3 critical threats detected in the last 24 hours. Active threat actors: ShinyHunters, Conti. Immediate review of affected systems recommended.
Critical
NVD CRITICAL: CVE-2026-20223 — A vulnerability in the access validation of internal REST APIs of Cisco Sec...
Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control
Drupal critical update to fix bug with high exploitation risk
Shifting Budget Dynamics for Identity Security and AI Agents
AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects.
The npm Threat Landscape: Attack Surface and Mitigations (Updated May 20)
Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attack Surface and Mitigations (Updated May 20) appeared first on Unit 42 .
Mercury raises $200 million
Mercury, a provider of banking services for entrepreneurs and the tech industry, has raised $200 million in a Series D at a $5.2 billion valuation.
FTC warns 12 major tech firms of violating Take It Down Act
The law mandates that platforms make it easy for people to ask that nonconsensual intimate images be removed and to delete them within 48 hours of a request.
NVD CRITICAL: CVE-2026-20223 — A vulnerability in the access validation of internal REST APIs of Cisco Sec...
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a cra
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native safety and security testing framework for writing and running safety and security tests for AI agents, covering
Zip and InComm Payments bring instalments to the gift card market
Zip (ASX: ZIP), the digital financial services company offering innovative, people-centered products for everyday Americans, and InComm Payments, a global payments technology company, today announced a partnership that brings installment buying to the gift card category.
Treasury Prime launches Prime Cash deposits at more than 90,000 retail locations
Treasury Prime today announced the launch of Prime Cash (Powered by Green Dot Network®), a solution that enables fintechs to let customers deposit cash nationwide, including Walmart, CVS, Walgreens and 7-Eleven, without requiring a branch visit.
Tucson Federal Credit Union embeds InvestiFi tech into online banking platform
InvestiFi, the award-winning digital investing solutions provider for financial institutions, has announced its partnership with Tucson Federal Credit Union (TFCU), embedding its InvestTech solutions into their existing online banking platform.
Ukraine probes teen suspect in cyber theft scheme targeting California online shoppers
The investigation began after U.S. authorities informed their Ukrainian counterparts that hackers operating from Ukraine could be involved in attacks targeting users of American e-commerce platforms, Ukraine's Prosecutor General said.
Discord migrates all users to end-to-end encryption by default
The move comes as other major social media platforms are killing end-to-end encryption for messaging. In recent months, Instagram and TikTok both announced they will no longer offer the feature.
Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control
An unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment.
7-Eleven confirms breach after ShinyHunters claims
The breach notification letters say 7-Eleven discovered the breach on April 8 and, after an investigation, determined that the cybercriminals gained access to “certain 7-Eleven systems used to store franchisee documents.”
Live Activity
Threat Alerts
Real-time alerts for the threats that matter to you. Choose your severity levels and threat categories.