OpenAI Employee Systems Breached Through TanStack Supply Chain Attack
OpenAI disclosed a supply chain breach affecting two employee devices via the TanStack attack, requiring macOS users to update ChatGPT Desktop and other apps before certificate revocation in June.
The Latest
Massive Scan Reveals Deep Security Failures in Self-Hosted AI Infrastructure
A scan of a million self-hosted AI services found widespread misconfiguration, with many systems exposed without any authentication, leaving sensitive…
Malicious Updates to Node IPC Library Steal Developer Cloud Credentials
Three newly published versions of the Node IPC npm package contain a stealthy backdoor that exfiltrates developer credentials across 90…
Microsoft Exchange Server Vulnerability Allows Remote Code Execution via Email
Microsoft warns customers that attackers are actively exploiting a high-severity cross-site scripting flaw in on-premises Exchange Server via malicious email…
Cisco SD-WAN Auth Bypass Under Active Attack as CISA Sets Remediation Deadline
CISA mandates federal agencies patch a critical Cisco SD WAN authentication bypass by May 17 as threat actors exploit the…
Self Hosted Next.js Apps at Risk as SSRF Flaw Exposes Internal Networks
Attackers can exploit a Server-Side Request Forgery flaw in self-hosted Next.js to bypass firewalls and steal IAM credentials and API…
TencShell Malware Framework Uses Tencent Style Traffic to Evade Detection
The TencShell framework repurposes open source Rshell code and uses Tencent style API traffic to hide its command and control…
Active Exploitation Reported for Microsoft Exchange Server Spoofing Flaw
Microsoft warns that attackers are exploiting a critical cross site scripting flaw in Exchange Server's Outlook Web Access to perform…
Secret Blizzard Upgrades Kazuar Into Modular Espionage Botnet
The malware has evolved from a standard backdoor into a modular ecosystem targeting government and diplomatic organizations across Europe and…
FrostyNeighbor Group Uses Windows Scheduled Tasks for Stealthy Persistence
The FrostyNeighbor hacking group targets Ukrainian government organizations with spearphishing emails and server side filtering before abusing Windows Scheduled Tasks…
Critical Zero-Day in Cisco SD-WAN Controller Allows Full Admin Takeover
The flaw gives unauthenticated attackers full administrative control over enterprise SD-WAN infrastructure without any valid credentials.
FamousSparrow Campaign Targets Energy Infrastructure via Exchange Flaw
Researchers detail a months-long espionage operation where an APT group exploited an Exchange server flaw to breach an Azerbaijani energy…
Google Ships Patch for 79 Chrome Flaws, Urges Immediate Update
Google's Chrome 148 update patches 79 security flaws, including 14 critical bugs that could allow remote code execution through malicious…
Two New Zero Day Flaws Bypass BitLocker and Elevate Privileges on Windows
Chaotic Eclipse reveals two zero day flaws, one bypassing BitLocker encryption via the Windows Recovery Environment and another elevating privileges…
Spotlight
Attackers Exploit Unpatched PraisonAI API Authentication Gap
Attackers began probing PraisonAI deployments within hours of the advisory, scanning for the exposed /agents and /chat endpoints on internet connected instances.
Active Exploitation of PAN-OS Flaw Grants Attackers Root Access
Palo Alto Networks warns of active exploitation of a PAN-OS remote code execution vulnerability by state-sponsored actors, with patches expected in mid May.
Massive Phishing Wave Uses Fake Code of Conduct Scare to Steal Credentials
Microsoft uncovered a credential theft campaign that used fake code of conduct violations to trick 35,000 users across 13,000 organizations in a three day window.
New Linux Kernel Flaw Gives Attackers Root Access on Multiple Distributions
The Dirty Frag vulnerability exploits two separate kernel page cache write flaws to provide reliable root access without requiring race conditions or causing system crashes.
Features
Critical Cisco SD WAN Controller Flaw Under Active Attack Allows Admin Takeover
Cisco warns of active attacks exploiting a maximum severity authentication bypass in Catalyst SD WAN Controller that grants attackers full…
AI Generates Synthetic Attack Telemetry to Stress Test Defenses
Microsoft researchers use large language models to generate realistic command lines and process trees for simulating human operated intrusions in…
Massive npm Package Compromise Injects Malware Into 170+ Developer Tools
A supply chain attack compromised 170 npm packages using worm like malware that steals GitHub, AWS, and Kubernetes credentials from…
AI Hallucinations Create New Attack Vectors in Cybersecurity Operations
New benchmark data reveals that most major AI models are more likely to produce confidently wrong answers than correct ones,…
Ghostwriter Group Deploys Geofenced PDFs to Target Ukrainian Government Systems
Ghostwriter uses region restricted PDF files to deliver Cobalt Strike payloads exclusively to Ukrainian government targets, evading global security researchers.
Apache HTTP Server HTTP/2 Bug Opens Door to Service Disruption and Code Execution
A double free error in Apache's HTTP/2 stream handling allows attackers to crash servers with a single connection, with potential…