-
A coordinated supply chain attack has been uncovered involving 36 malicious npm packages masquerading as Strapi CMS plugins, delivering a range of payloads including Redis remote code execution (RCE), credential harvesting, and persistent command-and-c…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
As artificial intelligence evolves from simple chatbots to autonomous agents that actively browse the web, a new cybersecurity threat has emerged. Researchers at Google DeepMind have identified a critical vulnerability they call “AI Agent Traps.&…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Following the high-profile supply chain compromise of the widely used Axios package, a highly coordinated social engineering campaign has been uncovered targeting top-tier Node.js and npm maintainers. Security researchers confirm that the Axios breach …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new investigation by Fairlinked e.V. claims that Microsoft-owned LinkedIn is running a massive, undisclosed corporate surveillance operation. According to the “BrowserGate” report, hidden code on LinkedIn’s website secretly scans th…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Anthropic has officially shut down third-party AI agent access to its Claude subscription services, pulling the plug on unauthorized external integrations. This move marks a major shift in how developers and power users can interact with Claude’s…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers at watchTowr Labs have disclosed a critical exploit chain in the Progress ShareFile Storage Zone Controller. The vulnerabilities, tracked as CVE-2026-2699 and CVE-2026-2701, enable unauthenticated attackers to achieve Remote Code E…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has officially initiated an automated, machine-learning-based rollout for Windows 11, version 25H2, targeting unmanaged systems. As part of its ongoing efforts to keep devices secure, similar to routine patch deployments that address critical…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Daniel Rhyne, a 59-year-old former core infrastructure engineer, pleaded guilty on April 1, 2026, to federal hacking and extortion charges. He admitted to locking out administrators and sabotaging systems at his former New Jersey-based employer in an a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Kimsuky is using multi-stage malicious LNK files to deploy a Python-based backdoor, adding new intermediate scripts while keeping the final payload logic largely unchanged. The campaign abuses Windows Task Scheduler, Dropbox, and bundled Python runtime…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting the TrueConf Client to its Known Exploited Vulnerabilities (KEV) catalog. This addition follows clear evidence that threat actors are ac…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
