Apple open-sources quantum-resistant encryption code
Apple has released quantum-resistant cryptographic code and the mathematical verification tools it developed to prove the code’s correctness, making them publicly available for independent review…
Month: May 2026
Stop treating AI governance as a review layer. Make it release infrastructure
AI systems change even when the base model does not. A retrieval index updates overnight. A new tool gets added to an agent’s action space.…
Millions of AI agents imperiled by critical vulnerability in open source package
Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running…
Welcoming the AWS Customer Incident Response Team
May 26, 2026: This post was originally published in July 2022. It has been updated to reflect current engagement options, new threat intelligence resources such…
Understanding Illicit Ecosystems: The Hybrid Threat of “The Com”
What is “The Com”? The Community, more widely known as “The Com” is a sophisticated hybrid threat ecosystem in which cybercrime serves as the venture…
Ransomware Canaries: A 2022 Update
Ransomware has been around for decades, but some variants have evolved to become more advanced—finding new ways to spread, evade detection, encrypt files and even…
KnowledgeDeliver flaw exploited as a zero-day to install web shells
Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. The flaw is…
Multiple Angular Language Service Extension Vulnerabilities Enable RCE Attacks
A set of high-severity vulnerabilities has been identified in the Angular Language Service Visual Studio Code extension (Angular.ng-template), potentially exposing developers to remote code execution…
Internet Starts to Return in Iran After 3-Month Blackout
After more than 2,000 hours of government-imposed connectivity blackouts, there were signs on Tuesday that Iran’s internet is coming back—at least at very low levels.…
Quasar RAT Hits Developers With Fileless Linux Attacks
Quasar Linux (QLNX) is a new, stealthy Linux Remote Access Trojan that quietly turns developer and DevOps workstations into high‑value beachheads for software supply‑chain attacks,…
Trojanized Gemini and Claude Installers Target Developers Via SEO Poisoning
Cybercriminals are using fake websites for popular Artificial Intelligence (AI) tools to trick software developers into downloading data-stealing malware. The issue was first spotted on…
Chinese phishing gangs grow into a force to be reckoned with
Chinese-language phishing-as-a-service (PhaaS) communities are expanding in an area historically dominated by Russian-speaking cybercriminal groups. The Google Threat Intelligence Group (GTIG) analyzed a dozen active…