Researchers left AI agents alone in a virtual town and watched it all unravel

Tech leaders have spent the past year telling everyone that AI agents are about to run financial systems, file your tax returns, and quietly buy your groceries. Just leave them alone, the rhetoric goes; they'll handle it. But a New York startup left ten of them alone in a virtual town for two...

Fast16 Malware

Researchers have reverse-engineered a piece of malware named Fast16. It's almost certainly state-sponsored, probably US in origin, and was deployed against Iran years before Stuxnet: "…the Fast16 malware was designed to carry out the most subtle form of sabotage ever seen in an in-the-wild malwar...

fabricauthenticator (>=0.0.2.5 <=1.3.4rc0), jupyterhub-ltiauthenticator (=1.3.0) +11 more potentially affected by CVE-2026-33175 via oauthenticator (>=0.13.0 <=16.3.1)

oauthenticator PYPI version =0.13.0, =0.0.2.5, =0.11.0, =0.9.1, =3.0.0, =1.0.2, =0.1.0, =1.1.9, =0.5.0, =0.30.1, =0.2.25, =0.0.2, =0.4.2 Source cves: CVE-2026-33175 Source advisory: OSV:GHSA-RRVG-CXH4-QHRV...

CVE-2026-30960

rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exists in the JIT Just-In-Time compilation engine, which is fully exposed via the CFFI Foreign Functi...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Autonomous Cyber Red Team MCP Server Autonomous cyber red tea...

What is CTEM? A Modern Approach to Cyber Risk

To effectively defend your organization, you need to think like an attacker. Attackers don’t care about a vulnerability’s CVSS score; they care about whether they can exploit it to reach a valuable target. Traditional security often misses this crucial context, leaving you to guess which of the...

ePower 访问控制错误漏洞

ePower is a electric vehicle charging station system owned by the Irish company ePower. ePower has a security access control vulnerability, which stems from the lack of an authentication mechanism in WebSocket endpoints. This vulnerability could allow unverified attackers to perform unauthorized...

A Practical Guide to Prioritize Cyber Risk

You have firewalls, endpoint detection, and countless other security controls in place, but how do you know they’ll work when an actual attack happens? Guesswork isn't a strategy. Breach and Attack Simulation BAS helps answer this question by safely testing your defenses against real-world attack...

Simulated-pen-test-agent

Simulated-pen-tes...

What Is Hive Pro’s End-to-End CTEM Solution?

The difference between a good security program and a great one often comes down to context. Without it, a list of 10,000 vulnerabilities is just a list. But when you can see that three of those vulnerabilities are being actively exploited by a threat group targeting your industry, your priorities...

Don’t Just Replace Kenna- Evolve to Vulnerability Exposure Management

Cisco has announced the end-of-sale for Cisco Vulnerability Management formerly Kenna Security, leaving security teams with a critical decision: remain on a legacy path or transform. Yes, it is true that the Kenna Security platform will be supported until June 30th, 2028 but the platform won’t be...

The 5 Stages of Cyber Threat Exposure Management

Think of your security posture like a fortress. Traditional vulnerability management gives you a long list of every potential weakness—a loose stone here, a weak gate there. A cyber threat exposure management CTEM program acts as your chief strategist, analyzing intelligence to show you exactly...

Social Engineering Attacks: A Systemisation of Knowledge on People against Humans

Our systematisation of knowledge on Social Engineering Attacks SEAs, identifies the human, organisational, and adversarial dimensions of cyber threats. It addresses the growing risks posed by SEAs, highly relevant in the context physical cyber places, such as travellers at airports and residents ...

What is Continuous Threat Exposure Management? A Guide For CISOs and Vulnerability Teams

Traditional vulnerability management has taught us to look for weaknesses inside our own walls. But what if we flipped the script and started looking at our defenses from the outside in, just like an attacker does? Attackers don't care about CVSS scores; they care about pathways. They look for th...

Chrome Zero-Day Vulnerability: Risks & Protection

Your team knows the drill: a security alert goes out, and everyone scrambles to patch. But what happens in the critical window before a fix is available for a new Chrome zero-day vulnerability? Relying on a reactive cycle of patching leaves your organization dangerously exposed. Attackers thrive ...

PrivLLMSwarm: Privacy-Preserving LLM-Driven UAV Swarms for Secure IoT Surveillance

Large Language Models LLMs are emerging as powerful enablers for autonomous reasoning and natural-language coordination in unmanned aerial vehicle UAV swarms operating within Internet of Things IoT environments. However, existing LLM-driven UAV systems process sensitive operational data in...

What Is a “Next Generation” Vulnerability Management Solution?

You already know that running vulnerability scans is a fundamental part of cybersecurity. But what happens after the scan is finished? A long list of potential weaknesses without context is more overwhelming than helpful. A modern vulnerability management system goes far beyond simple scanning. I...

How BAS Helps Threat Exposure Management: A Complete Guide

Your vulnerability scanner just produced a report with hundreds of "critical" CVEs. Now what? For most security teams, this is where the guessing game begins. You know you can't fix everything at once, so you're forced to make tough calls based on CVSS scores and gut feelings, all while hoping yo...

Trustworthy GenAI over 6G: Integrated Applications and Security Frameworks

The integration of generative artificial intelligence GenAI into 6G networks promises substantial performance gains while simultaneously exposing novel security vulnerabilities rooted in multimodal data processing and autonomous reasoning. This article presents a unified perspective on cross-doma...

Cybersecurity of High-Altitude Platform Stations: Threat Taxonomy, Attacks and Defenses with Standards Mapping - DDoS Attack Use Case

High-Altitude Platform Stations HAPS are emerging stratospheric nodes within non-terrestrial networks. We provide a structured overview of HAPS subsystems and principal communication links, map cybersecurity and privacy exposure across communication, control, and power subsystems, and propose a...