Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them. […]
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. […]
Video service Vimeo confirms Anodot breach exposed user data
Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company. […]
Cyber Insurance Data Gives CISOs New Ammo for Budget Talks
Boards may ignore alerts, but they listen to losses: new data from Resilience links security gaps directly to financial impact.
The post Cyber Insurance Data Gives CISOs New Ammo for Budget Talks appeared first on SecurityWeek.
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single “git push” command.
The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to a repository to achieve
The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to a repository to achieve
Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign
A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot).
“The malware disguises itself as a Minecraft hack called ‘Slinky,'” Brazil-based cybersecurity company ZenoX said in a technical report. “It uses the official game icon to induce voluntary execution,
“The malware disguises itself as a Minecraft hack called ‘Slinky,'” Brazil-based cybersecurity company ZenoX said in a technical report. “It uses the official game icon to induce voluntary execution,
Vimeo Confirms User and Customer Data Breach
The ShinyHunters group is threatening to leak stolen files unless Vimeo agrees to pay a ransom.
The post Vimeo Confirms User and Customer Data Breach appeared first on SecurityWeek.
The Mythos Moment: Enterprises Must Fight Agents with Agents
Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era.
The post The Mythos Moment: Enterprises Must Fight Agents with Agents appeared first on SecurityWeek.
US reportedly charges Scattered Spider hacker arrested in Finland
A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider hacking collective. […]
Webinar Today: A Step-by-Step Approach to AI Governance
Join the webinar to explore a practical, multi-layered roadmap to transition from fragmented AI usage to a governed, scalable ecosystem.
The post Webinar Today: A Step-by-Step Approach to AI Governance appeared first on SecurityWeek.