Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.

After DHS did not renew its funding contract for reasons unspecified, MITRE’s 25-year-old Common Vulnerabilities and Exposures (CVE) program was slated for an abrupt shutdown on April 16, which would have left security flaw tracking in limbo. CISA stepped in to provide a bridge.

Frida 16.7.0, the latest version of the popular dynamic instrumentation toolkit, has been released with powerful new APIs specifically.

How MCP Authentication Flaws Enable RCE in Claude Code, Gemini CLI, and More

This has been a very long time coming, but finally, after a marathon effort, the brand new Have I Been Pwned website is now live!

Feb last year is when I made the first commit to the public repo for the rebranded service, and we soft-launched the new brand in

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn't exist at the time. Meaning, they are continuously sending…

Cybercriminals connected to a recent string of ransomware attacks on major British retailers said on Friday they had stolen almost 1 billion records from cloud technology giant Salesforce, opens new tab by focusing on companies that use its software

The Ubuntu 25.10 transition to using some Rust system utilities continues proving quite rocky

On April 21, 2026, a major breakthrough in cybersecurity happened: leading standardization initiatives gathered in Washington DC and agreed to begin coordinating collectively on AI security. A personal dream come true. The result: MOSAIC: Multi-Organization Secure AI Coordination. The goal: turn a fragmented landscape into clear, consistent standards and guidelines, to deal with the mounting risks of AI.

This important step was taken at the AI Security Policy Forum, organised and led by the OWASP AI Exchange, with SANS Institute as co-host - convening standard makers and policy stakeholders.

The initiatives at the table included: 👉 BIML (Berryville Institute of Machine Learning) 👉 Center for Internet Security (CIS) 👉 Cloud Security Alliance (CSA) 👉 Coalition for Secure AI (CoSAI) 👉 National Institute of Standards and Technology (NIST) 👉 OWASP AI Exchange (AIX) 👉 OWASP GenAI Security Project 👉 SANS Institute

The group agreed that it is now more important than ever to coordinate around the rapidly evolving possibilities and challenges of AI, as AI security risks mount.

One of the next steps is to provide a standardized map of the participating initiatives and a communication platform to exchange insights on a first list of identified topics (e.g., aligning with other initiatives such as SC42, building on OpenCRE, consensus on definitions), improve consistency, clarity, quality, and prevent unnecessary duplication. The idea is to move fast while maintaining independence and with lightweight coordination - not add more committees.

In addition to the organizations mentioned, the discussion also included journalists, representatives from International Telecommunication Union (ITU), The Aspen Institute, academia, and government — providing valuable perspectives on developments in both policy and industry. This helped prioritize the topics to focus on.

In the picture, from left to right, standing to sitting: Disesdi Shoshana Cox (AIX), Gary McGraw(BIML), Rob van der Veer (AIX), Anonymous, Duncan Sparrell, John Yeoh (CSA), Rock Lambros (GenAI), Norma Krayem, Brian Calkin (CIS), Matt Altomare (Aspen), Omar Santos (CoSAI), Aruneesh Salhotra (AIX), Jonathan Gibson (The Dispatch), Apostol Vassilev (NIST), Rhea Nygard, Ken Huang, Lav Varshney (Stony Brook University), Sounil Yu, and Sharon Goldman (Fortune)

Not in the picture, but involved, in alphabetical order: Rob T. Lee (SANS), Ryan Galluzzo (NIST), Soribel F.

A big thank you to: 👏 Disesdi Shoshana Cox for her idea to bring everybody together in a room to fulfil the connecting mission of the Exchange 👏 The amazing thinktank at the AI Exchange 👏 Spyros Gasteratos for his work on OpenCRE 👏 Violeta Klein, CISSP, CEFA for shaping the story for the Forum 👏 Straiker, Casco (YC X25), AI Security Academy, and SANS for supporting the Forum. 👏 Software Improvement Group for donating the original threat model and initiating the AI Exchange

Let’s make AI a success! | 28 comments on LinkedIn

Evolving threats require security solutions that match the sophistication of modern threats. Learn more about how Wazuh, the open-source XDR and SIEM, tackles these threats.

Security shouldn't wait until the end of development. Wazuh brings real-time threat detection, compliance, and vulnerability scanning into your DevOps pipeline—powering a stronger DevSecOps strategy from day one. Learn more about how Wazuh can help secure your development cycle.

AWS introduces a new service to streamline security event response, providing automated triage, coordinated communication, and expert guidance to recover from cybersecurity threats.

The Handala hackers associated with Iran have breached the personal email account of FBI Director Kash Patel and published photos and documents.

Scammers are impersonating the ASD's ACSC sending out phishing emails to the public with the email content suggesting to download a malicious antivirus program.

Here, you'll find a list of free, open-source cybersec tools that are ready to be added to your organization's arsenal.

Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser.

Critical Unauthenticated RCE Flaw, no Common CVE identifiers have been assigned yet, although experts suggest there should be at least three to six.

We discovered a serious vulnerability in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs used by the Transportation Security Administration.

Scan MCP Servers for vulnerabilities. Contribute to cisco-ai-defense/mcp-scanner development by creating an account on GitHub.

Welcome back to another watchTowr Labs blog. Brace yourselves, this is one of our most astounding discoveries.

Summary

What started out as a bit of fun between colleagues while avoiding the Vegas heat and $20 bottles of water in our Black Hat hotel rooms - has now seemingly become a