This Website Exposed ICE Data — Now, It’s Faced a Cyberattack
ICE experienced a breach of personally identifiable information.
Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access
A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack. The vulnerability, tracked as CVE-2026-23550 (CVSS score: 10.0), has been described as a case of unauthenticated privilege escalation impacting all versions of the plugin prior to and includingRead More »Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access
Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot
Cybersecurity researchers have disclosed details of a new attack method dubbed Reprompt that could allow bad actors to exfiltrate sensitive data from artificial intelligence (AI) chatbots like Microsoft Copilot in a single click, while bypassing enterprise security controls entirely. “Only a single click on a legitimate Microsoft link is requiredRead More »Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot
ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories
The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in. Read on to catchRead More »ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories
Depthfirst Raises $40 Million for Vulnerability Management
The startup will use the investment to accelerate R&D, expand go-to-market efforts, and hire new talent. The post Depthfirst Raises $40 Million for Vulnerability Management appeared first on SecurityWeek.
isVerified Emerges From Stealth With Voice Deepfake Detection Apps
isVerified provides Android and iOS mobile applications designed to protect enterprise communications. The post isVerified Emerges From Stealth With Voice Deepfake Detection Apps appeared first on SecurityWeek.
New ‘Reprompt’ Attack Silently Siphons Microsoft Copilot Data
The attack bypassed Copilot’s data leak protections and allowed for session exfiltration even after the Copilot chat was closed. The post New ‘Reprompt’ Attack Silently Siphons Microsoft Copilot Data appeared first on SecurityWeek.
New Vulnerability in n8n
This isn’t good: We discovered a critical vulnerability (CVE-2026-21858, CVSS 10.0) in n8n that enables attackers to take over locally deployed instances, impacting an estimated 100,000 servers globally. No official workarounds are available for this vulnerability. Users should upgrade to version 1.121.0 or later to remediate the vulnerability. Three technicalRead More »New Vulnerability in n8n
Model Security Is the Wrong Frame – The Real Risk Is Workflow Security
As AI copilots and assistants become embedded in daily work, security teams are still focused on protecting the models themselves. But recent incidents suggest the bigger risk lies elsewhere: in the workflows that surround those models. Two Chrome extensions posing as AI helpers were recently caught stealing ChatGPT and DeepSeekRead More »Model Security Is the Wrong Frame – The Real Risk Is Workflow Security
4 Outdated Habits Destroying Your SOC’s MTTR in 2026
It’s 2026, yet many SOCs are still operating the way they did years ago, using tools and processes designed for a very different threat landscape. Given the growth in volumes and complexity of cyber threats, outdated practices no longer fully support analysts’ needs, staggering investigations and incident response. Below areRead More »4 Outdated Habits Destroying Your SOC’s MTTR in 2026