Aggregator

IT teams are increasingly overwhelmed by alerts from disconnected systems, forcing responders to manually coordinate investigations during network incidents. This webinar explores how automation and AI-assisted workflows can help reduce response delays and improve operational coordination. [...]

Discord has protected voice and video calls in DMs, group DMs, voice channels, and Go Live streams with end-to-end encryption (E2EE) by default. The company began experimenting with E2EE for voice and video in 2023, starting a long-term effort. End-to-end encryption allows only participants in a call to access its content, while Discord does not have access to media encryption keys. Since then, the company introduced DAVE, an open and audited E2EE protocol developed for … More →

The post The end of unencrypted Discord calls is here appeared first on Help Net Security.

Американские спецы показали новый уровень хранения секретов.

The attack cycle has fundamentally changed. Not gradually, not theoretically measurable, and within the last twelve months. IBM’s 2026 X-Force […]

The post AI-Assisted Cyber Attacks: How Autonomous Operations Became the New Normal appeared first on HawkEye.

Digital.ai data reveals 87% of apps were attacked over the past year

За агрессивной экспансией стояла не случайность, а холодный расчёт.

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries.  The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had verified a

Microsoft says customers in restricted network environments may encounter Windows Update failures after installing the January 2026 optional non-security preview updates. [...]

Your employees are not falling for “bad grammar” phishing anymore. They are being pulled into fake Microsoft logins, banking pages, AI tool instructions, real OAuth flows, and event invitations that look close enough to daily work to pass without alarm.  For CISOs, that is the real social engineering problem in 2026: attacks are no longer […]

The post Top 5 Phishing-Driven Social Engineering Attacks on Companies in 2026 appeared first on ANY.RUN's Cybersecurity Blog.

Microsoft предлагает обезопасить почту, отключив часть полезных функций Outlook.

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

阅读： 05月19日，2026年中国网络文明大会在广西南宁开幕。绿盟科技作为国内网络安全行业领军企业，受邀参加本次大会“人工智能赋能网络文

A vulnerability classified as problematic was found in Faceted Search Extension up to 5.6.1/6.6.0/7.0.0 on TYPO3. Affected is an unknown function of the component OOXML Parser. Such manipulation leads to xml external entity reference. This vulnerability is documented as CVE-2026-46722. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in MLflow up to 3.9.x. This impacts an unknown function of the file /ajax-api of the component Assistant Feature. This manipulation causes origin validation error. This vulnerability is registered as CVE-2026-2611. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Frontend User Registration Extension up to 13.2.3/14.0.1 on TYPO3. This affects an unknown function. The manipulation results in dynamically-determined object attributes. This vulnerability is cataloged as CVE-2026-46721. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Apache OFBiz up to 24.09.05. The impacted element is an unknown function. The manipulation leads to improper authentication. This vulnerability is listed as CVE-2026-31387. The attack must be carried out from within the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Apache OFBiz up to 24.09.05. The affected element is an unknown function. Executing a manipulation can lead to server-side request forgery. This vulnerability is tracked as CVE-2026-31910. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Apache OFBiz up to 24.09.05. Impacted is an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-31906. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.