Archive

Articles

101. Google Identifies First AI-Generated Zero-Day Weaponized in the Wild 2026-05-13

     Google confirms the first documented case of an AI-developed zero-day exploit used in the wild, targeting a 2FA vulnerability in an open-source admin tool. The era of LLM-driven e…

102. Google Disrupts AI-Generated Zero-Day: 2FA Bypass Found in Open-Source Tool 2026-05-13

     The Google Threat Intelligence Group (GTIG) has neutralized an AI-generated zero-day exploit targeting 2FA in a system administration tool, highlighting how LLMs are accelerating…

103. CVE-2026-7482: Malicious GGUF Files Trigger Memory Leaks in Ollama 2026-05-13

     A heap out-of-bounds read vulnerability in Ollama allows unauthenticated remote attackers to exfiltrate the entire memory of the inference process. Users are advised to update to…

104. cPanel Auth Bypass Under Mass Attack: 2,000 IPs Exploiting CVE-2026-41940 2026-05-13

     The threat actor Mr_Rot13 is weaponizing CVE-2026-41940 to deploy backdoors and steal credentials from cPanel/WHM instances. Security researchers have identified over 2,000 unique…

105. Critical GitHub RCE: A Single Git Push Can Trigger Remote Code Execution 2026-05-13

     A critical RCE vulnerability (CVE-2026-3854) affecting GitHub.com and Enterprise Server allows arbitrary code execution via crafted git push options. While the cloud platform was…

106. Exim Patches Critical Unauthenticated RCE Vulnerability in GnuTLS-Linked Servers 2026-05-12

     CVE-2026-45185 allows unauthenticated remote code execution on Exim mail servers compiled with GnuTLS. Since there are no available workarounds, an immediate upgrade to version 4.…

107. Mini Shai-Hulud Worm: 170+ Packages Compromised as SLSA Protections Bypassed 2026-05-12

     The Mini Shai-Hulud worm has compromised over 170 npm and PyPI packages by exploiting GitHub Actions to generate valid SLSA attestations, effectively neutralizing provenance-based…

108. Bleeding Llama: Why "On-Premises" Doesn't Mean "Safe" — CVE-2026-7482 and the 300,000 Exposed Servers 2026-05-12

     CVE-2026-7482 allows unauthenticated remote attackers to leak Ollama process memory via crafted GGUF files, exposing sensitive API keys, system prompts, and private user conversat…

109. Active OAuth Redirection Attacks Targeting Government Entities via Entra ID 2026-05-12

     Microsoft has identified a phishing campaign exploiting OAuth 2.0 flows to deliver multi-stage malware to public sector organizations, successfully bypassing traditional domain re…

110. Ivanti EPMM Authenticated RCE Under Active Exploitation; CISA Sets Patch Deadline 2026-05-11

     Ivanti has confirmed active exploitation of CVE-2026-6973 in its on-premises Endpoint Manager Mobile (EPMM) solution. The authenticated RCE vulnerability can be chained with other…

111. Active Exploitation of cPanel Vulnerability Deploys 'Filemanager' Backdoor 2026-05-11

     Threat actor Mr_Rot13 is weaponizing CVE-2026-41940 in cPanel/WHM to distribute the Filemanager backdoor. With over 2,000 IPs targeting unpatched systems, researchers warn that up…

112. Dirty Frag: Linux Kernel Vulnerability Chain Exploited in the Wild for Root Access 2026-05-11

     Dirty Frag chains two Linux kernel flaws to achieve deterministic local privilege escalation. With a public PoC available and active exploitation detected by Microsoft, major dist…

113. Critical Palo Alto Networks PAN-OS RCE (CVE-2026-0300) Under Active Exploitation 2026-05-11

     A critical unauthenticated root RCE vulnerability in the PAN-OS User-ID Portal is being exploited in the wild. Unit 42 has confirmed targeted cyberespionage activity linked to the…

114. Why an Active Directory Password Reset Isn't Enough to Evict an Attacker 2026-05-11

     A simple Active Directory password reset often fails to eliminate persistence. Valid Kerberos tickets, local hash caching, and ACL-based backdoors allow attackers to maintain acce…

