How Apple turned to math to defend against next-gen attacks on encryption

Apple says testing missed flaws in new encryption designed to protect against future attacks from quantum computers, so it ...

KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.

Canada’s AI strategy is set to fail before it even launches

The Canadian government’s long-awaited and much-needed AI strategy is finally set to be unveiled this week, with AI minister ...

Dozens of Red Hat packages backdoored through its official NPM channel

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, ...

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique ...

Ottawa plans amendments to lawful-access bill amid backlash

Public Safety Minister Gary Anandasangaree is preparing to make several changes to the federal government’s controversial lawful-access bill, including ensuring the addition of protections for ...
Infosecurity Magazine

PureLogs Variant Steals Data via Purchase Order Lures

The PureLogs module targeted a wide range of browsers, including Google Chrome, Microsoft Edge, Brave, Opera, Yandex Browser, ...
Infosecurity Magazine

Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception

Almost all organizations impersonated by Chinese phishing platforms are non-Chinese entities, suggesting operators ...
Hackaday

This Week In Security: Ubiquiti Fixes, And FreeBSD Joins The Club You Don’t Want To Join

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...
Moneylife

CBSE's Digital Exam Portal Had a Master Password That Could Unlock Any Examiner's Account — and the Board Knew for 3 Months before Going Public

A 19-year-old cybersecurity enthusiast has raised serious questions about the safety of the Central Board of Secondary ...
Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...