OpenAI on Friday began rolling out Codex Security, an artificial intelligence (AI)-powered security agent that's designed to find, validate, and propose fixes for vulnerabilities.
The feature is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex web with free usage for the next month.
"It builds deep context about your project to identify
Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla.
Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in Firefox 148, released late last month. The vulnerabilities were identified over a two-week period in
As missiles and drones cross the regionβs skies, the Gulfβs layered air-defense networksβfrom THAAD to Patriot batteriesβare being tested in real time.
The ability to continue operating safely in an unsafe environment where competitors cannot is a competitive advantage that is rarely measured or discussed
The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding tools to strike targets with various implants.
The activity is designed to produce a "high-volume, mediocre mass of implants" that are developed using lesser-known programming languages like Nim, Zig, and Crystal and rely on trusted services like
Switchzilla says flaws could allow file overwrites or privilege escalation
Just when network admins thought the Cisco SD-WAN patch queue might finally be shrinking, Switchzilla has confirmed miscreants are exploiting more vulnerabilities in its SD-WAN management software.β¦
Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT.
The stealthy attack chain has been codenamed VOID#GEIST by Securonix Threat Research.
At a high level, the obfuscated batch script is used to deploy a second
Crooks tweak familiar copy-paste ruse so that victims run malicious commands themselves
A new twist on the long-running ClickFix scam is now tricking Windows users into launching Windows Terminal and pasting malware into it themselves β handing the credential-stealing Lumma infostealer the keys to their browser vault.β¦
FBI and French GIGN swoop on Saint Martin, John Daghita in cuffs
The son of a government contractor was arrested in the Caribbean after allegedly stealing more than $46 million in seized cryptocurrency from the US Marshals Service, the FBI says.β¦
New research shows hundreds of attempts by apparent Iranian state hackers to hijack consumer-grade cameras, timed to missile and drone strikes. Israel, Russia, and Ukraine have also adopted this trick.
Scaling cybersecurity services as an MSP or MSSP requires technical expertise and a business model that delivers measurable value at scale.
Risk-based cybersecurity is the foundation of that model. When done right, it builds client trust, increases upsell opportunities, and drives recurring revenue. But to deliver this consistently and efficiently, you need the right technology and processes.
New research from Broadcom's Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself in several U.S. companies' networks, including banks, airports, non-profit, and the Israeli arm of a software company.
The activity has been attributed to a state-sponsored hacking group called MuddyWater (aka Seedworm). It's affiliated with the Iranian
Attackers accessed systems holding data tied to millions of Oyster and contactless users
Transport for London has confirmed that a 2024 breach exposed the data of more than 7 million people β a far larger crowd than the few thousand customers originally warned that their details might be at risk.β¦
A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since 2024, targeting Windows and Linux systems and edge devices with three different implants.
The activity is being tracked by Cisco Talos under the moniker UAT-9244, describing it as closely associated with another cluster known as FamousSparrow.
It's worth
Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering campaign that has leveraged the Windows Terminal app as a way to activate a sophisticated attack chain and deploy the Lumma Stealer malware.
The activity, observed in February 2026, makes use of the terminal emulator program instead of instructing users to launch the Windows Run dialog and paste a command
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The critical-severity vulnerabilities are listed below -
CVE-2017-7921 (CVSS score: 9.8) - An improper authentication vulnerability affecting
Login
