TITAN LAYERCVE-2026-6276 is a critical vulnerability that allows the leakage of custom cookies due to a stale host, impacting the privacy and security of web applications.
The FBI, in collaboration with Google and Black Lotus Labs, has dismantled a phishing operation called Outsider Enterprise, which used thousands of fraudulent websites to steal credit card data and passwords.
As alert volumes outpace human capacity, organizations are turning to AI and automation to separate real threats from the noise.
GitHub has announced that npm version 12 will introduce security-focused changes aimed at blocking supply-chain attacks, particularly those exploiting the 'npm install' command.
AtSign's new platform applies cryptographic protections to make the identities of AI-built applications effectively invisible, aiming to prevent attackers from exploiting vulnerabilities.
Google has released security updates to address 74 vulnerabilities, including a high-severity one actively exploited in the wild. CVE-2026-11645 is an out-of-bounds memory access in Chrome's V8 engine.
CISA has ordered U.S. government agencies to patch a critical vulnerability in Check Point's VPN, exploited in zero-day attacks by Qilin ransomware affiliates.
The CVE-2026-3276 vulnerability allows denial-of-service (DoS) attacks through the unicodedata.normalize() function, severely impacting applications that utilize it.
OpenAI has rolled out a new Lockdown Mode for ChatGPT aimed at reducing the risk of data exfiltration from prompt injection attacks. This feature is designed for users handling sensitive data and requiring stricter protection guarantees.
A new supply-chain attack has infected 36 packages on the Node Package Manager with IronWorm malware. This incident highlights the vulnerability of popular platforms and the need for constant vigilance.
Security researchers have disclosed an attack that allows the theft of GitHub tokens with a single click. This can compromise both private and public repositories.
The emergence of threat actors operating without transparency is changing the concept of responsible disclosure, presenting significant challenges for cybersecurity.
The CVE-2026-33671 vulnerability in Picomatch allows ReDoS attacks via extglob quantifiers, impacting the performance of applications using this library.