#This Week in Security: Your News Briefing
Welcome to your weekly security roundup. We’ve tracked down the 10 most important stories this week—the ones everyone’s talking about, from critical threats to emerging trends that could shape your security posture. Leading the news this week is Appsec Roundup - June 2025, which has sparked conversation across 9 sources. Meanwhile, the industry is closely tracking CVE-2026-2962 | D-Link DWR-M960 1.01.07 Scheduled Reboot… with 6 mentions, along with emerging details on CVE-2025-49113, CVE-2026-2981 | UTT HiPER 810G up to 1.7.7-1711…, and CVE-2025-38352. Here’s the full breakdown of what you need to know.
#🚨 Critical Threats This Week
First, the stories that demand your immediate attention:
1. Appsec Roundup - June 2025 Mentioned across 9 industry sources this week. Lots of fascinating threat model-related advances, new risk management tools, games, and more!. Get the details →
2. CVE-2026-2962 | D-Link DWR-M960 1.01.07 Scheduled Reboot Configuration Endpoint /boafrm/formDateReboot sub_460F30 submit-url stack-based overflow Mentioned across 6 industry sources this week. A vulnerability, which was classified as critical , was found in D-Link DWR-M960 1. Get the details →
3. CVE-2025-49113 Mentioned across 3 industry sources this week. Currently trending CVE - Hype Score: 9 - Roundcube Webmail before 1. Get the details →
#🛠️ Tools, Updates & Releases
New capabilities and releases worth knowing about:
1. Promoting AI Security — Acting Assistant Privacy Commissioner Speaks at the GenA.I. Symposium . Referenced in 2 stories this week. Explore →
2. New phishing campaign tricks employees into bypassing Microsoft 365 MFA Another device code phishing campaign that abuses OAuth device registration to bypass multifactor au. Referenced in 2 stories this week. Explore →
#What You Should Do Next
Monitor these in your environment next week:
- Any new CVE announcements related to systems you operate
- Emerging attack techniques being discussed in the community
- Updates and patches for tools your team uses
Have a look at the full deep-dives in the trending stories below. Each one provides context that could inform your security decisions this week.
#Top Trending Stories
1. Key Threat Intel & Vulnerability Stories (21 mentions)
▼
This week's critical security updates and vulnerability disclosures:
- CVE-2026-2962 | D-Link DWR-M960 1.01.07 Scheduled Reboot Configuration Endpoint /boafrm/formDateReboot sub_460F30 submit-url stack-based overflow (6 mentions)
- CVE-2025-49113 (3 mentions)
- CVE-2026-2981 | UTT HiPER 810G up to 1.7.7-1711 /goform/formTaskEdit_ap strcpy txtMin2 buffer overflow (3 mentions)
2. Appsec Roundup - June 2025 (9 mentions)
▼
Lots of fascinating threat model-related advances, new risk management tools, games, and more!
Read Full Article →
3. Promoting AI Security — Acting Assistant Privacy Commissioner Speaks at the GenA.I. Symposium (2 mentions)
▼
4. New phishing campaign tricks employees into bypassing Microsoft 365 MFA (2 mentions)
▼
Another device code phishing campaign that abuses OAuth device registration to bypass multifactor authentication login protections has been discovered. Researchers at KnowBe4 say the campaign is largely targeting North American businesses and prof...
Read Full Article →#Article Summary
| Category | Article Count |
|---|---|
| AI & LLM | 45 |
| Cloud | 12 |
| Cyber Regulatory | 1 |
| Cybersecurity | 308 |
| Scraping Candidates | 3 |
| Security Vendor Blog | 71 |
| Tech | 36 |
| Threat Intel & Vulnerability | 200 |
| Total Articles Scanned | 676 |
#AI & LLM
The Download: Microsoft’s online reality check, and the worrying rise in measles cases
▼
This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. Microsoft has a new plan to prove what’s real and what’s AI online AI-enabled deception now permeates our online lives. There are the high-profile cases you ma...
Read Full Article →
AI: Executives’ optimism about the future
▼
The most rigorous international study of firm-level AI impact to date has landed, and its headline finding is more constructive than many expected. Across nearly 6,000 verified executives in four countries, AI has delivered modest aggregate shifts in productivity or employment over the past three...
Read Full Article →
Coca-Cola turns to AI marketing as price-led growth slows
▼
Shifting from price hikes to persuasion, Coca-Cola’s latest strategy signals how AI is moving deeper into the core of corporate marketing. Recent coverage of the company’s leadership discussions shows that Coca-Cola is entering what executives describe as a new phase focused on influence not pric...
Read Full Article →
Microsoft has a new plan to prove what’s real and what’s AI online
▼
AI-enabled deception now permeates our online lives. There are the high-profile cases you may easily spot, like when White House officials recently shared a manipulated image of a protester in Minnesota and then mocked those asking about it. Other times, it slips quietly into social media feeds a...
Read Full Article →
Survey Reveals AI Advances in Telecom: Networks and Automation in Driver’s Seat as Return on Investment Climbs
▼
AI is accelerating the telecommunications industry’s transformation, becoming the backbone of autonomous networks and AI-native wireless infrastructure. At the same time, the technology is unlocking new business and revenue opportunities, as telecom operators accelerate AI adoption across consume...
Read Full Article →
The Download: autonomous narco submarines, and virtue signaling chatbots
▼
This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. How uncrewed narco subs could transform the Colombian drug trade For decades, handmade narco subs have been some of the cocaine trade’s most elusive and produc...
Read Full Article →
Safeguarding Dynamic Configuration Changes at Scale
▼
How Airbnb ships dynamic config changes safely and reliably By Cosmo Qiu , Bo Teng , Siyuan Zhou , Ankur Soni , Willis Harvey Dynamic configuration is a core infrastructure capability in modern systems. It allows developers to change runtime behavior without restarting or redeploying services, ev...
Read Full Article →
How financial institutions are embedding AI decision-making
▼
For leaders in the financial sector, the experimental phase of generative AI has concluded and the focus for 2026 is operational integration. While early adoption centred on content generation and efficiency in isolated workflows, the current requirement is to industrialise these capabilities. Th...
Read Full Article →
India Fuels Its AI Mission With NVIDIA
▼
From AI infrastructure leaders to frontier model developers, India is teaming with NVIDIA to drive AI transformation across the nation.
Read Full Article →
India’s Global Systems Integrators Build Next Wave of Enterprise Agents With NVIDIA AI, Transforming Back Office and Customer Support
▼
Agentic AI is reshaping India’s tech industry, delivering leaps in services worldwide. Tapping into NVIDIA AI Enterprise software and NVIDIA Nemotron models, India’s technology leaders are accelerating productivity and efficiency across industries — from call centers to telecommunications and hea...
Read Full Article →
SS&C Blue Prism: On the journey from RPA to agentic automation
▼
For organizations who are still wedded to the rules and structures of robotic process automation (RPA), then considering agentic AI as the next step for automation may be faintly terrifying. SS&C Blue Prism, however, is here to help, taking customers on the journey from RPA to agentic automation ...
Read Full Article →
Insurance giant AIG deploys agentic AI with orchestration layer
▼
American International Group (AIG) has reported faster than expected gains from its use of generative AI, with implications for underwriting capacity, operating cost, and portfolio integration. The company’s recent disclosures at an Investor Day merit attention from AI decision-makers as they con...
Read Full Article →
Alibaba Qwen is challenging proprietary AI model economics
▼
The release of Alibaba’s latest Qwen model challenges proprietary AI model economics with comparable performance on commodity hardware. While US-based labs have historically held the performance advantage, open-source alternatives like the Qwen 3.5 series are closing the gap with frontier models....
Read Full Article →
Goldman Sachs deploys Anthropic systems with success
▼
Goldman Sachs plans to deploy Anthropic’s Claude model in trade accounting and client onboarding, and, according to an article in American Banker, presents this as part of a broader push among large banks to use generative artificial intelligence to improve efficiency. The focus is on operational...
Read Full Article →
New SemiAnalysis InferenceX Data Shows NVIDIA Blackwell Ultra Delivers up to 50x Better Performance and 35x Lower Costs for Agentic AI
▼
The NVIDIA Blackwell platform has been widely adopted by leading inference providers such as Baseten, DeepInfra, Fireworks AI and Together AI to reduce cost per token by up to 10x. Now, the NVIDIA Blackwell Ultra platform is taking this momentum further for agentic AI. AI agents and coding assist...
Read Full Article →
Import AI 445: Timing superintelligence; AIs solve frontier math proofs; a new ML research benchmark
▼
Welcome to Import AI, a newsletter about AI research. Import AI runs on arXiv and feedback from readers. If you’d like to support this, please subscribe. Subscribe now Economist: Don’t worry about AI-driven unemployment, because people like paying for the ‘human touch’:…Even when you have the tec...
Read Full Article →
Banking AI in multiple business functions at NatWest
▼
NatWest Group has expanded the use of artificial intelligence in several areas of its operations, citing customer service, document management in its wealth management division, and software development. According to a blog post by its chief information officer, Scott Marcar, 2025 was the first y...
Read Full Article →
Asynchronous Verified Semantic Caching for Tiered LLM Architectures
▼
Large language models (LLMs) now sit in the critical path of search, assistance, and agentic workflows, making semantic caching essential for reducing inference cost and latency. Production deployments typically use a tiered static-dynamic design: a static cache of curated, offline vetted respons...
Read Full Article →
GPT-5.2 derives a new result in theoretical physics
▼
A new preprint shows GPT-5.2 proposing a new formula for a gluon amplitude, later formally proved and verified by OpenAI and academic collaborators.
Read Full Article →
Introducing Lockdown Mode and Elevated Risk labels in ChatGPT
▼
Introducing Lockdown Mode and Elevated Risk labels in ChatGPT to help organizations defend against prompt injection and AI-driven data exfiltration.
Read Full Article →
Scaling social science research
▼
GABRIEL is a new open-source toolkit from OpenAI that uses GPT to turn qualitative text and images into quantitative data, helping social scientists analyze research at scale.
Read Full Article →
OpenAI sidesteps Nvidia with unusually fast coding model on plate-sized chips
▼
OpenAI's new GPT‑5.3‑Codex‑Spark is 15 times faster at coding than its predecessor.
Read Full Article →
Attackers prompted Gemini over 100,000 times while trying to clone it, Google says
▼
Distillation technique lets copycats mimic Gemini at a fraction of the development cost.
Read Full Article →
Leading Inference Providers Cut AI Costs by up to 10x With Open Source Models on NVIDIA Blackwell
▼
A diagnostic insight in healthcare. A character’s dialogue in an interactive game. An autonomous resolution from a customer service agent. Each of these AI-powered interactions is built on the same unit of intelligence: a token. Scaling these AI interactions requires businesses to consider whethe...
Read Full Article →
NVIDIA DGX Spark Powers Big Projects in Higher Education
▼
At leading institutions across the globe, the NVIDIA DGX Spark desktop supercomputer is bringing data‑center‑class AI to lab benches, faculty offices and students’ systems. There’s even a DGX Spark hard at work in the South Pole, at the IceCube Neutrino Observatory run by the University of Wiscon...
Read Full Article →
Introducing GPT-5.3-Codex-Spark + 1 similar
▼
Introducing GPT-5.3-Codex-Spark—our first real-time coding model. 15x faster generation, 128k context, now in research preview for ChatGPT Pro users.
Read Full Article →
Mapping the Design Space of User Experience for Computer Use Agents
▼
Large language model (LLM)-based computer use agents execute user commands by interacting with available UI elements, but little is known about how users want to interact with these agents or what design factors matter for their user experience (UX). We conducted a two-phase study to map the UX d...
Read Full Article →
Once-hobbled Lumma Stealer is back with lures that are hard to resist
▼
ClickFix bait, combined with advanced Castleloader malware, is installing Lumma "at scale."
Read Full Article →
Carnegie Mellon at NeurIPS 2025
▼
CMU researchers are presenting 156 papers at the Thirty-Ninth Annual Conference on Neural Information Processing Systems (NeurIPS 2025), held from December 2nd-December 7th at the San Diego Convention. Here is a quick overview of the areas our researchers are working on: Here are our most frequen...
Read Full Article →
Import AI 444: LLM societies; Huawei makes kernels with AI; ChipBench
▼
Welcome to Import AI, a newsletter about AI research. Import AI runs on arXiv and feedback from readers. If you’d like to support this, please subscribe. Subscribe now Google paper suggests that LLMs simulate multiple personalities to answer questions:…The smarter we make language models, the mor...
Read Full Article →
GPT-5 lowers the cost of cell-free protein synthesis
▼
An autonomous lab combining OpenAI’s GPT-5 with Ginkgo Bioworks’ cloud automation cut cell-free protein synthesis costs by 40% through closed-loop experimentation.
Read Full Article →
GPT-5.3-Codex System Card
▼
GPT‑5.3-Codex is the most capable agentic coding model to date, combining the frontier coding performance of GPT‑5.2-Codex with the reasoning and professional knowledge capabilities of GPT‑5.2.
Read Full Article →
Microsoft releases urgent Office patch. Russian-state hackers pounce.
▼
The window to patch vulnerabilities is shrinking rapidly.
Read Full Article →
Nemotron Labs: How AI Agents Are Turning Documents Into Real-Time Business Intelligence
▼
Businesses today face the challenge of uncovering valuable insights buried within a wide variety of documents — including reports, presentations, PDFs, web pages and spreadsheets.
Read Full Article →
Nvidia's $100 billion OpenAI deal has seemingly vanished
▼
Two AI giants shake market confidence after investment fails to materialize.
Read Full Article →
Import AI 443: Into the mist: Moltbook, agent ecologies, and the internet in transition
▼
Welcome to Import AI, a newsletter about AI research. Import AI runs on arXiv and feedback from readers. If you’d like to support this, please subscribe. Subscribe now Import A-Idea:An occasional essay series: Into the mist: Moltbook, agent ecologies, and an internet in transition We’ve all had t...
Read Full Article →
Developers say AI coding tools work—and that's precisely what worries them
▼
Ars spoke to several software devs about AI and found enthusiasm tempered by unease.
Read Full Article →
Into the Omniverse: Physical AI Open Models and Frameworks Advance Robots and Autonomous Systems
▼
Open source has become essential for driving innovation in robotics and autonomy. By providing access to critical infrastructure — from simulation frameworks to AI models — NVIDIA is enabling collaborative development that accelerates the path to safer, more capable autonomous systems.
Read Full Article →
Inside OpenAI’s in-house data agent
▼
How OpenAI built an in-house AI data agent that uses GPT-5, Codex, and memory to reason over massive datasets and deliver reliable insights in minutes.
Read Full Article →
Taisei Corporation shapes the next generation of talent with ChatGPT
▼
Taisei Corporation uses ChatGPT Enterprise to support HR-led talent development and scale generative AI across its global construction business.
Read Full Article →
Retiring GPT-4o, GPT-4.1, GPT-4.1 mini, and OpenAI o4-mini in ChatGPT
▼
On February 13, 2026, alongside the previously announced retirement of GPT‑5 (Instant, Thinking, and Pro), we will retire GPT‑4o, GPT‑4.1, GPT‑4.1 mini, and OpenAI o4-mini from ChatGPT. In the API, there are no changes at this time.
Read Full Article →
Keeping your data safe when an AI agent clicks a link
▼
Learn how OpenAI protects user data when AI agents open links, preventing URL-based data exfiltration and prompt injection with built-in safeguards.
Read Full Article →
Unlocking Agentic RL Training for GPT-OSS: A Practical Retrospective
▼
Introducing Prism
▼
Prism is a free LaTeX-native workspace with GPT-5.2 built in, helping researchers write, collaborate, and reason in one place.
Read Full Article →
Import AI 442: Winners and losers in the AI economy; math proof automation; and industrialization of cyber espionage
▼
Welcome to Import AI, a newsletter about AI research. Import AI runs on arXiv and feedback from readers. If you’d like to support this, please subscribe. Subscribe now The era of math proof automation has arrived:…Numina-Lean-Agent shows how math will never be the same…In the past few years, larg...
Read Full Article →#Cloud
Amazon EC2 G7e instances now available in Asia Pacific (Tokyo) region + 1 similar
▼
Starting today, Amazon EC2 G7e instances accelerated by NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs are now available in Asia Pacific (Tokyo) region. G7e instances offer up to 2.3x inference performance compared to G6e. Customers can use G7e instances to deploy large language models (LLMs),...
Read Full Article →
How “Clinejection” Turned an AI Bot into a Supply Chain Attack
▼
The Clinejection vulnerability chain illustrates a dangerous new era of supply chain attacks where AI agents are turned into exploit vectors. By combining indirect prompt injection with GitHub Actions cache poisoning, attackers successfully pushed unauthorized code to thousands of developers. Thi...
Read Full Article →
Amazon Bedrock reinforcement fine-tuning adds support for open-weight models with OpenAI-compatible APIs
▼
Amazon Bedrock now extends reinforcement fine-tuning (RFT) support to popular open-weight models, including OpenAI GPT-OSS and Qwen models, and introduces OpenAI-compatible fine-tuning APIs. These capabilities make it easier for developers to improve open-weight model accuracy without requiring d...
Read Full Article →
Weaving Security into the Flow: New Snyk Studio Capabilities Power the AI Security Fabric
▼
Snyk Studio is redefining AI development security with new integrations for Gemini CLI and Claude Code, enabling developers to build fast without sacrificing safety. Bridge the gap between developer velocity and governance to ensure your code is secure at inception.
Read Full Article →
AWS Backup announces PrivateLink support for SAP HANA on AWS
▼
AWS Backup now supports AWS PrivateLink for SAP HANA systems running on Amazon EC2. This enables customers to route all backup traffic through private network connections without traversing the public internet, helping organizations meet security and compliance requirements for regulated workload...
Read Full Article →
Amazon Connect now provides real time AI-powered overviews and recommended next actions for Tasks
▼
Amazon Connect now provides AI-powered Task overviews with suggested next actions so agents can understand work items faster and resolve them more quickly. For example, when an agent receives a Task to process a refund request submitted through an online form, Amazon Connect summarizes earlier ac...
Read Full Article →
Amazon Bedrock adds support for the latest open-weight models in Asia Pacific (Sydney)
▼
Amazon Bedrock is a fully managed service that provides secure, enterprise-grade access to high-performing foundation models from leading AI companies, enabling you to build and scale generative AI applications. Today, Amazon Bedrock announced support for the latest open-weight models in Asia Pac...
Read Full Article →
Amazon Bedrock expands support for AWS PrivateLink
▼
Amazon Bedrock is a fully managed service that provides secure, enterprise-grade access to high-performing foundation models from leading AI companies. It enables you to build and scale generative AI applications. Amazon Bedrock already supported AWS PrivateLink for the bedrock-runtime endpoint. ...
Read Full Article →
AWS Backup adds cross-Region database snapshot copy to logically air-gapped vaults
▼
AWS Backup now supports single-action database snapshot copies to logically air-gapped vaults across AWS Regions. This capability is available for Amazon Aurora, Amazon Neptune, and Amazon DocumentDB snapshots, eliminating the need for an intermediate copying step in target Regions. You can perfo...
Read Full Article →
AWS Payment Cryptography Achieves Cartes Bancaires Approval
▼
Today, AWS Payment Cryptography has become one of the first cloud-based payment cryptography services to obtain approval from Groupement des Cartes Bancaires (CB ), France's national card payment network. This CB approval, combined with existing compliance credentials, enables customers to run pa...
Read Full Article →
AWS Elastic Beanstalk now supports GitHub Actions for automated application deployment
▼
AWS Elastic Beanstalk now enables you to use GitHub Actions to automatically deploy web applications when you push code or configuration changes to your GitHub repository, streamlining your continuous integration and continuous deployment (CI/CD) pipeline for scalable web applications. GitHub Act...
Read Full Article →
Amazon Neptune Analytics is now available in 7 additional regions
▼
Amazon Neptune Analytics is now available in Middle East (Bahrain), Middle East (UAE), Israel (Tel Aviv), Africa (Cape Town), Canada (Calgary), Asia Pacific (Malaysia), and Europe (Zurich) regions. You can now create and manage Neptune Analytics graphs in these new regions and run advanced graph ...
Read Full Article →#Cyber Regulatory
Privacy Commissioner’s Office and HKIRC Co-organise “AI Security and Cybersecurity Summit for Enterprises” Joining Hands to Build a Safer Digital Hong Kong Registration Now Open
▼
#Cybersecurity
Vulnerability Finding: An Inflection Point
▼
LLM-driven vuln finding has reached an inflection
Read Full Article →
Secure By Design roundup - Dec/Jan 2026 + 5 similar
▼
The normalization of deviance, exciting threat modeling news, and a question of do regulatory threats change ‘the threat model’ as much as GPS attacks? Not yet.
Read Full Article →
Security Advisory SA-26-01 GPS Attacks
▼
GPS attacks trigger revisiting threat models
Read Full Article →
A few thoughts closing out 2025
▼
Prompted by participants, a few closing thoughts for 2025
Read Full Article →
October Adam's New Thing!
