Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts, and in some cases, removing certificates from Windows. […]
US Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified Systems
Google, Microsoft, Amazon Web Services, Nvidia, OpenAI, Reflection and SpaceX will provide resources to help augment warfighter decision-making in complex operational environments,” the Defense Department said.
The post US Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified Systems appeared first on SecurityWeek.
Telegram Mini Apps abused for crypto scams, Android malware delivery
Cybersecurity researchers have uncovered a large-scale fraud operation that uses Telegram’s Mini App feature to run crypto scams, impersonate well-known brands, and distribute Android malware. […]
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerability, tracked as CVE-2026-31431 (CVSS score: 7.8), is a case of local privilege escalation (LPE) flaw that could allow an
The vulnerability, tracked as CVE-2026-31431 (CVSS score: 7.8), is a case of local privilege escalation (LPE) flaw that could allow an
Critrical cPanel flaw mass-exploited in “Sorry” ransomware attacks
A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in “Sorry” ransomware attacks. […]
ConsentFix v3 attacks target Azure with automated OAuth abuse
A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums, building on the previous technique by adding automation and scaling potential. […]
New Bluekit Phishing Kit Features AI Assistant
Still under development, Bluekit provides users with automated domain registration and an AI Assistant.
The post New Bluekit Phishing Kit Features AI Assistant appeared first on SecurityWeek.
Trellix Confirms Source Code Breach With Unauthorized Repository Access
Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a “portion” of its source code.
It said it “recently identified” the compromise of its source code repository and that it began working with “leading forensic experts” to resolve the matter immediately. It also said it has notified law enforcement of the matter.
Trellix did not disclose the
It said it “recently identified” the compromise of its source code repository and that it began working with “leading forensic experts” to resolve the matter immediately. It also said it has notified law enforcement of the matter.
Trellix did not disclose the
Microsoft tests modern Windows Run, says it’s faster than legacy dialog
Microsoft has confirmed that Windows 11 is getting a new modern Run dialog with dark mode support and faster performance in a new preview build. […]
Edu tech firm Instructure discloses cyber incident, probes impact
Instructure, the company behind the widely used Canvas learning platform, has disclosed that it recently suffered a cybersecurity incident and is now investigating its impact. […]