Nissan Employee Data Exposed in Oracle PeopleSoft Zero-Day Attack
Nissan Americas confirmed a data breach after attackers exploited CVE-2026-35273 in Oracle PeopleSoft, exposing employee data across four countries.
The Latest
C++ Rewrite Fuels Global Surge in Millenium RAT Infections
The latest version of this malware is harder to detect and spreads through disguised files and a Telegram based command…
Google Patches Critical Sandbox Escape Flaws in Chrome 149
Google's latest Chrome update fixes 18 vulnerabilities, including two critical WebGL use-after-free bugs that could allow sandbox escape attacks.
119 Edge Extensions Hidden Stego Malware Reaches 2.6 Million Installs
Microsoft discovered 119 malicious Edge extensions using steganography and selective activation to steal credentials and session cookies from 2.6 million…
U.S. State Department Offers $10 Million Reward for Russian Hacker Groups Targeting Encrypted Messaging Apps
The bounty targets UNC5792 and UNC4221, groups linked to Russia's FSB and military that have compromised thousands of messaging app…
Insurance Regulator says ShinyHunters Stole Only Public Data in PeopleSoft Attack
NAIC confirms the ShinyHunters breach of its Oracle PeopleSoft system exposed only public financial reports and configuration files, not sensitive…
New Djinn Stealer emerges in attacks exploiting SimpleHelp vulnerability
Attackers exploit a critical SimpleHelp flaw to deploy TaskWeaver loader and Djinn Stealer, which targets credentials for AI development tools,…
AI Coding Agents Tricked Into Installing Malware From Clean Repos
Researchers at Mozilla's 0DIN platform show how AI coding agents can be tricked into executing malware by following standard setup…
Why Credentials Are the Starting Point for Quantum Safe Security
Attackers can already harvest encrypted credentials today, storing them for future decryption when quantum computers arrive, making a credentials first…
WhatsApp Username Feature Shields Phone Numbers from Strangers
The Meta owned messaging service will let users reserve a unique handle and an optional key to control who can…
Russian Intelligence Targeted with Fake Messaging Support Texts in Ukraine
The campaign used fake SMS messages disguised as messaging support bots to trick Ukrainian officials and activists into revealing account credentials.
Zoho WorkDrive Abused as C2 Channel in Mustang Panda Espionage Campaign
New malware strains SHARDLOADER, MINIRECON, and ZOHOMURK use legitimate cloud storage to blend malicious traffic with normal activity, targeting government…
StegoAd Campaign Hid Malicious Code in Images and Fonts on Edge Store
Microsoft linked StegoAd to the DarkSpectre operation, noting overlapping techniques and shared infrastructure with the GhostPoster extension campaigns previously identified.
Fake Perplexity AI Extension Hijacked Browser Searches to Harvest User Data
Microsoft discovered a malicious Chrome extension impersonating Perplexity AI that captured user searches and address bar input before redirecting to…
Spotlight
Popular YouTube Ad Blocker’s Hidden Code Injection Risk Exposed
A widely used Chrome ad blocker with millions of users contains inactive code pathways that could allow attackers to inject malicious scripts on any website without an extension update.
Browser Agent Exploit Chains Localhost Trust to Execute Code Remotely
Researchers detail a three flaw exploit chain where a malicious web page loaded by an AI agent can execute code on the host machine through an unauthenticated local service.
Massive Wave of 236,000 Scam Websites Built on DCloud Framework Targets Crypto Users Globally
Researchers identified over 236,000 domains using the DCloud framework for cryptocurrency scams, pig butchering operations, and wallet drainers active since mid-2022.
Indirect Prompt Injection in Claude Code Opens Reverse Shell on Developer Machines
Mozilla researchers demonstrate how AI coding agents can be tricked into opening reverse shells through clean-looking repositories, with payloads hidden entirely in DNS records.
Features
Conditional Access Bypass Exploits Microsoft Entra Nested App Flow
NetSPI researchers discovered that attackers can bypass Microsoft Entra Conditional Access Policies by abusing the Nested App Authentication OAuth flow…
New PhishingKit Exploits Browser Side Decryption to Hide Microsoft 365 Account Takeover
The EvilTokens phishing kit encrypts its landing page content with AES GCM to bypass static URL analysis, exploiting Microsoft's device…
Water Utilities Targeted Through Weak PLC Security and Exposed Controls
Nation state actors exploit default credentials and internet facing PLCs to access water infrastructure, altering chemical dosing and opening floodgates…
OpenAI Begins Controlled Preview of GPT-5.6 After Government Security Request
OpenAI's GPT-5.6 Sol launches with layered cyberattack protections and government-mandated access controls after national security concerns from the Trump administration.
Two Critical Flaws Found in Dell Wyse Management Suite
Dell patches two serious vulnerabilities in its Wyse Management Suite that could allow attackers to take complete control of affected…
Open Source CyberSentinel AI v3.0 Fuses 33 Security Tools with Agentic AI
The platform autonomously executes 33 security tools like Nmap and SQLMap inside an isolated Docker sandbox with real time AI…
