Aggregator

Password-based authentication is increasingly risky as organizations adopt passkeys to strengthen security and meet ISO/IEC 27001 requirements. Passwork explains how to align passwordless adoption with Annex A controls, risk assessments, and secure implementation practices. [...]

ShinyHunters leaked 600,000+ Canada Goose customer records, though the company insists its systems were not breached. Data extortion group ShinyHunters has published over 600,000 Canada Goose customer records on its data leak site. Canada Goose is a Canadian luxury outerwear company best known for high‑end, cold‑weather jackets and parkas. Founded in 1957 and headquartered in […]

ChiBrrCon 2026 tackled AI, resilience, and operational agility in enterprise security. Learn what top speakers shared on SOC modernization and architectural risk.

The post AI Is Making Security More Agile: Highlights from ChiBrrCon 2026 appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, was found in Mattermost Desktop App up to 5.2.13/6.2.0. This affects an unknown part of the component Help Menu Handler. The manipulation results in improper authorization in handler for custom url scheme. This vulnerability is cataloged as CVE-2026-1046. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

Ревизоры сложили полномочия, осознав, что финал был написан без них.

A new security threat has emerged targeting users of AI assistants through a technique called AI Recommendation Poisoning. Companies and threat actors embed hidden instructions in seemingly harmless “Summarize with AI” buttons found on websites and emails. When clicked, these buttons inject persistence commands into an AI assistant’s memory through specially crafted URL parameters. The […]

The post Hackers Can Weaponize ‘Summarize with AI’ Buttons to Inject Memory Prompts Into AI Recommendations appeared first on Cyber Security News.

A vulnerability, which was classified as critical, has been found in Dassault Systèmes SOLIDWORKS eDrawings 2025/2026. Affected by this issue is some unknown functionality of the component EPRT File Parser. The manipulation leads to out-of-bounds write. This vulnerability is listed as CVE-2026-1335. The attack may be initiated remotely. There is no available exploit.

A vulnerability classified as critical was found in Dassault Systèmes SOLIDWORKS eDrawings 2025/2026. Affected by this vulnerability is an unknown functionality of the component EPRT File Parser. Executing a manipulation can lead to out-of-bounds read. This vulnerability is tracked as CVE-2026-1334. The attack can be launched remotely. No exploit exists.

A vulnerability classified as critical has been found in Dassault Systèmes SOLIDWORKS eDrawings 2025/2026. Affected is an unknown function of the component EPRT File Parser. Performing a manipulation results in use of uninitialized variable. This vulnerability is identified as CVE-2026-1333. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as problematic has been identified in Mattermost up to 10.11.9/11.1.2/11.2.1. This impacts an unknown function of the component Team Membership Handler. Such manipulation of the argument channel_mentions leads to missing authorization. This vulnerability is referenced as CVE-2025-14350. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Mattermost up to 10.11.9/11.1.2/11.2.1. This affects an unknown function of the component WebSocket Message Handler. This manipulation causes information disclosure. The identification of this vulnerability is CVE-2025-13821. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Mattermost up to 10.11.9/11.2.x. The impacted element is an unknown function of the component Team Setting Handler. The manipulation results in missing authorization. This vulnerability was named CVE-2025-14573. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in TR7 Cyber ​​Defense Web Application Firewall up to 16022026. The affected element is an unknown function. The manipulation leads to open redirect. This vulnerability is uniquely identified as CVE-2025-2418. The attack can only be initiated within the local network. No exploit exists.

The Acronis Threat Research Unit (TRU) has identified a new and significantly enhanced version of the LockBit ransomware, LockBit 5.0, currently being deployed in active campaigns. The latest variant demonstrates expanded cross-platform capabilities, enabling attackers to target Windows, Linux, and VMware ESXi systems within a single coordinated attack. According to analysis, LockBit 5.0 introduces dedicated builds tailored for enterprise environments, reflecting the continued evolution of ransomware-as-a-service (RaaS) operations. By supporting multiple operating systems and virtualization … More →

The post LockBit 5.0 ransomware expands its reach across Windows, Linux, and ESXi appeared first on Help Net Security.

Passwork has released version 7.4, introducing restrictive settings for User vaults along with enhancements to improve security and user experience. The update enables administrators to enforce stricter controls over password sharing and distribution, reducing data breach risks and supporting compliance with strong security policies. Key features of Passwork 7.4 Restrictive settings for User Vaults: Administrators can centrally enable or restrict the following actions for all User vaults: Adding users and groups Sending passwords Creating password … More →

The post Passwork 7.4 enhances enterprise security with centralized User vault restrictions appeared first on Help Net Security.

A software developer has created ClawBands, a project on GItHub that is designed to put human-in-the-loop controls on OpenClaw, the highly popular personal AI assistant that comes with a range of security risks. At the same time, OpenClaw developer Peter Steinberger is being hired by OpenAI to continue working on such AI agents.

The post ClawBands GitHub Project Looks to Put Human Controls on OpenClaw AI Agents appeared first on Security Boulevard.

A vulnerability, which was classified as critical, was found in kalcaddle kodbox up to 1.64.05. The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Preview Plugin. Such manipulation of the argument localFile leads to os command injection. This vulnerability is documented as CVE-2026-2560. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Het amfibisch transportschip Zr.Ms. Johan de Witt is zojuist de haven van Den Helder uitgevaren. Het schip is op weg naar Noord-Noorwegen voor deelname aan Cold Response. Aan deze grootschalige NAVO-oefening onder arctische omstandigheden nemen ongeveer 25.000 militairen deel. Zij komen uit 14 landen, waaronder de VS. De oefening valt onder de verzamelnaam Arctic Sentry en speelt zich af op land en in de wateren rondom Noorwegen en Finland.