-
A malicious PyPI package, hermes-px, that masquerades as a “Secure AI Inference Proxy” while secretly stealing user prompts and abusing a private university AI service. Marketed as an OpenAI-compatible, Tor-routed proxy requiring no API keys, the packa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has announced a significant update for its Chrome browser, extending native lazy loading capabilities to audio and video elements. This highly anticipated feature aims to improve web performance, drastically save bandwidth, and offer subtle secu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers have stolen approximately $286 million from Drift Protocol, a leading decentralized perpetual futures exchange on the Solana blockchain, in what security researchers believe may be a North Korea-linked cyberattack. The incident occurred on Apri…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are abusing Windows shortcut files and GitHub to run a stealthy, multi‑stage malware campaign against organizations in South Korea. The operation chains LNK files, PowerShell, and GitHub APIs to deliver surveillance tools while blending into no…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An automated campaign abusing GitHub’s pull_request_target workflow trigger to steal CI/CD secrets at scale. The attacker, using the handle ezmtebo, fired off more than 475 malicious pull requests (PRs) in just 26 hours, impersonating routine CI config…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
North Korea’s cyber program is shifting from monolithic “families” to a modular, portfolio-style malware ecosystem designed to survive exposure, frustrate attribution, and keep operations running under constant pressure. Years of sanctions, coordinated…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Anthropic’s flagship AI coding agent, Claude Code, was recently discovered to contain a critical security flaw that silently bypasses developer-configured safety rules. The vulnerability allows attackers to execute blocked commands, such as data …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
German authorities have officially put a face to one of the most notorious names in cybercrime. The German Federal Criminal Police (BKA) recently identified 31-year-old Russian national Daniil Maksimovich Shchukin as the man behind the hacker alias …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has announced a record-breaking year for its Vulnerability Reward Program (VRP). In 2025, the tech giant paid out more than $17 million to ethical hackers worldwide to help secure its platforms. This major milestone marks a massive 40% increase …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Apache Software Foundation has released critical security updates to address two vulnerabilities in Apache Traffic Server (ATS). Disclosed on April 2, 2026, these flaws could allow remote threat actors to trigger denial-of-service (DoS) conditions …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
