soc

Jonathan Spalletta exploited smart contract vulnerabilities to steal approximately $55 million in cryptocurrency and cause Uranium to shut down. The post US Charges Uranium Crypto Exchange Hacker appeared first on SecurityWeek.

Join the webcast as we explore what Agentic AI can and cannot solve today, and real world breach scenarios linked to disconnected applications. The post Webinar Today: Agentic AI vs. Identity’s Last Mile Problem appeared first on SecurityWeek.

Phishing remains one of the most effective tools in the cybercriminal arsenal, especially when threat actors abuse the credibility of trusted institutions and familiar digital services to increase victim interaction. In late March 2026, CERT-UA revealed a phishing campaign tracked as UAC-0255 in which attackers impersonated the agency and attempted to infect organizations across Ukraine’s […]

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-5281 Google Dawn Use-After-Free Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of […]

CVE-2025-53521: F5 BIG-IP APM Flaw Reclassified as Unauthenticated RCE CVE-2025-Adresse geschuetzt F5 BIG-IP Access Policy Manager (APM) that was initially treated as a denial-of-service condition in 2025, then reclassified recently as a potential unauthenticated remote code execution (RCE) issue in certain deployments. BIG-IP APM often sits directly in the authentication and remote access path, so a pre-auth […]

February 2026: ShinyHunters Attacks Hit Odido, CarGurus, Panera Bread, and FigureFebruary 2026 brought a fresh wave of data breach disclosures, and the pattern was hard to miss. Extortion-driven attacks continued to spread across consumer brands, ecommerce platforms, telecom providers, and even government systems, often by exploiting identity access, support tools, or third-party relationships.Several of the […]

Identity Threat Intelligence Report: How Infostealer Malware Is Reshaping Cyber Risk?The network edge used to be the thing worth defending. Organizations built their security around it. Then came cloud, SaaS, and remote work, and the idea of a defined boundary quietly stopped being true.What replaced it was Identity. Every corporate resource, from email to infrastructure […]

Claude Code Leak: What You Need to Know On March 31, 2026, community reports drew attention to a source map exposure involving Anthropic’s Claude Code CLI after users found that the npm package appeared to include a JavaScript source map file, cli.js.map, alongside the distributed build. This is not the same as a confirmed breach of […]

Top 10 Cyber Threat Intelligence TrainingsCybersecurity training has become a core requirement as threat activity grows in scale and complexity. Security teams are expected to understand not only tools, but also attacker behavior, identity risks, and real-world attack chains and structured training helps close this gap by providing practical knowledge that can be applied in […]

Other noteworthy stories that might have slipped under the radar: Heritage Bank data breach, new State Department unit tackles cyber threats, LA Metro disruptions. The post In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline appeared first on SecurityWeek.