-
A new wave of malvertising activity linked to the threat group “D‑Shortiez” has been observed exploiting a WebKit browser flaw to hijack the back button on Safari and other iOS browsers. This technique revives a classic forced‑redirect approach that tr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Keygraph has released Shannon, a fully autonomous AI-powered penetration testing tool designed to identify and actively exploit real vulnerabilities in web applications before malicious actors can. Unlike traditional scanners that generate alerts, Shan…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An active Zerobot campaign abusing two critical vulnerabilities CVE-2025-7544 in Tenda AC1206 routers and CVE-2025-68613 in the n8n workflow automation platform to deploy a Mirai-based payload dubbed Zerobotv9. The campaign uses common download tools a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hewlett Packard Enterprise (HPE) has disclosed a remote authentication-bypass vulnerability in HPE AutoPass License Server (APLS) that could let unauthenticated attackers bypass login controls over the network. The issue is tracked as CVE-2026-23600 an…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new supply-chain attack dubbed StegaBin is targeting JavaScript developers through 26 malicious npm packages that appear to be popular open-source libraries but secretly deploy a multi-stage credential-stealing toolkit and a Remote Access Trojan (RAT…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat intelligence researchers at Team Cymru have uncovered an open-source AI-powered offensive security tool called CyberStrikeAI, actively used to target Fortinet FortiGate devices at scale, with its developer carrying suspected ties to China’…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are increasingly abusing Telegram as an initial access marketplace, turning stealer logs and leaked credentials into direct entry points for corporate VPN, RDP, and cloud environments. The platform now acts as a high-speed bridge between compro…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
On Feb. 28, 2026, the United States and Israel launched coordinated military operations against Iran, codenamed Operation Epic Fury by the U.S. and Operation Roaring Lion by Israel, opening a new phase where cyber operations are tightly coupled with ki…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability has been discovered in the MS-Agent framework, a lightweight software tool used to build and run autonomous AI agents. Tracked as CVE-2026-2256, this command injection flaw allows remote attackers to hijack these AI agents, pot…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A large-scale malvertising operation targets macOS users with fake Google Ads leading to malicious text-sharing sites. These lures deliver the AMOS infostealer variant, dubbed “malext,” which steals sensitive data such as browser credential…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
