Password Manager Dashlane Suspends Customer Accounts Amid Brute-Force Attacks
Dashlane temporarily disabled a number of user accounts after detecting a wave of brute‑force login attempts originating from overseas IP addresses. The company investigated the incidents on Sunday, restored the affected accounts by evening, and moved the incident status to "monitoring" on Monday. Dashlane confirmed no internal systems were compromised but did not disclose the scale of the attack. Users expressed concern over the limited public communication and questioned the legitimacy of the suspension emails.
Anthropic to Give EU’s Cybersecurity Agency Access to Mythos
Anthropic PBC will grant the EU’s cybersecurity agency ENISA access to Mythos, its AI system that discovers and exploits software vulnerabilities. ENISA will join Project Glasswing, a pilot allowing vetted organizations to test Mythos before a wider rollout. The collaboration...
Hackers Are Already Laying Groundwork to Disrupt the 2026 Midterms, Research Says
Cybersecurity firm Check Point warns that hackers are already laying groundwork to disrupt the 2026 U.S. midterm elections. The report highlights a shift from targeting voting machines to exploiting campaign accounts, fundraising platforms, and local‑government web infrastructure through phishing, credential...
OpenAI Codex Authentication Tokens Stolen in Codexui-Android Npm Supply Chain Attack
Security researchers have uncovered a supply‑chain attack targeting the npm package codexui-android, which masquerades as a remote UI for OpenAI Codex. The malicious code silently reads the ~/.codex/auth.json file and sends access, refresh and ID tokens to an attacker‑controlled server...
Websites Can Now Spy on You Through Your Hard Drive
Researchers have unveiled a new side‑channel attack called FROST that lets websites infer SSD activity from JavaScript running in the browser. By measuring subtle timing differences in read/write operations, malicious sites can infer files stored on a user’s hard drive...
Why Non-Production Data Is Becoming Enterprises’ Biggest Compliance Blind Spot
Enterprises are facing a surge in sensitive data sprawl across non‑production environments as DevOps velocity, analytics workloads, and AI training pipelines multiply data copies. The Perforce Delphix 2025 State of Data Compliance and Security Report shows 60% of organizations suffered...
Geordie Closes $30M in Funding to Help Enterprises Securely Adopt Agentic AI at Scale
Geordie AI closed a $30 million Series A led by Balderton Capital, bringing total funding to $36.5 million and earmarking the cash for product development and U.S. expansion. The platform gives enterprises real‑time visibility into AI agents and uses its Beam runtime suite...
New ChatGPhish Technique Uses Prompt Injection to Manipulate ChatGPT Responses
Security researchers have disclosed "ChatGPhish," a novel browser‑based prompt‑injection technique that manipulates ChatGPT's page‑summarization feature. By embedding malicious instructions in ordinary web pages, attackers can coerce the model into appending phishing alerts, links, or QR codes to otherwise legitimate summaries....
Tips for Protecting Against Retail Cyberattacks
Retail remains the top cyber‑crime target, accounting for roughly 24% of all attacks, according to Fortinet. Hackers exploit the myriad of customer‑facing apps, loyalty programs, payment systems and third‑party integrations that retailers rely on, while many firms operate with lean...
6 Critical Security Gaps Every CISO Must Address
A recent Proofpoint survey shows one‑third of CISOs believe their data isn’t adequately protected and 58% feel unprepared for a cyberattack, while only 67% think they have sufficient budget, staff, and tools. Experts identify six critical gaps: perception of security...
CBSE Engages IIT Experts After Admitting OSM Security Vulnerabilities
The Central Board of Secondary Education (CBSE) has enlisted cybersecurity experts from IIT Madras, IIT Kanpur and the Digital Infrastructure Corporation of India to audit its On‑Screen Marking (OSM) platform after confirming multiple vulnerabilities. Reported flaws included a hard‑coded master...
Meta’s Employee Mouse-Click Tracking Tool Is Collecting EU Data It Said It Would Not Collect
Meta’s Model Capability Initiative (MCI) records keystrokes, mouse clicks and screen content on U.S. workstations to train AI agents. Internal documents reveal the tool also ingests every email and chat a U.S. employee exchanges with European colleagues, contrary to Meta’s...
Your Sensitive Files Really Shouldn't Be in Google Drive
Google Drive encrypts data in transit with TLS and at rest with AES‑128, but Google retains the encryption keys, meaning the service is not end‑to‑end encrypted. This key custody allows Google to scan content for policy enforcement and potentially grant...
IBM Muscles Into OSS Security Space with $5 Billion “Lightwell” Project
IBM announced a $5 billion investment in Lightwell, a private clearinghouse designed to scan and secure an unprecedented volume of open‑source software (OSS) used by enterprises. The initiative leverages IBM’s cloud and AI capabilities to provide continuous, automated risk assessments across...
Claude Mythos Exposed a Hard Truth: Your Enterprise Patching Process Is Way Too Slow
Anthropic’s Claude Mythos preview proved AI can autonomously discover thousands of zero‑day vulnerabilities, collapsing exploitation timelines to hours. Recent CVEs such as Langflow and Marimo were weaponized within 20 hours and under 10 hours of disclosure, far faster than the...