IT teams are increasingly overwhelmed by alerts from disconnected systems, forcing responders to manually coordinate investigations during network incidents. This webinar explores how automation and AI-assisted workflows can help reduce response delays and improve operational coordination. […]
B1ack’s Stash Marketplace Gives Away 4.6 Million Stolen Credit Cards
The stolen credit card data was released as a free download, allegedly in response to seller misconduct.
The post B1ack’s Stash Marketplace Gives Away 4.6 Million Stolen Credit Cards appeared first on SecurityWeek.
The New Phishing Click: How OAuth Consent Bypasses MFA
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries.
The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had verified a
Cyber Resilience is the New Business Continuity Plan
The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose.
The post Cyber Resilience is the New Business Continuity Plan appeared first on SecurityWeek.
Microsoft confirms patching issues in restricted Windows networks
Microsoft says customers in restricted network environments may encounter Windows Update failures after installing the January 2026 optional non-security preview updates. […]
Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
Drupal has issued an alert stating that it intends to release a “core security release” for all supported branches on May 20, 2026, from 5-9 p.m. UTC.
“The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days,” the maintainers of the PHP-based content management system (CMS) said.
“Not all configurations are
201 Arrested in Crackdown on Cybercrime in Middle East, North Africa
The 13-country effort, named Operation Ramz, targeted cyber threats in the Middle East and North Africa region.
The post 201 Arrested in Crackdown on Cybercrime in Middle East, North Africa appeared first on SecurityWeek.
PoC Released for DirtyDecrypt Linux Kernel Vulnerability
Patched in April, the underlying vulnerability allows local attackers to elevate their privileges to root.
The post PoC Released for DirtyDecrypt Linux Kernel Vulnerability appeared first on SecurityWeek.
SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access
Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance.
“These vulnerabilities could have been exploited to read all mail traffic or as an entry vector into the internal network,”
“These vulnerabilities could have been exploited to read all mail traffic or as an entry vector into the internal network,”
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace.
The extension in question is rwl.angular-console (version 18.95.0), a popular user interface and plugin for code editors like VS Code, Cursor, and JetBrains. The VS Code extension has more than 2.2 million installations. The Open