-
AWS has introduced “Continuum,” a new security capability designed to detect, validate, and remediate code vulnerabilities at machine speed, signaling a shift away from traditional telemetry-heavy security models toward automated, context-driven remedi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new security analysis has revealed that Microsoft SQL Server 2025’s native AI capabilities can be repurposed by attackers to stealthily exfiltrate sensitive data and establish command-and-control (C2) channels directly within the database engine, sig…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft’s June 2026 cumulative update for Windows 11 (KB5095051, OS Build 28000.2269) introduces an unexpected application compatibility issue that may disrupt enterprise workflows, as users report that Microsoft Office applications fail to launch wh…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are actively exploiting a critical security flaw in the widely used Gravity SMTP WordPress plugin to extract sensitive configuration data, including API keys and authentication tokens. The vulnerability, tracked as CVE-2026-4020 with a CV…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Splunk has disclosed a critical security vulnerability in its AI Toolkit that could allow authenticated administrators to execute arbitrary operating system commands on affected systems, raising significant concerns for enterprises that rely on Splunk …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has confirmed a newly disclosed zero-day vulnerability, tracked as CVE-2026-50656, affecting Microsoft Defender, following the public release of a proof-of-concept (PoC) exploit dubbed “RoguePlanet” by security researcher NightmareEclipse. Th…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A large-scale cyber espionage campaign dubbed “FortiBleed” has compromised more than 70,000 Fortinet firewalls and VPN gateways worldwide, exposing enterprise networks across 194 countries. The activity, first identified by security researcher Volodymy…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A long-running, stealthy campaign attributed to the China-nexus actor tracked as Velvet Ant has been found to include deeply engineered backdoors in the authentication stack: modified OpenSSH binaries and tampered PAM modules that exfiltrate credential…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A novel evolution of LLMjacking: a threat actor leveraging a publicly exposed Ollama model server as the reasoning engine for an automated, multi-stage offensive framework. Rather than using the model for chat or resale, the attacker integrated unauthe…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Multiple instances of typosquatting domains hosting malicious content generated with AI-powered website creation tools. One striking campaign combined an AI-created fake Brazilian bank site with a ClickFix social-engineering lure to deliver a PowerShe…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