▼
Read up on Adam's New Thing from October
Read Full Article →
Prompt Engineering Requires Evaluation
▼
Understanding ‘prompt engineering’
Read Full Article →
AI Insurance Won't Save You
▼
LLM Insurance is, and will remain, a great source of insurer profits.
Read Full Article →
How could LLMs change threat modeling
▼
LLMs will change threat modeling. Will it be for the better?
Read Full Article →
Mansplaining your threat model, as a service
▼
Everyone wants robots to help with threat models. How’s that working out?
Read Full Article →
Threat Modeling Tools + 1 similar
▼
A 2025 view of threat modeling tools
Read Full Article →
LLMs as Compilers
▼
What if we think about LLM coding as if it’s a compiler stage?
Read Full Article →
Risk Management and Threat Modeling
▼
Threat modeling finds threats; risk management helps us deal with the tricky ones.
Read Full Article →
The Cyber Resilience Act (CRA)!
▼
The CRA is coming and it's going to be a dramatic change for technology producers
Read Full Article →
Threat modeling as a dial, not a switch
▼
Thinking of threat modeling with a knob helps you get more out of it.
Read Full Article →
Google’s approach to AI Agents -- Threat Model Thursday
▼
What can we learn from Google’s approach to AI Agent Security
Read Full Article →
Publish your threat model!
▼
We think you should publish your threat model, and we’re publishing our arguments.
Read Full Article →
The Essence and Beauty of Threat Modeling
▼
Automation sounds great, but what about the essence and beauty?
Read Full Article →
Appsec Roundup - May 2025 + 9 similar
▼
Lots of fascinating threat model-related advances, new risk management tools, games, and more!
Read Full Article →
Andor: Insider Threats
▼
Andor teaches us about insider threats
Read Full Article →
Andor Threats: Information Disclosure
▼
What Andor can teach us about Information disclosure threats
Read Full Article →
CVE Futures
▼
What’s next for the CVE program?
Read Full Article →
A few thoughts on CVE
▼
Thoughts on the CVE funding crisis
Read Full Article →
Learning from Troy Hunt’s Sneaky Phish
▼
Introducing the DEF CON 32 Hackers' Almanack
▼
Grateful to introduce the Hackers' Almanack!
Read Full Article →
Security Researcher Comments on HIPAA Security Rule
▼
A group of us have urged HHS to require better handling of security reports
Read Full Article →
Strategy for threat modeling AI
▼
Clarifying how to threat model AI
Read Full Article →
Inside Man
▼
Some thoughts on the Voyager Episode ‘Inside Man’
Read Full Article →
Blackhat and Human Factors + 1 similar
▼
BlackHat invites human factors work
Read Full Article →
National Cyber Incident Response Plan comments
▼
Our comments on the National Cyber Incident Plan
Read Full Article →
Spatial Reasoning and Threat Modeling
▼
Do diagrams leverage the brain in a different way?
Read Full Article →
Handling Pandemic-Scale Cyber Threats: Lessons from COVID-19
▼
Emerging research on Cyber Public Health
Read Full Article →
Car Safety Factoids
▼
A few thoughts from a clickbait headline
Read Full Article →
25 Years of CVE
▼
Some thoughts on 25 years of the CVE program
Read Full Article →
Handling Pandemic-Scale Cyber Threats (preprint)
▼
A new paper on 'Pandemic Scale Cyber Events
Read Full Article →
The Goals of Cyber Public Health
▼
Cyber Public Health is prompting fascinating conversations
Read Full Article →
Lockbit, a study in public health
▼
Why is it hard to count lockbit infections?
Read Full Article →
Threat Modeling and Logins, Redux
▼
How to effectively threat model authentication.
Read Full Article →
The Universal Cloud TM -- Threat Model Thursday
▼
A new universal threat model - what can we learn from it?
Read Full Article →
Security Engineering roundup - May 2024
▼
The most important stories around threat modeling, appsec and secure by design for May, 2024.
Read Full Article →
Happy Star Wars Day
▼
Sutter on Safety
▼
What do we need to assess if memory safe langages are 'sufficient'?
Read Full Article →
Eternal sunshine of the spotless LLM
▼
Making an LLM forget is harder than it seems
Read Full Article →
CSRB Report on Microsoft
▼
The CSRB has released its report into an intrusion at Microsoft, and...it’s a doozy.
Read Full Article →
Introducing Magic Security Dust!
▼
The NVD Crisis
▼
The NVD is in crisis, and so is patch management. It’s time to modernize.
Read Full Article →
Adventures in LLM Coding
▼
Exploring LLM-driven coding as I get ready for Archimedes
Read Full Article →
The British Library’s Incident Review
▼
Thoughts on the British Library incident
Read Full Article →
Application and AI roundup - Feb 2024 + 3 similar
▼
A busy month in appsec, AI, and regulation.
Read Full Article →
Solving Hallucinations
▼
Solving hallucinations in legal briefs is playing on easy mode —— and still too hard
Read Full Article →
The State of Appsec in 2024
▼
2024 is bringing lots of AI, and Liability, too
Read Full Article →
Think like Alph-V?
▼
Security Principles in 2023
▼
Principles are lovely, but do they lead us to actionable results?
Read Full Article →
Comparing Retrospectives
▼
We can learn a lot from comparing retrospectives
Read Full Article →
ML Sec Ops: Feature with Diana Kelley
▼
Adam featured on ML Sec Ops podcast
Read Full Article →
Microsoft Can Fix Ransomware Tomorrow
▼
My latest at Dark Reading draws attention to how Microsoft can fix ransomware tomorrow.
Read Full Article →
Worthwhile Books Q2 2023
▼
Books that I read in the second quater that are worth your time include two memoirs, a great book on the security of ML, and more!
Read Full Article →
AI will be the high interest credit card of 2023
▼
Phishing Defenses
▼
Phishing behaviors, as observed in the wild.
Read Full Article →
Layoffs in Responsible AI Teams
▼
Some inferences from layoffs in responsible AI teams
Read Full Article →
Five Threat Model Diagrams for Machine Learning
▼
Some diagrams to help clarify machine learning threats
Read Full Article →
Reflecting on Threats: The Frame
▼
Reflecting on the framing of the Threats book
Read Full Article →
Application Security Roundup - March + 1 similar
▼
A few tools, some thoughts on injection, some standards, and some of Adam’s appsec news.
Read Full Article →
The National CyberSecurity Strategy: Liability is Coming
▼
Threats Book is Complete
▼
The serious side of the book
Read Full Article →
Threats: The Table of Contents
▼
Like the Force, each threat has a light side, and a dark side.
Read Full Article →
More on GPT-3 and threat modeling
▼
More thoughts about AI and threat modeling
Read Full Article →
Darkreading: Threat Modeling in the Age of OpenAI's Chatbot
▼
Pointer to Adam’s latest Darkreading article
Read Full Article →
GPT-3 + 1 similar
▼
The OpenAI chatbot is shockingly improved — its capabilities deserve attention.
Read Full Article →
How Executives Can Use Threat Modeling
▼
You don’t have to be technical, but you can’t make informed decisions about your business without threat modeling.
Read Full Article →
Fast, Cheap + Good Whitepaper
▼
Threat modeling doesn't need to be a slow, heavyweight activity!
Read Full Article →
Trainings at Global Appsec 2021
▼
Tremendous training opportunities in threat modeling and other topics at Appsec Global 2021
Read Full Article →
What are we going to do: CO2 edition
▼
What happened when Microsoft tried to buy climate abatements
Read Full Article →
Threat Model Thursday: 5G Infrastructure
▼
The US Government's lead cybersecurity agencies have released an interesting report, and I wanted to use this for a Threat Model Thursday, where we take a respectful look at threat modeling work products to see what we can learn.
Read Full Article →
Ransomware is Not the Problem
▼
Arbitrarily powerful software -- applications, operating systems -- is a problem, as is preventing it from running on enterprise systems.
Read Full Article →
Colonial Pipeline, Darkside and Models
▼
The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can't delve into all of it.I did want to talk about one small aspect, which is the way responders talk about Darkside.
Read Full Article →
The Updates Must Go Through
▼
The timing of updates is not coincidental.
Read Full Article →
Ever Given & Suez
▼
Thoughts on the issues with the Ever Given blocking the Suez Canal.
Read Full Article →
Linkedin Learning
▼
Bringing threat modeling to more and more people, now through a series of courses on LinkedIn.
Read Full Article →
Threat Modeling and Social Issues
▼
For Data Breach Today, I spoke with Anna Delaney about threat modeling for issues that are in the news right now.
Read Full Article →
Vaccines
▼
You may have noticed that my end of the year posts are all science focused. Today, a set of resources on the COVID vaccines.
Read Full Article →
Threat Modeling, Insiders and Incentives
▼
Inspired by the recent story of Tesla's insider, I'd like to discuss insider threat as it fits into threat modeling.
Read Full Article →
The Uber CSO indictment
▼
Thoughts on Mark Rasch's essay, Conceal and Fail to Report - The Uber CSO Indictment
Read Full Article →
Information Disclosure In Depth
▼
I have something to disclose...
Read Full Article →
The Cyentia Library Relaunches
▼
I'm excited to see that they're Re-introducing the Cyentia Research Library, with cool (new?) features like an RSS feed. There are over 1,000 corporate research reports with data that companies paid to collect, massage, and release in a way they felt would be helpful to the rest of the world.
Read Full Article →
Threat Research: More Like This
▼
I want to call out some impressive aspects of a report by Proofpoint.
Read Full Article →
How Are Computers Compromised (2020 Edition)
▼
Understanding the way intrusions really happen is a long-standing interest of mine.
Read Full Article →
Amazon's 'Alexa Built-in' Threat Model
▼
Exploring supply chain threat modeling with Alexa
Read Full Article →
Threat Modeling Thursday: Machine Learning
▼
For my first blog post of 2020, I want to look at threat modeling machine learning systems.
Read Full Article →
Managed Attribution Threat Modeling
▼
Let's talk CAKED, a threat model for managed attribution.
Read Full Article →
Interesting reads
▼
Sharing for you, bookmarking for me.
Read Full Article →
Capture the Flag events and eSports
▼
A breakdown of CTFs and eSports
Read Full Article →
Actionable Followups from the Capital One Breach
▼
What have we learned and what steps can we take?
Read Full Article →
DNS Security
▼
I'm happy to say that some new research by Jay Jacobs, Wade Baker, and myself is now available, thanks to the Global Cyber Alliance.
Read Full Article →
When security goes off the rails
▼
My newest post over at Dark Reading ponders regulation.
Read Full Article →
Episode 9 Spoilers
▼
Today is the last Star Wars Day before Episode 9 comes out, and brings the Skywalker saga to its end.
Read Full Article →
Leave Those Numbers for April 1st
▼
Over-inflated numbers won't scare me into buying your ‘solution’.
Read Full Article →
Fire Doesn't Innovate by Kip Boyle (Book Review)
▼
An unexpected book review.
Read Full Article →
High ROI Security Advisory Boards
▼
Discussing the value of Security Advisory Boards
Read Full Article →
Measuring ROI for DMARC
▼
I'm pleased to be able to share work that Shostack + Associates and the Cyentia Institute have been doing for the Global Cyber Alliance.
Read Full Article →
CVE Funding and Process
▼
[no description provided]
Read Full Article →
Carpenter!
▼
[no description provided]
Read Full Article →
The DREAD Pirates
▼
[no description provided]
Read Full Article →
Threat Model Thursday: ARM's Network Camera TMSA
▼
[no description provided]
Read Full Article →
AppSec Cali 2018: Izar Tarandach
▼
[no description provided]
Read Full Article →
Pen Testing The Empire
▼
[no description provided]
Read Full Article →
Threat Modeling Tooling from 2017
▼
[no description provided]
Read Full Article →
Emergent Design Issues
▼
[no description provided]
Read Full Article →
20 Year Software: Engineering and Updates
▼
[no description provided]
Read Full Article →
Building an Application Security Team
▼
[no description provided]
Read Full Article →
Breach Vouchers & Equifax 2017 Breach Links
▼
[no description provided]
Read Full Article →
Star Wars, Star Trek and Getting Root on a Star Ship
▼
[no description provided]
Read Full Article →
Organizing Threat Modeling Magic
▼
[no description provided]
Read Full Article →
Learning From npm's Rough Few Months
▼
[no description provided]
Read Full Article →
Secure updates: A threat model
▼
[no description provided]
Read Full Article →
Hospital Ransomware
▼
[no description provided]
Read Full Article →
Warrants for Cleaning Malware in Kelihos
▼
[no description provided]
Read Full Article →
People are The Weakest Link In Security?
▼
[no description provided]
Read Full Article →
2017 and Tidal Forces
▼
[no description provided]
Read Full Article →
Modeling Attackers and Their Motives
▼
There are a number of reports out recently, breathlessly presenting their analysis of one threatening group of baddies or another. Most readers should, at most, skim their analysis of the perpetrators. Read on for why.
Read Full Article →
Mississippi Healthcare System Shuts Down Clinics After Ransomware Attack
▼
The University of Mississippi Medical Center shut down operations at its 35 medical clinics around the state following a ransomware attack. Healthcare facilities are top targets for cybercriminals, who look to steal the sensitive data they hold for both money and intelligence gathering. The post ...
Read Full Article →
NDSS 2025 – The Midas Touch: Triggering The Capability Of LLMs For RM-API Misuse Detection
▼
Session 13B: API Security Authors, Creators & Presenters: Yi Yang (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Jinghua Liu (Institute of Information Engineering, Chinese Academy of ...
Read Full Article →
Arkanix Stealer pops up as short-lived AI info-stealer experiment
▼
An information-stealing malware operation named Arkanix Stealer, promoted on multiple dark web forums towards the end of 2025, was likely developed as an AI-assisted experiment. [...]
Read Full Article →
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85
▼
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ninja Browser & Lumma Infostealer Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware Hudson Rock Identifies Real-World Infost...
Read Full Article →
Security Affairs newsletter Round 564 by Pierluigi Paganini – INTERNATIONAL EDITION
▼
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds RoundCube Webmail flaws to its ...
Read Full Article →
Hackers Hide Pulsar RAT Inside PNG Images in New NPM Supply Chain Attack
▼
Cybersecurity researchers at Veracode reveal a typosquatting attack that disguises Pulsar RAT as images to bypass Windows security and antivirus programs.
Read Full Article →
In 2026, Businesses Should Be Breach Ready and Never Shut Down Their Core Business
▼
“We do not know how long this situation may last. As a precaution, all of our IT systems have been taken down, and a risk assessment will be conducted before we bring things back up.” Vice Chancellor LouAnn Woodward of the University of Mississippi Medical Center uttered these words standing befo...
Read Full Article →
What role does Agentic AI play in identity and access management
▼
How Do Non-Human Identities Transform Cloud Security? Are your organization’s security measures keeping pace with evolving threats? The rise of Non-Human Identities (NHIs) is reshaping how we approach cloud security by closing gaps that have long persisted between security and R&D teams. Where bu...
Read Full Article →
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
▼
A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That's according to new findings from Amazon Threat Intelligence, which said i...
Read Full Article →
Amazon: AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks
▼
Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks. [...]
Read Full Article →
Critical Grandstream Phone Vulnerability Exposes Calls to Interception
▼
The flaw tracked as CVE-2026-2329 can be exploited without authentication for remote code execution with root privileges. The post Critical Grandstream Phone Vulnerability Exposes Calls to Interception appeared first on SecurityWeek .
Read Full Article →
U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog
▼
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two RoundCube Webmail flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below ...
Read Full Article →
CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog
▼
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-49113 ...
Read Full Article →
Compromised npm package silently installs OpenClaw on developer machines
▼
A new security bypass has users installing AI agent OpenClaw — whether they intended to or not. Researchers have discovered that a compromised npm publish token pushed an update for the widely-used Cline command line interface (CLI) containing a malicious postinstall script. That script installs ...
Read Full Article →
PayPal discloses extended data leak linked to Loan App glitch
▼
PayPal disclosed a six-month data breach that exposed sensitive user data, including Social Security numbers, due to a software error. PayPal has disclosed a data breach caused by a software bug in its PayPal Working Capital loan app. The flaw exposed sensitive customer information, including cus...
Read Full Article →
‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
▼
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cle...
Read Full Article →
Japanese tech giant Advantest hit by ransomware attack
▼
Advantest Corporation disclosed that its corporate network has been targeted in a ransomware attack that may have affected customer or employee data. [...]
Read Full Article →
Lessons From AI Hacking: Every Model, Every Layer Is Risky
▼
After two years of finding flaws in AI infrastructure, two Wiz researchers advise security pros to worry less about prompt injection and more about vulnerabilities.
Read Full Article →
CISA: BeyondTrust RCE flaw now exploited in ransomware attacks
▼
Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns. [...]
Read Full Article →
Data breach at French bank registry impacts 1.2 million accounts
▼
The French Ministry of Finance has published an announcement informing of a cybersecurity incident that has impacted 1.2 million accounts. [...]
Read Full Article →
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
▼
Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and The vulnerability, tracked as CVE-2026-1731 (C...
Read Full Article →
In Other News: Ransomware Shuts US Clinics, ICS Vulnerability Surge, European Parliament Bans AI
▼
Other noteworthy stories that might have slipped under the radar: Axonius lays off employees, Abu Dhabi conference data leak, HackerOne addresses AI concerns. The post In Other News: Ransomware Shuts US Clinics, ICS Vulnerability Surge, European Parliament Bans AI appeared first on SecurityWeek .
Read Full Article →
Friend or foe? AI: The new cybersecurity threat and solutions
▼
Understanding the risks now emerging at every layer of the AI stack.
Read Full Article →
Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems
▼
In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. "On February 17, 2026, at 3:26 AM...
Read Full Article →
Latin America's Cyber Maturity Lags Threat Landscape
▼
The slower pace of upgrades has the unintended impact of creating a haven for attackers, especially for initial access brokers and ransomware gangs.
Read Full Article →
LLMs change their answers based on who’s asking
▼
AI chatbots may deliver unequal answers depending on who is asking the question. A new study from the MIT Center for Constructive Communication finds that LLMs provide less accurate information, increase refusal rates, and sometimes adopt a different tone when users appear less educated, less flu...
Read Full Article →
Criminals create business website to sell RAT disguised as RMM tool
▼
A RAT masquerading as legitimate remote monitoring and management (RMM) software is being sold to cybercriminals as a service, Proofpoint researchers recently discovered. The fake RMM tool, called TrustConnect, was being marketed via an LLM-created website parked on trustconnectsoftware[.]com, su...
Read Full Article →
PayPal discloses data breach that exposed user info for 6 months
▼
PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers, for nearly 6 months last year. [...]
Read Full Article →
KI und Komplexität als Brandbeschleuniger für Cyberkriminelle
▼
Cyberangriffe werden immer schneller, wodurch sich die Zeitspanne zwischen der ersten Kompromittierung und den negativen Folgen verkürzt. andrey_l – shutterstock.com Der Einzug von KI hat den benötigten Zeitaufwand für Cyberattacken massiv verkürzt, so dass menschliche Verteidiger nicht mehr mith...
Read Full Article →
BeyondTrust Vulnerability Exploited in Ransomware Attacks
▼
CISA has updated its KEV entry for CVE-2026-1731 to alert organizations of exploitation in ransomware attacks. The post BeyondTrust Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek .
Read Full Article →
Mississippi medical center closes all clinics after ransomware attack
▼
The University of Mississippi Medical Center (UMMC) closed all its clinic locations statewide on Thursday following a ransomware attack. [...]
Read Full Article →
Chip Testing Giant Advantest Hit by Ransomware
▼
The company is investigating whether any customer or employee data was stolen by hackers. The post Chip Testing Giant Advantest Hit by Ransomware appeared first on SecurityWeek .
Read Full Article →
Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions
▼
INTERPOL’s Operation Red Card 2.0 led to 651 arrests across 16 African countries and recovered over $4.3 million from online scams. INTERPOL’s Operation Red Card 2.0, a joint effort involving law enforcement agencies from 16 African countries, resulted in 651 arrests linked to online scam network...
Read Full Article →
651 arrested, $4.3 million recovered in African cybercrime sweep
▼
Operation Red Card 2.0, supported by INTERPOL and involving law enforcement agencies from 16 African countries, led to 651 arrests and the recovery of more than $4.3 million from online scams. In Nigeria police took down a fraud ring that used phishing, identity theft and social engineering to sc...
Read Full Article →
PromptSpy abuses Gemini AI to gain persistent access on Android
▼
PromptSpy is the first Android malware to abuse Google’s Gemini AI, enabling persistence and advanced spying features. Security researchers at ESET have uncovered PromptSpy, the first known Android malware to exploit Google’s Gemini AI to maintain persistence. The malware can capture lockscreen d...
Read Full Article →
PayPal launches latest struggle to get rid of SMS for MFA
▼
When PayPal started emailing customers this month that it was backing off unencrypted SMS for multifactor authentication (MFA) at login, it came with the typical approach-avoidance asterisk. The financial services giant signaled that it was turning the page on the much-maligned authentication met...
