Aggregator

Passing MFA doesn't mean a session is safe, attackers can hijack tokens and bypass identity checks. Specops Software explains why Zero Trust must verify both user identity and device health. [...]

Bug bounty platform HackerOne is notifying hundreds of employees that their data was stolen after attackers hacked Navia, one of its U.S. benefits administrators. [...]

Geopolitics and cyber warfare take center stage at Infosecurity Europe as Dmytro Kuleba discusses Ukraine’s hybrid war experience

Mimecast has announced a major expansion of its Incydr offering with new data security capabilities and a preview of the Agent Risk Center. These enhancements deliver runtime data security through a unified approach to detect, govern, and remediate data exposure in real time, whether driven by employees or agents acting on their behalf. Eighty percent of Fortune 500 companies now run active AI agents, yet only 14% have full security approval for them1. Enterprise data … More →

The post Mimecast expands Incydr with runtime data security for AI and human risk appeared first on Help Net Security.

Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor. [...]

A vulnerability was found in Mozilla Firefox up to 148. It has been declared as critical. This affects an unknown function of the component Audio/Video. Such manipulation leads to Remote Code Execution. This vulnerability is listed as CVE-2026-4724. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 148. It has been classified as problematic. The impacted element is an unknown function of the component Anti-Tracking. This manipulation causes an unknown weakness. This vulnerability is tracked as CVE-2026-4728. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in Mozilla Firefox up to 148 and classified as problematic. The affected element is an unknown function of the component Libraries. The manipulation results in denial of service. This vulnerability is identified as CVE-2026-4727. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Mozilla Firefox up to 148 and classified as problematic. Impacted is an unknown function of the component XML. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2026-4726. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 148. This issue affects some unknown processing of the component Canvas2D. Executing a manipulation can lead to use after free. The identification of this vulnerability is CVE-2026-4725. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 148. This vulnerability affects unknown code of the component JavaScript Engine. Performing a manipulation results in use after free. This vulnerability was named CVE-2026-4723. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Mozilla Firefox up to 148. This affects an unknown part of the component IPC. Such manipulation leads to Remote Code Execution. This vulnerability is uniquely identified as CVE-2026-4722. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

Как взлом Ливии изменит мировые цены на топливо.

A Russian citizen, Aleksei Volkov, was sentenced to 81 months in prison for helping ransomware groups carry out attacks causing over $9 million in actual losses and over $24 million in intended losses, after being arrested in Italy and extradited to the United States where he pleaded guilty. According to prosecutors, Volkov was an initial access broker who found vulnerabilities in computer networks, gained unauthorized access, and sold that access to other cybercriminals. Volkov’s co-conspirators … More →

The post Russian initial access broker helped ransomware gangs extort millions, sentenced to 81 months appeared first on Help Net Security.

JPMorganChase uses digital fingerprints and digital twins to spot online attackers and malicious behaviors while also reducing pesky false alerts.

Darktrace has launched its managed security service for MSSPs, enabling partners to deliver AI-native email security with real-time detection, investigation, and response across the email ecosystem. The launch is supported by updates to the Darktrace Defenders Partner Program designed to provide flexibility and scalability for partners at every stage of their services maturity, helping them expand security offerings and deliver AI-native protection to customers around the world. Email threats continue to grow in sophistication as … More →

The post Darktrace expands MSSP offering with AI-driven managed email security appeared first on Help Net Security.

Poor patch management, increasingly complex IT environments and continued use of obsolete software puts organizations at risk from cyber threats, says the Absolute Security 2026 Resilience Risk Index

The popular anime streaming platform Crunchyroll confirmed that a batch of customer information that was stolen through a third-party customer service vendor and leaked online is legitimate.

Учёные разработали способ производить удобрения на Марсе.

A Russian national was sentenced to nearly 7 years in prison after pleading guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks. [...]