Security
Help Net Security

New iboss platform gives organizations instant visibility into AI tools and usage

iboss has launched the AI Security Platform, a new service that gives any organization visibility into the AI tools its people are using, free of charge. Signup is instant, depl... (Help Net Security)

AI
Infosecurity Magazine

Researcher Behind 'Exploitarium' Explains Release of Undisclosed Zero-Day Exploits

Infosecurity spoke with the researcher who dumped over 30 proof-of-concept exploits without disclosing the vulnerabilities first (Infosecurity Magazine)

Vulnerability
Dark Reading

Anthropic's AI Finds Bugs. IBM Bets $5B It Can Fix Them.

IBM and Red Hat assign 20,000 engineers to the new Project Lightwell service as Anthropic's Mythos findings ignite debate over how to secure the open-source software supply chain. (Dark Reading)

Supply Chain AI
Help Net Security

Cloudflare changes AI crawler access rules

Cloudflare introduced new controls that let website owners manage AI traffic across three categories: Search, Agent, and Training. The feature is available to all Cloudflare cus... (Help Net Security)

AI
The Register - Security

India gives WhatsApp three days to defend username rollout amid security fears

Government of the messenger's largest market demands a pause while Meta explains how it plans to stop impersonators (The Register - Security)

Cloud Security
The Hacker News

Identity Lifecycle Management Wasn't Built for AI Agents

Identity lifecycle management was architected around a person with an employment record, a manager, and a departure date. AI agents have none of those. As autonomous principals... (The Hacker News)

Identity AI
Schneier on Security

Cybersecurity Mission Creep in the US

Interesting paper: “ Cybersecurity Mission Creep .” Abstract: Cybersecurity is experiencing mission creep. Policymakers are casting more and more problems as issues of cybersecu... (Schneier on Security)

Cloud Security
SecurityWeek

Trump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity Alarm

Anthropic said Tuesday night that its AI model called Claude Fable 5 is now widely available. The post Trump Administration Lifts Restrictions on Anthropic’s Claude Models After... (SecurityWeek)

AI
Wiz Blog

Build AI Security Agents with Wiz MCP

Power AI-driven security with trusted security context, Wiz AI Agents, and Wiz AI Skills. (Wiz Blog)

AI
SecurityWeek

‘BioShocking’ Attack Tricks AI Browsers Into Stealing Credentials

Researchers show how context manipulation can cause agentic browsers to abandon safety guardrails and exfiltrate sensitive credentials. The post ‘BioShocking’ Attack Tricks AI B... (SecurityWeek)

AI Scam
The Register - Security

Oracle E-Business Suite was under attack via critical flaw before the public exploit code was even released

Attackers appear to have reverse-engineered Big Red's patch (The Register - Security)

Vulnerability
Infosecurity Magazine

NCSC Shares Tips on How to Make a Pen Tester’s Job Harder

The NCSC has shared best practice advice from pen testers which could help improve system resilience (Infosecurity Magazine)

Jobs
Security Affairs

Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic

Adobe fixed multiple critical flaws, including max severity bugs in ColdFusion and Campaign Classic that could lead to remote code execution Adobe has released security updates... (Security Affairs)

Threat Research
Cloud Security Alliance

AI-Speed Risk Requires Identity-Defined Reachability

Why Zero Trust Steps 3, 4, and 5 must evolve beyond patching, topology, and ticket-driven connectivity Executive Summary AI is compressing the time between vulnerability discove... (Cloud Security Alliance)

Vulnerability Identity Zero Trust
The Hacker News

New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos

Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-con... (The Hacker News)

Vulnerability
Help Net Security

The endpoint recovery gap many teams discover during an incident

In this interview with Help Net Security, IGEL CTO Matthias Haas explains why backups alone do not equal recovery. He makes the case that endpoint recovery is often overlooked,... (Help Net Security)

Cloud Security
Help Net Security

Review: CTRL+ALT+PWN

Hacking gear that once sat in well-funded labs now ships to anyone with a credit card and a video tutorial. Frank Riccardi builds his consumer guide, CTRL+ALT+PWN: The Hacker’s... (Help Net Security)

Cloud Security
Help Net Security

Catching ransomware on the wire before it locks the file server

Corporate networks keep sensitive files off individual workstations and store them on shared servers that staff reach through mapped network drives. That arrangement hands ranso... (Help Net Security)

Ransomware
Help Net Security

What the AI patch gap means for enterprise security

Open-source maintainers are receiving more vulnerability reports than they can act on, and a rising share now comes from an AI system working at machine speed. Over roughly two... (Help Net Security)

Vulnerability AI
Help Net Security

GitHub’s new tool helps prevent costly open-source license violations

GitHub’s Open Source Program Office (OSPO) uses the new GitHub License Compliance feature, now in public preview, to manage thousands of open-source dependencies and identify de... (Help Net Security)

Cloud Security
SANS ISC

ISC Stormcast For Thursday, July 2nd, 2026 https://isc.sans.edu/podcastdetail/9992, (Thu, Jul 2nd)

(SANS ISC)

