Slovakian Admin of Dark Web Kingdom Market Jailed for 16 Years in US

A Slovakian administrator tied to the dark web Kingdom Market received a 16 year US prison sentence for drug trafficking and cybercrime activity.

Hackread – Cybersecurity News, Data Breaches, AI and More – ​Read More

Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes hold

Five months into 2026, Microsoft has already patched more than 500 vulnerabilities — although the exact monthly count varies depending on whether analysts include Edge, Chromium and fixes shipped earlier in the month.

The Record from Recorded Future News – ​Read More

UK moves to shield security researchers in cybercrime law overhaul

The proposed reforms, outlined in briefing documents published alongside the King’s Speech opening a new parliamentary session, would update the Computer Misuse Act 1990 as part of a broader national security package focused on cybercrime and digital threats.

The Record from Recorded Future News – ​Read More

China’s ‘FamousSparrow’ APT Nests in South Caucasus Energy Firm

The cyberthreat group targets an Azerbaijani oil and gas firm with repeated attacks, as the China-linked actors extend targeting beyond hospitality, telecom, and government sectors.

darkreading – ​Read More

LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly

In the latest evolution of automated cyberattacks, two threat campaigns heavily leveraged AI agents to support attacks against entities in Mexico and Brazil.

darkreading – ​Read More

Fortinet, Ivanti Patch Critical Vulnerabilities

Successful exploitation of these flaws could lead to arbitrary code execution and information disclosure.

The post Fortinet, Ivanti Patch Critical Vulnerabilities appeared first on SecurityWeek.

SecurityWeek – ​Read More

Why Canadian Telecom Providers Are Prime Targets for Cyberattacks

Canadian telecom providers face mounting cyber threats from ransomware, SIM swapping, data breaches, and nation-state attacks targeting critical infrastructure.

Hackread – Cybersecurity News, Data Breaches, AI and More – ​Read More

Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises

CVE-2026-40361 is similar to a vulnerability found a decade ago, BadWinmail, which at the time was dubbed an “enterprise killer”.

The post Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises appeared first on SecurityWeek.

SecurityWeek – ​Read More

Breaking things to keep them safe with Philippe Laulheret

Breaking things to keep them safe with Philippe Laulheret

In the latest Humans of Talos, Amy sits down with Senior Vulnerability Researcher Philippe Laulheret to demystify the world of ethical hacking. Philippe shares his unique journey from French engineering school to the front lines of cybersecurity, explaining how his lifelong love for solving puzzles helps him uncover critical security flaws before they can be exploited.

From his memorable experiment using a green onion to bypass a biometric fingerprint reader to his perspective on the reality of cybersecurity versus what we see in the movies, Philippe provides a fascinating look at the work that keeps our digital world safe.

Amy Ciminnisi: So, can you talk to me a little bit about what you do in vulnerability research?

Philippe Laulheret: I work in vulnerability research. Basically, my job is to find vulnerabilities in software, hardware, or things physically. It’s an interesting position because I usually get to choose which target I want to look at, which confuses people usually, because usually it’s a consulting role, or someone asks you to do that. But for us, we find vulnerabilities in things that we think are important. And then this way, people in different teams can write detection rules, and our customers are protected.

AC: I love that you get to kind of pick a niche and explore. How did you get into this?

PL: My deepest interest was more in reverse engineering, which is understanding how things work, software in particular. Throughout my whole life, I was really curious and really wanted to understand stuff. I guess research is an extension of that where you need to understand how the system works, and then it’s a puzzle where you need to find a way to break it. In my teenage years, I was really interested in that. I started playing Capture The Flag, which are challenges where people design exercises where there is a bug to find and exploit. It was really fun. I was doing that to stay sharp with my skills, and eventually, I was able to transition from regular development work to actual research. All those years of playing CTF really helped, even if it wasn’t professional.

AC: Did you go to school initially for development work? What kind of career path led you here?

PL: Originally, as you can hear, I have a French accent. In France, we have engineering schools, which are fancy grad schools. The process is first you study very hard in math and physics, and then you go to grad school. At that time, I was convinced I wanted to do security, and I joined an electrical and computer engineering school. Somehow, in that school, I discovered an interest for different aspects of software development. I was getting interested in computer vision and other things. When I moved to the U.S. for development work instead of security work, I worked in a design studio for four years, which was really fun. I was making interactive installations. But as I said, I was playing CTF on the side to keep security pretty high in my head. Eventually, I moved to New York and joined a cybersecurity startup, and finally, I moved back to the Pacific Northwest, where I’m currently living, and I was finally able to do vulnerability research the way I wanted to.


Want to see more? Watch the full interview, and don’t forget to subscribe to our YouTube channel for future episodes of Humans of Talos.

Cisco Talos Blog – ​Read More

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

Google on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks.
Intrusion Logging, available as part of Advanced Protection Mode, enables “persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise,” the company said.
The feature, it

The Hacker News – ​Read More