Step-by-step guide to prioritize and apply Microsoft March 2026 Patch Tuesday updates covering 77 vulnerabilities, critical Office RCE, SQL Server and .NET fixes, and AI-discovered bugs.
CanisterWorm wiper attack by TeamPCP targets Iranian systems via cloud vulnerabilities. The worm spreads through exposed APIs and wipes data based on timezone/locale.
German police identify 31-year-old Russian Daniil Shchukin as 'UNKN', the leader of GandCrab and REvil ransomware groups, behind €35M in damages.
Microsoft's April 2026 Patch Tuesday fixes 167 vulnerabilities, including a SharePoint zero-day and the BlueHammer Windows Defender flaw. Google Chrome and Adobe Reader also addressed critical exploits.
Scattered Spider senior member Tyler Buchanan pleads guilty to wire fraud and identity theft, admitting role in 2022 phishing attacks that stole millions in crypto.
A Brazilian DDoS protection firm's infrastructure was breached to build a botnet that attacked local ISPs, highlighting security risks for cybersecurity companies.
Anthropic's Mythos AI autonomously weaponizes software flaws, igniting debate on security implications and the need for adaptive defenses.
Firefox 150 patches 271 zero-days found by Claude Mythos AI. Record haul shows defender advantage if patches are deployed quickly.
Critical Cargo tar crate vulnerability allows directory permission changes; crates.io already patched, alternate registries at risk.
Linux kernel bug from 2017 in AEAD sockets allows arbitrary 4-byte writes to page cache via splice(), enabling setuid binary corruption; fixed in mainline.
Greg Kroah-Hartman released seven stable Linux kernels on Thursday, including Xen fixes and backported patches for the critical AEAD socket vulnerability. Users must upgrade immediately.
Anthropic's Claude Mythos can autonomously find and exploit software vulnerabilities. This article explores the controversy, implications for offense vs defense, and the need for adaptation.
Frontier AI model Claude Mythos identified 271 zero-day vulnerabilities in Firefox, leading to fixes in version 150. The achievement signals a hopeful shift for defenders who can prioritize rapid patching.
Guide explaining Meta's threat to pull apps from New Mexico over encryption and CSAM detection demands, covering context, demands, Meta's response, and implications.
A practical 7-step guide for web professionals to redesign session timeouts for accessibility, covering duration, warnings, user preferences, and testing.
Step-by-step guide to making session timeouts accessible for users with disabilities, including audits, warnings, extensions, data preservation, and testing.
Critical cPanel/WHM auth bypass (CVE-2026-41940) allows unauthenticated remote takeover. Millions of servers at risk. Immediate patching required.
Guide to identify, understand, and mitigate the Linux LPE vulnerability CVE-2026-31431 (Copy Fail) that allows unprivileged users to gain root access via page cache manipulation.
New Python backdoor DEEP#DOOR uses tunneling service to steal browser/cloud credentials; disables Windows security via batch script.
Fake cell towers used in SMS scam ring, OpenEMR flaws, 600K Roblox hacks, malicious npm packages, and 5M exposed servers highlight urgent cyber risks.