115. Google Detects First AI-Weaponized Zero-Day Bypassing 2FA 2026-05-11

     A May 11, 2026, report from Google’s Threat Intelligence Group reveals a milestone in offensive AI: an exploit targeting an authorization logic flaw in an open-source tool, featur…

116. Google Report: Enterprise Tech Hit by Record 48% of Zero-Day Exploits in 2025 2026-05-11

     Google’s GTIG report tracks 90 zero-days exploited in 2025, revealing a strategic pivot toward enterprise infrastructure. Chinese APT activity has doubled as AI begins to collapse…

117. MetInfo CMS Under RCE Attack: Critical Vulnerability CVE-2026-29014 Actively Exploited 2026-05-11

     Threat actors are weaponizing CVE-2026-29014, an unauthenticated RCE vulnerability (CVSS 9.8) in MetInfo CMS. Activity spiked on May 1, 2026, putting approximately 2,000 exposed i…

118. CVE-2026-3854: Critical RCE Vulnerability in GitHub Triggered via Single ‘git push’ 2026-05-11

     A specifically crafted git push command can execute remote code on GitHub.com and GitHub Enterprise Server. While the cloud environment was patched in March, nearly 88% of on-prem…

119. Bleeding Llama: Critical Ollama Vulnerability Exposes Secrets on 300,000 AI Servers 2026-05-10

     Cyera researchers have disclosed CVE-2026-7482, a critical memory leak in the Ollama framework. A malformed GGUF file allows unauthenticated remote attackers to dump heap memory a…

120. Weaponized OAuth: Government and Public Sector Targeted in Malicious Redirection Campaign 2026-05-10

     Microsoft researchers have identified active campaigns abusing OAuth redirection to steer government and public sector entities toward malicious sites. The attack skips token thef…

121. Critical Apache HTTP/2 Double-Free Flaw Enables RCE and Unauthenticated DoS 2026-05-09

     CVE-2026-23918 in Apache 2.4.66 allows for unauthenticated Denial-of-Service via a single TCP connection and potential RCE on Debian and Docker environments. A mandatory upgrade t…

122. Weaver E-cology 10.0 N-Day RCE: Unauthenticated Exploitation via Debug API (CVE-2026-22679) 2026-05-09

     CVE-2026-22679 enables unauthenticated RCE in Weaver E-cology 10.0 via the Dubbo debug endpoint. In-the-wild attacks began March 17, 2026, following a patch release on March 12.

123. Weaver E-cology Under Attack: Critical RCE Exploited via Debug Endpoint 2026-05-09

     CVE-2026-22679 in Weaver E-cology allows unauthenticated RCE via an exposed debug API. With active exploitation documented since March 17 and a CVSS score of 9.8, immediate applic…

124. One Million AI Services Exposed Online: Massive Risks from Misconfigurations and Hardcoded Credentials 2026-05-09

     A security scan of over 2 million hosts has uncovered 1 million exposed AI services, many of which lack basic authentication or feature hardcoded credentials, leaving sensitive da…

125. NVIDIA Confirms GeForce NOW Data Breach via Armenian Partner 2026-05-09

     NVIDIA has confirmed that a regional partner in the GeForce NOW Alliance suffered a breach exposing user personal data. While central systems remain secure, the incident highlight…

126. cPanel Issues Critical Patches as Zero-Day Exploitation Targets WHM with Mirai and Ransomware 2026-05-09

     cPanel has released security updates for three new WHM vulnerabilities while confirming that a critical authentication bypass (CVE-2026-41940) was weaponized as a zero-day to depl…

127. Trellix Confirms Source Code Breach as RansomHouse Claims Attack on Internal Infrastructure 2026-05-09

     Cybersecurity giant Trellix has confirmed unauthorized access to its source code repository following an extortion claim by RansomHouse. While Trellix maintains that its release p…

128. Zara Data Breach: 197,000 Emails Exposed via Compromised Anodot Tokens 2026-05-08

     Threat actor ShinyHunters has published a 140 GB Zara dataset allegedly obtained via compromised Anodot authentication tokens. Have I Been Pwned confirms the exposure of nearly 19…

