“To date, the observed exploitation has been limited to a few dozen targeted organizations globally,” Lotem Finkelstein, vice president of research at Check Point, said in a security blog post. “One case involved confirmed post-compromise activity associated with a Qilin… Read More "Check Point warns of ransomware-linked attacks exploiting outdated VPN protocol"
When Jaguar Land Rover (JLR) was hit by a major cyber-attack in September 2025, one of the first things the company’s cybersecurity leader did was to call over 30,000 staff on site to reset their passwords. Speaking during Infosecurity Europe… Read More "Infosecurity Europe: Why JLR’s CISO Enforced In-Person Password Resets"
Enterprise software maker SAP on Tuesday released 15 new security notes, including four that resolve critical-severity vulnerabilities in NetWeaver, Commerce, and Data Hub. The most severe of the resolved bugs is CVE-2026-44748 (CVSS score of 9.9), described as an XML… Read More "SAP Patches Critical NetWeaver, Commerce Vulnerabilities"
Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort. But the same challenges persist. Outages still last hours,… Read More "The Hidden Security Risk in Modern Networks: The Work Between Tools"
Google, in its latest Fraud & Scams Advisory, separately highlighted the evolution of traditional phishing into Adversary-in-the-Middle (AITM) and QR-code phishing attacks while documenting growing abuse of trusted cloud services, AI-driven investment scams, and impersonation campaigns. While Microsoft’s advisory focuses… Read More "Security shifts to the human layer as AI scams surge"
Check Point has urged customers to patch a critical zero-day vulnerability in its Remote Access VPN and Mobile Access solutions that is being actively exploited. CVE-2026-50751 is an authentication bypass flaw that affects deployments configured to use the deprecated IKEv1 key… Read More "Check Point Warns Critical Auth Bypass Bug Exploited in the Wild"
AI is disruptive. Anthropic’s Claude Mythos model, and its successors, promise to be even more disruptive: they could threaten the existing bug bounty and/or in-house offensive security industries. AI has been widely adopted by both cybersecurity attackers and defenders. Attackers… Read More "Will AI Kill the Bug Bounty Industry?"
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt. You… Read More "New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing"
Google has released an emergency update to patch 74 Chrome vulnerabilities, including a high-severity flaw that has been exploited in the wild. This is the fifth Chrome zero-day vulnerability in 2026 that has been exploited before a patch has been… Read More "Google Releases Patch for Chrome Vulnerability Exploited in the Wild"
Check Point on Monday warned that a critical-severity authentication bypass vulnerability affecting its VPN and firewall products has been exploited in the wild as a zero-day. Tracked as CVE-2026-50751 (CVSS score of 9.3), the security defect is described as a… Read More "Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks"
