AWS Unveils Continuum for Automated Code Vulnerability Lifecycle
AWS's new Continuum service automates the entire code vulnerability lifecycle from discovery through remediation using frontier AI models, shifting from traditional telemetry based approaches.
The Latest
Persistent Access Through Tailscale and OpenSSH Bypasses C2 Shutdown
A junior attacker used Tailscale and OpenSSH as a backup channel to maintain access to a compromised automotive business after…
New Loaders BabaDeda, Lorem Ipsum, and Potemkin Spread via ClickFix Lures
Three new malware loaders are being distributed through ClickFix social engineering campaigns targeting education, finance, and other sectors with fake…
Expired TLS Certificate Disrupts Microsoft 365 Connectivity Testing Tool
The connectivity.office.com domain used by IT teams to verify Microsoft 365 access is showing TLS certificate expired errors, disrupting enterprise…
DPAPISnoop Tool Gains CREDHIST Extraction for Offline Password Cracking
The updated DPAPISnoop tool parses Windows CREDHIST files to generate crackable hashes that reveal users' complete password change history through…
Pyongyang Developers Weaponize VS Code Extensions for Cryptocurrency Heists
A North Korean threat group is targeting developers with phishing emails that lead to malicious VS Code projects, deploying cross…
Cisco Patches Catalyst SD-WAN Manager Zero-Day Flaw Used in Root Privilege Escalation Attacks
Cisco urges immediate patching of CVE-2026-20262, a root privilege escalation zero-day in Catalyst SD-WAN Manager that attackers are actively exploiting.
ShinyHunters Threatens to Leak Stolen Council of Europe Data
The Council of Europe is verifying claims by the ShinyHunters group that it stole hundreds of thousands of sensitive documents…
FBI Warns of In Person Cash Collections in Cryptocurrency Scams
The FBI warns that fraudsters are using couriers to collect cash from victims of cryptocurrency investment scams after traditional bank…
Critical SearchLeak Chain Enabled One-Click Data Theft via Microsoft 365 Copilot
The SearchLeak chain weaponized three vulnerabilities in Microsoft 365 Copilot to exfiltrate sensitive data before server side sanitization could stop…
Stealthy Cyber Espionage Hits Medical Research Platform
UNC6508 deployed InfiniteRed malware on REDCap servers at a North American medical research organization, remaining undetected for over a year while exfiltrating sensitive data.
Hidden Backdoor Attack Targets Three Popular WordPress Plugins
Attackers tampered with JavaScript files for three popular WordPress plugins, creating hidden admin accounts and web shells only when site…
Fabricated Breach Reports Force Maine AG to Shutter Public Database
An unidentified third party exploited Maine's automated breach reporting system to post fake security incidents, prompting the state to temporarily…
Coordinated Campaign of 152 Chrome Extensions Falsifies Ad Traffic
A network of 152 Chrome extensions posing as wallpaper tools secretly collects user data and generates fake search traffic to…
Spotlight
Open Source Toolkit Automates Bug Bounty Workflows with Local AI Models
BugHunter allows security researchers to run vulnerability testing and generate submission ready reports from a single terminal command using free local or cloud AI models.
AI-Powered Fuzzing Pipeline Uncovers $500,000 in Google Bugs
An AI-driven fuzzing pipeline uncovered over $500,000 in bug bounties from Google by exploiting access control failures across roughly 1,500 internal APIs.
Law Enforcement Dismantles AI Driven Phishing Network Tied to 3.8 Million Stolen Credit Cards
The FBI and partners seized servers, a Telegram bot, and cryptocurrency wallets, while redirecting thousands of phishing domains to a warning page.
Former School District Employee Sentenced for Hacking Former Employer
The former IT worker conducted a 21-month cyber campaign that deleted accounts, disrupted classes, and cost over $59,000 in damages before being caught through a USB drive turned over by…
Features
Authenticated Remote Code Execution Risk in Splunk Enterprise
An unauthenticated attacker can exploit a missing authentication control in Splunk Enterprise's PostgreSQL sidecar to write arbitrary files and execute…
US Government Orders Anthropic to Block Access to Advanced AI Models Over Security Fears
The U.S. government ordered Anthropic to immediately disable Claude Fable 5 and Mythos 5 for all users over national security…
Velvet Ant APT Spent Years Hiding Inside Linux Login Stack
A China linked threat group compromised Linux PAM and OpenSSH components to maintain undetected access for nearly a decade, evading…
Massive AUR Package Hijack Campaign Spreads Cryptominer and eBPF Rootkit
Attackers hijacked over 400 abandoned Arch Linux AUR packages by modifying build scripts to deploy a Rust credential stealer and…
Google Lawsuit Targets Smishing Network That Weaponized Gemini AI
A PhaaS platform called Outsider used Google's Gemini AI to generate phishing page code, resulting in millions of stolen credit…
New Attack Exploits AI Coding Agents via Sentry Error Platform
Tenet Security researchers discovered a technique called Agentjacking that uses crafted Sentry error reports to trick AI coding assistants into…