129. TCLBanker Weaponizes WhatsApp and Outlook to Target 59 Financial Platforms 2026-05-08

     TCLBanker targets 59 financial institutions—spanning banks, fintech, and crypto—using autonomous worm modules to propagate through WhatsApp Web and Microsoft Outlook, eroding trad…

130. ShinyHunters Defaces Canvas LMS, Threatening Leak of 275 Million Records 2026-05-08

     The ShinyHunters group hijacked the Canvas login page on May 7, 2026, threatening to leak data from 275 million users and causing widespread outages during final exam sessions.

131. Ivanti EPMM Zero-Days Under Attack: CISA Mandates Unprecedented 3-Day Patch Deadline 2026-05-07

     Two unauthenticated RCE zero-days in Ivanti Endpoint Manager Mobile (EPMM) have prompted CISA to issue a rare 72-hour remediation mandate as active exploitation attempts surge.

132. Critical GitHub RCE: Single Git Push Triggers Backend Code Execution 2026-05-07

     CVE-2026-3854 allows RCE on GitHub.com and GHES via a single git push. The discovery, facilitated by AI-assisted reverse engineering of closed-source binaries, signals a paradigm…

133. CVE-2026-31431: CISA Mandates Container Patch — Actively Exploited in the Wild 2026-05-07

     CISA has confirmed active exploitation of CVE-2026-31431, a critical Linux kernel vulnerability dubbed "Copy Fail." With a 732-byte PoC capable of triggering container escapes, fe…

134. Critical Palo Alto Zero-Day Grants Root RCE; Patches Delayed Until May 13 2026-05-06

     CVE-2026-0300 enables unauthenticated root RCE on Palo Alto firewalls. While CISA has ordered federal agencies to apply mitigations within 72 hours, official patches are not expec…

135. DAEMON Tools Supply Chain Attack: Official Installers Trojanized Since April 2026-05-06

     Signed installers for DAEMON Tools Lite were caught distributing multi-stage malware for nearly a month. While thousands were infected globally, attackers utilized surgical precis…

136. MuddyWater Mimics Chaos Ransomware to Conceal Targeted Espionage Operations 2026-05-06

     A Rapid7 investigation reveals that Iranian threat actor MuddyWater impersonated a Chaos ransomware affiliate in early 2026 to mask espionage activities, leveraging extortion as a…

137. BRICKSTORM: CISA and NSA Alert on Evolving Rust Backdoor Targeting vSphere 2026-05-06

     Cybersecurity agencies have updated their Malware Analysis Report for BRICKSTORM, a sophisticated ELF backdoor targeting VMware vSphere. The February 11, 2026, update details new…

138. MetInfo CMS: Active RCE Exploitation Targets CVE-2026-29014 2026-05-06

     Threat actors are actively leveraging an unauthenticated RCE vulnerability (CVE-2026-29014) in MetInfo CMS. Recent activity shows a significant spike in attacks targeting IP addre…

139. Multi-Ecosystem Sleeper Packages Target CI Pipelines for Credential Theft and Persistence 2026-05-06

     At least two distinct campaigns have deployed malicious sleeper packages across RubyGems, npm, and Go modules to harvest developer credentials, manipulate GitHub Actions workflows…

140. Conti-Akira Ransomware Negotiator Sentenced to 102 Months in Prison 2026-05-05

     Deniss Zolotarjovs, a key 'closer' for the Conti and Akira ransomware syndicates, has been sentenced to 102 months in U.S. federal prison for his role in extortions causing over $…

141. Vimeo Data Breach: 119,200 Emails Exposed via Anodot Integration 2026-05-05

     In May 2026, the ShinyHunters threat group published a 106 GB Vimeo archive stolen via the anomaly detection platform Anodot. The leak exposed approximately 119,200 email addresse…

142. Google Raises Android Bug Bounty to $15M — Chrome AI Rewards Cut 2026-05-05

     Google has overhauled its Vulnerability Reward Programs, offering up to $1.5 million for sophisticated Pixel exploits while reducing payouts for memory safety bugs in Chrome that…