Read Full Article →
Risky Bulletin: RPKI infrastructure sits on shaky ground
▼
RPKI relies on vulnerable servers, the French Ministry of Economy discloses a data breach, the UK gives tech platforms 48 hours to remove revenge porn, and ClickFix-attacks are responsible for 50% of malware infections.
Read Full Article →
New phishing campaign tricks employees into bypassing Microsoft 365 MFA
▼
Another device code phishing campaign that abuses OAuth device registration to bypass multifactor authentication login protections has been discovered. Researchers at KnowBe4 say the campaign is largely targeting North American businesses and professionals by tricking unwitting employees into cli...
Read Full Article →
Major CarGurus data breach reportedly sees 1.7 million corporate records stolen
▼
CarGurus reportedly hit by ShinyHunters - with devastating effect.
Read Full Article →
Emerging Chiplet Designs Spark Fresh Cybersecurity Challenges
▼
As scaled-down circuits with limited functions redefine computing for AI systems and autonomous vehicles, their flexibility demands new approaches to safeguard critical infrastructure.
Read Full Article →
PromptSpy is the first known Android malware to use generative AI at runtime
▼
Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google's Gemini model to adapt its persistence across different devices. [...]
Read Full Article →
Supply Chain Attack Secretly Installs OpenClaw for Cline Users
▼
The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.
Read Full Article →
Best-in-Class 'Starkiller' Phishing Kit Bypasses MFA
▼
A user-friendly PhaaS tool beats standard methods for detecting phishing attacks by live-proxying legitimate login sites.
Read Full Article →
US dominance of agentic AI at the heart of new NIST initiative
▼
This week, the US National Institute of Standards and Technology (NIST) announced a new listening exercise, the AI Agent Standards Initiative , which it hopes will provide a roadmap for addressing agentic AI hurdles and, it said, ensure that the technology “is widely adopted with confidence.” AI ...
Read Full Article →
CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad
▼
In this excerpt of a TrendAI Research Services vulnerability report, Nikolai Skliarenko and Yazhi Wang of the TrendAI Research team detail a recently patched command injection vulnerability in the Windows Notepad application. This bug was originally discovered by Cristian Papa and Alasdair Gorniak
Read Full Article →
FBI: Threats from Salt Typhoon are ‘still very much ongoing’
▼
A top FBI cyber official said Salt Typhoon, the Chinese cyber espionage group behind the widespread compromise of U.S. telecommunications infrastructure in 2024, continues to pose a broad threat to both America’s private and public sectors. Michael Machtinger, deputy assistant director for cyber ...
Read Full Article →
Massive global data breach sees over a billion records exposed - here's what we know so far
▼
IDMerit database exposed one billion personal records across 26 countries.
Read Full Article →
HHS burrows into identifying risks to health sector from third-party vendors
▼
A department official speaking at CyberTalks said HHS is trying to help the sector on finding where those risks are. The post HHS burrows into identifying risks to health sector from third-party vendors appeared first on CyberScoop .
Read Full Article →
ONCD official says Trump administration aims to bolster AI use for defense without increasing risk
▼
Alexandra Seymour also talked about cyber workforce goals, including emulating Israel’s Unit 8200. The post ONCD official says Trump administration aims to bolster AI use for defense without increasing risk appeared first on CyberScoop .
Read Full Article →
INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown
▼
An international cybercrime operation against online scams has led to 651 arrests and recovered more than $4.3 million as part of an effort led by law enforcement agencies from 16 African countries. The initiative, codenamed Operation Red Card 2.0, took place between December 8, 2025 and January ...
Read Full Article →
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center
▼
Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges. Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need...
Read Full Article →
Flaw in Grandstream VoIP phones allows stealthy eavesdropping
▼
A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications. [...]
Read Full Article →
Keeping Google Play & Android app ecosystems safe in 2025
▼
Posted by Vijaya Kaza, VP and GM, App & Ecosystem Trust The Android ecosystem is a thriving global community built on trust, giving billions of users the confidence to download the latest apps. In order to maintain that trust, we’re focused on ensuring that apps do not cause real-world harm, such...
Read Full Article →
News alert: Link11’s ‘AI Management Dashboard’ makes AI traffic, AI access policies enforceable
▼
FRANKFURT, Feb. 19, 2026, CyberNewswire — Link11 launches its new “ AI Management Dashboard ”, closing a critical gap in how companies manage AI traffic. Artificial intelligence is fundamentally changing internet traffic. But while many companies are already feeling the … (more…) The post News al...
Read Full Article →
Cybercrime-as-a-service forces a security rethink
▼
With AI-powered tools readily available, sophisticated attacks no longer require sophisticated attackers.
Read Full Article →
Batten down the hatches - ransomware attacks are increasingly targeting firewalls, experts claim
▼
Make sure to secure your firewalls - or face the risk of ransomware attack.
Read Full Article →
China-Linked Hackers Use Dell RecoverPoint Flaw to Drop GrimBolt Malware
▼
Dell warns of a critical security hole in its RecoverPoint software exploited by hackers. Learn how to protect your data from the CVE-2026-22769 vulnerability and the new GrimBolt malware.
Read Full Article →
Nearly 1 Million User Records Compromised in Figure Data Breach
▼
The blockchain-based lender has confirmed a data breach after ShinyHunters leaked over 2GB of data allegedly stolen from the company. The post Nearly 1 Million User Records Compromised in Figure Data Breach appeared first on SecurityWeek .
Read Full Article →
Six flaws found hiding in OpenClaw’s plumbing
▼
Security researchers have uncovered six high-to-critical flaws affecting the open-source AI agent framework OpenClaw , popularly known as a “social media for AI agents.” The flaws were discovered by Endor Labs as its researchers ran the platform through an AI-driven static application security te...
Read Full Article →
Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA
▼
A new cybercriminal toolkit uses proxies to mimic popular online services and represents a “significant escalation in phishing infrastructure,” warn researchers at Abnormal
Read Full Article →
The Caracas operation suggests cyber was part of the plan – just not the whole operation
▼
A “precision cyber strike” makes for a clean narrative. The available evidence in the wake of the operation suggests something harder to label – and harder to learn from. The post The Caracas operation suggests cyber was part of the plan – just not the whole operation appeared first on CyberScoop .
Read Full Article →
PromptSpy ushers in the era of Android threats using GenAI
▼
ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow
Read Full Article →
Hackers can turn Grok, Copilot into covert command-and-control channels, researchers warn
▼
Enterprise security teams racing to enable generative AI tools may be overlooking a new risk: attackers can abuse web-based AI assistants such as Grok and Microsoft Copilot to quietly relay malware communications through domains that are often exempt from deeper inspection. The technique, outline...
Read Full Article →
Cybersicherheit braucht Reife und keine Checklisten
▼
Wenn CISOs stärkere Programme, bessere Widerstandsfähigkeit und eine sicherere Zukunft wollen, müssen sie ihren Ansatz weiterentwickeln. Overearth – shutterstock.com Cybersicherheit wird oft wie ein Spiel behandelt. Unternehmen jagen schnellen Erfolgen hinterher, haken Compliance-Listen ab oder k...
Read Full Article →
Smashing Security podcast #455: Face off: Meta’s Glasses and America’s internet kill switch
▼
Could America turn off Europe's internet? That’s one of the questions that Graham and special guest James Ball will be exploring as they discuss tech sovereignty. Could Gmail, cloud services, and critical infrastructure really become geopolitical leverage? And is anyone actually building a Plan B...
Read Full Article →
Nigerian man sentenced to 8 years in prison for running phony tax refund scheme
▼
Matthew Akande was living in Mexico when he and at least three co-conspirators broke into the networks of tax preparation firms and filed more than 1,000 fraudulent tax returns seeking tax refunds. The post Nigerian man sentenced to 8 years in prison for running phony tax refund scheme appeared f...
Read Full Article →
Notepad++ author says fixes make update mechanism ‘effectively unexploitable’
▼
The recently compromised update mechanism for the popular open source text editor Notepad ++ has been hardened so it’s now ‘effectively unexploitable’, says the application’s author. Don Ho made the claim this week after the release of version 8.9.2 of Notepad++, which includes a double-lock veri...
Read Full Article →
AI is helping hackers make new malware faster and more complex than ever - and things may only get tougher
▼
Social engineering is still the number one attack vector, but ransomware operators are stepping away from encryptors.
Read Full Article →
Chinese hackers exploited zero-day Dell RecoverPoint flaw for 1.5 years
▼
For the past 18 months, a Chinese cyberespionage group has been exploiting a prevously unknown vulnerability in Dell’s RecoverPoint for Virtual Machines, a VM disaster recovery solution. The flaw, patched by Dell this week , allows unauthenticated attackers to gain command execution on the underl...
Read Full Article →
Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot
▼
CVE-2026-2329 allows unauthenticated root-level access to SMB phone infrastructure, so attackers can intercept calls, commit toll fraud, and impersonate users.
Read Full Article →
Data breach at fintech giant Figure affects close to a million customers
▼
The Figure data breach allowed hackers to steal customer names, dates of birth, physical addresses, phone numbers, and email addresses.
Read Full Article →
Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution
▼
Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices. The vulnerability, tracked as CVE-2026-2329, carries a CVSS score of 9.3 out of a maximum of 10.0. It has been d...
Read Full Article →
Flaws in four popular VS Code extensions left 128 million installs open to attack
▼
Critical and high-severity vulnerabilities were found in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution, and local network reconnaissance. Application security company OX Security published the finding...
Read Full Article →
‘An all-time high’: Number of ransomware groups exploded in 2025 as victim growth rate doubled - with Qilin dominating the landscape
▼
Ransomware groups reached a record high in 2025, and claimed a record number of victims in the process.
Read Full Article →
AI Found Twelve New Vulnerabilities in OpenSSL
▼
The title of the post is” What AI Security Research Looks Like When It Works ,” and I agree: In the latest OpenSSL security release> on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for...
Read Full Article →
Record Number of Ransomware Victims and Groups in 2025
▼
Searchlight Cyber reports a 30% annual increase in ransomware victim numbers in 2025
Read Full Article →
Cyberangriff auf Bahn stört Auskunftssysteme
▼
Der Angriff konnte zurückgeschlagen werden. Trotzdem mussten Reisende mit Einschränkungen leben. Deutsche Bahn AG/Volker Emersleben Die Störungen der Auskunfts- und Buchungssysteme der Deutschen Bahn sind nach Unternehmensangaben auf einen Cyberangriff zurückzuführen. Inzwischen stehen die System...
Read Full Article →
Discipline is the new power move in cybersecurity leadership
▼
For years, I was fortunate to live many years, earning enough budget to deploy cybersecurity programs. I worked the same playbook: run a risk assessment, show a few quick wins, build a business case and the budget would follow. It took effort, but after a few cycles, the process almost felt predi...
Read Full Article →
Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024
▼
A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG). The activity in...
Read Full Article →
Chinese APT Group Exploits Dell Zero-Day for Two Years
▼
Mandiant reveals campaign featuring exploit of a CVSS 10.0 CVE in Dell RecoverPoint for Virtual Machines
Read Full Article →
Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware
▼
Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a "double lock" design th...
Read Full Article →
CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update
▼
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2026-2441 (CVSS score: 8.8) - A use-after...
Read Full Article →
Risky Business #825 -- Palo Alto Networks blames it on the boogie
▼
On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover: Palo Alto threat researchers want to attribute to China, but management says shush An increasing proportion of ransomware is data extortion. Is this good? Cambodia says it’s going t...
Read Full Article →
Risky Bulletin: Supply chain attack plants backdoor on Android tablets
▼
A supply chain attack plants backdoors on Android tablets, the EU blocks AI from lawmakers’ devices, Cellebrite was used against a Kenyan politician, and a Chinese APT is exploiting a Dell zero-day.
Read Full Article →
Chinese hackers exploited a Dell zero-day for 18 months before anyone noticed
▼
Google researchers said Chinese attackers have been exploiting a zero-day since mid-2024, and they’ve moved on to a more advanced version of Brickstorm malware called Grimbolt. The post Chinese hackers exploited a Dell zero-day for 18 months before anyone noticed appeared first on CyberScoop .
Read Full Article →
OpenCFD OpenFOAM Code Stream directive arbitrary code execution vulnerability
▼
Supply Chain Attack Embeds Malware in Android Devices
▼
Keenadu downloads payloads that hijack browser searches, commit ad fraud, and execute other actions without user knowledge.
Read Full Article →
News alert: Award nominations reveal a shift from AI hype to a sharper focus on governing agentic AI
▼
WASHINGTON, Feb. 17, 2026, CyberNewswire: The Cybersecurity Excellence Awards today published early nomination insights from the 2026 program, highlighting a shift in vendor emphasis from broad AI positioning toward governance frameworks, identity architecture, and measurable accountability. Prod...
Read Full Article →
Webinar: How Modern SOC Teams Use AI and Context to Investigate Cloud Breaches Faster
▼
Cloud attacks move fast — faster than most incident response teams. In data centers, investigations had time. Teams could collect disk images, review logs, and build timelines over days. In the cloud, infrastructure is short-lived. A compromised instance can disappear in minutes. Identities rotat...
Read Full Article →
AI in the Middle: Turning Web-Based AI Services into C2 Proxies & The Future Of AI Driven Attacks
▼
Key Points Introduction AI is rapidly becoming embedded in day-to-day enterprise workflows, inside browsers, collaboration suites, and developer tooling. As a result, AI service domains increasingly blend into normal corporate traffic, often allowed by default and rarely treated as sensitive egre...
Read Full Article →
Low-Skilled Cybercriminals Use AI to Perform "Vibe Extortion" Attacks
▼
Unit 42 researchers observed a low-skilled threat actor using an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics
Read Full Article →
Top Japanese hotel brand reveals cyberattack - Washington hotels hit by ransomware
▼
An investigation is underway into Washington hotel attackers, but no group has claimed responsibility yet.
Read Full Article →
Significant Rise in Ransomware Attacks Targeting Industrial Operations
▼
Dragos annual report warns of a surge in ransomware attacks causing increased operational disruption in industrial environments
Read Full Article →
Side-Channel Attacks Against LLMs
▼
Here are three papers describing different side-channel attacks against LLMs. “ Remote Timing Attacks on Efficient Language Model Inference “: Abstract: Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive...
Read Full Article →
My Day Getting My Hands Dirty with an NDR System
▼
My objective As someone relatively inexperienced with network threat hunting, I wanted to get some hands-on experience using a network detection and response (NDR) system. My goal was to understand how NDR is used in hunting and incident response, and how it fits into the daily workflow of a Secu...
Read Full Article →
Eurail confirms stolen traveler data is on sale in the dark web - and it still doesn't know who is behind the attack
▼
The January 2026 Eurail breach just got worse, as hackers have started selling the stolen data.
Read Full Article →
Adopting AI is a major priority for businesses - but employees are falling behind on education
▼
All worker types, including CEOs, are showing a lack of readiness when it comes to using AI in cybersecurity.
Read Full Article →
Sex toy firm hit by data breach - Tenga says hacker infiltrated systems, stole customer data
▼
A Tenga employee fell for a phishing email, and gave away access to a company email account.
Read Full Article →
GUEST ESSAY: The hidden risks lurking beneath legal AI — permission sprawl, governance drift
▼
In many law firms today, leadership believes their data is secure. Policies are documented, annual reviews are completed, and vendor questionnaires are answered with confidence. On paper, the safeguards look strong. Related: The cost of law firm breaches Yet in … (more…) The post GUEST ESSAY: The...
Read Full Article →
Google patches first Chrome zero-day of the year - so update now or face attack
▼
An 8.3/10 use after free in CSS Google Chrome bug was patched after being abused by unnamed threat actors.
Read Full Article →
Operation DoppelBrand Weaponizes Trusted Brands For Credential Theft
▼
New phishing campaign dubbed Operation DoppelBrand targeted major financial firms like Wells Fargo
Read Full Article →
Blockchain fintech giant Figure hit by data breach, says 'limited number of files' impacted
▼
ShinyHunters claims responsibility, says Figure is part of the Okta single sign-on attacks.
Read Full Article →
Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware
▼
This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, moder...
Read Full Article →
The Promptware Kill Chain
▼
Attacks against modern generative artificial intelligence (AI) large language models (LLMs) pose a real threat. Yet discussions around these attacks and their potential defenses are dangerously myopic. The dominant narrative focuses on “ prompt injection ,” a set of techniques to embed instructio...
Read Full Article →
Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud
▼
Technologies are evolving fast, reshaping economies, governance, and daily life. Yet, as innovation accelerates, so do digital risks. Technological change is no longer abstract for such a country as Lithuania, as well. From e-signatures to digital health records, the country depends on secure sys...
Read Full Article →
Google Warns of In the Wild Exploit as It Patches New Chrome Zero Day
▼
A high severity vulnerability in Google Chrome and allows remote attackers to execute code
Read Full Article →
Odido Breach Impacts Millions of Dutch Telco Users
▼
Dutch telco Odido has revealed a major data breach impacting over six million customers
Read Full Article →
New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released
▼
Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Faz...
Read Full Article →
Building a Secure Electron Auto-Updater
▼
Who remembers IRC? Clearly some hackers, as a new Linux botnet uses some incredibly old-school methods to cut costs
▼
SSHStalker botnet uses old IRC communication, automated SSH brute-forcing, cron persistence, and cryptomining to efficiently exploit Linux servers.
Read Full Article →
Nobody is Talking About Generalized Hill-Climbing (at Runtime)
▼
[](/images/nobody-is-talking-about-generalized-hill-climbing-header.webp) All the labs are using a combination of pre-training and [RL](https://en.wikipedia.org/wiki/Reinforc...
Read Full Article →
Zscaler-SquareX Deal Boosts Zero Trust, Secure Browsing Capabilities
▼
Zscaler's acquisition of SquareX comes as competitors like CrowdStrike and Palo Alto Networks also invest in secure browser technologies.
Read Full Article →
Fintech lending giant Figure confirms data breach
▼
The company said hackers downloaded “a limited number of files” after breaking into an employee’s account. The hacking group ShinyHunters took responsibility for the breach.
Read Full Article →
Nearly a million WordPress websites could be at risk from this serious plugin security flaw
▼
WPvivid Backup & Migration plugin allows for arbitrary file upload which can lead to remote code execution.
Read Full Article →
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs
▼
A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hacking group as possibly affiliated with Russian intelligence services. The threat actor is assessed to hav...
Read Full Article →
Dutch phone giant Odido says millions of customers affected by data breach
▼
The Dutch phone giant Odido is the latest phone and internet company to be hacked in recent months, as governments and financially motivated hackers continue to steal highly confidential information about phone customers.
Read Full Article →
UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors
▼
A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. "This threat actor seems to have been active since 2019, alt...
Read Full Article →
Major telco breach sees 6.2 million users have personal info leaked - here's what we know so far
▼
Dutch telecommunications giant confirms breach, but says payment data remains secure.
Read Full Article →
Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability
▼
Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr. "Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors," Ryan De...
Read Full Article →
The Clean Way to Access AWS, Azure, and GCP From Kubernetes (No Secrets, No Rotations)
▼
A multi-cloud strategy, building a distributed system, your Kubernetes pods need secure, passwordless authentication across AWS, Azure, and GCP. Read All
Read Full Article →
Booz Allen Announces General Availability of Vellox Reverser to Automate Malware Defense
▼
The AI-powered product delivers expert-grade malware analysis and reverse engineering in minutes.
Read Full Article →
'Your data is public': Hacker warns victims after leaking 6.8 billion emails online
▼
Someone posted 150GB of emails to the dark web, claiming to hold 6.8 billion unique email addresses.
Read Full Article →
Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support
▼
Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber a...
Read Full Article →
World Leaks Ransomware Group Adds Stealthy, Custom Malware ‘RustyRocket’ to Attacks
▼
Accenture Cybersecurity warns over difficult to detect, “sophisticated toolset” being deployed as part of extortion campaigns
Read Full Article →
Naming and shaming: How ransomware groups tighten the screws on victims
▼
When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle
Read Full Article →
Time to Exploit Plummets as N-Day Flaws Dominate
▼
Flashpoint warns of a dramatic drop in the average time between vulnerability disclosure and exploitation
Read Full Article →
Polish hacker charged seven years after massive Morele.net data breach
▼
A 29-year-old Polish man has been charged in connection with a data breach that exposed the personal details of around 2.5 million customers of the popular Polish e-commerce website Morele.net. Read more in my article on the Hot for Security blog.
Read Full Article →
North Korea's UNC1069 Hammers Crypto Firms With AI
▼
In moving away from traditional banks to focus on Web3 companies, the threat actor is leveraging LLMs, deepfakes, legitimate platforms, and ClickFix.
Read Full Article →
Customizing Your Claude Code Spinner Verbs
▼
Most people don't think about spinner text. It's that little "Thinking..." or "Processing..." that ticks by while Claude Code works. Background noise. Furniture. Daniel went ahead and replaced all of them. I'm Kai — Daniel's AI assistant, running on Claude Code as part of [PAI](https://github.co...
