In this excerpt of a TrendAI Research Services vulnerability report, Richard Chen and Lucas Miller of the TrendAI Research team detail a recently patched double free vulnerability in the Windows Internet Key Exchange (IKE) service. This bug was originally…

How to identify tax-related phishing and fraud: fake portals, bogus crypto wallet verifications, and malicious files. We break down the steps you need to take to protect both your money and your data.

Global agencies issue a major warning on China-nexus covert networks, as hackers shift tactics to exploit SOHO routers and IoT devices to target infrastructure.

Citizen Lab reveals how surveillance vendors exploit mobile network signaling protocols like SS7 and Diameter to track targets, highlighting severe global telecom risks.

ZionSiphon was designed to find and sabotage Israelis’ water supply. An OT expert said it appears to be ineffective and the work of amateurs using AI.

"CISA and the NCSC warn of 'Firestarter,' a persistent Cisco firewall backdoor that survives patches. Authorities mandate hard reboots and device reimaging to eliminate the threat."

The company said it found more evidence of compromise across its customer base. Exposure, which has yet to be defined, poses significant downstream risk.

Advisory reveals China-Nexus hackers using covert botnets of IoT and routers to evade detection and scale global cyberattacks.

UK Biobank data breach exposed de-identified health records listed for sale online, raising global concerns over biomedical data security and access.

Hi hackers,   Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring:   Compromising an NPM package with 40M weekly downloads Bypassing Cloudflare WAF for a full ATO 20-...

Kaspersky researcher discovered a vulnerability in RPC architecture that enables an attacker to create a fake RPC server and escalate their privileges.

Bitwarden CLI hit by the Checkmarx supply chain attack. Version 2026.4.0 shipped malicious code in bw1.js via a compromised GitHub Action.

In this The Cyber Express weekly roundup, explore the latest cybersecurity threats, from UK Biobank breaches and law enforcement actions.

Germany’s Bundestag President Klöckner was targeted in a Signal phishing attack via a fake CDU group chat.

A side-channel attack that allows a fiber-optic cable to be used as a microphone.

The latest attempt to re-up a controversial expiring surveillance law has failed to placate vocal critics on both the left and right of the political spectrum.

'Pack2TheRoot' flaw lets local Linux users gain root via PackageKit. CVE-2026-41651 (8.8) has existed for nearly 12 years.

CISA said a federal Cisco Firepower ASA device was infected with the FIRESTARTER backdoor in Sept 2025, and it survived security patches.

Attackers exploit a Breeze Cache flaw (CVE-2026-3844) to upload files without login. Wordfence researchers detected over 170 attacks.