Search the Portal

Recent Articles

JUL1
2026 Cybersecurity Assessment: The Gap Between Awareness and Resilience

Organizations have never had greater awareness of cyber risk. Yet turning that awareness into operational resilience has never been more challenging. The 2026 Bitdefender Cybersecurity Assessment confirms this is the case, as this year's findings reveal a series of surprising contradictions. Here are a few examples, based on the independent survey of 1,200 IT and cybersecurity professionals

The Hacker News by info@thehackernews.com (The Hacker News)
JUL1
Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities

Seven of the security defects have a maximum severity rating of 10/10 and could lead to arbitrary code execution. The post Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities appeared first on SecurityWeek.

Security Week by Ionut Arghire
JUL1
Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack

Citrix urges customers to patch NetScaler after fixing six vulnerabilities, including the HTTP/2 Bomb flaw and a high-severity CitrixBleed-style information disclosure bug. The post Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack appeared first on SecurityWeek.

Security Week by Ionut Arghire
JUL1
Microsoft Accelerates Post-Quantum Cryptography Shift to 2029

Microsoft on Tuesday said it's accelerating its quantum safe security roadmap, stating technology advances in quantum computing are making it essential to replace existing encryption standards sooner than previously expected. "Advances in quantum research and development have shifted the risk horizon," Mark Russinovich, chief technology officer of Microsoft Azure, said. "We believe

The Hacker News by info@thehackernews.com (The Hacker News)
JUL1
Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors

From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. The post Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors appeared first on SecurityWeek.

Security Week by Joshua Goldfarb
JUL1
Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari

The updates fix vulnerabilities in WebKit, the kernel, WebRTC, Web Extensions, and other components affecting iPhone, iPad, Mac, and Safari users. The post Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari appeared first on SecurityWeek.

Security Week by Ionut Arghire
JUL1
Dawnguard Raises $6.3 Million for Security Architecture Automation Platform

The company has publicly launched its solution to help organizations design, build, and operate secure cloud systems. The post Dawnguard Raises $6.3 Million for Security Architecture Automation Platform appeared first on SecurityWeek.

Security Week by Ionut Arghire
JUL1
Massive Password Spray Campaign Targeting Azure CLI

Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY. The post Massive Password Spray Campaign Targeting Azure CLI appeared first on SecurityWeek.

Security Week by Ionut Arghire
JUL1
Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware

Large language models keep inventing web addresses that do not exist. Attackers have started buying those made-up domains before anyone else can, then hosting phishing pages on them to catch traffic that AI tools point their way. Palo Alto Networks' Unit 42 calls the trick phantom squatting, and its new research shows it is already happening in the wild. The reason it matters is

The Hacker News by info@thehackernews.com (The Hacker News)
JUL1
Anthropic Restores Claude Fable 5 After U.S. Lifts Jailbreak-Linked Export Controls

Anthropic is putting Claude Fable 5 back online worldwide. On June 30, the U.S. Commerce Department lifted the export controls it had imposed on Fable and its more tightly controlled sibling Mythos 5 about two and a half weeks earlier. Fable 5 returns to users on Wednesday, July 1, across Claude.ai, the Claude Platform, Claude Code, and Claude Cowork. Export controls restrict who can

The Hacker News by info@thehackernews.com (The Hacker News)
JUL1
Google Patches 382 Chrome Vulnerabilities

Fifteen of the newly patched flaws have been rated ‘critical’ and 67 have been rated ‘high severity’. The post Google Patches 382 Chrome Vulnerabilities appeared first on SecurityWeek.

Security Week by Eduard Kovacs
JUL1
Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface (CLI), compromising dozens of accounts in the process. The activity, per Huntress, originates from an IPv6 address range (2a0a:d683::/32) controlled by internet infrastructure provider LSHIY LLC (AS32167). "Between June 12 and June 26, the threat

The Hacker News by info@thehackernews.com (The Hacker News)
JUL1
Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery

ClickFix, the trick that fools people into running malware by hand, has quietly grown a back office. New research shows the malicious commands behind its fake "prove you're human" pages are now handed out by API-driven servers that give each visitor the same malware in a different disguise. The same research also turned up a new delivery method built to slip past Windows' script scanning.

The Hacker News by info@thehackernews.com (The Hacker News)
JUN30
Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service

Citrix on Tuesday released security updates to address multiple flaws in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that could be exploited by an attacker to facilitate arbitrary file reads or trigger a denial-of-service (DoS) condition. The vulnerabilities are listed below - CVE-2026-8451 (CVSS score: 8.8) - An insufficient input validation

The Hacker News by info@thehackernews.com (The Hacker News)
JUN30
Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data

New Microsoft research shows how attackers can hijack AI agents that act on a user's behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider. The trick is that the agent never breaks a rule. Every step looks routine, so in a default setup no alarm may fire. The work comes from Microsoft Incident Response and its

The Hacker News by info@thehackernews.com (The Hacker News)