Illinois Representative Delia Ramirez has been appointed as the top Democrat on the House Homeland Security Committee's Cybersecurity and Infrastructure Protection Subcommittee, replacing Eric Swalwell following his resignation from Congress.
A threat actor crafted a working exploit for a critical unauthenticated remote code execution vulnerability in the Python notebook platform Marimo just 9 hours and 41 minutes after its public disclosure, according to cloud security firm Sysdig.
Drift's post-mortem reveals a six-month North Korean social engineering campaign using fake companies, in-person cutouts, and malicious code that ultimately drained more than $280 million from the platform.
The UK government has proposed a criminal amendment that could imprison tech executives who fail to remove nonconsensual intimate images from their platforms, escalating earlier pledges of fines and service blocks.
Black Hat USA 2026 returns to Mandalay Bay Convention Center in Las Vegas from August 1–6, featuring four days of expert-led Trainings, a Summit Day, and a two-day main conference packed with Briefings and Arsenal tool demos.
Google has expanded Gmail's end-to-end encryption to all Android and iOS devices, letting enterprise users compose and read encrypted emails natively without extra apps or web portals.
Researchers at Machine Spirits uncovered nine vulnerabilities in the open source Orthanc DICOM server, tracked CVE-2026-5437 through CVE-2026-5445, enabling attackers to crash servers, leak sensitive data, and potentially execute arbitrary code remotely.
A financially motivated threat actor called Storm-2755 is redirecting Canadian employees' salary payments by stealing session tokens through adversary-in-the-middle phishing attacks that bypass MFA protections.
US agencies CISA and the FBI warned that Iran-affiliated threat actors are actively targeting internet-exposed industrial control systems in water, energy, and government sectors, prompting urgent guidance from security professionals across the industry.
Hackers compromised a secondary API on the CPUID website for roughly six hours, redirecting download links for CPU-Z and HWMonitor to trojanized malware. The breach was discovered and remediated, but users who downloaded either tool during that window may be infected.