Enterprise Security Tech

A newly disclosed vulnerability in OpenAI’s Codex environment is forcing a broader reckoning across the software industry, as researchers demonstrate how AI-powered coding tools can become high-value targets for credential theft and lateral movement inside developer ecosystems. Security researchers at BeyondTrust Phantom Labs uncovered a command injection flaw that allowed attackers to extract GitHub OAuth tokens directly from Codex execution environments. The issue, now pat

A critical vulnerability in Citrix NetScaler appliances is rapidly escalating from early reconnaissance into active exploitation, according to multiple security researchers tracking activity in the wild. The flaw, tracked as CVE-2026-3055, exposes enterprise systems to sensitive data leakage and is already drawing attention from threat actors probing internet-facing infrastructure. Security researchers at Defused Cyber and watchTowr report that attackers initially began by

Google has redrawn one of the most important timelines in cybersecurity. The company now says it aims to be ready for “Q Day” by 2029, a milestone when quantum computers could break the cryptographic systems that underpin global digital trust. That shift compresses what many in the industry expected to be a longer runway. It also signals a sharper sense of urgency around post-quantum cryptography, or PQC, as governments, cloud providers, and software vendors race to secure d

A sophisticated compromise of the widely used Axios JavaScript library has reignited concerns about the fragility of the open-source software supply chain, with security researchers warning that traditional defenses are no longer enough to protect modern development environments. The incident, which involved the hijacking of Axios’ npm distribution, allowed attackers to deliver remote access trojans across Windows, macOS, and Linux systems during a narrow but impactful expos

U.S. federal authorities are raising alarms about a surge in state-linked cyber activity targeting widely used messaging platforms, signaling a shift in how nation-state actors bypass encryption by exploiting users instead of software vulnerabilities. In two coordinated advisories , the FBI detailed separate campaigns tied to Russian intelligence services and Iran’s Ministry of Intelligence and Security. Both operations rely heavily on social engineering and the abuse of trus

As governments and enterprises race to prepare for the arrival of quantum computing threats, cybersecurity vendor pQCee has introduced a new cryptographic platform designed to help organizations transition faster to post-quantum standards without overhauling their infrastructure. The company announced the release of its Cryptographic Next Generation (CNG) provider for Microsoft Windows, a move aimed at embedding quantum-safe cryptography directly into one of the world’s most