The Double-Edged Sword of Non-Human Identities

Leaked non-human identities like API keys and tokens are becoming a major breach driver in cloud environments. Flare shows ...

EDR killer tool uses signed kernel driver from forensic software

Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in ...

New Amaranth Dragon cyberespionage group exploits WinRAR flaw

A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 ...

Microsoft rolls out native Sysmon monitoring in Windows 11

Microsoft has started rolling out built-in Sysmon functionality to some Windows 11 systems enrolled in the Windows Insider ...

Owner of Incognito dark web drugs market gets 30 years in prison

A Taiwanese man was sentenced to 30 years in prison for operating Incognito Market, one of the world's largest online ...

CISA warns of five-year-old GitLab flaw exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab vulnerability that is actively being exploited in ...

Step Finance says compromised execs' devices led to $40M crypto theft

Step Finance announced that it lost $40 million worth of digital assets after hackers compromised devices belonging to the ...

Coinbase confirms insider breach linked to leaked support tool screenshots

Coinbase has confirmed an insider breach after a contractor improperly accessed the data of approximately thirty customers, ...

Wave of Citrix NetScaler scans use thousands of residential proxies

A coordinated reconnaissance campaign targeting Citrix NetScaler infrastructure over the past week used tens of thousands of ...

French prosecutors raid X offices, summon Musk over Grok deepfakes

French prosecutors have raided X's offices in Paris on Tuesday as part of a criminal investigation into the platform's Grok ...

AI Agent Identity Management: A New Security Control Plane for CISOs

Autonomous AI agents are creating a new identity blind spot as they operate outside traditional IAM controls. Token Security ...

Hackers exploit critical React Native Metro bug to breach dev systems

Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native ...