A team of Norwegian neuroscientists spent years mapping exactly what happens inside the brain when people pick up a pen versus tap a keyboard. Their study, published in Frontiers in Psychology, provides a detailed picture. Audrey van der Meer and her colleagues at the Developmental Neuroscience Laboratory in Trondheim recruited 36 right-handed university students, fitted each with a cap holding 256 sensors, and recorded their brain activity while they wrote or typed ordinary words. When the s
All Articles (3026)
Sort by
Security researchers at Rapid7 have identified a state-sponsored operation in which the Iranian-linked group MuddyWater disguised espionage activity as a ransomware incident. The campaign, observed in early 2026, initially appeared to involve the Chaos Ransomware-as-a-Service group but was later assessed as a false flag operation. Forensic analysis linked the intrusion to MuddyWater through specific code-signing certificates and command-and-control infrastructure.
Article HERE
The activity is a
On 31 May 2026, word spread on several Telegram instant message channels that Meta’s AI bot would happily add an email address to an existing account as part of the bot’s standard password reset flow. A video released on Telegram by pro-Iran hackers claimed to document a remarkably simple exploit that appears to have involved using a VPN connection with an IP address that is in or near the target’s usual hometown, requesting a password reset for the account, and then choosing to chat with Meta’
Consider the history of any recent corporate scandal, and it is quite possible to guess what the story began with: a poorly secured file. No complex hacker intrusion, no state-sponsored attacks, just a document that had been sent to the wrong address, left in an unprotected storage space or forwarded to a person who could hardly be trusted with confidential information.
As for modern businesses, they almost certainly store some sort of confidential data and exchange it in a manner that is far f
Artificial intelligence has become integral to contemporary cyber-attack planning and execution. Recent research demonstrates how embedded AI systems now operate across organized cybercrime activities, fundamentally altering attack methodologies through increased speed and targeting precision. Europol's 2026 threat assessment identifies the integration of automation and AI as a defining characteristic of modern cybercrime. Industry reporting indicates that AI vulnerabilities and AI-enabled fra
Researchers at ESET have published a detailed analysis of Webworm's 2025 operations, a China-aligned Advanced Persistent Threat (APT) group previously focused on organizations in Asia. The group has now expanded its activities to Europe, targeting government bodies in Belgium, Italy, Poland, Serbia, and Spain, while also partnering with a university in South Africa.[1]
The Webworm threat group has links to other China-aligned actors, including SixLittleMonkeys and FishMonger. In earlier campaig
Twenty minutes into drafting an article, I stopped. The voice was mine. The rhythm was mine. The vocabulary was mine. But the argument had moved somewhere I had not chosen to take it. I had opened the session with a clear thesis. The AI LLM assistant did not disagree with me. It had simply kept offering better-sounding alternatives. And I had kept accepting them. By the time I noticed, I could not easily identify where my thinking ended and the model’s thinking began.
Most people still im
Picture a locked box that anyone can see, but only you can open with a special key you keep hidden. That simple idea powers the security of nearly every cryptocurrency wallet, bank transfer, and secure online login today. A new 110-page analysis from Project Eleven warns that this everyday protection could crumble within four to seven years under the weight of an entirely different kind of machine: the quantum computer. The report, titled The Quantum Threat to Blockchains - 2026 Report, maps
For years, science fiction has warned humanity about artificial intelligence going off the rails. Killer computers, manipulative chatbots, and superintelligent systems deciding people are the problem... all these themes have become so familiar that “evil AI” is practically its own entertainment genre. Now, Anthropic is floating an idea that sounds almost like the plot of a science fiction novel itself: what if all those stories helped teach modern AI systems how to behave badly in the first pl
Finding software vulnerabilities used to require teams of security researchers months of painstaking analysis. Anthropic’s Claude Mythos does it automatically-and that’s exactly the problem. The company admits no one, including itself, has built safeguards strong enough to prevent such models from being weaponized. Yet Anthropic simultaneously promises to make “Mythos-class models” publicly available once it develops “far stronger safeguards.”[1]
When AI Outpaces Human Security Teams - Mythos
In the cybersecurity world, we often assume that small and medium-sized businesses (SMBs) are the lagging indicators of digital maturity. But new research from Tech.co and Expert Market suggests that SMB leaders are becoming surprisingly surgical in their tech adoption. The data reveal a major pivot in 2026: while many organizations are pulling back AI for general business tasks, automated cybersecurity remains a non-negotiable priority. As inflation pressures and tech regret drive a more sel
Infostealers targeting macOS have continued to proliferate over the last two years, with threat actors iterating on successful techniques across related malware families. Researchers at Moonlock, Jamf, and Malwarebytes have previously documented the rise of SHub Stealer, including its use of fake application installers and “ClickFix” social engineering. SentinelOne recently observed a new SHub variant using the build tag “Reaper.” Below is their great analysis.
