A roughly 90-minute total outage of the GSM-R railway radio network exposed the dependence of critical infrastructure on a single point of failure component lacking documented failover protection.
A new loader called OXLOADER is being distributed via malvertising on Google and installs the infostealer CastleStealer using sophisticated obfuscation techniques with very low detection rates.
A rounding error in FFmpeg’s MagicYUV decoder allows arbitrary code execution through stack overflow when merely scanning video files, but affects a vulnerability patched in version 8.1.2.
A buffer overflow in Squid’s FTP parser allows extraction of user data such as session tokens and API keys in shared proxy environments; Squid 7.6 (June 2026) fixes the vulnerability.
Germany is Europe’s ransomware hotspot with nearly double the growth rate of France; its infrastructure and inadequate security awareness make it particularly attractive to criminals based in Russia.
Autonomous AI agents require new security controls for identity management because their lack of human oversight undermines classical access control models.
Identities and cloud services have become more lucrative for attackers than infrastructure vulnerabilities; many companies fail to close this gap technologically due to lack of people, processes, and clear accountability.
Meta collected highly sensitive employee data (keystrokes, screen content, private conversations) with insufficient access controls, leading to repeated unauthorized access incidents.