AI Tools Claude and GPT 4.1 Used to Coordinate Mass Government Data Breach in Mexico
The attacker processed data from 305 servers and generated 2,597 intelligence reports using a custom Python script linked to OpenAI's API.
The Latest
Identity Attacks Hit Over Half of Organizations in 2025
The 2026 SANS survey found that over a quarter of identity attacks involved MFA fatigue, highlighting the growing sophistication of…
Platform Security Alert: cPanel Auth Bypass, GitHub RCE, and Trellix Source Code Leak
cPanel issued urgent patches for an authentication bypass flaw; GitHub fixed CVE-2026-3854 RCE exploitable via a single push; and Trellix…
cPanel Zero Day Under Active Attack: Government and Military Servers Compromised
The actively exploited cPanel authentication bypass zero day has already been used to compromise high value government and military servers,…
EtherRAT Campaign Abuses Search Rankings and GitHub Trust to Infect IT Admins
The EtherRAT campaign exploits search engine rankings and trust in GitHub to deliver a remote access trojan to system administrators…
Open Source CVE MCP Server Gives Claude AI 27 Security Tools to Automate Vulnerability Analysis
The tool aggregates vulnerability data from 21 different APIs including NVD, Exploit DB, and vendor advisories, allowing Claude to perform…
cPanelSniper Weaponizes cPanel Flaw, 44k Hosts at Risk
The public release of the cPanelSniper exploit, which leverages CVE-2023-29489, has triggered a mass compromise of roughly 44,000 web hosting…
Anthropic Opens Claude Security Features to All Enterprise Users in Public Trial
Anthropic is inviting enterprise beta testers to evaluate Claude Security features including audit logs and customizable data governance policies.
Adversary in the Middle Campaign Bypasses MFA on Enterprise Cloud Platforms
The AiTM tactic uses a real time proxy to steal authentication tokens after the user completes MFA, bypassing one of…
Phishers Weaponize Google AppSheet, Netlify and Telegram to Target Facebook Users
The scheme uses Google AppSheet to host fake login forms, Netlify for a secondary phishing page, and Telegram to exfiltrate…
Social Engineering Duo: CAPTCHA and ClickFix Trick Users into Giving Up Passwords
Attackers use a malicious combination of fake CAPTCHA challenges and deceptive 'ClickFix' prompts to trick users into launching credential stealing malware via PowerShell.
Exim Vulnerability Allows Remote Crash via Crafted DNS Responses
The flaws enable an unauthenticated attacker to crash Exim servers remotely by sending specially crafted DNS responses, leading to denial…
Windows Shell Vulnerability Under Active Attack: Urgent Patching Required
Microsoft has confirmed active exploitation of a Windows Shell privilege escalation bug, urging all organizations to apply the April 2026…
Supply Chain Attack Targets Checkmarx Users Through Malicious Docker Images and Extensions
The attack leverages both malicious Docker images on Docker Hub and fake VS Code extensions, requiring developers to verify all…
Spotlight
Critical LMDeploy Vulnerability Exploited Hours After Public Disclosure
Security researchers documented proof-of-concept exploits being deployed against unpatched LMDeploy servers within hours of the vulnerability announcement.
New Linux Malware Abuses Microsoft Graph API for Covert Operations in South Asia
GoGra uses OAuth tokens to blend into normal Office 365 traffic, making detection difficult for signature based security tools.
Persistent Backdoor Compromises Cisco Firepower Appliances at a Federal Agency
FIRESTARTER backdoor embeds itself in the firmware of Cisco Firepower appliances, allowing it to survive OS reinstalls and standard security patches.
Silk Typhoon Operator Extradited for Hacking COVID Research Institutions
The Silk Typhoon hacker allegedly targeted over a dozen universities and vaccine developers in a multi year espionage campaign.
Features
Checkmarx Breach Exposes GitHub Repository Data on Dark Web
The attacker exfiltrated source code and proprietary information from multiple GitHub repositories, prompting an ongoing investigation with law enforcement.
Malicious npm Package Targets Bitwarden Users in Multi Stage Supply Chain Attack
The attack leverages a trojanized npm package to steal credentials from developer environments connected to Bitwarden CLI workflows.
Apple Closes iOS Data Recovery Hole That Exposed Signal Messages
The iOS flaw allowed forensic extraction of supposedly deleted conversations from Signal and other encrypted apps, undermining user privacy controls.
Canonical Services Silenced by Wave of Flood Traffic
The DDoS attack temporarily blocked access to Ubuntu's website and other Canonical web properties, disrupting updates and support for users…
Trellix Repository Compromised in Source Code Theft Incident
The intruder accessed a Trellix source code repository, potentially exposing proprietary code used in the company's cybersecurity products.
Global Ransomware Surge to 7831 Incidents Linked to AI Powered Criminal Tools
The adoption of generative AI by ransomware groups has enabled automated vulnerability scanning and custom ransom note generation, pushing global…