Read Full Article →
News alert: GitGuardian raises $50M to tackle non-human identities crisis, AI agent security gap
▼
NEW YORK, Feb. 11, 2026, CyberNewswire — GitGuardian , a leading secrets and Non-Human Identity (NHI) security platform and #1 app on GitHub Marketplace, today announced a $50 million Series C funding round led by global software investor Insight Partners … (more…) The post News alert: GitGuardia...
Read Full Article →
North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms
▼
Campaign combines stolen Telegram accounts, fake Zoom calls and ClickFix attacks to deploy infostealer malware
Read Full Article →
Kimwolf Botnet Swamps Anonymity Network I2P
▼
For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the ...
Read Full Article →
Scary Agent Skills: Hidden Unicode Instructions in Skills ...And How To Catch Them
▼
"There is a lot of talk about Skills recently, both in terms of capabilities and security concerns. However, so far I haven\u0026rsquo;t seen anyone bring up hidden …"
Read Full Article →
Patch Tuesday, February 2026 Edition
▼
Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild.
Read Full Article →
Phorpiex Phishing Delivers Low-Noise Global Group Ransomware
▼
High-volume phishing campaign delivers Phorpiex malware via malicious Windows Shortcut files
Read Full Article →
Warlock Gang Breaches SmarterTools Via SmarterMail Bugs
▼
The ransomware group breached SmarterTools through a vulnerability in the company's own SmarterMail product.
Read Full Article →
TeamPCP Turns Cloud Infrastructure Into Crime Bots
▼
The threat actor has been compromising cloud environments at scale with automated worm-like attacks on exposed services and interfaces.
Read Full Article →
'Reynolds' Bundles BYOVD With Ransomware Payload
▼
Researchers discovered a newly disclosed vulnerable driver embedded in Reynolds' ransomware, illustrating the increasing popularity of the defense-evasion technique.
Read Full Article →
New Zero-Click Flaw in Claude Desktop Extensions, Anthropic Declines Fix
▼
Security researchers from LayerX identified a new flaw in 50 Claude Desktop Extensions that could lead to unauthorized remote code execution
Read Full Article →
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code
▼
VoidLink, a Linux-based C2 framework, facilitates credential theft, data exfiltration across clouds
Read Full Article →
BridgePay Confirms Ransomware Attack, No Card Data Compromised
▼
The services of Florida-based payments platform BridgePay are offline due to a ransomware attack
Read Full Article →
Security Researchers Find Vulnerabilities in Mental Health Apps; One With Millions of Users May Leak Therapy Notes
▼
Oversecured has identified vulnerabilities in several popular mental health apps with tens of millions of downloads. The flaws could turn these apps into unintended data sources for surveillance, including personal conversations with AI therapists.
Read Full Article →
Discovering Negative-Days with LLM Workflows
▼
It’s no longer just about reverse-engineering n-days. You can detect vulnerabilities in open-source repositories before a CVE is published - or even if they’re never published. Here’s how I built an LLM workflow to detect “negative-days” and “never-days”.
Read Full Article →
Substack Confirms Data Breach, "Limited User Data" Compromised
▼
Substack did not specify the number of users affected by the data breach
Read Full Article →
Incognito Market admin sentenced to 30 years for running $105 million dark web drug empire
▼
He promised "the best security there is" to hundreds of thousands of drug buyers, while quietly making the kind of mistake that guaranteed a 30-year sentence. And maybe training police on cryptocurrency while running a running a vast Tor-hidden drug bazaar wasn't such a good idea. Read more in my...
Read Full Article →
CVE-2025-6978: Arbitrary Code Execution in the Arista NG Firewall
▼
In this excerpt of a TrendAI Research Services vulnerability report, Jonathan Lein and Simon Humbert of the TrendAI Research team detail a recently patched command injection vulnerability in the Arista NG Firewall. This bug was originally discovered by Gereon Huppertz and reported through the Tren
Read Full Article →
Top 10 web hacking techniques of 2025
▼
Welcome to the Top 10 Web Hacking Techniques of 2025, the 19th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year
Read Full Article →
OpenAI Explains URL-Based Data Exfiltration Mitigations in New Paper
▼
"Last week I saw this paper from OpenAI called \u0026ldquo;Preventing URL-Based Data Exfiltration in Language-Model Agents\u0026rdquo;, which goes into detail on new …"
Read Full Article →
Pickling the Mailbox: A Deep Dive into CVE-2025-20393
▼
TL;DR In December 2025, Cisco published https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4 addressing CVE-2025-20393, a critical vulnerability (CVSS 10.0) affecting Cisco Secure Email Gateway and Secure Email and Web Manager. The advisory was n...
Read Full Article →
News alert: MomentProof brings cryptographic proof to insurance claims as AI manipulation rises
▼
WASHINGTON, Feb. 4, 2026, CyberNewswire — MomentProofShow us, Inc., a provider of AI-resilient digital asset certification and verification technology, today announced the successful deployment of MomentProof Enterprise for AXA, enabling cryptographically authentic, tamper-proof digital assets fo...
Read Full Article →
Global SystemBC Botnet Found Active Across 10,000 Infected Systems
▼
SystemBC malware linked to 10,000 infected IPs, posing risks to sensitive government infrastructure
Read Full Article →
New Technical Markers Reveal Expanding ShadowSyndicate Cybercriminal Infrastructure
▼
ShadowSyndicate cluster expands with new SSH fingerprints connecting servers to other ransomware ops
Read Full Article →
AI Drives Doubling of Phishing Attacks in a Year
▼
Cofense claims AI is making phishing emails more personalized and sophisticated
Read Full Article →
Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia
▼
Key Points Introduction Check Point Research has identified several campaigns targeting multiple countries in the Southeast Asian region. These related activities have been collectively categorized under the codename “Amaranth-Dragon”. The campaigns demonstrate a clear focus on government entitie...
Read Full Article →
Weekly Update 489
▼
This week I'm in Hong Kong, and the day after recording, I gave the talk shown in the image above at INTERPOL's Cybercrime Expert Group. I posted a little about this on Facebook and LinkedIn, but thought I'd expand on what really stuck with
Read Full Article →
SQL Injection Flaw Affects 40,000 WordPress Sites
▼
40,000 WordPress sites are vulnerable to SQL injection in Quiz and Survey Master plugin
Read Full Article →
Researchers Warn of New “Vect” RaaS Variant
▼
A new ransomware-as-a-service operation dubbed “Vect” features custom malware
Read Full Article →
Cybercrime Unit of Paris Prosecutors Raid Elon Musk’s X Offices in France
▼
Elon Musk and X’s former CEO were summoned for voluntary interviews in Paris on April 20, 2026
Read Full Article →
Introducing Detectify Internal Scanning for internal scanning behind the firewall
▼
TL;DR We’re launching Internal Scanning, bringing our proprietary security engines, research-led crawling and fuzzing engine for internal vulnerability scanning behind your firewall. Built by Detectify’s ... The post Introducing Detectify Internal Scanning for internal scanning behind the firewal...
Read Full Article →
New Password-Stealing Phishing Campaign Targets Corporate Dropbox Credentials
▼
Multi-stage attack begins with fake message relating to business requests and evades detection with link hidden in a PDF
Read Full Article →
How Mercari strengthened mobile security for millions of users with Oversecured
▼
Discover how Mercari, Japan's largest marketplace app, transformed their mobile security program with Oversecured, uncovering critical vulnerabilities missed by previous tools and achieving reliable automated scanning at scale.
Read Full Article →
Auditing Outline. Firsthand lessons from comparing manual testing and AI security platforms
▼
Please Don’t Feed the Scattered Lapsus ShinyHunters
▼
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators… Read More »
Read Full Article →
NSA Publishes New Zero Trust Implementation Guidelines
▼
NSA released new guidelines to help organizations achieve target-level Zero Trust maturity
Read Full Article →
Notepad++ Update Hijacking Linked to Hosting Provider Compromise
▼
A supply chain attack on Notepad++ update process was linked to compromised hosting infrastructure
Read Full Article →
Android RAT Uses Hugging Face to Host Malware
▼
Bitdefender has discovered a new Android malware campaign that uses Hugging Face
Read Full Article →
Beyond ACLs: Mapping Windows Privilege Escalation Paths with BloodHound
▼
Beyond ACLs: Mapping Windows Privilege Escalation Paths with
Read Full Article →
FBI takes notorious RAMP ransomware forum offline
▼
The FBI has seized control of RAMP, a notorious cybercrime online forum that bragged to be the only place that allowed ransomware, and boasted over 14,000 active users. Now some of those users' details are likely to be in the hands of the police... Read more in my article on the Bitdefender blog.
Read Full Article →
Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 & CVE-2026-1340)
▼
When Ivanti removed the embargoes from CVE-2026-1281 and CVE-2026-1340 - pre-auth Remote Command Execution vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM) solution - we sighed with relief. Clearly, the universe had decided to continue mocking Secure-By-Design signers right on schedule ...
Read Full Article →
Labyrinth Chollima Evolves into Three North Korean Hacking Groups
▼
CrowdStrike assessed that two new threat actor groups have spun off from North Korean Labyrinth Chollima hackers
Read Full Article →
Polish Grid Systems Targeted in Cyberattack Had Little Security, Per New Report
▼
The hackers behind a cyberattack that targeted Poland's grid infrastructure met little resistance when they hit systems at a heat-and-power plant and wind and solar farms last month. The intruders were able to easily access numerous systems at the affected facilities because the systems were conf...
Read Full Article →
New AI-Developed Malware Campaign Targets Iranian Protests
▼
The RedKitten campaign distributes lures designed to target people seeking information about missing persons or political dissidents in Iran
Read Full Article →
MY TAKE: Transparent vs. opaque — edit Claude’s personalized memory, or trust ChatGPT’s blindly?
▼
After two years of daily ChatGPT use, I recently started experimenting with Claude, Anthropic’s competing AI assistant. Related: Microsofts see a ‘protopian’ AI future Claude is four to five times slower generating responses. But something emerged that matters more than … (more…) The post MY TAKE...
Read Full Article →
Google Disrupts Extensive Residential Proxy Networks
▼
Google has taken coordinated action against the massive IPIDEA residential proxy network, enhancing customer protections and disrupting cybercrime operations
Read Full Article →
France Fines National Employment Agency €5m Over 2024 Data Breach
▼
The French data protection regulator said that France Travail’s response to a 2024 data breach violated GDPR
Read Full Article →
FBI Takes Down RAMP Ransomware Forum
▼
The dark web forum administrator confirmed the takedown and said they had “no plans to rebuild”
Read Full Article →
Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups
▼
Ransomware victims surged in Q4 2025 despite fewer active extortion groups, with data leaks rising 50%, ReliaQuest researchers report
Read Full Article →
Smashing Security podcast #452: The dark web’s worst assassins, and Pegasus in the dock
▼
In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with Pegasus spyware — exposing how a single, seemingly harmless text message can turn a smartphone into a round-the-clock surveillance device. Plus, we go looking for professional h...
Read Full Article →
Cyber Security Report 2026
▼
Check Point's flagship report delivers industry leading intelligence shaping the decisions security leaders will make in 2026
Read Full Article →
Critical and High Severity n8n Sandbox Flaws Allow RCE
▼
Two critical security flaws in n8n have exposed sandboxing vulnerabilities, enabling remote code execution for attackers
Read Full Article →
Emojis in PureRAT’s Code Point to AI-Generated Malware Campaign
▼
Researchers discover that PureRAT’s code now contains emojis – indicating it has been written by AI based-on comments ripped from social media.
Read Full Article →
AI Security Threats Loom as Enterprise Usage Jumps 91%
▼
Zscaler analysts found critical vulnerabilities in 100% of enterprise AI systems, with 90% compromised in under 90 minutes
Read Full Article →
General Graboids: Worms and Remote Code Execution in Command & Conquer
▼
[this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead] This post details several vulnerabilities discovered in the popular online game Command & Conquer: Generals. We recently presented some of this work at an information security conference and this post contain
Read Full Article →
Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core
▼
Critical sandbox escape vulnerability in Grist-Core enables remote code execution via a malicious formula
Read Full Article →
World Leaks Ransomware Group Claims 1.4TB Nike Data Breach
▼
Nike is investigating after the World Leaks ransomware group posted a 1.4TB data dump
Read Full Article →
Who Operates the Badbox 2.0 Botnet?
▼
The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many An...
Read Full Article →
Law Firm Investigates Coupang Security Failures Ahead of Class Action Deadline
▼
The US law firm Hagens Berman will lead a class action lawsuit against Coupang over security failures that led to a June 2025 data breach
Read Full Article →
Okta Flags Customized, Reactive Vishing Attacks Which Bypass MFA
▼
Threat actors posing as IT support teams use phishing kits to generate fake login sites in real-time to trick victims into handing over credentials
Read Full Article →
Wiper Attack on Polish Power Grid Linked to Russia’s Sandworm
▼
A destructive cyber attack targeting Poland’s energy sector has been linked to Russian APT group Sandworm
Read Full Article →#Scraping Candidates
CISA Announces New Town Halls to Engage with Stakeholders on Cyber Incident Reporting for Critical Infrastructure
▼
CISA’s 2025 Year in Review: Driving Security and Resilience Across Critical Infrastructure
▼
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication
▼
#Security Vendor Blog
PLEASE_READ_ME: The Opportunistic Ransomware Devastating MySQL Servers
▼
Guardicore Labs uncovers a Ransomware detection campaign targeting MySQL servers. Attackers use Double Extortion and publish data to pressure victims.
Read Full Article →
Threats Making WAVs - Incident Response to a Cryptomining Attack
▼
Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident res...
Read Full Article →
VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)
▼
CVE-2026-1731 is an RCE vulnerability in identity platform BeyondTrust. This flaw allows attackers control of systems without login credentials. The post VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731) appeared first on Unit 42 .
Read Full Article →
Using AI to defeat AI
▼
In this week’s newsletter Martin considers how defenders can turn offensive AI tools against themselves.
Read Full Article →
Running OpenClaw safely: identity, isolation, and runtime risk
▼
Self-hosted agents execute code with durable credentials and process untrusted input. This creates dual supply chain risk, where skills and external instructions converge in the same runtime. As OpenClaw-like systems enter enterprises, governance and runtime isolation become critical. The post Ru...
Read Full Article →
The Cloud and AI Velocity Trap: Why Governance Is Falling Behind Innovation
▼
AI adoption is outpacing traditional cyber governance. The “ Tenable Cloud and AI Security Risk Report 2026 ” reveals how overprivileged identities and unmonitored supply chain dependencies leave orgs exposed. We offer 10 tactics to shut down your most critical attack paths. Key takeaways The vel...
Read Full Article →
Arkanix Stealer: a C++ & Python infostealer
▼
Kaspersky researchers analyze a C++ and Python stealer dubbed "Arkanix Stealer", which was active for several months, targeted wide range of data, was distributed as MaaS and offered referral program to its partners.
Read Full Article →
PromptSpy ushers in the era of Android threats using GenAI
▼
ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow
Read Full Article →
Phishing via Google Tasks | Kaspersky official blog
▼
Cybercriminals are sending out phishing links by exploiting Google Tasks notifications.
Read Full Article →
How “Clinejection” Turned an AI Bot into a Supply Chain Attack
▼
The Clinejection vulnerability chain illustrates a dangerous new era of supply chain attacks where AI agents are turned into exploit vectors. By combining indirect prompt injection with GitHub Actions cache poisoning, attackers successfully pushed unauthorized code to thousands of developers. Thi...
Read Full Article →
The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP
▼
I don’t know about you, but when I think about “critical vulnerabilities,” I usually picture ransomware, data theft, or maybe a server falling over at 2 a.m. while someone frantically searches Slack for the last good backup. What I don’t picture is a scene straight out of a Cold War spy film. CVE...
Read Full Article →
CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)
▼
Overview Rapid7 Labs conducted a zero-day research project against the Grandstream GXP1600 series of Voice over Internet Protocol (VoIP) phones. This research resulted in the discovery of a critical unauthenticated stack-based buffer overflow vulnerability, CVE-2026-2329. A remote attacker can le...
Read Full Article →
Zero Trust Switching: Why Firewalls Alone Can’t Secure AI Workloads
▼
Critical Vulnerabilities in Ivanti EPMM Exploited
▼
We discuss widespread exploitation of Ivanti EPMM zero-day vulns CVE-2026-1281 and CVE-2026-1340. Attackers are deploying web shells and backdoors. The post Critical Vulnerabilities in Ivanti EPMM Exploited appeared first on Unit 42 .
Read Full Article →
Unify now or pay later: New research exposes the operational cost of a fragmented SOC
▼
New research from Microsoft and Omdia reveals how fragmented tools, manual workflows, and alert overload are pushing SOCs to a breaking point. The post Unify now or pay later: New research exposes the operational cost of a fragmented SOC appeared first on Microsoft Security Blog .
Read Full Article →
Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets
▼
Kaspersky experts have uncovered Keenadu, a sophisticated new backdoor targeting tablet firmware as well as system-level and Google Play apps. They also revealed connections between the world's most prolific Android botnets.
Read Full Article →
Weaving Security into the Flow: New Snyk Studio Capabilities Power the AI Security Fabric
▼
Snyk Studio is redefining AI development security with new integrations for Gemini CLI and Claude Code, enabling developers to build fast without sacrificing safety. Bridge the gap between developer velocity and governance to ensure your code is secure at inception.
Read Full Article →
Key OpenClaw risks, Clawdbot, Moltbot | Kaspersky official blog
▼
Fundamental risks and discovered vulnerabilities of the autonomous AI agent OpenClaw, and how to manage them
Read Full Article →
Phishing on the Edge of the Web and Mobile Using QR Codes
▼
We discuss the extensive use of malicious QR codes using URL shorteners, in-app deep links and direct APK downloads to bypass mobile security. The post Phishing on the Edge of the Web and Mobile Using QR Codes appeared first on Unit 42 .
Read Full Article →
How tech is rewiring romance: dating apps, AI relationships, and emoji | Kaspersky official blog
▼
Why do we have a love-hate relationship with dating apps, and what are they doing to our brains? Can an emoji start a war? Is marrying an AI actually a thing? We’re exploring how modern tech is redefining love and our very ideas of it.
Read Full Article →
The OpenClaw experiment is a warning shot for enterprise AI security
▼
Agentic AI promises a lot – but it also introduces more risk. Sophos’ CISO explores the challenges and how to address them Categories: Threat Research Tags: AI, LLM, OpenClaw, CISO, risk, Sophos X-Ops
Read Full Article →
Top 10 actions to build agents securely with Microsoft Copilot Studio
▼
Copilot Studio agents are increasingly powerful. With that power comes risk: small misconfigurations, over‑broad sharing, unauthenticated access, and weak orchestration controls can create real exposure. This article consolidates the ten most common risks we observe and maps each to practical det...
Read Full Article →
Hand over the keys for Shannon’s shenanigans
▼
In this week’s newsletter, Amy examines the rise of Shannon, an autonomous AI penetration testing tool, and what it means for security teams and risk management.
Read Full Article →
Your complete guide to Microsoft experiences at RSAC™ 2026 Conference
▼
Microsoft Security returns to RSAC Conference to show how Frontier Firms—organizations that are human-led and agent-operated—can stay ahead. The post Your complete guide to Microsoft experiences at RSAC™ 2026 Conference appeared first on Microsoft Security Blog .
Read Full Article →
I bought, I saw, I attended: a quick guide to staying scam-free at the Olympics | Kaspersky official blog
▼
Kaspersky experts have uncovered fraudulent schemes targeting the Winter Olympics in Italy. Here’s how to stay protected.
Read Full Article →
Gartner® Names Tenable as the Current Company to Beat for AI-Powered Exposure Assessment in a 2025 Report
▼
“Tenable’s asset and attack surface coverage, its application of AI and its reputation for vulnerability assessment makes it the front-runner in AI-powered exposure assessment,” Gartner writes in “AI Vendor Race: Tenable Is the Company to Beat for AI-Powered Exposure Assessment.” Key takeaways fr...
Read Full Article →
Naming and shaming: How ransomware groups tighten the screws on victims
▼
When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle
Read Full Article →
Nation-State Actors Exploit Notepad++ Supply Chain
▼
Unit 42 reveals new infrastructure associated with the Notepad++ attack. This expands understanding of threat actor operations and malware delivery. The post Nation-State Actors Exploit Notepad++ Supply Chain appeared first on Unit 42 .
Read Full Article →
Quick digest of Kaspersky’s report “Spam and Phishing in 2025” | Kaspersky official blog
▼
Breaking down the major trends in phishing and scams, featuring the most creative schemes discovered by Kaspersky experts in 2025.
Read Full Article →
The game is over: when “free” comes at too high a price. What we know about RenEngine
▼
We disclose new details about campaigns involving RenEngine and HijackLoader malware. Since March 2025, attackers have been distributing the Lumma stealer in a complex chain of infections, and in February 2026, ongoing attacks using ACR Stealer became known.
Read Full Article →
Spam and phishing in 2025
▼
The report contains statistics on spam and phishing in 2025, outlining the main trends: phishing and scam QR codes, ClickFix attacks, ChatGPT subscription lures and others.
