Closing the Visibility Gap: A Framework for Governing Employee AI Use
A structured framework helps organizations gain visibility into unapproved AI tools employees are using while providing a clear path for safe adoption.
The Latest
Microsoft’s Patch Tuesday Addresses DNS Memory Corruption and Netlogon Flaws
The patch batch includes a critical DNS client memory corruption bug and an AMD processor flaw affecting Zen 2 products.
Closing the Phishing Gap How Security Teams Can Stop One Click from Becoming a Crisis
Modern phishing attacks bypass traditional filters by mimicking legitimate behavior, requiring SOC teams to use interactive analysis to identify and…
Critical WordPress Plugin Flaw Exploited to Steal Payment Data via Checkout Skimmer
Attackers inject fake Google Tag Manager scripts into WooCommerce checkout pages through an unpatched Funnel Builder plugin flaw to steal…
Remote Code Execution Flaws Hit Popular Workflow Automation Tool
Attackers can chain multiple critical bugs in n8n's HTTP Request, Git, and XML nodes to fully compromise automation servers.
Pwn2Own Berlin Day 2 Reveals Critical Zero Days in Exchange, Windows and AI Tools
Researchers earned $385,750 on day two of Pwn2Own Berlin by chaining three flaws to fully compromise Microsoft Exchange and exploiting…
Critical NGINX Flaw Under Active Attack Days After Disclosure
Active exploitation of a critical NGINX vulnerability began within days of disclosure, with over 5 million potentially exposed servers worldwide.
Two Critical Flaws in Popular WordPress Plugin Threaten Over One Million Sites
The Avada Builder plugin flaws allow low level users to read server files and unauthenticated attackers to steal database credentials.
Critical Memory Leak Flaw Exposes Ollama Servers to Remote Data Theft
A critical out-of-bounds read vulnerability in Ollama allows remote attackers to leak process memory, exposing API keys and user conversations.
npm Supply Chain Attack Drops Infostealers and Phantom Bot DDoS Malware
Four npm packages from the same publisher deliver a DDoS botnet and credential stealing malware, with one containing a near…
Linux Project Cracks Down on AI Generated Bug Reports Overwhelming Security Systems
Linux kernel maintainers are implementing new quality standards and triage rules to filter AI generated bug reports that have been overwhelming the project's security mailing list.
Fast16 Malware Sabotaged Nuclear Weapons Simulations to Derail Test Results
Fast16 malware manipulated nuclear weapons simulation software to make engineers believe their virtual detonation tests were failing, stalling weapons development…
Anthropic Patches Critical Claude Code Flaw Allowing Silent Command Execution
A parsing flaw in Claude Code's deeplink handler allowed attackers to inject malicious hooks that execute commands automatically when a…
CISA Flags Active Exploitation of Cross Site Scripting Flaw in Exchange Server
Organizations using on premises Exchange Server are urged to patch an XSS flaw in Outlook Web Access that CISA confirms…
Spotlight
Attackers Link Tiny Flaws Into Lethal Chains Spanning Code and Cloud
A new webinar from Wiz explains how attackers chain together small coding bugs and cloud misconfigurations to access sensitive data, and how teams can break that path.
Exim Patches Critical BDAT Use After Free Flaw in GnuTLS Builds
The Dead.Letter vulnerability affects Exim mail server versions 4.97 through 4.99.2 compiled with GnuTLS, enabling heap corruption via a crafted BDAT SMTP sequence.
AI Model Used to Craft First Mass Exploit Tool for Two Factor Auth Bypass
Google uncovered a criminal campaign in which an AI system was used to discover a zero day vulnerability and generate exploit code for mass exploitation of a popular administration tool.
Self-Propagating Malware Devours Developer Credentials Across Cloud Services
The open-source release of a credential-stealing worm has triggered a wave of copycat attacks targeting developer environments and cloud infrastructure.
Features
MicroStealer Campaign Targets Education and Telecom Sectors via Discord Exfiltration
MicroStealer malware uses Discord webhooks to exfiltrate credentials and cryptocurrency wallet data from education and telecom targets with low detection…
Firewall Flaw Grants Root Access to Network Edge Devices
An unauthenticated buffer overflow in the PAN-OS authentication portal allows remote attackers to execute arbitrary code with root privileges, with…
REMUS Malware Operation Shows Rapid Commercial Evolution in Underground Markets
Flare researchers analyzed 128 underground posts revealing REMUS malware's rapid evolution from a simple stealer to a full commercial MaaS…
How Organized Crime Uses Phishing to Hijack Truckloads of Freight
Cybercriminals are using phishing and email compromise techniques, traditionally associated with ransomware, to steal truckloads of freight worth hundreds of…
Microsoft Enables Automatic Rollback for Faulty Drivers via Windows Update
Microsoft's new Cloud Initiated Driver Recovery automatically rolls back faulty Windows drivers delivered through Windows Update, removing the need for…
Microsoft Reverses Course on Edge Password Exposure After Researcher Backlash
Microsoft will patch Edge to stop decrypting saved credentials into process memory at startup, reversing its earlier position that the…