Cloud Security
Elastic Security Labs

Inside Elastic InfoSec's agentic SOC: cutting alert triage from 30 minutes to under 3

Elastic's InfoSec team built AI agents on Elastic Workflows that investigate every alert and assemble the case before an analyst ever opens it. (Elastic Security Labs)

AI
Chainguard Unchained

You can't trust what you can't see: How we keep an eye on a fleet of AI agents

See how Chainguard uses Lens to monitor AI agents in real time with traces, evals, costs, and safeguards that make autonomous coding trustworthy. (Chainguard Unchained)

AI

July 01, 2026 · 41 articles

Dark Reading

And the Winner in Dominant Malware Delivery? ClickFix

Researchers say the highly effective social engineering technique is no longer the exception for malware attacks - it's now the rule. (Dark Reading)

Scam
Orca Security Blog

Langflow RCE Actively Exploited to Deploy Cryptominers on AI Infrastructure

A critical vulnerability (CVE-2026-33017, CVSS 9.8) was disclosed affecting Langflow, a widely used open-source AI application builder, allowing attackers to execute arbitrary c... (Orca Security Blog)

Vulnerability AI
Infosecurity Magazine

Brazilian Banking Trojan Ousaban Targets Spain and Portugal

FortiGuard says the Brazilian banking trojan Ousaban is targeting Spain and Portugal via phishing (Infosecurity Magazine)

Phishing
Palo Alto Networks Unit 42

Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector

Attackers can exploit LLM domain hallucinations through phantom squatting to target supply chains. Read the analysis to learn more. The post Phantom Squatting: AI-Hallucinated D... (Palo Alto Networks Unit 42)

Vulnerability Supply Chain AI
SANS ISC

Why Ask Credentials If There Are Secret Codes?, (Wed, Jul 1st)

This morning, an interesting phishing email hit my mailbox. It targets Metamask[1], a cryptocurrency wallet, available as a browser extension and a mobile app, that lets users s... (SANS ISC)

Phishing Scam
The Hacker News

Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface (CLI), compromising dozens of ac... (The Hacker News)

Azure
Dark Reading

When Too Much Security Data Became the Risk

Rapid growth turned routine firewall logs into a security and budget liability. One CISO used artificial intelligence to filter what data truly belongs in the SIEM. (Dark Reading)

Cloud Security
BleepingComputer

Over 900 Oracle E-Business instances exposed to ongoing attacks

Over 900 Oracle E-Business Suite (EBS) instances have been found exposed online amid ongoing attacks exploiting a critical security flaw. [...] (BleepingComputer)

Vulnerability Breach
Help Net Security

Dawnguard launches platform to automate secure cloud architecture

Dawnguard announced the public launch of its security architecture automation platform, making it available to organizations looking to design, build, and operate secure cloud-n... (Help Net Security)

Cloud Security
Infosecurity Magazine

Anthropic's Fable 5 and Mythos 5 Are Back with New Security Guardrails

The new classifier in Fable 5 blocks the jailbreak technique that prompted the US export controls “in over 99% of cases” (Infosecurity Magazine)

Cloud Security
SecurityWeek

Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings

Microsoft's new Teams admin policy requires organizer approval for external AI bots, giving organizations greater visibility and control over automated participants in sensitive... (SecurityWeek)

Azure AI
The Register - Security

EvilTokens device-code phishing kit totally more evil than we all thought

It's a 'complete BEC operations environment,' Talos researcher says (The Register - Security)

Phishing
The Register - Security

Claude Sonnet 5.0 heads straight down the middle of the road to dodge controversy

Safer, cheaper, and nothing to do with cybersecurity (The Register - Security)

Cloud Security
Dark Reading

Crafty Phishing Campaigns Auto-Adapt to Victim's Device, OS

Attackers fingerprint victims through user-agent data to deliver OS-specific payloads, increasing compromise rates and campaign profitability. (Dark Reading)

Phishing Threat Research
BleepingComputer

New ChocoPoC malware targets researchers via trojanized PoC exploits

Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands and steal... (BleepingComputer)

Vulnerability
The Register - Security

Somebody told DeepSeek to build in-browser ransomware and it gleefully complied

'The original incomplete DeepSeek sample can be transformed into a fully functional attack with minimal effort,' Check Point researcher tells The Reg (The Register - Security)

Ransomware
AWS Security Blog

Secure Amazon container workloads using container attribute-based rules in AWS Network Firewall

Today, you can use AWS Network Firewall to protect traffic flowing to and from containerized applications on Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon Elastic Co... (AWS Security Blog)

AWS Kubernetes
The Hacker News

Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters

Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided the... (The Hacker News)

Kubernetes
BleepingComputer

DHS confirms hackers breached HSIN info-sharing platform

The Department of Homeland Security is investigating a cyberattack that compromised the Homeland Security Information Network (HSIN), a sensitive information-sharing platform us... (BleepingComputer)

Breach
The Register - Security

Red teamers turned Claude Desktop into a double agent to do their evil bidding

People trust their AI assistants and it's easy to abuse this trust (The Register - Security)

AI
AWS Security Blog

How to use the AWS Workload Credentials Provider for cross-account secret retrieval and prefetching secrets

