Stories cluster related articles into a single narrative, linked to the underlying CVEs and affected products. 323 stories synthesized.
Security researchers have demonstrated that Microsoft Edge stores passwords in process memory, creating a potential risk for credential theft by attackers with administrative access.
Microsoft warns of a sophisticated phishing campaign using fake conduct reports to target US organizations.
The FTC is banning data broker Kochava from selling Americans' location data without explicit consent.
Google has raised the maximum bounty in its Android and Chrome Vulnerability Reward Programs to $1.5 million for zero-click exploits targeting Pixel devices.
A China-linked APT group, UAT-8302, is targeting government entities in South America and Europe with shared malware.
End-of-life software creates blind spots in vulnerability feeds and SCA tools, leaving systems exposed.
End-of-life (EOL) open-source software creates significant blind spots in CVE feeds and SCA tools, leaving systems vulnerable to unpatched exploits.
Cushman & Wakefield has confirmed a data breach following a vishing attack, with both ShinyHunters and Qilin claiming responsibility for the incident.
AI red team specialist Joey Melo details methods for hacking AI systems, including jailbreaking and data poisoning, to help developers harden machine learning models.
The ShinyHunters gang has stolen personal information belonging to over 119,000 users after hacking the Vimeo online video platform.
CIS provides secure foundations and hardened images for AI workloads on AWS.
A newly discovered vulnerability in Microsoft Edge allows attackers to access stored user passwords in clear text from the browser's memory.
Australia has established a new Cyber Incident Review Board to conduct post-incident analyses of significant cyberattacks, focusing on systemic lessons learned.
A member of the Conti ransomware gang, Deniss Zolotarjovs, has been sentenced to 102 months in prison for his role in extorting over 54 companies.
A critical vulnerability named "Bleeding Llama" could expose approximately 300,000 Ollama deployments to remote information theft.
Vimeo has confirmed that over 119,000 user email addresses were exposed in a breach originating from a third-party analytics provider, Anodot.
A critical remote code execution vulnerability (CVE-2026-0073) in the Android System component has been patched by Google.
Attackers are exploiting persistent, unmanaged OAuth tokens, creating a security blind spot that bypasses MFA and perimeter defenses.
A critical code injection vulnerability (CVE-2026-29014) in MetInfo CMS is being actively exploited, allowing for unauthenticated remote code execution.
VIAVI Solutions has launched the CyberFlood CF1000 Appliance, a 400G platform for validating multi-terabit AI data center infrastructures.
Oracle is transitioning to a monthly schedule for critical security patch updates, offering smaller, more focused releases to expedite the patching process.
SSL.com is rotating its root certificate today, May 5th, 2026, a routine process that may affect custom integrations.
Meta has patched two vulnerabilities in WhatsApp that could be used to manipulate media handling and facilitate social engineering attacks.
Google is now offering up to $1.5 million for specific Android exploits as part of its enhanced bug bounty program.