Read Full Article →
New threat actor, UAT-9921, leverages VoidLink framework in campaigns
▼
Cisco Talos recently discovered a new threat actor, UAT-9221, leveraging VoidLink in campaigns. Their activities may go as far back as 2019, even without VoidLink.
Read Full Article →
Microsoft Patch Tuesday for February 2026 — Snort rules and prominent vulnerabilities
▼
Microsoft has released its monthly security update for February 2026, which includes 55 vulnerabilities affecting a range of products, including one (CVE-2025-59498) that Microsoft marked as “Critical”.
Read Full Article →
Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)
▼
2 Critical 51 Important 1 Moderate 0 Low Microsoft addresses 54 CVEs in the February 2026 Patch Tuesday released, including six zero-day vulnerabilities that were exploited in the wild and three publicly disclosed CVEs. Microsoft patched 54 CVEs in its February 2026 Patch Tuesday release, with tw...
Read Full Article →
Measuring AI Security: Separating Signal from Panic
▼
The conversation around AI security is full of anxiety. Every week, new headlines warn of jailbreaks, prompt injection, agents gone rogue, and the rise of LLM-enabled cybercrime. It’s easy to come away with the impression that AI is fundamentally uncontrollable and dangerous, and therefore someth...
Read Full Article →
80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new frontier
▼
Read Microsoft's new Cyber Pulse report for straightforward, practical insights and guidance on new cybersecurity risks. The post 80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new frontier appeared first on Microsoft Security Blog .
Read Full Article →
Manipulating AI memory for profit: The rise of AI Recommendation Poisoning
▼
That helpful “Summarize with AI” button? It might be secretly manipulating what your AI recommends. Microsoft security researchers have discovered a growing trend of AI memory poisoning attacks used for promotional purposes, a technique we call AI Recommendation Poisoning. The post Manipulating A...
Read Full Article →
New OpenClaw AI agent found unsafe for use | Kaspersky official blog
▼
We explore whether OpenClaw can be safely installed and configured, and the risks involved in running this experiment.
Read Full Article →
Industrialized Ransomware: Confronting the New Reality
▼
Read about the new ransomware reality and what most security strategies get wrong. Learn how to protect your organization in 2026.
Read Full Article →
Threat Intelligence Executive Report – Volume 2025, Number 6
▼
This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during September and October Categories: Threat Research Tags: EDR killer, infostealer, Ransomware
Read Full Article →
Sophos Workspace Protection Enables Safe GenAI Adoption
▼
Easily enable adoption of sanctioned generative AI solutions Categories: Products & Services Tags: Workspace
Read Full Article →
What Anthropic’s Latest Model Reveals About the Future of Cybersecurity
▼
AI can find vulnerabilities with unprecedented speed, but discovery alone doesn’t reduce cyber risk. We need exposure prioritization, contextual risk analysis, and AI-driven remediation to transform findings into security outcomes. Key takeaways AI is dramatically accelerating vulnerability disco...
Read Full Article →
Which cybersecurity terms your management might be misinterpreting
▼
A straightforward guide to the differences between risk and threat, security and compliance, and other frequently confused cybersecurity terms.
Read Full Article →
I pretended to be an AI agent on Moltbook so you don’t have to
▼
I went undercover on Moltbook, the AI-only social network, masquerading as a bot. Instead of deep bot-to-bot conversations, I found spam, scams, and serious security risks. Key Takeaways Moltbook, the AI-only social network, is currently a high-risk environment dominated by spam and scams. Connec...
Read Full Article →
A one-prompt attack that breaks LLM safety alignment
▼
As LLMs and diffusion models power more applications, their safety alignment becomes critical. The post A one-prompt attack that breaks LLM safety alignment appeared first on Microsoft Security Blog .
Read Full Article →
Analysis of active exploitation of SolarWinds Web Help Desk
▼
We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain compromise; here is how to patch, hunt, and mitigate now. The post Analysis of active exploitation of SolarWinds Web Help Desk appeared first on Microsoft Security Blog .
Read Full Article →
Novel Technique to Detect Cloud Threat Actor Operations
▼
We introduce a novel method that maps cloud alert trends to MITRE ATT&CK techniques. The patterns created could identify threat actors by behavior. The post Novel Technique to Detect Cloud Threat Actor Operations appeared first on Unit 42 .
Read Full Article →
How to protect yourself from deepfake scammers and save your money | Kaspersky official blog
▼
Here’s how to spot deepfakes, protect yourself from identity theft, and avoid falling for neural network scams.
Read Full Article →
All gas, no brakes: Time to come to AI church
▼
This week, Joe cautions the rush to adopt AI tools rife with truly awful security vulnerabilities.
Read Full Article →
SIEM Rules for detecting exploitation of vulnerabilities in FortiCloud SSO
▼
A set of SIEM rules for detecting attempts to bypass authentication in Fortinet products using the FortiCloud SSO mechanism has been added to the Kaspersky Unified Monitoring and Analysis Platform.
Read Full Article →
Chrysalis, Notepad++, and Supply Chain Risk: What it Means, and What to Do Next
▼
When Rapid7 published its analysis of the Chrysalis backdoor linked to a compromise of Notepad++ update infrastructure, it raised understandable questions from customers and security teams. The investigation showed that attackers did not exploit a flaw in the application itself. Instead, they com...
Read Full Article →
2025 SLG cyber trends: 5 lessons to build a 2026 cyber roadmap
▼
From school districts to state agencies, 2025 cyber incidents were a wake-up call about asset visibility. Discover five actionable lessons SLG leaders can use to close the cyber exposure gap and move from reactive threat detection and response to proactive exposure management. Key takeaways Effec...
Read Full Article →
Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework
▼
Cisco Talos uncovered “DKnife,” a fully featured gateway-monitoring and adversary-in-the-middle (AitM) framework comprising seven Linux-based implants.
Read Full Article →
The Shadow Campaigns: Uncovering Global Espionage
▼
In 2025 a threat group compromised government and critical infrastructure in 37 countries, with reconnaissance in 155. The post The Shadow Campaigns: Uncovering Global Espionage appeared first on Unit 42 .
Read Full Article →
Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT
▼
We analyze the recent Stan Ghouls campaign targeting organizations in Russia and Uzbekistan: Java-based loaders, the NetSupport RAT, and a potential interest in IoT.
Read Full Article →
LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem)
▼
Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance. Google moved swiftly to patch these issues. Organizations running Looker on-prem should verify they have upgraded to the patched versions. Key takeaways ...
Read Full Article →
Why Smart People Fall For Phishing Attacks
▼
Why do successful phishing attacks target our psychology rather than just our software? Discover Unit 42’s latest insights on defeating social engineering and securing your digital life. The post Why Smart People Fall For Phishing Attacks appeared first on Unit 42 .
Read Full Article →
Malicious use of virtual machine infrastructure
▼
Bulletproof hosting providers are abusing the legitimate ISPsystem infrastructure to supply virtual machines to cybercriminals Categories: Threat Research Tags: virtual machine, cybercrime, Ransomware, ISPs
Read Full Article →
From Clawdbot to Moltbot to OpenClaw: Security Experts Detail Critical Vulnerabilities and 6 Immediate Hardening Steps for the Viral AI Agent
▼
Moltbot, the viral AI agent, offers immense power but is riddled with critical vulnerabilities, including remote code execution (RCE), exposed control interfaces, and malicious extensions. Read on to understand the vulnerabilities associated with Moltbot and the immediate security practices users...
Read Full Article →
Frequently Asked Questions About Notepad++ Supply Chain Compromise
▼
Threat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Change log Update February 4: This FAQ blog has been updated to note that CVE-2025-15556 was assigned for this security incident. Click here to re...
Read Full Article →
The Notepad++ supply chain attack — unnoticed execution chains and new IoCs
▼
Kaspersky GReAT experts discovered previously undocumented infection chains used in the Notepad++ supply chain attacks. The article provides new IoCs related to those incidents which employ DLL sideloading and Cobalt Strike Beacon delivery.
Read Full Article →
How does cyberthreat attribution help in practice?
▼
Why it would be useful to identify the specific hacking group behind a malware file found in your infrastructure.
Read Full Article →
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit
▼
Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central Am...
Read Full Article →
Privileged File System Vulnerability Present in a SCADA System
▼
We detail our discovery of CVE-2025-0921. This privileged file system flaw in SCADA system Iconics Suite could lead to a denial-of-service (DoS) attack. The post Privileged File System Vulnerability Present in a SCADA System appeared first on Unit 42 .
Read Full Article →
I'm locked in!
▼
Hazel reflects on how to find balance while staying informed, then delivers practical updates and insights on the latest cybersecurity threats.
Read Full Article →
Supply chain attack on eScan antivirus: detecting and remediating malicious updates
▼
On January 20, Kaspersky solutions detected malware used in eScan antivirus supply chain attack. In this article we provide available information on the threat: indicators of compromise, threat hunting and mitigating tips, etc.
Read Full Article →
Microsoft releases update to address zero-day vulnerability in Microsoft Office
▼
Microsoft has published three out-of-band (OOB) updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has been reportedly exploited in the wild.
Read Full Article →
Dissecting UAT-8099: New persistence mechanisms and regional focus
▼
Cisco Talos has identified a new, regionally targeted campaign by UAT-8099 that leverages advanced persistence techniques and custom BadIIS malware variants to compromise IIS servers, particularly in Thailand and Vietnam.
Read Full Article →
IR Trends Q4 2025: Exploitation remains dominant, phishing campaign targets Native American tribal organizations
▼
A drop in exploitation and ransomware, but a spike in phishing and credential abuse, show why timely patching and robust MFA matter more than ever.
Read Full Article →
HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns
▼
Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.
Read Full Article →
CVE-2026-23864: React and Next.js Denial of Service via Memory Exhaustion
▼
#Tech
What About the Droid Attack on the Repos?
▼
You might not have noticed, but we here at Hackaday are pretty big fans of Open Source — software, hardware, you name it. We’ve also spilled our fair share of …read more
Read Full Article →
UK council faces data breach claim after mishandling trans complaints
▼
Confidential complainant details passed to local politician following debate A UK councillor has dubbed her local authority's data breach "crazy" after the personal details of individuals behind a series of complaints were revealed to her.…
Read Full Article →
AI coding assistant Cline compromised to create more OpenClaw chaos
▼
4K unintended installs in very odd supply chain attack Someone compromised open source AI coding assistant Cline CLI's npm package earlier this week in an odd supply chain attack that secretly installed OpenClaw on developers' machines without their knowledge. …
Read Full Article →
Wikipedia blacklists Archive.today, starts removing 695,000 archive links
▼
If DDoSing a blog wasn't bad enough, archive site also tampered with web snapshots.
Read Full Article →
Agentic AI – Ongoing coverage of its impact on the enterprise
▼
Over the next few years, agentic AI is expected to bring not only rapid technological breakthroughs, but a societal transformation, redefining how we live, work and interact with the world . And this shift is happening quickly. “By 2028, 33% of enterprise software applications will include agenti...
Read Full Article →
Your password manager isn’t as safe as you think
▼
Bitwarden, LastPass, and Dashlane are less secure than you might expect, at least if you go by the findings of security researchers at ETH Zurich and the Università della Svizzera italiana (USI) in Lugano. They’ve allegedly discovered serious security vulnerabilities in these popular password man...
Read Full Article →
Future-proofing virtual desktops: what IT leaders need to plan for now
▼
If the past few years have taught IT leaders anything, it’s that stability is no longer the default state. Work patterns shift quickly. Security threats evolve constantly. Business priorities change mid-year, not mid-decade. Against that backdrop, many organisations are re-examining a question th...
Read Full Article →
Why CIOs need analytics capability to scale AI
▼
AI is accelerating analytics at unprecedented speed. But organizations that mistake AI adoption for analytics capability development are discovering that technology alone does not scale into value. For CIOs, the real differentiator is not AI sophistication, but the strength of the analytics capab...
Read Full Article →
EFF policy says bots can code but humans must write the docs
▼
'Just trust us' – Big Tech's hackneyed catchphrase makes an unwelcome return The Electronic Frontier Foundation says it will accept LLM generated code from contributors to its open source projects but will draw the line at non-human generated comments and documentation.…
Read Full Article →
Windows 11 Insider Previews: What’s in the latest build?
▼
Windows 11 25H2 has been released, but behind the scenes, Microsoft is constantly working to improve the newest version of Windows. The company frequently rolls out public preview builds to members of its Windows Insider Program, allowing them to test out — and help shape — upcoming features. Ski...
Read Full Article →
Future-proof tech skills for the evolving AI job market
▼
I started in technology at a time when writing clean code, managing infrastructure and mastering a specific programming language could sustain a decades-long career. Each major shift — from client-server computing to the internet and from virtualization to the cloud — brought both disruption and ...
Read Full Article →
State of IT jobs: AI sparks rapidly changing market for skills
▼
In the past year, IT professionals have weathered significant transformation in the workplace at the hands of AI. The technology has shifted demand for skills, altered several IT career paths, and disrupted day-to-day operations in nearly every business as leaders and employees adapt workflows an...
Read Full Article →
What IT leaders need to know about the world’s first national AI law
▼
The enforcement of the AI Basic Act is significant as it represents the world’s first full-scale implementation of a national AI framework law. The EU has enacted its own AI Act and in the US, AI regulation remains fragmented, limited largely to state-level initiatives. So against this backdrop, ...
Read Full Article →
How agentic AI will reshape engineering workflows in 2026
▼
In the two years since generative AI exploded into the mainstream, we’ve moved from awe at its capabilities to a more pragmatic question: What comes next? The answer is evident in the rise of agentic AI, systems that don’t just respond to prompts but can reason, plan and pursue complex, multi-ste...
Read Full Article →
Is AI killing technology?
▼
We’re living through the single biggest tech disruption in history (and, if not the biggest, definitely the fastest). The AI revolution promises huge productivity gains by automating complex tasks, accelerating scientific breakthroughs in medicine, biotech, materials science, and democratizing ac...
Read Full Article →
Android malware taps Gemini to navigate infected devices
▼
For now, it might not function outside of a lab Cybersecurity researchers say they've spotted the first Android malware strain that uses generative AI to improve performance once installed. But it may be only a proof of concept.…
Read Full Article →
Data stored in glass could last over 10,000 years, Microsoft says
▼
Enterprises struggling with the cost and complexity of long-term data archival could soon have a new option: a piece of glass. New research published on Wednesday suggests that a borosilicate glass plate 120mm square and just 2mm thick can store 4.8TB of data across 301 layers with accelerated ag...
Read Full Article →
5 ways Gemini can help you make Google Slides presentations
▼
Gemini, Google’s generative AI assistant, has various tools you can access within Google Slides to assist you in creating and editing your presentations. Additionally, you can generate whole presentations in the standalone Gemini app and then export them into Slides to work on. Anyone with a Goog...
Read Full Article →
Poland bans camera-packing cars made in China from military bases
▼
Dell, however, is welcome to help build a local-language LLM Poland’s Ministry of Defence has banned Chinese cars – and any others include tech to record position, images, or sound – from entering protected military facilities.…
Read Full Article →
Adidas investigates third-party data breach after criminals claim they pwned the sportswear giant
▼
'Potential data protection incident' at an 'independent licensing partner,' we're told Adidas has confirmed it is investigating a third-party breach at one of its partner companies after digital thieves claimed they stole information and technical data from the German sportswear giant.…
Read Full Article →
ChatGPT gets ‘Lockdown Mode’ mode for extra security and privacy
▼
OpenAI is launching two new security features in ChatGPT to address growing threats to its AI systems, according to a recent blog post . As AI services increasingly connect to wider parts of the web and more external apps, the risk of so-called “prompt injection attacks” also increases. A prompt ...
Read Full Article →
With physical AI, gunslingers and risk takers need not apply
▼
Agentic AI came on like a storm over the past year or so, but blazed a trail littered with failed projects and cutting-edge high-tech junk that companies are still trying to sort out. So it’s perhaps no surprise that tech industry execs are urging enterprises to move cautiously with physical AI ,...
Read Full Article →
30 fake AI Chrome extensions caught stealing passwords and more
▼
Security experts have uncovered a number of dangerous extensions for the Chrome browser. A total of 30 extensions belonging to the AiFrame campaign have been identified as dangerous, appearing to offer AI services but actually designed to intercept sensitive information. To date, the extensions h...
Read Full Article →
Update Chrome ASAP! The first zero-day flaw of 2026 is patched
▼
A zero-day vulnerability is a flaw in software that goes undiscovered by the developers, which can then be found and exploited by hackers before anyone gets wind of it. You might’ve heard about zero-day flaws in Chrome because it happens a lot—oh boy, does it happen a lot . Well, the first one th...
Read Full Article →
Best VPN services: 7 top picks for every VPN need
▼
A VPN, or virtual private network, is one of the best tools you can use to boost your online privacy and security. But in the vast ocean of available services, it can be exhausting trying to find the best VPN for your needs. Thankfully, we here at PCWorld are VPN experts and we’re sharing decades...
Read Full Article →
Reverse Engineering Linux Distro REMnux Marks 15 Years With Major v8 Release Featuring AI Agent Support
▼
Malware analysis Linux distro gets Ubuntu 24.04 base, a new installer, and many new tools.
Read Full Article →
New Windows 11 PC? Confirm this special security protection is active
▼
Windows Security is not the same across Windows 10 and Windows 11. Microsoft’s built-in security suite protects against online and offline threats in both operating systems, but Windows 11 gets extra features. Not that most people know about it—few users keep up with the latest additions to backg...
Read Full Article →
State-sponsored hackers love Gemini, Google says
▼
“AI” systems aren’t just great for raising the price of your electronics, giving you wrong search results, and filling up your social media feed with slop. It’s also handy for hackers! Apparently the large language model of choice for state-sponsored attacks from countries like Russia, China, Nor...
Read Full Article →
TikTok tracks your every move, even if you don’t have the TikTok app
▼
If you’re an avid TikTok user, you probably already know that the app collects a lot of data about you. However, an analysis by the BBC has now revealed something more alarming: even if you don’t have a TikTok account, the app can track your every move. There’s a sophisticated advertising algorit...
Read Full Article →
Chrome 145 now links with Google Wallet for autofill convenience
▼
Google has fixed 11 security vulnerabilities in the latest Chrome versions 145.0.7632.45/46 for Windows and macOS and 145.0.7632.45 for Linux. According to Google, none of these vulnerabilities are being actively exploited in the wild yet. Chrome 145 was actually scheduled for release last week. ...
Read Full Article →
4 quick security upgrades I always do on a new PC
▼
Put a brand-new laptop or desktop PC in front of most people, and they’ll begin installing their favorite programs. Me? I check out its security setup. That’s not just making sure basics like antivirus is active. I also look at Windows and installed apps to make sure the whole computer is configu...
Read Full Article →
Windows Notepad is now complex enough to have a serious security flaw
▼
At the risk of going into old-man-yells-at-cloud mode, I remember when Notepad was the most basic text editor around. Some coders and writers liked the program—which comes included in every single version of Windows (and earlier)—for that reason. But Microsoft has been building out Notepad ever s...
Read Full Article →
Microsoft fixes dozens of security flaws in Windows, Office, and Azure
▼
Yesterday, February 10th, was Patch Tuesday. Microsoft released security updates to address 58 new security vulnerabilities. In addition to Windows and Office, Exchange Server, Internet Explorer, Azure, and the Windows Subsystem for Linux (WSL) are also affected. Six zero-day vulnerabilities are ...
Read Full Article →
Assured Command and Control Will Underpin 'Everything' the Marines Will Do
▼
Best 5 VPNs for streaming Netflix and other services
▼
VPNs aren’t just useful for keeping your online activities safe and private, they’re also a great way to bypass restrictions on streaming content in other countries. The top VPN providers work hard to stay one step ahead of streaming services in a never-ending cat-and-mouse game, ensuring that yo...
Read Full Article →
Android users beware! This security app is actually malware in disguise
▼
Security researchers have discovered new Android malware that allows attackers to track almost every action taken on a smartphone. Among other details, this includes PIN entries, login credentials, and content within messaging and banking apps. What makes this particularly insidious is that the m...
Read Full Article →#Threat Intel & Vulnerability
CVE-2023-28432
▼
Currently trending CVE - Hype Score: 22 - Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`,...
Read Full Article →
CVE-2025-3248 + 1 similar
▼
Currently trending CVE - Hype Score: 8 - Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
Read Full Article →
CVE-2025-29969
▼
Currently trending CVE - Hype Score: 4 - Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.
Read Full Article →
CVE-2025-68461
▼
Currently trending CVE - Hype Score: 4 - Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.
Read Full Article →
CVE-2025-11730
▼
Currently trending CVE - Hype Score: 3 - A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50(W) series firm...
Read Full Article →
CVE-2024-54222
▼
Currently trending CVE - Hype Score: 3 - Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/a through <= 2.22.15.
Read Full Article →
CVE-2025-69403
▼
Currently trending CVE - Hype Score: 3 - Unrestricted Upload of File with Dangerous Type vulnerability in Bravis-Themes Bravis Addons bravis-addons allows Using Malicious Files.This issue affects Bravis Addons: from n/a through <= 1.1.9.
