UK organizations have been encouraged to immediately patch a critical new vulnerability in F5’s BIG-IP Access Policy Manager (APM) product currently under active exploitation. The National Cyber Security Centre (NCSC) explained that it is still “working to fully understand UK impact… Read More "NCSC Urges Immediate Patching of F5 BIG-IP Bug"
Breaches of employee data reported to the UK regulator have hit their highest level in at least seven years, according to new analysis from law firm Nockolds. The company said that reports to the Information Commissioner’s Office (ICO) had increased… Read More "Employee Data Breaches Surge to Seven-Year High"
Microsoft’s researchers have established clear links between the group running this operation, which it calls Fox Tempest, and ransomware affiliates who worked with gangs such as INC, Qilin, Akira, and Rhysida. One ransomware group tracked as Vanilla Tempest used the… Read More "Microsoft disrupts malware code-signing service used by ransomware gangs"
Researchers have observed a “dangerous convergence” between supply chain attackers and extortion gangs like Lapsus$ as TeamPCP looks to exploit stolen credentials. In a new report published on March 30, security researchers at Wiz, now part of Google Cloud, said… Read More "TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets"
A security vulnerability in ChatGPT executed with a single malicious prompt could be exploited to covertly exfiltrate sensitive data from prompts and messages. The security issue, which enabled data exfiltration and remote code execution, was discovered by cybersecurity researchers at… Read More "ChatGPT Security Issue Enabled Data Theft via Single Prompt"
Vulnerability exploitation was the most common access vector for data breaches in 2025, the latest installment of Verizon’s annual Data Breach Investigations Report (DBIR) shows. The number of analyzed security incidents has increased to 31,000. Of these, more than 22,000… Read More "Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector"
Microsoft published a higher-than-usual list of fixes for CVEs as part of its monthly Patch Tuesday update round yesterday, including two zero-day vulnerabilities. One of these, CVE-2026-32201, is being actively exploited in the wild. It is described as a server… Read More "Microsoft Fixes Two Zero-Days in April Patch Tuesday"
Veteran consultant Robert Enderle of the Enderle Group noted that this kind of exposure happens with alarming frequency. “Developers are often under immense pressure to deliver code quickly,” he said, “and the lines between personal and professional repositories can easily… Read More "Contractor’s public GitHub account exposed GovCloud and CISA credentials"
Security researchers have detected a “sharp rise” in brute-force attempts to hijack SonicWall and Fortinet devices, with the vast majority (88%) appearing to come from the Middle East. Barracuda said most of these attempts were unsuccessful as they were either… Read More "Researchers Spot Surge in Brute-Force Attacks from Middle East"
Proof-of-concept (PoC) code is now available for another Linux kernel vulnerability that could allow attackers to elevate their privileges to root. Dubbed DirtyDecrypt (aka DirtyCBC), the exploit comes from the V12 security team, which discovered it earlier this month, after… Read More "PoC Released for DirtyDecrypt Linux Kernel Vulnerability"
