Fabricated Breach Reports Force Maine AG to Shutter Public Database
An unidentified third party exploited Maine's automated breach reporting system to post fake security incidents, prompting the state to temporarily shut down its public disclosure database while reviewing verification procedures.
The Latest
Coordinated Campaign of 152 Chrome Extensions Falsifies Ad Traffic
A network of 152 Chrome extensions posing as wallpaper tools secretly collects user data and generates fake search traffic to…
Open Source Toolkit Automates Bug Bounty Workflows with Local AI Models
BugHunter allows security researchers to run vulnerability testing and generate submission ready reports from a single terminal command using free…
AI Powered Fuzzing Pipeline Uncovers $500,000 in Google Bugs
An AI-driven fuzzing pipeline uncovered over $500,000 in bug bounties from Google by exploiting access control failures across roughly 1,500…
Velvet Ant APT Spent Years Hiding Inside Linux Login Stack
A China linked threat group compromised Linux PAM and OpenSSH components to maintain undetected access for nearly a decade, evading…
JDY Botnet Grows to 1500 Compromised Devices for Recon Operations
The JDY botnet has expanded to over 1,500 compromised SOHO and IoT devices, acting as a high performance scanner for…
Global Police Takedown Hits AudiA6 Crypto Laundering Network Used by Ransomware Gangs
A coordinated international law enforcement operation has dismantled the AudiA6 cryptocurrency laundering service, which allegedly processed over $380 million for…
Phantom Mantis Ransomware Group Evolves Into Self-Sufficient Operation With 478 Victims
The threat actor behind The Gentlemen ransomware was identified as a 36 year old Russian from Izhevsk after transitioning from…
OceanLotus APT Targets Vietnamese Investors and Construction Firm With SPECTRALVIPER Backdoor
ESET reveals OceanLotus deployed SPECTRALVIPER backdoor in supply chain attack on Vietnamese stock investment software and a separate prolonged espionage…
SniperDz PhaaS Platform Arms Criminals with 70+ Brand Impersonation Templates
Group-IB researchers uncovered a turnkey PhaaS platform enabling brand impersonation and browser hijacking through social media lures across the Middle…
Iran Linked BLUERABBIT Backdoor Combines Encryption, Data Theft, and Full Disk Wipe on Windows Systems
The BLUERABBIT backdoor uses enterprise messaging protocols like RabbitMQ to hide its command and control traffic while enabling both data theft and complete disk destruction on infected Windows machines.
GoFlateLoader Evades Detection by Bloated File Strategy
GoFlateLoader uses oversized PE overlays to bypass security scanning, already infecting over 33,000 users globally since April 2026.
CISA Mandates Three Day Patch Deadline for Critical Exploited Flaws
CISA's BOD 26-04 requires federal agencies to patch critical exploited vulnerabilities within three days, replacing previous patch directives with a…
ServiceNow Warns Customers After Malicious Actors Exploit Instance Access Flaw
ServiceNow disclosed that threat actors exploited an unpatched configuration flaw to query a subset of customer instances before a security…
Spotlight
npm 12 to Block Install Scripts by Default to Thwart Code Execution Attacks
npm version 12 will require explicit user approval for install scripts and Git dependencies to block automatic code execution from compromised packages.
AI Assistant OpenClaw Found Vulnerable to Credential Theft via Email Trickery
A controlled phishing test demonstrated that the OpenClaw AI agent can be manipulated into forwarding sensitive credentials like AWS keys and database passwords with a single deceptive email.
Smart TV Apps Expose Home Networks as Stealth Proxies for AI Data Collection
A reverse engineering investigation reveals that free apps on smart TVs and phones act as exit nodes for a web scraping network serving AI companies, using home IP addresses without…
Leftover Debug Flag in Microsoft 365 Android Apps Exposed Account Tokens
A leftover debug flag in Microsoft's shared Android SDK allowed any app on the same device to steal FOCI authentication tokens from six popular Office apps, granting unauthorized access to…
Features
OpenAI Introduces Lockdown Mode to Block Data Exfiltration via Prompt Injection
OpenAI launches Lockdown Mode for ChatGPT to limit outbound network requests and block data exfiltration pathways from prompt injection attacks.
Domain User Can Trigger Remote Code Execution via Veeam Backup Flaw
A newly disclosed flaw in Veeam Backup
Active Exploitation of Langflow File Write Bug Enables Remote Code Execution
Attackers are exploiting an unpatched path traversal vulnerability in the Langflow AI development platform that allows unauthenticated remote code execution…
One Click Attack on GitHub.dev Could Expose Private Repositories via VS Code
Researchers demonstrate how a single click can steal full access GitHub OAuth tokens through a vulnerability in the VS Code…
Critical Use After Free Bug Opens Door to Remote Code Execution in OpenSSL
A critical use after free bug in OpenSSL's PKCS7_verify function allows attackers to execute arbitrary code on systems processing crafted…
Anthropic Unveils Claude Fable 5 with Built in Cybersecurity Guardrails
The new Mythos class model routes risky cybersecurity prompts to a less capable model while offering a defensive version to…
