Security Bulletin

Researchers discovered a phishing attack in the wild that takes multiple well-tread technologies like open source packages and AES encryption and combines them.

We have been using our data to identify researchers scanning the internet for a few years. Currently, we are tracking 36 groups performing such scans, and our data feed of the IP addresses used contains around 33k addresses [1].

While the financial terms were not disclosed, the deal is believed to be worth tens of millions and marks a shift for Orca from visibility and risk prioritization to full-scale autonomous remediation.

While AI investment in India is booming, expected to generate $115 billion in economic value by 2027, Tenable found critical missteps, including 77% of Vertex AI Notebook users failing to reconfigure default permissions and 70% of workloads...

The collaboration allows security teams to gain deeper insight into API vulnerabilities and posture issues by embedding Salt’s threat intelligence into the Wiz security graph.

The initiative blends Google Cloud’s real-time security analytics with insurer expertise to offer more personalized and competitively priced cyber insurance coverage, including protections against AI-related threats and quantum-enabled attacks.

CyberSN’s 2025 Salary Data Report reveals rising pay for specialized technical and leadership roles, while generalist and support positions face stagnation amid outsourcing, automation, and tighter budgets.

CyberScoop reports that mounting threats to the federal cybersecurity workforce have prompted Reps. Pat Fallon, R-Texas, and Marcy Kaptur, D-Ohio, to introduce legislation that would mandate the National Cyber Director to create a new centralized...

U.S. biotechnology firm Regeneron Pharmaceuticals has pledged to adhere to the current privacy policy of 23andMe, which allows consumer deletion of genetic data, as it entered a $256 million agreement to purchase the embattled DNA testing services...

Updates have been released by Mozilla to resolve a pair of critical out-of-bounds access flaws impacting the Firefox browser, which have been abused as zero-days at last week's Pwn2Own Berlin hacking contest, resulting in bounties of $50,000 each for...

Widely used WordPress plugin RomethemeKit for Elementor was discovered to be affected by a critical security vulnerability, tracked as CVE-2025-30911, which could be leveraged to facilitate remote code execution, Infosecurity Magazine reports.

TechCrunch reports that operations of the almost identical mobile surveillance apps Cocospy, Spyzie, and Spyic have been halted.