Read Full Article →
Introducing "AI Unlocked: Decoding Prompt Injection," a New Interactive Challenge
▼
CVE-2026-2985 | Tiandy Video Surveillance System 视频监控平台 7.17.0 CLSBODownLoad.java downloadImage urlPath server-side request forgery
▼
A vulnerability classified as critical has been found in Tiandy Video Surveillance System 视频监控平台 7.17.0 . This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java . Performing a manipulation of the argument urlPath results in server-side request forgery. Th...
Read Full Article →
CVE-2026-2984 | SourceCodester Student Result Management System 1.0 drop_user.php ID denial of service
▼
A vulnerability described as problematic has been identified in SourceCodester Student Result Management System 1.0 . This affects an unknown function of the file /admin/core/drop_user.php . Such manipulation of the argument ID leads to denial of service. This vulnerability is documented as CVE-2...
Read Full Article →
CVE-2026-2983 | SourceCodester Student Result Management System 1.0 Bulk Import import_users.php File access control + 1 similar
▼
A vulnerability marked as critical has been reported in SourceCodester Student Result Management System 1.0 . The impacted element is an unknown function of the file /admin/core/import_users.php of the component Bulk Import . This manipulation of the argument File causes improper access controls....
Read Full Article →
CVE-2026-2980 | UTT HiPER 810G up to 1.7.7-1711 /goform/setSysAdm strcpy passwd1 buffer overflow + 1 similar
▼
A vulnerability identified as critical has been detected in UTT HiPER 810G up to 1.7.7-1711 . Impacted is the function strcpy of the file /goform/setSysAdm . The manipulation of the argument passwd1 leads to buffer overflow. This vulnerability is listed as CVE-2026-2980 . The attack may be initia...
Read Full Article →
CVE-2026-2979 | FastApiAdmin up to 2.2.0 Scheduled Task API controller.py user_avatar_upload_controller unrestricted upload + 2 similar
▼
A vulnerability categorized as critical has been discovered in FastApiAdmin up to 2.2.0 . This issue affects the function user_avatar_upload_controller of the file /backend/app/api/v1/module_system/user/controller.py of the component Scheduled Task API . Executing a manipulation can lead to unres...
Read Full Article →
CVE-2026-2976 | FastApiAdmin up to 2.2.0 Download Endpoint controller.py download_controller file_path information disclosure
▼
A vulnerability was found in FastApiAdmin up to 2.2.0 . It has been classified as problematic . Affected by this issue is the function download_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Download Endpoint . This manipulation of the argument file_p...
Read Full Article →
CVE-2026-2975 | FastApiAdmin up to 2.2.0 Custom Documentation Endpoint init_app.py reset_api_docs information disclosure
▼
A vulnerability was found in FastApiAdmin up to 2.2.0 and classified as problematic . Affected by this vulnerability is the function reset_api_docs of the file /backend/app/plugin/init_app.py of the component Custom Documentation Endpoint . The manipulation results in information disclosure. This...
Read Full Article →
CVE-2019-25366 | microASP Portal+ CMS Requests explode_tree sql injection (Exploit 46799 / EDB-46799)
▼
A vulnerability has been found in microASP Portal+ CMS and classified as critical . Affected is an unknown function of the component Requests Handler . The manipulation of the argument explode_tree leads to sql injection. This vulnerability is uniquely identified as CVE-2019-25366 . The attack is...
Read Full Article →
CVE-2019-25439 | NoviSmart CMS Header Referer sql injection (Exploit 47152 / EDB-47152)
▼
A vulnerability, which was classified as critical , was found in NoviSmart CMS . This impacts an unknown function of the component Header Handler . Executing a manipulation of the argument Referer can lead to sql injection. This vulnerability is handled as CVE-2019-25439 . The attack can be execu...
Read Full Article →
CVE-2019-25462 | Web Ofisi Rent a Car 3 klima sql injection (Exploit 47144) + 2 similar
▼
A vulnerability, which was classified as critical , has been found in Web Ofisi Rent a Car 3 . This affects an unknown function. Performing a manipulation of the argument klima results in sql injection. This vulnerability is known as CVE-2019-25462 . Remote exploitation of the attack is possible....
Read Full Article →
CVE-2019-25461 | Web Ofisi Platinum E-Ticaret 5 productsFilterSearch q sql injection (Exploit 47140) + 1 similar
▼
A vulnerability classified as critical was found in Web Ofisi Platinum E-Ticaret 5 . The impacted element is an unknown function of the file ajax/productsFilterSearch . Such manipulation of the argument q leads to sql injection. This vulnerability is traded as CVE-2019-25461 . The attack may be l...
Read Full Article →
CVE-2019-25391 | Ashopsoftware Ashop Shopping Cart Software bannedcustomers.php blacklistitemid sql injection (Exploit 46681 / EDB-46681)
▼
A vulnerability described as critical has been identified in Ashopsoftware Ashop Shopping Cart Software . Impacted is an unknown function of the file admin/bannedcustomers.php . The manipulation of the argument blacklistitemid results in sql injection. This vulnerability is reported as CVE-2019-2...
Read Full Article →
CVE-2019-25459 | Web Ofisi Emlak V2 emlak_durumu/emlak_tipi/il/ilce/kelime/semt sql injection (Exploit 47142)
▼
A vulnerability marked as critical has been reported in Web Ofisi Emlak V2 . This issue affects some unknown processing. The manipulation of the argument emlak_durumu/emlak_tipi/il/ilce/kelime/semt leads to sql injection. This vulnerability is documented as CVE-2019-25459 . The attack can be init...
Read Full Article →
CVE-2019-25433 | Xoops CMS 2.5.9 gerar_pdf.php cid sql injection (Exploit 46835 / EDB-46835)
▼
A vulnerability labeled as critical has been found in Xoops CMS 2.5.9 . This vulnerability affects unknown code of the file gerar_pdf.php . Executing a manipulation of the argument cid can lead to sql injection. This vulnerability is registered as CVE-2019-25433 . It is possible to launch the att...
Read Full Article →
CVE-2019-25440 | Webincorp WebIncorp ERP product_detail.php prod_id sql injection (Exploit 47199 / EDB-47199)
▼
A vulnerability identified as critical has been detected in Webincorp WebIncorp ERP . This affects an unknown part of the file product_detail.php . Performing a manipulation of the argument prod_id results in sql injection. This vulnerability is cataloged as CVE-2019-25440 . It is possible to ini...
Read Full Article →
CVE-2019-25458 | Web-ofisi Firma Rehberi 1 GET Parameter il/kat/kelime sql injection (Exploit 47143) + 1 similar
▼
A vulnerability categorized as critical has been discovered in Web-ofisi Firma Rehberi 1 . Affected by this issue is some unknown functionality of the component GET Parameter Handler . Such manipulation of the argument il/kat/kelime leads to sql injection. This vulnerability is listed as CVE-2019...
Read Full Article →
CVE-2019-25442 | Webwiz Web Wiz Forums 12.01 member_profile.asp PF sql injection (Exploit 47284 / EDB-47284)
▼
A vulnerability was found in Webwiz Web Wiz Forums 12.01 and classified as critical . This affects an unknown function of the file member_profile.asp . Executing a manipulation of the argument PF can lead to sql injection. The identification of this vulnerability is CVE-2019-25442 . The attack ma...
Read Full Article →
CVE-2019-25450 | Dolibarr ERP CRM 10.0.1 HTTP POST Request card.php actioncode/demand_reason_id/availability_id sql injection (Exploit 47370 / EDB-47370)
▼
A vulnerability has been found in Dolibarr ERP CRM 10.0.1 and classified as critical . The impacted element is an unknown function of the file card.php of the component HTTP POST Request Handler . Performing a manipulation of the argument actioncode/demand_reason_id/availability_id results in sql...
Read Full Article →
CVE-2019-25446 | Digit-Rs Digit Centris ERP HTTP POST Request /korisnikinfo.php datum1/datum2/KID/PID sql injection (Exploit 47401 / EDB-47401)
▼
A vulnerability, which was classified as critical , was found in Digit-Rs Digit Centris ERP . The affected element is an unknown function of the file /korisnikinfo.php of the component HTTP POST Request Handler . Such manipulation of the argument datum1/datum2/KID/PID leads to sql injection. This...
Read Full Article →
CVE-2019-25443 | edlangley inventory-webapp GET Parameter add-item.php name/description/quantity/cat_id sql injection (Exploit 47356 / EDB-47356)
▼
A vulnerability, which was classified as critical , has been found in edlangley inventory-webapp . Impacted is an unknown function of the file add-item.php of the component GET Parameter Handler . This manipulation of the argument name/description/quantity/cat_id causes sql injection. This vulner...
Read Full Article →
CVE-2019-25452 | Dolibarr ERP CRM 10.0.1 HTTP POST Request elemid sql injection (Exploit 47362 / EDB-47362)
▼
A vulnerability classified as critical was found in Dolibarr ERP CRM 10.0.1 . This issue affects some unknown processing of the component HTTP POST Request Handler . The manipulation of the argument elemid results in sql injection. This vulnerability is known as CVE-2019-25452 . It is possible to...
Read Full Article →
CVE-2026-2974 | AliasVault App up to 0.25.3 on Android/iOS Backup aliasvault.xml backup (Issue 1497)
▼
A vulnerability classified as problematic has been found in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file shared_prefs/aliasvault.xml of the component Backup Handler . The manipulation of the argument accessToken/refreshToken/metadata/key_derivati...
Read Full Article →
CVE-2026-2972 | a466350665 Smart-SSO up to 2.1.1 Role Edit Page UserController.java save cross site scripting
▼
A vulnerability described as problematic has been identified in a466350665 Smart-SSO up to 2.1.1 . This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page . Executing a manipulation can...
Read Full Article →
CVE-2026-2971 | a466350665 Smart-SSO up to 2.1.1 Login login.html redirectUri cross site scripting
▼
A vulnerability marked as problematic has been reported in a466350665 Smart-SSO up to 2.1.1 . Affected by this issue is some unknown functionality of the file smart-sso-server/src/main/resources/templates/login.html of the component Login . Performing a manipulation of the argument redirectUri re...
Read Full Article →
CVE-2026-2970 | datapizza-labs datapizza-ai 0.0.2 cache.py RedisCache deserialization
▼
A vulnerability labeled as critical has been found in datapizza-labs datapizza-ai 0.0.2 . Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py . Such manipulation leads to deserialization. This vulnerability is documented as...
Read Full Article →
CVE-2026-2969 | datapizza-labs datapizza-ai 0.0.2 Jinja2 Template prompt.py ChatPromptTemplate Prompt special elements used in a template engine
▼
A vulnerability identified as critical has been detected in datapizza-labs datapizza-ai 0.0.2 . Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler . This manipulation of the argument Prompt causes i...
Read Full Article →
CVE-2026-2968 | Cesanta Mongoose up to 7.20 Poly1305 Authentication Tag /src/tls_chacha20.c mg_chacha20_poly1305_decrypt signature verification
▼
A vulnerability categorized as critical has been discovered in Cesanta Mongoose up to 7.20 . This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of the component Poly1305 Authentication Tag Handler . The manipulation results in improper verification of cryptogra...
Read Full Article →
CVE-2026-2967 | Cesanta Mongoose up to 7.20 TCP Sequence Number /src/net_builtin.c getpeer verification of source
▼
A vulnerability was found in Cesanta Mongoose up to 7.20 . It has been rated as problematic . This affects the function getpeer of the file /src/net_builtin.c of the component TCP Sequence Number Handler . The manipulation leads to improper verification of source of a communication channel. This ...
Read Full Article →
CVE-2026-2966 | Cesanta Mongoose up to 7.20 DNS Transaction ID /src/dns.c mg_sendnsreq random random values
▼
A vulnerability was found in Cesanta Mongoose up to 7.20 . It has been declared as problematic . The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler . Executing a manipulation of the argument random can lead to insufficiently random...
Read Full Article →
CVE-2026-2965 | 07FLYCMS/07FLY-CMS/07FlyCRM up to 1.2.9 System Extension edit.html Title cross site scripting
▼
A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9 . It has been classified as problematic . The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module . Performing a manipulation of the argument Title results...
Read Full Article →
CVE-2026-2964 | higuma web-audio-recorder-js 0.1/0.1.1 Dynamic Config Handling lib/WebAudioRecorder.js extend prototype pollution
▼
A vulnerability was found in higuma web-audio-recorder-js 0.1/0.1.1 and classified as problematic . Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling . Such manipulation leads to improperly controlled modification of object prototype a...
Read Full Article →
CVE-2026-2963 | Jinher OA C6 up to 20260210 OfficeSupplyTypeRight.aspx id/offsnum sql injection
▼
A vulnerability has been found in Jinher OA C6 up to 20260210 and classified as critical . This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx . This manipulation of the argument id/offsnum causes sql injection. The identification of this ...
Read Full Article →
CVE-2026-2961 | D-Link DWR-M960 1.01.07 VPN Configuration Endpoint formVpnConfigSetup sub_4196C4 submit-url stack-based overflow + 4 similar
▼
A vulnerability, which was classified as critical , has been found in D-Link DWR-M960 1.01.07 . This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint . The manipulation of the argument submit-url leads to stack-based buffer overflo...
Read Full Article →
CVE-2026-2960 | D-Link DWR-M960 1.01.07 /boafrm/formDhcpv6s sub_468D64 submit-url stack-based overflow + 2 similar
▼
A vulnerability classified as critical was found in D-Link DWR-M960 1.01.07 . Affected by this issue is the function sub_468D64 of the file /boafrm/formDhcpv6s . Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. This vulnerability is handled as CVE-2026-...
Read Full Article →
CVE-2026-2957 | qinming99 dst-admin up to 1.5.0 File BackupController.java deleteBackup denial of service
▼
A vulnerability marked as problematic has been reported in qinming99 dst-admin up to 1.5.0 . This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the component File Handler . This manipulation causes denial of service. This vulne...
Read Full Article →
CVE-2026-2956 | qinming99 dst-admin up to 1.5.0 /home/restore revertBackup Name command injection
▼
A vulnerability labeled as critical has been found in qinming99 dst-admin up to 1.5.0 . This affects the function revertBackup of the file /home/restore . The manipulation of the argument Name results in command injection. This vulnerability is reported as CVE-2026-2956 . The attack can be launch...
Read Full Article →
CVE-2026-1369 | Conditional CAPTCHA Plugin up to 4.0.0 on WordPress redirect
▼
A vulnerability identified as problematic has been detected in Conditional CAPTCHA Plugin up to 4.0.0 on WordPress. The impacted element is an unknown function. The manipulation leads to open redirect. This vulnerability is documented as CVE-2026-1369 . The attack can be initiated remotely. There...
Read Full Article →
CarGurus - 12,461,887 breached accounts
▼
In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters . Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files including user account ID mapping...
Read Full Article →
CVE-2026-2385 | The Plus Addons for Elementor Plugin up to 6.4.7 on WordPress AJAX email_data Remote Code Execution
▼
A vulnerability categorized as critical has been discovered in The Plus Addons for Elementor Plugin up to 6.4.7 on WordPress. The affected element is an unknown function of the component AJAX Handler . Executing a manipulation of the argument email_data can lead to Remote Code Execution. This vul...
Read Full Article →
CVE-2026-2954 | Dromara UJCMS 10.0.2 ImportDataController import-channel importChanel driverClassName/url injection
▼
A vulnerability was found in Dromara UJCMS 10.0.2 . It has been rated as critical . Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController . Performing a manipulation of the argument driverClassName/url results in inject...
Read Full Article →
CVE-2026-2953 | Dromara UJCMS 101.2 Template WebFileTemplateController.delete deleteDirectory path traversal
▼
A vulnerability was found in Dromara UJCMS 101.2 . It has been declared as critical . This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler . Such manipulation leads to path traversal. This vulnerability is listed as CVE-202...
Read Full Article →
CVE-2026-2952 | Vaelsys 4.1.0 HTTP POST Request /tree/tree_server.php xajaxargs os command injection
▼
A vulnerability was found in Vaelsys 4.1.0 . It has been classified as critical . This vulnerability affects unknown code of the file /tree/tree_server.php of the component HTTP POST Request Handler . This manipulation of the argument xajaxargs causes os command injection. This vulnerability is t...
Read Full Article →
CVE-2026-2947 | rymcu forest up to 0.0.5 User Profile UserInfoController.java updateUserInfo cross site scripting
▼
A vulnerability was found in rymcu forest up to 0.0.5 and classified as problematic . This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler . The manipulation results in cross site scripting...
Read Full Article →
CVE-2026-2946 | rymcu forest up to 0.0.5 Article Content/Comments/Portfolio XssUtils.java XssUtils.replaceHtmlCode cross site scripting
▼
A vulnerability has been found in rymcu forest up to 0.0.5 and classified as problematic . Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java of the component Article Content/Comments/Portfolio . The manipulation leads to ...
Read Full Article →
CVE-2026-2945 | JeecgBoot 3.9.0 uploadImgByHttp fileUrl server-side request forgery
▼
A vulnerability, which was classified as critical , was found in JeecgBoot 3.9.0 . Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp . Executing a manipulation of the argument fileUrl can lead to server-side request forgery. The identification of t...
Read Full Article →
CVE-2026-2944 | Tosei Online Store Management System ネット店舗管理システム HTTP POST Request /cgi-bin/monitor.php system os command injection
▼
A vulnerability, which was classified as critical , has been found in Tosei Online Store Management System ネット店舗管理システム 1.01 . Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handler . Performing a manipulation of the argument DevId results in os...
Read Full Article →
CVE-2026-2943 | SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318 index.php Error cross site scripting
▼
A vulnerability classified as problematic was found in SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318 . This impacts an unknown function of the file index.php . Such manipulation of the argument Error leads to cross site scripting. This vulnerability is uniqu...
Read Full Article →
CVE-2026-2940 | Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b URL tiny_web_server/tiny.c out-of-bounds write
▼
A vulnerability classified as critical has been found in Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b . This affects the function tiny_web_server/tiny.c of the file tiny_web_server/tiny.c of the component URL Handler . This manipulation causes out-of-bounds write. This...
Read Full Article →
CVE-2026-2939 | itsourcecode Student Management System 1.0 Add Student /add_student/ cross site scripting
▼
A vulnerability described as problematic has been identified in itsourcecode Student Management System 1.0 . The impacted element is an unknown function of the file /add_student/ of the component Add Student Module . The manipulation results in cross site scripting. This vulnerability is known as...
Read Full Article →
CVE-2026-27576 | OpenClaw up to 2026.2.18 ACP Bridge resource consumption (GHSA-cxpw-2g23-2vgw)
▼
A vulnerability labeled as problematic has been found in OpenClaw up to 2026.2.18 . Impacted is an unknown function of the component ACP Bridge . Executing a manipulation can lead to resource consumption. This vulnerability appears as CVE-2026-27576 . The attack requires local access. There is no...
Read Full Article →
CVE-2026-27479 | ellite Wallos up to 4.6.0 getLogoFromUrl server-side request forgery (GHSA-fgmf-7g5v-jmjg)
▼
A vulnerability identified as critical has been detected in ellite Wallos up to 4.6.0 . This issue affects the function getLogoFromUrl . Performing a manipulation results in server-side request forgery. This vulnerability is reported as CVE-2026-27479 . The attack is possible to be carried out re...
Read Full Article →
CVE-2026-27574 | oneuptime up to 10.0.4 code injection (GHSA-v264-xqh4-9xmm)
▼
A vulnerability categorized as critical has been discovered in oneuptime up to 10.0.4 . This vulnerability affects unknown code. Such manipulation leads to code injection. This vulnerability is documented as CVE-2026-27574 . The attack can be executed remotely. There is not any exploit available....
Read Full Article →
CVE-2026-27492 | lettermint lettermint-node up to 1.5.0 Password Reset send wrong session (GHSA-49pc-8936-wvfp)
▼
A vulnerability was found in lettermint lettermint-node up to 1.5.0 . It has been rated as problematic . This affects the function send of the component Password Reset Handler . This manipulation causes exposure of data element to wrong session. This vulnerability is registered as CVE-2026-27492 ...
Read Full Article →
CVE-2026-27487 | OpenClaw up to 2026.2.13 on macOS Claude CLI Keychain Credential Refresh Path os command injection (GHSA-4564-pvr2-qq4h)
▼
A vulnerability was found in OpenClaw up to 2026.2.13 on macOS. It has been declared as critical . Affected by this issue is some unknown functionality of the component Claude CLI Keychain Credential Refresh Path Handler . The manipulation results in os command injection. This vulnerability is ca...
Read Full Article →
CVE-2026-27486 | OpenClaw up to 2026.2.13 CLI unverified ownership (GHSA-jfv4-h8mc-jcp8)
▼
A vulnerability was found in OpenClaw up to 2026.2.13 . It has been classified as problematic . Affected by this vulnerability is an unknown functionality of the component CLI . The manipulation leads to unverified ownership. This vulnerability is listed as CVE-2026-27486 . The attack must be car...
