If you process credit card data, you only have until 31 March 202, when all the requirements in PCI DSS v4.0.1 become officially mandatory. This post will help you get familiar with the compliance requirements of the latest version of… Read More "How to Comply with PCI DSS 4.0.1 (2026 Guide)"
The recent disruptive cyberattack that targeted the Los Angeles public transportation system has been linked to the Iranian government. The Los Angeles County Metropolitan Transportation Authority (LACMTA), widely known as LA Metro, discovered a breach in mid-March. The cybersecurity incident… Read More "LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers"
“The dominant safety benchmarks for frontier large language models share a structural assumption: that a single prompt and a single model response are enough to characterize how a model behaves under adversarial attack,” the Cisco researchers who authored the study… Read More "AI models more vulnerable than claimed when faced with iterative attacks"
The US Federal Communications Commission (FCC) has extended the deadline for owners of banned internet routers to provide security updates to US-based users by two years. In March 2026, the Commission banned the import and sale of all “consumer-grade” internet… Read More "US: FCC Relaxes Foreign-Made Router Ban to Allow for Security Updates"
Trust and automation are key to many attacks; and trust with automation is inherent in the use of AI coding agents. Malicious repositories are a frequent factor in many supply chain attacks, estimated at between 20% and 40%. Such repositories… Read More "‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems"
Cybercriminals have been using AI to identify and exploit a zero-day vulnerability successfully for the first time, Google Threat Intelligence Group (GTIG) has warned. Published on May 11, the GTIG AI Threat Tracker report said that “prominent” cybercrime threat actors… Read More "Hackers Observed Using AI to Develop Zero-Day for the First Time"
India’s ever-expanding digital infrastructure in the wake of the pandemic has escalated the demand for new, updated, and improved regulatory mandates for strengthening cybersecurity. Rampant cybersecurity incidents have been occurring weekly, alarming businesses, organizations, and individuals across India. The IBM… Read More "Top Cybersecurity Regulations in India in 2026"
Preventing credential compromise and surviving compromised credentials is not theoretically impossible but is difficult in practice and shows no sign of getting easier. Credentials The modern cyber use of the word ‘credentials’ stems from the Latin ‘creder’: to believe. As… Read More "The Credential Crisis: How Stolen Credentials Defeat Modern Security"
Ravie LakshmananMay 27, 2026Vulnerability / Software Security Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account,… Read More "Gitea Vulnerability Exposes Private Container Images without Authentication"
A previously undocumented information stealer has been distributed through fake Claude Code installation pages, hijacking Chromium browsers to bypass App-Bound Encryption and exfiltrate cookies, passwords and payment data from developer workstations. The campaign was detailed on 11 May by Ontinue’s… Read More "Fake Claude Code Page Pushes PowerShell Stealer at Devs"
