AutoPentestX, an open-source automated penetration testing toolkit for Linux systems, enables comprehensive security assessments from a single command. Developed by Gowtham Darkseid and released in…
Ravie LakshmananJan 31, 2026Social Engineering / SaaS Security Google-owned Mandiant on Friday said it identified an “expansion in threat activity” that uses tradecraft consistent with…
A medium-severity vulnerability in the Iconics Suite SCADA system that could allow attackers to trigger denial-of-service conditions on critical industrial control systems. The flaw, tracked…
Ravie LakshmananJan 31, 2026Network Security / SCADA CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind…
The year got off to a busy start, with January offering an early snapshot of the challenges that (not just) cybersecurity teams are likely to…
A significant security discovery reveals that approximately 175,000 Ollama servers remain publicly accessible across the internet, creating a serious risk for widespread code execution and…
The latest update to the Metasploit Framework this week provides a significant enhancement for penetration testers and red teamers, introducing seven new exploit modules targeting…
New year, new and more complex challenges for cybersecurity leaders, starting on the technology front: AI tools are revolutionizing ways of working for security operations…
A stealthy data theft technique in Microsoft 365 that abuses Outlook add-ins to exfiltrate email content without leaving meaningful forensic traces. The technique, dubbed “Exfil…
Ivanti has disclosed two critical vulnerabilities affecting Endpoint Manager Mobile (EPMM) that could allow attackers to achieve unauthenticated remote code execution. The flaws, tracked as…
The Wireshark Foundation released Wireshark version 4.6.3 on January 14, 2026, addressing four critical security vulnerabilities and multiple stability issues affecting the popular network protocol…
A cyberattack by Russian state-sponsored threat actors that targeted at least 30 wind and solar farms in Poland relied on default credentials, lack of multi-factor…