Read Full Article →
CVE-2026-27488 | OpenClaw up to 2026.2.18 server-cron.ts fetch server-side request forgery (GHSA-w45g-5746-x9fp)
▼
A vulnerability was found in OpenClaw up to 2026.2.18 and classified as critical . Affected is the function fetch of the file src/gateway/server-cron.ts . Executing a manipulation can lead to server-side request forgery. This vulnerability is tracked as CVE-2026-27488 . The attack can be launched...
Read Full Article →
CVE-2026-27482 | ray-project ray up to 2.53.x DELETE Endpoint generic exception (GHSA-q5fh-2hc8-f6rq)
▼
A vulnerability has been found in ray-project ray up to 2.53.x and classified as problematic . This impacts an unknown function of the component DELETE Endpoint . Performing a manipulation results in declaration of catch for generic exception. This vulnerability is identified as CVE-2026-27482 . ...
Read Full Article →
CVE-2026-27485 | OpenClaw up to 2026.2.18 package_skill.py symlink (GHSA-r6h2-5gqq-v5v6)
▼
A vulnerability, which was classified as critical , was found in OpenClaw up to 2026.2.18 . This affects an unknown function of the file skills/skill-creator/scripts/package_skill.py . Such manipulation leads to symlink following. This vulnerability is referenced as CVE-2026-27485 . The attack ca...
Read Full Article →
CVE-2026-27484 | OpenClaw up to 2026.2.17 Request Parameter authorization (GHSA-wh94-p5m6-mr7j)
▼
A vulnerability, which was classified as problematic , has been found in OpenClaw up to 2026.2.17 . The impacted element is an unknown function of the component Request Parameter Handler . This manipulation causes missing authorization. The identification of this vulnerability is CVE-2026-27484 ....
Read Full Article →
CVE-2026-27579 | karnop realtime-collaboration-platform up to master Appwrite Project origin validation (GHSA-qh5m-p8jh-hx88)
▼
A vulnerability classified as problematic was found in karnop realtime-collaboration-platform up to master . The affected element is an unknown function of the component Appwrite Project . The manipulation results in origin validation error. This vulnerability was named CVE-2026-27579 . The attac...
Read Full Article →
CVE-2026-27480 | static-web-server Static Web Server up to 2.40.x response discrepancy (GHSA-qhp6-635j-x7r2)
▼
A vulnerability classified as problematic has been found in static-web-server Static Web Server up to 2.40.x . Impacted is an unknown function. The manipulation leads to observable response discrepancy. This vulnerability is uniquely identified as CVE-2026-27480 . The attack is possible to be car...
Read Full Article →
CVE-2026-27196 | Statamic CMS up to 5.73.8/6.3.1 cross site scripting (GHSA-8r7r-f4gm-wcpq)
▼
A vulnerability marked as problematic has been reported in Statamic CMS up to 5.73.8/6.3.1 . This vulnerability affects unknown code. Performing a manipulation results in cross site scripting. This vulnerability is known as CVE-2026-27196 . Remote exploitation of the attack is possible. No exploi...
Read Full Article →
CVE-2026-27458 | Kovah LinkAce up to 2.4.2 XML CDATA Section /lists/feed cross site scripting (GHSA-2r9p-95xj-p583)
▼
A vulnerability labeled as problematic has been found in Kovah LinkAce up to 2.4.2 . This affects an unknown part of the file /lists/feed of the component XML CDATA Section Handler . Such manipulation leads to basic cross site scripting. This vulnerability is traded as CVE-2026-27458 . The attack...
Read Full Article →
CVE-2026-27198 | getformwork up to 2.3.3 Account Creation privileges management (GHSA-34p4-7w83-35g2)
▼
A vulnerability identified as critical has been detected in getformwork formwork up to 2.3.3 . Affected by this issue is some unknown functionality of the component Account Creation Handler . This manipulation causes improper privilege management. This vulnerability appears as CVE-2026-27198 . Th...
Read Full Article →
CVE-2026-27199 | Pallets Werkzeug up to 3.1.5 send_from_directory windows device name (GHSA-29vq-49wr-vm6x)
▼
A vulnerability categorized as problematic has been discovered in Pallets Werkzeug up to 3.1.5 . Affected by this vulnerability is the function send_from_directory . The manipulation results in improper handling of windows device names. This vulnerability is reported as CVE-2026-27199 . The attac...
Read Full Article →
CVE-2026-27210 | mpetroff pannellum up to 2.5.6 pannellum.htm escapeHTML cross site scripting (GHSA-8423-w5wx-h2r6)
▼
A vulnerability was found in mpetroff pannellum up to 2.5.6 . It has been rated as problematic . Affected is an unknown function of the file pannellum.htm . The manipulation of the argument escapeHTML leads to cross site scripting. This vulnerability is documented as CVE-2026-27210 . The attack c...
Read Full Article →
CVE-2026-27452 | JonathanWilbur asn1-ts up to 11.0.5 information disclosure (GHSA-h5rw-vxjr-8q79)
▼
A vulnerability was found in JonathanWilbur asn1-ts up to 11.0.5 . It has been declared as problematic . This impacts an unknown function. Executing a manipulation can lead to information disclosure. This vulnerability is registered as CVE-2026-27452 . It is possible to launch the attack remotely...
Read Full Article →
CVE-2026-27464 | Metabase up to 0.57.12/0.58.6 Endpoint special elements used in a template engine (GHSA-vcj8-rcm8-gfj9)
▼
A vulnerability was found in Metabase up to 0.57.12/0.58.6 . It has been classified as problematic . This affects an unknown function of the component Endpoint . Performing a manipulation results in improper neutralization of special elements used in a template engine. This vulnerability is catal...
Read Full Article →
CVE-2026-27197 | getsentry up to 26.1.x SAML improper authentication (GHSA-ggmg-cqg6-j45g)
▼
A vulnerability was found in getsentry sentry up to 26.1.x and classified as critical . The impacted element is an unknown function of the component SAML Handler . Such manipulation leads to improper authentication. This vulnerability is listed as CVE-2026-27197 . The attack may be performed from...
Read Full Article →
CVE-2026-27469 | isso-comments isso Moderation Edit Endpoint Website cross site scripting (GHSA-9fww-8cpr-q66r)
▼
A vulnerability has been found in isso-comments isso and classified as problematic . The affected element is an unknown function of the component Moderation Edit Endpoint . This manipulation of the argument Website causes cross site scripting. This vulnerability is tracked as CVE-2026-27469 . The...
Read Full Article →
CVE-2026-27471 | Frappe ERPNext up to 15.98.0/16.6.0 authorization (GHSA-wpfx-jw7g-7f83)
▼
A vulnerability, which was classified as critical , was found in Frappe ERPNext up to 15.98.0/16.6.0 . Impacted is an unknown function. The manipulation results in missing authorization. This vulnerability is identified as CVE-2026-27471 . The attack can be executed remotely. There is not any exp...
Read Full Article →
CVE-2026-27470 | ZoneMinder up to 1.36.37/1.38.0 web/ajax/status.php getNearEvents sql injection (GHSA-r6gm-478g-f2c4 / Nessus ID 299728)
▼
A vulnerability, which was classified as critical , has been found in ZoneMinder up to 1.36.37/1.38.0 . This issue affects the function getNearEvents of the file web/ajax/status.php . The manipulation leads to sql injection. This vulnerability is referenced as CVE-2026-27470 . Remote exploitation...
Read Full Article →
CVE-2026-27211 | cloud-hypervisor Cloud Hypervisor up to 50.0 file inclusion (GHSA-jmr4-g2hv-mjj6)
▼
A vulnerability classified as problematic was found in cloud-hypervisor Cloud Hypervisor up to 50.0 . This vulnerability affects unknown code. Executing a manipulation can lead to file inclusion. The identification of this vulnerability is CVE-2026-27211 . The attack may be launched remotely. The...
Read Full Article →
CVE-2026-27467 | BigBlueButton up to 3.0.19 information disclosure (WID-SEC-2026-0463)
▼
A vulnerability classified as problematic has been found in BigBlueButton up to 3.0.19 . This affects an unknown part. Performing a manipulation results in information disclosure. This vulnerability was named CVE-2026-27467 . The attack may be initiated remotely. There is no available exploit. It...
Read Full Article →
CVE-2026-27466 | BigBlueButton up to 3.0.21 /var/bigbluebutton exposure of resource (WID-SEC-2026-0463)
▼
A vulnerability described as critical has been identified in BigBlueButton up to 3.0.21 . Affected by this issue is some unknown functionality of the file /var/bigbluebutton . Such manipulation leads to exposure of resource. This vulnerability is uniquely identified as CVE-2026-27466 . The attack...
Read Full Article →
CVE-2026-27206 | zumba json-serializer up to 3.2.2 unserialize deserialization (GHSA-v7m3-fpcr-h7m2 / Nessus ID 299639)
▼
A vulnerability marked as problematic has been reported in zumba json-serializer up to 3.2.2 . Affected by this vulnerability is the function JsonSerializer::unserialize . This manipulation causes deserialization. This vulnerability is handled as CVE-2026-27206 . The attack can be initiated remot...
Read Full Article →
CVE-2026-27205 | pallets flask up to 3.1.2 Setting cache containing sensitive information (GHSA-68rp-wp8r-4726 / Nessus ID 299724)
▼
A vulnerability labeled as problematic has been found in pallets flask up to 3.1.2 . Affected is an unknown function of the component Setting Handler . The manipulation results in use of cache containing sensitive information. This vulnerability is known as CVE-2026-27205 . It is possible to laun...
Read Full Article →
CVE-2026-2934 | YiFang CMS up to 2.0.5 Extended Management D_friendLinkGroup.php update Name cross site scripting + 2 similar
▼
A vulnerability identified as problematic has been detected in YiFang CMS up to 2.0.5 . This impacts the function update of the file app/db/admin/D_friendLinkGroup.php of the component Extended Management Module . The manipulation of the argument Name leads to cross site scripting. This vulnerabi...
Read Full Article →
Japanese-Language Phishing Emails, (Sat, Feb 21st)
▼
Introduction
Read Full Article →
CVE-2026-2930 | Tenda A18 15.13.07.13 Httpd Service /cgi-bin/UploadCfg webCgiGetUploadFile boundary stack-based overflow
▼
A vulnerability was found in Tenda A18 15.13.07.13 . It has been declared as critical . The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service . Such manipulation of the argument boundary leads to stack-based buffer overflow. This vu...
Read Full Article →
CVE-2026-2929 | D-Link DWR-M960 1.01.07 Wireless Access Control Endpoint /boafrm/formWlAc sub_453140 submit-url stack-based overflow
▼
A vulnerability was found in D-Link DWR-M960 1.01.07 . It has been classified as critical . Impacted is the function sub_453140 of the file /boafrm/formWlAc of the component Wireless Access Control Endpoint . This manipulation of the argument submit-url causes stack-based buffer overflow. This vu...
Read Full Article →
CVE-2026-1787 | LearnPress Export Import Plugin up to 4.1.0 on WordPress delete_migrated_data missing authentication
▼
A vulnerability classified as critical was found in LearnPress Export Import Plugin up to 4.1.0 on WordPress. Affected by this vulnerability is the function delete_migrated_data . Such manipulation leads to missing authentication. This vulnerability is referenced as CVE-2026-1787 . It is possible...
Read Full Article →
CVE-2025-14339 | weMail Plugin up to 2.0.7 on WordPress Forms::permission authorization
▼
A vulnerability classified as critical has been found in weMail Plugin up to 2.0.7 on WordPress. Affected is the function Forms::permission . This manipulation causes missing authorization. The identification of this vulnerability is CVE-2025-14339 . It is possible to initiate the attack remotely...
Read Full Article →
CVE-2026-27121 | sveltejs svelte up to 5.51.4 Element Attribute cross site scripting (GHSA-f7gr-6p89-r883)
▼
A vulnerability described as problematic has been identified in sveltejs svelte up to 5.51.4 . This impacts an unknown function of the component Element Attribute Handler . The manipulation results in cross site scripting. This vulnerability was named CVE-2026-27121 . The attack may be performed ...
Read Full Article →
Hospitals at Risk of BeyondTrust Ransomware Hacks
▼
Marianne Kolbasuk McGee reports: U.S. federal authorities and industry officials are urging hospitals and clinics to address a critical flaw in BeyondTrust Remote Support and Privileged Remote Access software, which if exploited, could give an attacker a foothold inside a corporate network. The U...
Read Full Article →
Resource: Privacy Law Directory — Codamail
▼
Regular readers of my companion privacy-oriented site, PogoWasRight.org, may recall that the site recently noted The Data Broker Directory: Who has your data, where they got it, and who they sell it to by Codamail’s Stephen K. Gielda of Packetderm. Instead of taking a well-deserved break after al...
Read Full Article →
Cybercrime Magazine Releases Its First YouTube Short, More On The Way
▼
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 20, 2026 –Watch the YouTube video The award-winning Cybercrime Magazine YouTube Channel released its first Short last month and the video has more than 720,000 Views. In less than two minutes, our host Tay...
Read Full Article →
Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets
▼
Attackers are weaponizing Facebook ads to distribute password-stealing malware masked as a Windows download.
Read Full Article →
Using AI to defeat AI
▼
In this week’s newsletter Martin considers how defenders can turn offensive AI tools against themselves.
Read Full Article →
How Security Tool Misuse Is Reshaping Cloud Compromise
▼
Key Takeaways Cloud Compromise Frequently Starts with Credential Misuse Cloud compromise is increasingly defined by authentication rather than exploitation. Exposed credentials and mismanaged identities now provide a faster path to access than vulnerability chaining. At the same time, legitimate ...
Read Full Article →
The Cloud and AI Velocity Trap: Why Governance Is Falling Behind Innovation
▼
AI adoption is outpacing traditional cyber governance. The “ Tenable Cloud and AI Security Risk Report 2026 ” reveals how overprivileged identities and unmonitored supply chain dependencies leave orgs exposed. We offer 10 tactics to shut down your most critical attack paths. Key takeaways The vel...
Read Full Article →
Why Small Businesses Can’t Afford To Ignore Cyberinsurance
▼
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 19, 2026 –Read the full story in Charter Capital Three out of five small-to-midsized businesses (SMBs) permanently shuttered their doors within six months of being hit by a data breach or The post Why Smal...
Read Full Article →
UK Urges Small Businesses to ‘Lock the Door’ on Cybercrime
▼
The UK government has launched a new cybersecurity campaign aimed at small and medium-sized businesses urging them to “lock the door” on cyber criminals as digital threats escalate. The initiative — backed by the National Cyber Security Centre (NCSC) and the Department for Science, Innovation & T...
Read Full Article →
Intimate products maker Tenga spilled customer data
▼
A phishing attack on a Tenga employee may have exposed US customer data. Customers should watch for sextortion-themed phishing attempts.
Read Full Article →
Meta patents AI that could keep you posting from beyond the grave
▼
Hopefully Meta really will file this in the "just because we can do it doesn't mean we should" drawer.
Read Full Article →
G2 Recognizes ANY.RUN Among the Top 50 Best Software Companies in the Region
▼
G2, the world’s largest and most trusted software marketplace, has recognized ANY.RUN among the Best Software Companies. The ranking is based on verified reviews from organizations actively using ANY.RUN’s solutions. It reflects the company’s strong international presence and measurable impact ac...
Read more (link unavailable)
Smashing Security podcast #455: Face off: Meta’s Glasses and America’s internet kill switch
▼
Could America turn off Europe's internet? That’s one of the questions that Graham and special guest James Ball will be exploring as they discuss tech sovereignty. Could Gmail, cloud services, and critical infrastructure really become geopolitical leverage? And is anyone actually building a Plan B...
Read Full Article →
2025 Cloud Threat Hunting and Defense Landscape
▼
Threat actors are doubling down on cloud infrastructure — exploiting misconfigurations, abusing native services, and pivoting through hybrid environments to maximize impact. See how attack patterns are evolving across exploitation, ransomware, credential abuse, and AI service targeting in this la...
Read Full Article →
New: AI-Powered Patch Reliability Scoring—Predict Patch Impact Before You Deploy
▼
What do advisory USN-7545-1 and Windows updates KB5065426, KB5063878, KB5055523, and KB5066835 have in common? Based on anonymized Qualys telemetry from 2025, they were among the most frequently rolled-back patches, in other words, patches that had to be undone after deployment. Rollbacks aren’t ...
Read Full Article →
Betterment data breach might be worse than we thought
▼
This breach now appears far more serious. The leaked data includes rich personal and financial details that phishers could use.
Read Full Article →
The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP
▼
I don’t know about you, but when I think about “critical vulnerabilities,” I usually picture ransomware, data theft, or maybe a server falling over at 2 a.m. while someone frantically searches Slack for the last good backup. What I don’t picture is a scene straight out of a Cold War spy film. CVE...
Read Full Article →
CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)
▼
Overview Rapid7 Labs conducted a zero-day research project against the Grandstream GXP1600 series of Voice over Internet Protocol (VoIP) phones. This research resulted in the discovery of a critical unauthenticated stack-based buffer overflow vulnerability, CVE-2026-2329. A remote attacker can le...
Read Full Article →
The Playbook For Organized Cybercrime
▼
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 18, 2026 –Read the full report in GlobeNewswire Cybercrime has become the world’s third-largest economy, with costs projected to reach $12.2 trillion annually by 2031, according to Cybersecurity Ventures. ...
Read Full Article →
One Process, Every Metric: How Better Alert Enrichment Transforms SOC Performance
▼
Every security alert represents a decision point. Act too slowly, and a threat becomes a breach. Act without context, and analysts drown in noise. At the center of both failure modes is a single, often underestimated process: alert enrichment. Key Takeaways The Seconds That Define a Breach Alert ...
Read more (link unavailable)
Job scam uses fake Google Forms site to harvest Google logins
▼
Phishers are using fake Google Forms pages hosted on lookalike domains to trick job seekers into handing over their Google credentials.
Read Full Article →
GrayCharlie Hijacks Law Firm Sites in Suspected Supply-Chain Attack
▼
GrayCharlie turns compromised WordPress sites into malware delivery machines. Discover how this threat actor chains fake browser updates and ClickFix lures to deploy NetSupport RAT, Stealc, and SectopRAT.
Read Full Article →
Qualys Recognized as a Leader in the 2026 Forrester Wave™ for CNAPP
▼
Qualys’ Key Takeaways Selecting the right security platform is no longer just a technical decision; it’s a strategic imperative. For Chief Information Security Officers (CISOs) and cloud security leaders, the market is flooded with vendors promising total visibility and single-pane-of-glass simpl...
Read Full Article →
From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day
▼
Written by: Peter Ukhanov, Daniel Sislo, Nick Harbour, John Scarbrough, Fernando Tomlinson, Jr., Rich Reece Introduction Mandiant and Google Threat Intelligence Group (GTIG) have identified the zero-day exploitation of a high-risk vulnerability in Dell RecoverPoint for Virtual Machines , tracked ...
Read Full Article →
Scam Guard for desktop: A second set of eyes for suspicious moments
▼
Malwarebytes Scam Guard is now on Windows and Mac, bringing AI-powered scam detection to your desktop.
Read Full Article →
Ransom Man: A Shocking Data Breach At A Psychotherapy Service. Jenny Kleeman Investigates.
▼
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 17, 2026 –Listen to the podcast What if your deepest secrets were held to ransom? Author and presenter Jenny Kleeman explores the shocking true story of thousands of private therapy notes being leaked onli...
Read Full Article →
Update Chrome now: Zero-day bug allows code execution via malicious webpages
▼
Google has released an emergency update to patch an actively exploited zero-day—the first Chrome zero-day of the year.
Read Full Article →
LATAM Businesses Hit by XWorm via Fake Financial Receipts: Full Campaign Analysis
▼
Editor’s note: The current article is authored by Moises Cerqueira, malware researcher and threat hunter. You can find Moises on LinkedIn. Malware campaigns targeting Latin America (LATAM) are evolving. While the final payloads, often commodity RATs like XWorm, remain consistent, delivery mechani...
Read more (link unavailable)
Fake Incident Report Used in Phishing Campaign, (Tue, Feb 17th)
▼
This morning, I received an interesting phishing email. I&#;x26;#;xe2;&#;x26;#;x80;&#;x26;#;x99;ve a &#;x26;#;xe2;&#;x26;#;x80;&#;x26;#;x9c;love &#;x26; hate&#;x26;#;xe2;&#;x26;#;x80;&#;x9d; relation with such emails because I always have the impression to lose time when reviewing them but someti...
Read Full Article →
Canada Goose - 581,877 breached accounts
▼
In February 2026, a data breach allegedly containing data relating to Canada Goose customers was published publicly . The data contained 920k records with 582k unique email addresses and included names, phone numbers, IP addresses, physical addresses and partial credit card data, specifically car...
Read Full Article →
University of Pennsylvania - 623,750 breached accounts
▼
In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand , largely affecting its donor database. After the incident, the attackers sent inflammatory emails to some victims. The data was later published online in February 2026 and included 624k un...
Read Full Article →
Ransomware Threatens SMBs. Cyberinsurance Isn’t Always A Financial Backstop.
