CVE-2026-8874

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...

CVE-2026-8876

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...

EUVD-2026-34162

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...

CVE-2026-8876 CVE-2026-8876

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...

CVE-2026-8876

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...

CVE-2026-8874

CVE-2026-8874 affects Version 3.0.7 of the Securly Chrome Extension, which downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API, while other endpoints use HTTPS. This shows an inconsistent TLS implementation and enables potential interc...

EUVD-2026-34161

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...

CVE-2026-8874

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...

CVE-2026-8874 CVE-2026-8874

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...

PT-2026-46048

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...

PT-2026-46049

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...

Incident response for AI: Same fire, different fuel

In this article 1. The fundamentals still hold 2. Where AI changes the equation 3. Closing the gaps in telemetry, tooling, and response 4. The human dimension 5. Looking ahead When a traditional security incident hits, responders replay what happened. They trace a known code path, find the defect...

The Agentic Security Crisis: Why You Need to Act Now

...

AI Arms and Influence: Frontier Models Exhibit Sophisticated Reasoning in Simulated Nuclear Crises

Today's leading AI models engage in sophisticated behaviour when placed in strategic competition. They spontaneously attempt deception, signaling intentions they do not intend to follow; they demonstrate rich theory of mind, reasoning about adversary beliefs and anticipating their actions; and th...

Iranian TV Transmission Hacked With Message from Exiled Prince

Unidentified hackers disrupted Iranian state television to broadcast messages from exiled Crown Prince Reza Pahlavi. Read about the economic crisis, the internet blackout, and the latest reports on the protest death toll...

Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can't)

As organizations plan for 2026, cybersecurity predictions are everywhere. Yet many strategies are still shaped by headlines and speculation rather than evidence. The real challenge isn't a lack of forecasts—it's identifying which predictions reflect real, emerging risks and which can safely be...

Would you sext ChatGPT? (Lock and Code S06E22)

This week on the Lock and Code podcast … In the final, cold winter months of the year, ChatGPT could be heating up. On October 14, OpenAI CEO Sam Altman said that the "restrictions" that his company previously placed on their flagship product, ChatGPT, would be removed, allowing, perhaps, for...

Bridging Technical Capability and User Accessibility: Off-Grid Civilian Emergency Communication

During large-scale crises disrupting cellular and Internet infrastructure, civilians lack reliable methods for communication, aid coordination, and access to trustworthy information. This paper presents a unified emergency communication system integrating a low-power, long-range network with a...

Mysterious Crime Spree Targeted National Guard Equipment Stashes

A string of US armory break-ins, kept quiet by authorities for months, points to a growing security crisis—and signs of an inside job...

The data on denying social media for kids (re-air) (Lock and Code S06E12)

This week on the Lock and Code podcast … Complex problems often assume complex solutions, but recent observations about increased levels of anxiety and depression, increased reports of loneliness, and lower rates of in-person friendships for teens and children in America today have led some schoo...