soc

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-5281 Google Dawn Use-After-Free Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of […]

CVE-2025-53521: F5 BIG-IP APM Flaw Reclassified as Unauthenticated RCE CVE-2025-53521 is a vulnerability in F5 BIG-IP Access Policy Manager (APM) that was initially treated as a denial-of-service condition in 2025, then reclassified recently as a potential unauthenticated remote code execution (RCE) issue in certain deployments. BIG-IP APM often sits directly in the authentication and remote access path, so a pre-auth […]

February 2026: ShinyHunters Attacks Hit Odido, CarGurus, Panera Bread, and FigureFebruary 2026 brought a fresh wave of data breach disclosures, and the pattern was hard to miss. Extortion-driven attacks continued to spread across consumer brands, ecommerce platforms, telecom providers, and even government systems, often by exploiting identity access, support tools, or third-party relationships.Several of the […]

Identity Threat Intelligence Report: How Infostealer Malware Is Reshaping Cyber Risk?The network edge used to be the thing worth defending. Organizations built their security around it. Then came cloud, SaaS, and remote work, and the idea of a defined boundary quietly stopped being true.What replaced it was Identity. Every corporate resource, from email to infrastructure […]

Claude Code Leak: What You Need to Know On March 31, 2026, community reports drew attention to a source map exposure involving Anthropic’s Claude Code CLI after users found that the npm package appeared to include a JavaScript source map file, cli.js.map, alongside the distributed build. This is not the same as a confirmed breach of […]

Top 10 Cyber Threat Intelligence TrainingsCybersecurity training has become a core requirement as threat activity grows in scale and complexity. Security teams are expected to understand not only tools, but also attacker behavior, identity risks, and real-world attack chains and structured training helps close this gap by providing practical knowledge that can be applied in […]

Other noteworthy stories that might have slipped under the radar: Heritage Bank data breach, new State Department unit tackles cyber threats, LA Metro disruptions. The post In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline appeared first on SecurityWeek.

The security defects could be used to bypass authentication, execute arbitrary commands, and decrypt configuration files. The post TP-Link Patches High-Severity Router Vulnerabilities appeared first on SecurityWeek.

ShadowPrompt: Zero-Click Prompt Injection Chain in Anthropic’s Claude Chrome Extension A vulnerability chain nicknamed ShadowPrompt affected Anthropic’s official Claude Google Chrome extension. Simply visiting a malicious webpage could allow an attacker to inject prompts into Claude as if the user typed them. This matters because routine browsing can become an AI control-plane risk, especially for […]

A summary of the announcements made by vendors on the third and fourth days of the RSAC 2026 Conference. The post RSAC 2026 Conference Announcements Summary (Days 3-4) appeared first on SecurityWeek.