Reaper uses fake WeChat and Miro
Two Microsoft zero-days affecting its Defender antimalware suite are being actively exploited to trigger denial-of-service (DoS) states on unpatched Windows devices. The first flaw, tracked as CVE-2026-41091 (CVSS: 7.8), is a privilege escalation vulnerability impacting the Microsoft Malware Protection Engine versions 1.1.26030.3008 and earlier. This engine provides scanning, detection, and cleaning functions for Microsoft’s native security software. The vulnerability arises from an improper li
FortiGuard Labs recently identified persistent P2Pinfect presences within Google Kubernetes Engine (GKE) clusters at several client companies, with one compromise spanning six months. The compromises originated from exposed Redis instances, which allowed the botnet to gain an initial foothold. The botnet's beaconing was repeatedly flagged in FortiCNAPP's Composite Alerts, underscoring how a single misconfiguration can enable long-term compromise in cloud environments. The IOCs observed across
New research from Barracuda Networks has identified a surge in attacks by Saiga 2FA, a small-scale but sophisticated phishing kit. Activity increased significantly in February 2026, following earlier sightings targeting legal organizations in Australia in 2025. The kit operates as a boutique service rather than a high-volume automated platform, focusing on highly targeted campaigns against enterprise email users. Saiga 2FA serves as an Adversary-in-the-Middle tool that bypasses multifactor a
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and many internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
On 15 May, KrebsOnSecurity heard from Gui
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month, with some of the more widely used software makers, including Apple, Google, Microsoft, Mozilla, and Oracle, fixing near-record volumes of security bugs and/or quickening the tempo of their patch releases.[1]
As it does on the second Tuesday of every mon
These attacks are abusing trusted remote access tools to bypass detection, exposing a growing security gap for enterprises. A fake Word Online phishing page has exposed a growing enterprise blind spot: attackers using trusted tools to gain remote access without raising immediate alarms.
The attack chain observed by ANY.RUN moved from an Outlook email to an MSI installer, silent execution, ScreenConnect remote access, and HideUL-based concealment. For CISOs, this is a warning that phishing in
With record reports of bear attacks on humans, Japan has been increasingly turning to high-tech solutions, as you might expect. However, reports suggest that Ohta Seiki, a firm making the animatronic robot Monster Wolf to repel bears from human-habituated areas, can’t keep up with demand. “We cannot make them fast enough,” company president Yuji Ohta told AFP. This year’s order book for Monster Wolf has already hit 50 units. Hokkaido-based Ohta Seiki usually doesn’t even manufacture that ma
A new report from Google Threat Intelligence Group (GTIG) reveals a coordinated campaign exploiting an AI-generated zero-day vulnerability. The attack targets an unnamed open-source web administration tool, using the flaw to bypass two-factor authentication (2FA). The researchers say they identified an active threat actor utilizing large language models (LLMs) to actively discover and weaponize software vulnerabilities in the wild.
As the targeted flaw involves a high-level semantic logic bug
