11 Jul, 2026

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD workflows. Attackers stealing these tokens could gain unauthorized access to private repositories, steal source code, or inject malicious code into projects. The discovery by Palo Alto Networks’ Unit 42 […]

4 mins read

ADT confirms data breach after customer info leaked on hacking forum

American building security giant ADT confirmed it suffered a data breach after threat actors leaked allegedly stolen customer data on a popular hacking forum. ADT is a public American company that specializes in security and smart home solutions for residential and small business customers. The firm employs 14,300 people, has an annual revenue of $4.98 […]

2 mins read

Hackers use PoC exploits in attacks 22 minutes after release

Threat actors are quick to weaponize available proof-of-concept (PoC) exploits in actual attacks, sometimes as quickly as 22 minutes after exploits are made publicly available. That is according to Cloudflare’s Application Security report for 2024, which covers activity between May 2023 and March 2024 and highlights emerging threat trends. Cloudflare, which currently processes an average […]

2 mins read

Netgear warns users to patch auth bypass, XSS router flaws

Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. The stored XSS security flaw (fixed in firmware version 1.0.0.72 and tracked as PSV-2023-0122) impacts the XR1000 Nighthawk gaming router. While the company didn’t disclose any details regarding […]

2 mins read

Victims of cyber extortion and ransomware increase in 2024

More than 4,000 new victims of ransomware were recorded over the past 12 months. According to research by Orange Cyberdefense, there was a 77% year-on-year growth from 2023 with 4,374 new victims detected in 75% of countries monitored. In the first quarter of 2024, there were 1,046 victims hit by 43 different threat actors. Speaking […]

3 mins read

How AI can make security more proactive and less reactive

In November 2022, the wider world suddenly became aware of the power and potential of artificial intelligence as ChatGPT was made available to the general public. Yet information-security practitioners were already familiar with automation and machine learning, which they had been using for many years in the forms of security orchestration, automation and response (SOAR) […]

6 mins read

Mekotio Trojan Targets Latin American Banking Credentials

A new analysis has shed light on the threat posed by the Mekotio banking trojan, a sophisticated piece of malware primarily targeting Latin American countries since at least 2015.  Designed to steal sensitive information, particularly banking credentials, Mekotio has been especially active in Brazil, Chile, Mexico, Spain and Peru. This malware shares its origins with other […]

1 min read

Your Wi-Fi can now double as a home security system — Gamgee uses home Wi-Fi networks for intruder detection

Wi-Fi presence detection taken to the next level. Dutch startup Gamgee has launched a crowdfunding campaign for a home security system that detects physical intruders using your existing Wi-Fi system. Using a home mapping app and artificial intelligence, Gamgee’s Wi-Fi Home Alarm is claimed to offer precision protection by ‘body printing’ the household’s trusted people and pets. Alarms can […]

3 mins read

Has your VPN failed to connect recently? Microsoft says the latest Windows security update may provide a fix

If you’ve been experiencing VPN issues, Windows may have been to blame up until now. Microsoft’s April security updates for Windows 11 and Windows 10, KB5036893 and KB5036892 respectively, were previously identified by the company as causing VPN disconnection issues for some users, leaving some without a way to hide their IP address or change […]

2 mins read

Microsoft patents a technique to display encrypted documents so only you can see them

It seems to be a better system than AMD’s Privacy View feature but like all of them, it can’t solve one key issue. If you’re working on an important document in a busy environment and don’t want people to see what you’re doing at a glance, then you could use a privacy screen on the […]

3 mins read