Category: Uncategorized

  • Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories

    Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories

    Most good security work is invisible by design. Today is the exception.

    The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories.

    The reason is simple. Cybersecurity is full of work that deserves recognition and rarely gets it. Products that quietly close real gaps. Teams that stop incidents nobody reads about. Companies that raise the

  • AI Broke Vulnerability Management. That’s Why CISOs Are Moving Budget to BAS.

    AI Broke Vulnerability Management. That’s Why CISOs Are Moving Budget to BAS.

    For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that work.

    Today, that buffer is gone.

    AI didn’t make your team slower. It changed the other side of the

  • OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack

    OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack

    The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER.

    The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain attack

  • GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

    GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

    GitHub has announced what it said are “breaking changes” coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats.

    The changes aim to combat attack techniques that abuse the “npm install” command to trigger the execution of malicious code using npm lifecycle hooks. “Npm install” is used to download and install all the necessary

  • China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance

    China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance

    Cybersecurity researchers have warned of a “resurgence and expansion” of JDY, a covert network associated with China-nexus state-sponsored threat actors.

    “The JDY botnet comprises over 1,500 SOHO [small office and home office] and IoT devices and operates as a centrally controlled, high-performance scanner used to discover, fingerprint, and continuously map exposed services at scale,” Lumen’s

  • Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

    Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

    Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure.

    The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It’s tracked as CVE-2026-25089 (CVSS score: 9.1).

    “An

  • Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar

    Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar

    Your pentest report looks clean. That might be the problem.

    Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues appear. The report looks stable. Leadership reads “stable” as “secure.” It usually isn’t. The work slows down. The risk does not.

    That gap is what a The Hacker News webinar with Picus Security sets out to close.

    Autumn

  • Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards

    Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards

    On June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by capability but by a layer of safety classifiers.

    Fable 5 goes to the public. Its twin, Claude Mythos 5, the same underlying model with the cyber safeguards lifted, stays locked to a vetted group of cyber

  • ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances

    ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances

    ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances.

    “On June 5, 2026, ServiceNow applied a security update to hosted customer instances,” the company revealed in an advisory that requires customer access. “The update concerned a security issue that could allow an unauthenticated user, in

  • Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

    Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

    The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet.

    “The exploit is a race condition, so it’s a hit or miss,” the researcher, who published the exploit under a new GitHub account, “MSNightmare” said. “I have managed to get a 100% success rate on