-
A critical unauthenticated stack-based buffer overflow vulnerability, tracked as CVE-2026-2329, affecting Grandstream GXP1600 series VoIP phones. The vulnerability, rated as critical with a CVSS score of 9.8, allows remote attackers to gain root privil…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CharlieKirk Grabber is a Python-based Windows infostealer that focuses on rapid “smash‑and‑grab” credential theft and data exfiltration rather than long-term system control or destructive behavior. It targets browser‑stored passwords, Wi‑Fi keys, Disco…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ploutus malware is powering a new wave of “jackpotting” attacks that drain U.S. ATMs without needing a bank card, customer account, or bank authorization, prompting the FBI to issue an emergency FLASH alert to financial institutions nationwide. Accord…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
LLM-generated passwords may look complex and “high entropy,” but new research shows they are highly predictable, frequently repeated, and far weaker than traditional cryptographic password generators. At the core of a secure password generator is a CSP…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has rushed out a vital security patch for Chrome, fixing three flaws that could let attackers run malicious code on users’ devices. The Stable Channel update bumps versions to 145.0.7632.109/.110 for Windows and Mac, and 144.0.7559.109 for…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are actively exploiting a critical vulnerability in BeyondTrust’s remote support software to deploy the VShell backdoor and SparkRAT remote access trojan, enabling full compromise of exposed systems. The vulnerability, tracked as CVE-2026-1731,…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new phishing campaign exploiting Microsoft’s OAuth 2.0 Device Authorization Grant flow to gain unauthorized and persistent access to Microsoft 365 accounts. The sophisticated attack active since December 2025 specifically targets professionals and en…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
PromptSpy is a newly discovered Android malware family that abuses Google’s Gemini generative AI model to make real‑time decisions on how to manipulate the user interface and stay active on infected devices. PromptSpy’s AI‑assisted functionality is foc…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Beyond CVE, China’s dual vulnerability databases, CNVD and CNNVD, show that vulnerability disclosure is not a single, global, unified process but a set of parallel systems with different rules, incentives, and timelines. China runs two national vulnera…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Citizen Lab says it found forensic evidence that Cellebrite’s mobile extraction technology was used on a Samsung Android phone belonging to detained Kenyan activist and politician Boniface Mwangi while the device was in police custody in July 2025. The…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
