The recent security incident involving the popular vulnerability scanner, Trivy, has revealed a sophisticated supply-chain attack orchestrated by the threat group known as teampcp. Malicious actors infiltrated the official Trivy release channels and GitHub Actions workflows to distribute credential-stealing malware. Trivy, widely used by developers and security professionals, is instrumental in detecting security flaws, configuration errors, and secret exposures across containerized...

The FBI has issued a public warning highlighting a significant threat posed by Russian intelligence-linked actors targeting popular encrypted messaging services like Signal and WhatsApp. These malicious entities have launched widespread phishing campaigns that have already compromised thousands of user accounts globally. This alert marks the first official attribution directly connecting these cyber activities to Russian intelligence agencies, moving beyond general mentions of...

ConnectWise has issued an urgent security alert regarding a critical cryptographic flaw in its ScreenConnect remote access software that enables attackers to hijack sessions and escalate privileges. The vulnerability, designated CVE-2026-3564, impacts all ScreenConnect installations running versions prior to 26.1 and has been assigned a critical severity rating. ScreenConnect serves as a widely-deployed remote management solution utilized by managed service providers, IT administrators, and...

During Sony's E3 presentation, Jack Tretton, who leads Sony Computer Entertainment of America as its president and CEO, took a moment to express his regrets regarding the significant disruption to the PlayStation Network. His words of contrition were directed toward multiple groups: business partners outside Sony's direct operations, store vendors, and the gaming community at large who experienced the service interruption. In a somewhat lighter moment, Tretton acknowledged the press coverage...

Android's security landscape is shifting for experienced users. A forthcoming feature, Advanced Flow, will enable safer installation of apps from sources outside official stores. This system, launching in August, directly addresses the high costs of mobile malware and fraud. Last year alone, such threats led to global losses nearing half a trillion dollars. The goal is to provide enhanced safeguards during the sideloading process. This balances user freedom with critical protection against...

An innovative open-source solution emerges for safeguarding code repositories from accidental exposure. This tool delves into directories, individual files, and git histories, meticulously searching for sensitive data. Its engine employs both pre-defined and customizable patterns to detect valid secrets with high accuracy. The risk is real: malicious actors routinely automate scans of public code for accidentally committed credentials. Such lapses can include API keys, access tokens, and...

The era of trusting users to spot fake login pages is over. A new generation of phishing kits, like Tycoon 2FA, has automated credential theft into a simple subscription service. These kits create flawless replicas of Microsoft or Google login portals. They operate as a "man-in-the-middle," seamlessly relaying one-time codes and session cookies in real time. Over 64,000 attacks have been logged, with criminals exploiting this easy access to corporate email and cloud platforms. The victim...

Microsoft has issued a special out-of-band update aimed at addressing critical security issues impacting Windows 11 enterprise systems that utilize hotpatch updates instead of the standard Patch Tuesday cumulative patches. Released recently, the KB5084597 hotpatch targets vulnerabilities in the Windows Routing and Remote Access Service (RRAS) management component, which could potentially allow malicious actors to execute arbitrary code remotely when connecting to a compromised server. An...

Oracle has issued an urgent security update addressing a critical flaw in its Identity Manager and Web Services Manager platforms, designated as CVE-2026-21992. This out-of-band patch aims to close a significant vulnerability that allows remote attackers to execute arbitrary code without needing authentication. The affected products include Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0, along with Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0. The vulnerability scores...

The upcoming mainline Resident Evil title is revisiting a key element that made 2017’s Resident Evil 7: Biohazard so memorable — its deeply unsettling atmosphere filled with creeping dread. Resident Evil Requiem successfully recaptures this chilling vibe, while maintaining the series’ signature feel, based on a brief segment I recently experienced. The portion I played felt incredibly polished, almost like a finished demo ready for release, reminiscent of the Kitchen demo...

Prepare yourselves for tomorrow's digital expressway, featuring an astounding 2^128 possible routes. Today marks world ipv6 day, an occasion prompting everyone to evaluate their preparedness for the upcoming iteration of internet protocol—the foundational communication standard powering the internet and virtually every modern network. The necessity for ipv6 isn't exactly breaking news; experts identified long ago that ipv4's available addresses would eventually be exhausted, and that...

A significant cybersecurity incident has compromised the Pajemploi platform, a French social security system designed for parents and professional childcare workers. The breach potentially affects approximately 1.2 million registered caregivers who provide services to private households. Pajemploi operates under Urssaf, France's primary organization responsible for managing social security payments from both employers and private citizens. The service facilitates administrative processes...