1+ hour, 5+ min ago  (320+ words) Deleted Google API keys remain valid for up to 23 minutes after revocation, potentially allowing attackers to continue accessing Google Cloud services and Gemini data long after the credentials have been disabled. Google acknowledged the behavior following a report by Aikido,…...

7+ hour, 8+ min ago  (350+ words) European law enforcement agencies have dismantled a long-running VPN service allegedly used by ransomware gangs and cybercriminals to conceal attacks, steal data, and evade investigators. The operation, coordinated by France and the Netherlands with support from Europol and Eurojust, resulted…...

2+ day, 8+ hour ago  (375+ words) Discord announced that all voice and video calls on its platform are now protected with end-to-end encryption (E2 EE) by default. The rollout applies to direct messages, group calls, voice channels, and Go Live streams, with Stage channels remaining the only…...

3+ day, 34+ min ago  (243+ words) The Ministry of Digital Affairs is recommending two nationally operated systems: According to the advisory, both systems operate entirely under Polish jurisdiction, with their infrastructure hosted in Poland and administered in accordance with national cybersecurity standards. The move mirrors a…...

4+ day, 7+ hour ago  (251+ words) Pwn2 Own Berlin 2026 wrapped up with another string of successful enterprise-targeted exploits, bringing the contest's final tally to $1, 298, 250 awarded for 47 unique zero-day vulnerabilities discovered over three days. DEVCORE secured the "Master of Pwn" title with 50. 5 points and $505, 000 in winnings after dominating…...

5+ day, 22+ hour ago  (393+ words) Pwn2 Own Berlin 2026 continued with another wave of successful zero-day demonstrations on Thursday, as security researchers earned $385, 750 for 15 unique vulnerabilities targeting enterprise software, AI platforms, operating systems, and developer tools. The biggest payout of the day went to DEVCORE's Orange Tsai,…...

6+ day, 5+ hour ago  (387+ words) Security researchers have announced what they describe as the first public mac OS kernel memory corruption exploit capable of bypassing Apple's Memory Integrity Enforcement (MIE) protections on the latest M5 chip. The disclosure was published after members of the team met…...

6+ day, 9+ hour ago  (424+ words) Open AI says a recent software supply-chain attack tied to the "Mini Shai-Hulud" malware campaign impacted two employee devices and exposed limited internal credentials, prompting the company to rotate code-signing certificates for its desktop applications. The company said it found…...

6+ day, 14+ hour ago  (333+ words) Researchers earned more than half a million dollars on the opening day of Pwn2 Own Berlin 2026 after successfully demonstrating 24 previously unknown vulnerabilities across AI platforms, NVIDIA software, Windows 11, Linux systems, and developer tools. The first day of the hacking competition saw…...

1+ week, 2+ hour ago  (350+ words) Kazuar," a long-running malware platform linked to the Russian state-sponsored threat group Secret Blizzard, has evolved into a stealthy peer-to-peer botnet designed for persistent intelligence collection. Secret Blizzard, which the US Cybersecurity and Infrastructure Security Agency (CISA) attributes to Center…...