Why the browser is now the front line for AI security
…Write your own custom YAML rules targeting specific elements of the page DOM, web requests and responses, HTTP headers such as cookies, and more. Security teams don't need to choose between…
Search
Top stories
Google accidentally exposed details of unfixed Chromium flaw
…The flaw was reported by security researcher Lyra Rebane and acknowledged as valid in December 2022, as per the thread on Chromium Issue Tracker. An attacker could exploit the problem to create…
New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute
…Discovered by OpenAI's Codex software agent under the guidance of researchers at offensive security firm Calif, HTTP/2 Bomb combines two previously known HTTP/2 DoS methods: the HPACK compression amplification…
73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation
…The Case for Autonomous Validation Sponsored by Picus Security May 13, 2026 08:30 AM By Sila Ozeren Hacioglu , Security Research Engineer at Picus Security. In April 2026, Anthropic released its newest…
New Shai-Hulud malware wave compromises 600 npm packages
…According to application security company Socket, the hackers published 639 malicious versions across 323 unique packages in about one hour. Some of the impacted libraries include: echarts-for-react @antv/g2 @antv…
Early Warning Signs of Supply-Chain Attacks Live in the Dark Web
…What is a Software Supply-Chain Attack A software supply-chain attack targets the trusted tools, vendors, software components, services, or processes an organization relies on, instead of attacking the organization directly…
What 345 Days of Untested Exposure Looks Like at a Bank
What 345 Days of Untested Exposure Looks Like at a Bank Sponsored by Sprocket Security June 3, 2026 10:02 AM In April, a single VPN vulnerability led to data breaches at…
7-Eleven data breach exposes personal information of 185,000 people
…ShinyHunters has been targeting Salesforce customers for the past year and breached hundreds of companies, claiming they've stolen billions of records in the Salesforce Aura data theft attacks and the Salesloft…
Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution
…attention from security researchers and malware analysts. Several technical analyses published in recent months focused on the malware’s capabilities, infrastructure, and similarities to Lumma Stealer, including browser targeting mechanisms, and credential…
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
…Organizations using GlobalProtect VPN devices should immediately install the latest security updates to patch the flaws. Admins can also mitigate the flaw by turning off the authentication override feature or utilizing a…