An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable. Every 6.9 and 7.
Breach Reports & Threat Intel
5Noteworthy stories that might have slipped under the radar: OpenClaw AI agents exploited via WhatsApp, ransomware hits naval defense firm TKMS, Lidl discloses data bre…
Ernst & Young is notifying customers of a data breach caused by the compromise of a third-party support ticket system used by its IT personnel. [...]
Command injection vulns land on exploited list after researchers spot abuse attempts
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a data leak in which a contractor published dozens of internal CISA credentials …
AI Security & Governance
4Join Microsoft Security at Black Hat USA 2026 for supply chain research, hands-on security experiences, expert conversations, and our reception.
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
On Favicons: From Browser Icons to Attack Surface Intelligence
Sarah Friar, CFO of OpenAI, introduces a practical AI scorecard to measure ROI through useful work, cost per successful task, dependability, and return on compute.
Cloud Security
3Detect and mitigate malicious @asyncapi npm packages linked to the latest npm supply chain attack.
Varonis Threat Labs discovered SearchLeak, a critical vulnerability chain in Microsoft 365 Copilot Enterprise that allows an attacker to steal sensitive data — MFA cod…
TL;DR AI-driven attacks on containerized environments are no longer theoretical.
AppSec & Technical Deep-Dives
3Today, I loaded the 1,000th data breach into Have I Been Pwned.
NIST’s shift to risk-based enrichment makes one thing clear: modern security teams need more than a single public source.
Why we’re launching the program What it means to be a Burp Ambassador What we’re aiming for Our Burp Ambassadors Alan Levy Corey Ball Federico Dotta Rana Khalil Tib3ri…
Market Moves & M&A
1Drawing on more than a decade spent helping build some of the world's most influential AI systems, including research that later informed the development of ChatGPT, A…
Tools & Open Source
7Open-source XDR/SIEM for threat detection and compliance.
Relevance: Detection & response / compliance
Template-based vulnerability scanner for massive-scale network scanning.
Relevance: Offensive security & recon
Comprehensive scanner for containers, IaC, and dependencies.
Relevance: Cloud & container defenders
Interactive TLS-capable intercepting proxy for traffic analysis.
Relevance: AppSec & traffic inspection
Swiss-army toolkit for network attacks, MITM and recon.
Relevance: Network penetration testing
Passive subdomain enumeration from dozens of sources.
Relevance: Recon & attack-surface mapping
Graph-based Active Directory relationship explorer for attack paths.
Relevance: Red teams & AD assessment