What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

May 29, 2026 at 04:00PM Shadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something b…

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

May 29, 2026 at 02:41PM Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software dev…

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

May 29, 2026 at 11:27AM The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed …

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

May 28, 2026 at 10:54PM A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git servi…

ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

May 28, 2026 at 07:03PM Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spin…

New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"

May 28, 2026 at 05:00PM State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise …

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

May 28, 2026 at 01:24PM A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organiz…

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

May 27, 2026 at 05:18PM CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous d…

5 Steps to Managing Shadow AI Tools Without Slowing Down Employees

May 27, 2026 at 05:00PM When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summ…

Gitea Vulnerability Exposes Private Container Images without Authentication

May 27, 2026 at 03:36PM Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform f…

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

May 27, 2026 at 01:15PM Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) c…

MFA Prompt Bombing: Why Your Second Factor Isn't Saving You

May 26, 2026 at 04:00PM Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant tha…