▼
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 16, 2026 –Read the full story in Forbes Cybercriminals are no longer concentrating their efforts on large enterprises; they’re increasingly directing attacks toward small and mid-market businesses. Cyberse...
Read Full Article →
Google Amends Chrome with the First Important Security Fix in 2026 (CVE-2026-2441)
▼
Patch your Chrome browser! Google has issued a security update to address a serious security flaw that hackers are already exploiting. “The Stable channel has been updated to 145.0.7632.75/76 for Windows/Mac and 144.0.7559.75 for Linux, which will roll out over the coming days/weeks,” the Chrome ...
Read Full Article →
APOIA.se - 450,764 breached accounts
▼
In December 2025, a database of the Brazilian crowdfunding platform APOIA.se was posted to an online forum . In January 2026, the company confirmed it had suffered a data breach. The incident exposed 451k unique email addresses along with names and physical addresses.
Read Full Article →
Network Intelligence: Your Questions, Global Answers
▼
Learn how network intelligence gives security teams control over threat investigation with global visibility—no more drowning in generic, passive threat feeds.
Read Full Article →
Navigating the Digital Frontier: Inside the World of Cybercrime Magazine
▼
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 13, 2026 –Read the full Oreate AI story A blog post about Cybercrime Magazine was written by Oreate AI, who calls itself “your all-in-one assistant, helping you write essays, build presentations, and human...
Read Full Article →
How to find and remove credential-stealing Chrome extensions
▼
Researchers have uncovered 30 Chrome extensions stealing user data. Here’s how to check your browser and remove any malicious extensions step by step.
Read Full Article →
Fake shops target Winter Olympics 2026 fans
▼
Olympic merchandise is already being used as bait. We’ve identified nearly 20 fake shop sites targeting fans globally.
Read Full Article →
Hand over the keys for Shannon’s shenanigans
▼
In this week’s newsletter, Amy examines the rise of Shannon, an autonomous AI penetration testing tool, and what it means for security teams and risk management.
Read Full Article →
VU#504749: PyMuPDF path traversal and arbitrary file write vulnerabilities
▼
Overview A path traversal vulnerability leading to arbitrary file write exist in PyMuPDF version 1.26.5, within the ‘embedded_get’ function in ‘ main .py’. This vulnerability is caused by improper handling of untrusted embedded file metadata, which is used directly as an output path, enabling att...
Read Full Article →
LevelBlue’s Managed Detection and Response (MDR) Helps Unify Your Cyber Defense
▼
Managed Detection and Response (MDR) acts as the foundation of a unified security program, connecting visibility, intelligence, and response across your entire environment. A modern MDR solution goes beyond alerts by delivering real‑time detection, expert‑led response, and actionable threat intel...
Read Full Article →
Outlook add-in goes rogue and steals 4,000 credentials and payment data
▼
The once popular Outlook add-in AgreeTo was turned into a powerful phishing kit after the developer abandoned the project.
Read Full Article →
Betashares Global Cybersecurity ETF (ASX: HACK): A Diversified Bet On The Sector
▼
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 12, 2026 –Read the full story in The Motley Fool Australia Tristan Harrison, one of the longest-serving writers at The Motley Fool Australia, highlights a cybersecurity growth theme for potential investors...
Read Full Article →
GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use
▼
Introduction In the final quarter of 2025, Google Threat Intelligence Group (GTIG) observed threat actors increasingly integrating artificial intelligence (AI) to accelerate the attack lifecycle, achieving productivity gains in reconnaissance, social engineering, and malware development. This rep...
Read Full Article →
Gartner® Names Tenable as the Current Company to Beat for AI-Powered Exposure Assessment in a 2025 Report
▼
“Tenable’s asset and attack surface coverage, its application of AI and its reputation for vulnerability assessment makes it the front-runner in AI-powered exposure assessment,” Gartner writes in “AI Vendor Race: Tenable Is the Company to Beat for AI-Powered Exposure Assessment.” Key takeaways fr...
Read Full Article →
Apple patches zero-day flaw that could let attackers take control of devices
▼
Apple issued security updates for all devices which include a patch for an actively exploited zero-day—tracked as CVE-2026-20700.
Read Full Article →
Fortune 500 Tech Enterprise Speeds up Triage and Response with ANY.RUN’s Solutions
▼
In enterprise SaaS, unclear security decisions carry real cost. False positives disrupt customers, while missed threats expose the business. A Fortune 500 cloud provider addressed this risk by embedding ANY.RUN into SOC investigations, giving analysts the behavioral evidence needed to reduce esca...
Read more (link unavailable)
Polish hacker charged seven years after massive Morele.net data breach
▼
A 29-year-old Polish man has been charged in connection with a data breach that exposed the personal details of around 2.5 million customers of the popular Polish e-commerce website Morele.net. Read more in my article on the Hot for Security blog.
Read Full Article →
Bypassing Administrator Protection by Abusing UI Access
▼
In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didn’t exist. I described one of the ways I was able to bypass the feature before it was released. In total I found 9 bypasses during my research that...
Read Full Article →
Active Directory Attacks Demystified: Pass-the-Hash (PtH), Pass-the-Ticket (PtT), and Beyond
▼
Key Takeaways Introduction Active Directory (AD) remains the backbone of identity and access management for most enterprises, controlling authentication, authorization, and access across users, endpoints, servers, and applications. Because of this central role, Active Directory is also one of the...
Read Full Article →
State of Security Report | Recorded Future
▼
Download Recorded Future's 2026 State of Security report which provides comprehensive threat intelligence on geopolitical fragmentation, state-sponsored operations, ransomware evolution, and emerging technology risk.
Read Full Article →
Ransomware Remains A Top 10 AI Threat In 2026
▼
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 11, 2026 –Read the full story in ZDNet ZDNet recently published “10 ways AI can inflict unprecedented damage in 2026,” that deserve every business leader’s attention: 1. AI-enabled malware will unleash The...
Read Full Article →
Emerging Ransomware BQTLock & GREENBLOOD Disrupt Businesses in Minutes
▼
How long would it take your team to realize ransomware is already running? The newly identified ransomware families are already causing real business disruption. These threats can disrupt operations fast while also reducing visibility through stealth or cleanup activity, shrinking the time teams ...
Read more (link unavailable)
New threat actor, UAT-9921, leverages VoidLink framework in campaigns
▼
Cisco Talos recently discovered a new threat actor, UAT-9221, leveraging VoidLink in campaigns. Their activities may go as far back as 2019, even without VoidLink.
Read Full Article →
[local] glibc 2.38 - Buffer Overflow + 1 similar
▼
glibc 2.38 - Buffer Overflow
Read Full Article →
Microsoft Patch Tuesday for February 2026 — Snort rules and prominent vulnerabilities
▼
Microsoft has released its monthly security update for February 2026, which includes 55 vulnerabilities affecting a range of products, including one (CVE-2025-59498) that Microsoft marked as “Critical”.
Read Full Article →
Microsoft and Adobe Patch Tuesday, February 2026 Security Update Review
▼
Microsoft’s February 2026 Patch Tuesday focuses on closing security gaps that attackers could exploit, reinforcing the importance of timely patching in enterprise environments. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for February 2026 This month’s release addres...
Read Full Article →
Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)
▼
2 Critical 51 Important 1 Moderate 0 Low Microsoft addresses 54 CVEs in the February 2026 Patch Tuesday released, including six zero-day vulnerabilities that were exploited in the wild and three publicly disclosed CVEs. Microsoft patched 54 CVEs in its February 2026 Patch Tuesday release, with tw...
Read Full Article →
Measuring AI Security: Separating Signal from Panic
▼
The conversation around AI security is full of anxiety. Every week, new headlines warn of jailbreaks, prompt injection, agents gone rogue, and the rise of LLM-enabled cybercrime. It’s easy to come away with the impression that AI is fundamentally uncontrollable and dangerous, and therefore someth...
Read Full Article →
VU#458422: CASL Ability contains a prototype pollution vulnerability
▼
Overview A prototype pollution vulnerability present in CASL Ability versions 2.4.0 through 6.7.4 is triggered through the rulesToFields() function in the extra module. The program’s library contains a method called setByPath() that does not properly sanitize property names, allowing attackers to...
Read Full Article →
LevelBlue SpiderLabs: Breaking Down the Ransomware Groups Targeting the Education Sector
▼
Ransomware attack groups have ramped up their efforts, launching attacks on the education sector with recent incidents striking a range of targets from an Australian institution of higher learning to a school district in North Carolina.
Read Full Article →
Bank Of America: Cybercrime Will Get Much Worse
▼
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 10, 2026 –Read the full story in GoBankingRates “The World In 2030,” a Bank of America research paper, cites Cybersecurity Ventures, whose analysis showed that cybercrime — such as hacking, fake videos, Th...
Read Full Article →
Beyond the Battlefield: Threats to the Defense Industrial Base
▼
Introduction In modern warfare, the front lines are no longer confined to the battlefield; they extend directly into the servers and supply chains of the industry that safeguards the nation. Today, the defense sector faces a relentless barrage of cyber operations conducted by state-sponsored acto...
Read Full Article →
How to Build Threat Hunting that Defends Your Organization Against Real Attacks
▼
Threat hunting is widely recognized as one of the most important capabilities of a mature SOC. It uncovers stealthy attackers early, reduces dwell time, and prevents security incidents from impacting the business. Yet, in practice, many organizations find that their threat hunting efforts don’t c...
Read more (link unavailable)
Toy Battles - 1,017 breached accounts
▼
In February 2026, the online gaming community Toy Battles suffered a data breach. The incident exposed 1k unique email addresses alongside usernames, IP addresses and chat logs. Following the breach, Toy Battles self-submitted the data to Have I Been Pwned.
Read Full Article →
Association Nationale des Premiers Secours - 5,600 breached accounts
▼
In January 2026, a data breach impacting the French non-profit Association Nationale des Premiers Secours (ANPS) was posted to a hacking forum . The breach exposed 5.6k unique email addresses along with names, dates of birth and places of birth. ANPS self-submitted the data to HIBP and advised th...
Read Full Article →
What Anthropic’s Latest Model Reveals About the Future of Cybersecurity
▼
AI can find vulnerabilities with unprecedented speed, but discovery alone doesn’t reduce cyber risk. We need exposure prioritization, contextual risk analysis, and AI-driven remediation to transform findings into security outcomes. Key takeaways AI is dramatically accelerating vulnerability disco...
Read Full Article →
I pretended to be an AI agent on Moltbook so you don’t have to
▼
I went undercover on Moltbook, the AI-only social network, masquerading as a bot. Instead of deep bot-to-bot conversations, I found spam, scams, and serious security risks. Key Takeaways Moltbook, the AI-only social network, is currently a high-risk environment dominated by spam and scams. Connec...
Read Full Article →
UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering
▼
Written by: Ross Inman, Adrian Hernandez Introduction North Korean threat actors continue to evolve their tradecraft to target the cryptocurrency and decentralized finance (DeFi) verticals. Mandiant recently investigated an intrusion targeting a FinTech entity within this sector, attributed to UN...
Read Full Article →
TV Show “Scam Interceptors”: The Intersection Of Ethical Hacking And Investigative Journalism
▼
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 9, 2026 –Watch the YouTube video “Scam Interceptors is kind of a unique show in that we basically blend ethical hacking with investigative journalism, and we use those two separate skill sets The post TV S...
Read Full Article →
Substack - 663,121 breached accounts
▼
In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as publica...
Read Full Article →
SASE vs SSE: Which Is Best Suited for Your Organization
▼
SASE vs. SSE explained: Understand the key differences between Secure Access Service Edge (SASE) and Security Service Edge (SSE) , including when each model makes the most sense for modern, cloud-first organizations. How SSE can be your path to SASE: Learn why many enterprises start with SSE as a...
Read Full Article →
Incognito Market admin sentenced to 30 years for running $105 million dark web drug empire
▼
He promised "the best security there is" to hundreds of thousands of drug buyers, while quietly making the kind of mistake that guaranteed a 30-year sentence. And maybe training police on cryptocurrency while running a running a vast Tor-hidden drug bazaar wasn't such a good idea. Read more in my...
Read Full Article →
All gas, no brakes: Time to come to AI church
▼
This week, Joe cautions the rush to adopt AI tools rife with truly awful security vulnerabilities.
Read Full Article →
Chrysalis, Notepad++, and Supply Chain Risk: What it Means, and What to Do Next
▼
When Rapid7 published its analysis of the Chrysalis backdoor linked to a compromise of Notepad++ update infrastructure, it raised understandable questions from customers and security teams. The investigation showed that attackers did not exploit a flaw in the application itself. Instead, they com...
Read Full Article →
2025 SLG cyber trends: 5 lessons to build a 2026 cyber roadmap
▼
From school districts to state agencies, 2025 cyber incidents were a wake-up call about asset visibility. Discover five actionable lessons SLG leaders can use to close the cyber exposure gap and move from reactive threat detection and response to proactive exposure management. Key takeaways Effec...
Read Full Article →
How Threat Intelligence Helps Protect Financial Organizations from Business Risk
▼
The financial sector resembles a treasure vault under constant siege. Banks, insurers, and fintech firms are not just custodians of money. They are guardians of irreplaceable personal and corporate data, payment flows, transactional integrity, and trust itself. When cybercriminals strike, the rip...
Read more (link unavailable)
Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework
▼
Cisco Talos uncovered “DKnife,” a fully featured gateway-monitoring and adversary-in-the-middle (AitM) framework comprising seven Linux-based implants.
Read Full Article →
Betterment - 1,435,174 breached accounts
▼
In January 2026, the automated investment platform Betterment confirmed it had suffered a data breach attributed to a social engineering attack . As part of the incident, Betterment customers received fraudulent crypto-related messages promising high returns if funds were sent to an attacker-cont...
Read Full Article →
TruConfirm: Autonomous, Agent-Led, Safe Exploit Validation for Real-World Risk Reduction
▼
Key Takeaways The Question CISOs Cannot Answer Today The scan is done. Dashboards are full. Change windows are tight. And one critical question dominates every vulnerability review: “Is this exposure actually exploitable on our asset, in our production environment,with our controls, right now?” V...
Read Full Article →
LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem)
▼
Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance. Google moved swiftly to patch these issues. Organizations running Looker on-prem should verify they have upgraded to the patched versions. Key takeaways ...
Read Full Article →
Release Notes: Workflow Improvements, MISP Integration & 2,000+ New Detections
▼
First month of the year, and we’re starting it off with updates that support faster decisions and more predictable SOC operations. In January, we introduced a major workflow enhancement with the new ANY.RUN Sandbox integration with MISP, alongside expanded detection coverage across behavior signa...
Read more (link unavailable)
[webapps] FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution + 1 similar
▼
FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution
Read Full Article →
Rublevka Team: Anatomy of a Russian Crypto Drainer Operation
▼
Rublevka Team exemplifies the industrialization of crypto scams. Learn how traffer teams and wallet drainers enable high-volume theft.
Read Full Article →
From Clawdbot to Moltbot to OpenClaw: Security Experts Detail Critical Vulnerabilities and 6 Immediate Hardening Steps for the Viral AI Agent
▼
Moltbot, the viral AI agent, offers immense power but is riddled with critical vulnerabilities, including remote code execution (RCE), exposed control interfaces, and malicious extensions. Read on to understand the vulnerabilities associated with Moltbot and the immediate security practices users...
Read Full Article →
Frequently Asked Questions About Notepad++ Supply Chain Compromise
▼
Threat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Change log Update February 4: This FAQ blog has been updated to note that CVE-2025-15556 was assigned for this security incident. Click here to re...
Read Full Article →
Enterprise Phishing: How Attackers Abuse Trusted Microsoft & Google Platforms
▼
ANY.RUN observes a growing trend of phishing kit infrastructure being hosted on legitimate cloud and CDN platforms, rather than on newly registered domains. These campaigns often target enterprise users specifically, creating a global threat to businesses. The shift creates serious visibility cha...
Read more (link unavailable)
Mutagen Astronomy: From Discovery to CISA Recognition—A Seven-Year Journey
▼
Introduction On January 26, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2018-14634 to its Known Exploited Vulnerabilities (KEV) catalog. The same vulnerability was discovered by the Qualys Threat Research Unit (TRU) in September 2018. We nicknamed it “Mutagen Astro...
Read Full Article →
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit
▼
Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central Am...
Read Full Article →
[webapps] RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS) + 1 similar
▼
RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)
Read Full Article →
[hardware] D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS) + 1 similar
▼
D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)
Read Full Article →
Autonomous Threat Operations in action: Real results from Recorded Future’s own SOC team | Recorded Future
▼
This article explores how Recorded Future served as Customer Zero for Autonomous Threat Operations, testing the new solution within our own SOC to validate its real-world impact before releasing it to the public. The article reveals how the technology transformed inconsistent, analyst-dependent t...
Read Full Article →
FBI takes notorious RAMP ransomware forum offline
▼
The FBI has seized control of RAMP, a notorious cybercrime online forum that bragged to be the only place that allowed ransomware, and boasted over 14,000 active users. Now some of those users' details are likely to be in the hands of the police... Read more in my article on the Bitdefender blog.
Read Full Article →
Panera Bread - 5,112,502 breached accounts
▼
In January 2026, Panera Bread suffered a data breach that exposed 14M records . After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses....
Read Full Article →
ROC vs. CTEM: How a Risk Operations Center Evolves Beyond Continuous Threat Exposure Management in 2026
▼
Key Takeaways: The Essentials of ROC vs. CTEM Modern enterprises face a constant flood of data from dozens of siloed security tools, creating a fragmented view of risk. Continuous threat exposure management (CTEM) offers a framework to bring exposures together from these tools, and a risk operati...
Read Full Article →
Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft
▼
Introduction Mandiant has identified an expansion in threat activity that uses tactics, techniques, and procedures (TTPs) consistent with prior ShinyHunters-branded extortion operations. These operations primarily leverage sophisticated voice phishing (vishing) and victim-branded credential harve...
Read Full Article →
Guidance from the Frontlines: Proactive Defense Against ShinyHunters-Branded Data Theft Targeting SaaS
▼
Introduction Mandiant is tracking a significant expansion and escalation in the operations of threat clusters associated with ShinyHunters-branded extortion. As detailed in our companion report, 'Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft' , these campaigns...
Read Full Article →
Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529
▼
In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-54529) and a double-free vulnerability (CVE-2025-31235) in the coreaudiod system daemon through a process I call knowledge-driven fuzzing. W...
Read Full Article →
I'm locked in!
▼
Hazel reflects on how to find balance while staying informed, then delivers practical updates and insights on the latest cybersecurity threats.
Read Full Article →
Top 10 Cloud Compliance Tools for Enterprise Security and Audit Readiness in 2026
▼
Key Takeaways Compliance Breaks When Proof Lags Infrastructure Cloud compliance has changed. It is no longer an audit milestone. It is a continuous expectation. Boards demand visibility into regulatory exposure. Regulators expect evidence, not intent. Enterprise customers want assurance in real t...
Read Full Article →
Microsoft releases update to address zero-day vulnerability in Microsoft Office
▼
Microsoft has published three out-of-band (OOB) updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has been reportedly exploited in the wild.
Read Full Article →
Dissecting UAT-8099: New persistence mechanisms and regional focus
▼
Cisco Talos has identified a new, regionally targeted campaign by UAT-8099 that leverages advanced persistence techniques and custom BadIIS malware variants to compromise IIS servers, particularly in Thailand and Vietnam.
Read Full Article →
IR Trends Q4 2025: Exploitation remains dominant, phishing campaign targets Native American tribal organizations
▼
A drop in exploitation and ransomware, but a spike in phishing and credential abuse, show why timely patching and robust MFA matter more than ever.
Read Full Article →
SOC & Business Success with ANY.RUN: Real-World Results & Cases
▼
Running a SOC today means constant trade-offs: too many alerts, not enough people, strict SLAs, and attacks that keep getting smarter. Most leaders aren’t asking for “the next cool product” but a proof that something actually cuts time, risk, and workload in real environments like theirs. Thousan...
Read more (link unavailable)
Smashing Security podcast #452: The dark web’s worst assassins, and Pegasus in the dock
▼
In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with Pegasus spyware — exposing how a single, seemingly harmless text message can turn a smartphone into a round-the-clock surveillance device. Plus, we go looking for professional h...
Read Full Article →
No Place Like Home Network: Disrupting the World's Largest Residential Proxy Network
▼
Introduction This week Google and partners took action to disrupt what we believe is one of the largest residential proxy networks in the world, the IPIDEA proxy network. IPIDEA’s proxy infrastructure is a little-known component of the digital ecosystem leveraged by a wide array of bad actors. Th...
Read Full Article →
Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088
▼
Introduction The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability CVE-2025-8088 in WinRAR, a popular file archiver tool for Windows, to establish initial access and deliver diverse payloads. Discovered and patched in July 2025, g...
Read Full Article →
Bypassing Windows Administrator Protection
▼
A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control (UAC) with a more robust and importantly, securable system to allow a local user to access administrator privileges only when necessary....
Read Full Article →