Stories cluster related articles into a single narrative, linked to the underlying CVEs and affected products. 288 stories synthesized.
Meterian has released HEIDI, a free security plugin for Visual Studio Code and JetBrains IDEs designed to identify vulnerable open-source dependencies earlier in the development lifecycle.
A study from Leipzig University reveals that the software and cloud services supporting smart refrigerators often lack the longevity of the physical appliances, creating persistent security vulnerabilities.
This week's job market update highlights new opportunities for application security engineers and IoT security analysts across the United States.
The SANS Internet Storm Center provides its daily security digest for Tuesday, May 12th, 2026.
CrowdStrike has unveiled its 'Automated Leads' approach, using AI to automate threat detection and reduce the manual burden on security analysts.
General Motors has agreed to a $12.75 million settlement with California over allegations that it violated the CCPA by selling driver data without proper consent.
Apple has released a major set of security updates addressing 84 vulnerabilities across its entire product line, including iOS, macOS, and watchOS.
A new proof-of-concept tool named GhostLock demonstrates how legitimate Windows file APIs can be abused to block access to local and network files.
A new campaign is targeting developers with fake Claude Code installers that exfiltrate cookies, passwords, and payment data from their machines.
Texas has sued Netflix, alleging that its data collection practices constitute unauthorized surveillance and demanding changes to features like autoplay on kids' profiles.
A new analysis emphasizes that despite advanced security technology, employees remain the most critical line of defense against many modern cyber threats.
iOS 26.5 introduces end-to-end encryption for RCS messaging, enabling secure communication between iPhone and Android users.
A critical vulnerability in cPanel and WebHost Manager (WHM) is being actively exploited by a threat actor to deploy a backdoor named Filemanager.
Frame Security has emerged from stealth with $50 million in funding to build a new security awareness and training platform for organizations.
The FCC has extended the deadline for its ban on security updates for foreign-made routers and drones to 2029, citing the need for more time for manufacturer compliance.
Zimperium has launched its Mobile App Response Agent, a new tool within its Mobile App Protection Suite designed to accelerate security team responses to mobile threats and fraud.
Anthropic's Mythos bug-hunting AI model has triggered both government cybersecurity reviews in Japan and skepticism from open-source maintainers regarding its actual capabilities.
Red Hat and Voyager Technologies have successfully deployed Red Hat Enterprise Linux 10.1 to the International Space Station, extending enterprise-grade Linux to orbital data centers.
Google has identified a zero-day 2FA bypass exploit that was likely developed using artificial intelligence, marking a significant milestone in the malicious use of AI for vulnerability discovery.
The U.S. House Committee on Homeland Security is seeking testimony from Instructure executives regarding the massive cyberattacks on the Canvas platform by the ShinyHunters extortion group.
The UK's Information Commissioner's Office has fined South Staffordshire Water £963,900 after a 2020 phishing attack allowed hackers to remain undetected in the network for 20 months.
A new privilege escalation vulnerability dubbed 'Dirty Frag' has been identified in enterprise Linux distributions, with reports suggesting limited exploitation is already underway.
BWH Hotels is notifying guests of a third-party data breach that exposed reservation details and personal information for stays dating back to October 2025.
A SANS Internet Storm Center analysis examines the effectiveness of Cloudflare's Turnstile CAPTCHA in mitigating bot traffic, highlighting both high success rates and potential user experience challenges.