If you manage secrets across multiple AWS accounts or need faster secret access for latency-sensitive applications, this post shows you how to meet those requirements using two... (AWS Security Blog)

AWS Scam
Rapid7 Blog

5 Myths About AI in the SOC Security Teams Need to Rethink

AI is now part of almost every conversation in security operations. Most teams are already investing in it, experimenting with it, or trying to understand where it fits. The cha... (Rapid7 Blog)

AI
The Hacker News

Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands

Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor's safety sandbox and run any command on a developer's computer. There... (The Hacker News)

AI
BleepingComputer

Turning Indicators into Intelligence in OpenCTI with Criminal IP

Threat intelligence is only as useful as the context behind it. Criminal IP explains how its integration enriches threat indicators in OpenCTI with risk scoring, infrastructure... (BleepingComputer)

Threat Research
Cloudflare Blog

Announcing the Monetization Gateway: charge for any resource behind Cloudflare via x402

We're opening the waitlist for our Monetization Gateway, which will allow you to charge for any web page, dataset, API, or MCP tool behind Cloudflare. The charges will settle in... (Cloudflare Blog)

Cloud Security
Cloudflare Blog

Content Independence Day, one year on: building the business model for the agentic Internet

One year after declaring Content Independence Day, a dynamic market for monetized content has officially emerged. In this report, we examine how the rise of autonomous AI agents... (Cloudflare Blog)

AI
Cloudflare Blog

Making AI search smarter

Search is how we find nearly everything on the web - creators, merchants, answers. AI is rewriting the rules, leaving creators caught between staying discoverable in an agentic... (Cloudflare Blog)

AI
Cloudflare Blog

Your site, your rules: new AI traffic options for all customers

For our second Content Independence Day, we’re giving website owners finer options to manage AI traffic. Instead of a one-size-fits-all block, all customers can now easily disti... (Cloudflare Blog)

AI
Dark Reading

Safe Events Start With Threat Intel and Digital Security

Planning ahead to defend against cyber threats is the work that keeps events uneventful. (Dark Reading)

Cloud Security
The Hacker News

AI-Generated Browser Ransomware Abuses Chromium API on Windows and Android

Cybersecurity researchers have flagged a new malware artifact generated using DeepSeek that constructed a novel attack path combining "unrealistic browser-malware concepts with... (The Hacker News)

Ransomware AI
Help Net Security

Netzilo adds runtime governance for AI agents across major platforms

Netzilo has announced expanded AI agent governance and runtime enforcement capabilities for Amazon Bedrock AgentCore and other major AI agent harnesses. As enterprises move AI a... (Help Net Security)

AWS AI
The Hacker News

2026 Cybersecurity Assessment: The Gap Between Awareness and Resilience

Organizations have never had greater awareness of cyber risk. Yet turning that awareness into operational resilience has never been more challenging. The 2026 Bitdefender Cybers... (The Hacker News)

Cloud Security
Help Net Security

Intruder offers Free security plan for lean IT and security teams

Intruder has announced the launch of its Free plan, providing security, IT, and DevOps teams ongoing access to professional-grade vulnerability management, cloud security, and a... (Help Net Security)

Vulnerability
The Hacker News

Microsoft Accelerates Post-Quantum Cryptography Shift to 2029

Microsoft on Tuesday said it's accelerating its quantum safe security roadmap, stating technology advances in quantum computing are making it essential to replace existing encry... (The Hacker News)

Azure
Security Affairs

RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow

RustDuck is a small, evolving DDoS botnet migrating to Rust. It uses advanced encryption, anti-analysis evasion, and exploits known IoT flaws. Since February 2026, researchers a... (Security Affairs)

Vulnerability
Cisco Talos

Martin Lee: Running through the Arctic (and the threat landscape)

Ever wonder how someone goes from studying human viruses to leading cybersecurity teams? In this Humans of Talos, we’re joined by Martin Lee, EMEA Lead, to talk about his journe... (Cisco Talos)

Cloud Security
SecurityWeek

Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors

From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. The post... (SecurityWeek)

AI
BleepingComputer

Amazon fined $2.25M for withholding evidence from fraud victims

The U.S. Federal Trade Commission (FTC) says Amazon will pay a $2.25 million civil penalty to settle charges that it blocked identity theft victims' access to transaction record... (BleepingComputer)

AWS Identity Scam
Cloudflare Blog

Unmasking the crawls with Attribution Business Insights

Cloudflare’s new Attribution Business Insights dashboard helps website owners understand crawler behavior, appetite, and potential value, fueling business-level conversations ar... (Cloudflare Blog)

Cloud Security
SecurityWeek

Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari

The updates fix vulnerabilities in WebKit, the kernel, WebRTC, Web Extensions, and other components affecting iPhone, iPad, Mac, and Safari users. The post Apple Patches Dozens... (SecurityWeek)

Cloud Security
Infosecurity Magazine

Insurance Giant Aflac Discloses Data Breach Impacting Millions

Aflac Japan has notified regulators that policy details and personal and banking information have been compromised (Infosecurity Magazine)

Breach