News
Fail-Open Authentication Bypass to Account Takeover
1+ hour, 49+ min ago (28+ words) During a security assessment of a web app, I discovered a critical authentication bypass that allowed account takeover of arbitrary users. " "...
Top Industrial Cyber Security (ICS/OT) Books in 2026
6+ hour, 51+ min ago (448+ words) This guide aims to provide comprehensive information on the five most influential ICS/OT cybersecurity books of 2026 that offer comprehensive information on defenses against a wide range of cyberattacks. Also read: Government Removes BAT-BMS, Epoch Li-ion Apps Amid E-Rickshaw Bluetooth…...
A simple request turns Chat GPT into a sociopath who ignores any security restrictions
11+ hour, 21+ min ago (277+ words) Experts at British AI startup Mindgard have discovered that a simple prompt can force Chat GPT to ignore basic security settings. This proves once again how easily attackers can bypass the protection of even top-of-the-line neural networks. "This is a…...
Opera Browser to Gain Protection from Dangerous Clipboard-Based Attacks
7+ hour, 5+ min ago (161+ words) ilounge. com Paste Protect is a new security feature announced by Opera Browser that looks to prevent cyberattacks that are clipboard-based, stopping them before the dangerous command is executed by accident by an unsuspecting person. This will be the first…...
Watch Guard Firebox Patches Third Critical IKEv2 RCE in 10 Months, T15/T35 Still Exposed
9+ hour, 3+ min ago (606+ words) Patches are available in Fireware OS versions 2026. 2. 1 and 12. 12. 1. T15 and T35 models on the 12. 5. x branch have no resolved version. Fireware OS 11. x, which has reached end of life, receives no patch. The vulnerability lives at the intersection of two difficult bug…...
Avalon Malware Uses Legal Document Lure to Deliver Crown X Ransomware Capabilities
15+ hour, 12+ min ago (514+ words) A previously undocumented malware framework, tracked as Avalon, that uses a spoofed legal-document lure and a multi-stage, fileless-oriented chain to deliver a ransomware component internally labeled Crown X. The campaign demonstrates a shift toward consolidation of multiple offensive capabilities into a…...
New APT Group Hits Power Grids in Three Countries with AI-Crafted Malware
10+ hour, 42+ min ago (219+ words) Armored Likho reaches its victims through spear-phishing emails calibrated to each target environment, with lures ranging from official government notices to humanitarian aid applications. Two distinct infection chains have been documented, and both ultimately deliver Busy Snake Stealer. Remote access…...
Credential Stuffing: Detecting Automated Login Attacks
17+ hour, 39+ min ago (431+ words) Credential stuffing is the automated testing of stolen username and password pairs against a login endpoint, at scale, until a valid match turns up. For defenders, it is less a single attack to block. It is an ongoing traffic problem:…...
India is patching slower while cyber attackers move faster: What's the fix?
19+ hour, 38+ min ago (351+ words) By Rajnish Gupta, MD & Country Manager, Tenable India Even as organisations wonder if their technology failed them, the sheer number of vulnerabilities is making patching impossible because organisations simply don't know which threats to plug first and fast. This prioritisation…...
The Silent Thread Local Memory Leak That Leaked User Data Across Requests
7+ hour, 37+ min ago (33+ words) It started as a bizarre security report from one of our users. "I logged into my account, clicked on my profile settings "...