143. CVE-2026-23918: Apache HTTP/2 Critical Double-Free Flaw — Patch Apache 2.4.67 Now 2026-05-05

     Apache HTTP Server 2.4.67 addresses CVE-2026-23918, a CVSS 8.8 double-free flaw in the HTTP/2 handler. The vulnerability enables trivial Denial-of-Service attacks and potential Re…

144. OAuth Redirection Abuse: Weaponizing Trusted Domains for Government-Targeted Phishing 2026-05-05

     Microsoft has identified active phishing campaigns targeting government and public sector organizations by exploiting OAuth error flows to deliver multi-stage malware without stea…

145. Inside the Betrayal: Cybersecurity Professionals Sentenced to 4 Years for ALPHV/BlackCat Ransomware Attacks 2026-05-05

     Two American cybersecurity experts were sentenced to four years in prison for acting as ALPHV/BlackCat ransomware affiliates. The case exposes a significant insider threat, reveal…

146. CVE-2026-22679: Critical Weaver E-cology RCE Under Active Attack Since March 2026-05-05

     An exposed debug endpoint in Weaver E-cology 10.0 allows unauthenticated remote code execution. Attacks have been detected since March 17, 2026; build 20260312 addresses the vulne…

147. Trellix Source Code Breach: The Strategic Threat of Read-Only Access 2026-05-05

     Trellix has confirmed unauthorized access to an unquantified portion of its source code repository. While the company reports no evidence of tampering or active exploits, the expo…

148. PromptMink: North Korean Hackers Weaponize AI to Poison npm Supply Chain 2026-05-04

     Researchers have uncovered 'PromptMink,' a sophisticated North Korean campaign leveraging code generated by Anthropic's Claude Opus to inject malware into npm packages, targeting…

149. Worldleaks Dumps 8.5 TB of Mediaworks Data; Hungarian Media Giant Threatens Press Over Leaks 2026-05-04

     Cyber-extortion group Worldleaks has published 8.5 TB of sensitive data allegedly stolen from Mediaworks Kft. While the Hungarian media conglomerate confirmed the breach, it has s…

150. Linux ‘Copy Fail’ Under Active Attack: CISA Sets May 15 Patch Deadline 2026-05-04

     CISA has added CVE-2026-31431, known as 'Copy Fail,' to its KEV catalog following reports of active exploitation. The stealthy 732-byte Python exploit grants local root access acr…

151. LiteLLM Exploited 36 Hours After Disclosure: Pre-Auth SQL Injection Targets AI Credentials 2026-05-02

     CVE-2026-42208 in BerriAI LiteLLM was actively exploited just 36 hours after its public disclosure. The attack targeted high-value LLM API keys, posing a severe risk of full cloud…

152. GitHub RCE via Git Push: An Analysis of CVE-2026-3854 2026-05-01

     CVE-2026-3854 leverages unsanitized Git push options to inject malicious metadata into the internal X-Stat header, enabling remote code execution and sandbox escapes across GitHub…

153. GitHub Enterprise Server RCE: 88% of Instances Remain Unpatched Following Public Disclosure 2026-05-01

     CVE-2026-3854 enables remote code execution on GitHub Enterprise Server via manipulated git push commands. Despite patches being available since March, nearly 90% of self-hosted i…

154. CVE-2026-3854: Critical RCE and Sandbox Bypass Hits Self-Hosted GitHub Instances 2026-05-01

     A critical RCE vulnerability in GitHub Enterprise Server, discovered through AI-assisted reverse engineering, left 88% of self-hosted instances exposed at the time of disclosure.…

155. Vishing and AiTM Bypass MFA: Invisible Extortion in SaaS 2026-05-01

     Criminal groups like Cordial Spider use vishing and AiTM to bypass MFA and target SaaS environments. Protect your corporate data from invisible extortion.

156. Russian Aviation Phishing: Drone Simulators Steal Sensitive Data 2026-05-01

     HeartlessSoul phishing campaign targets Russian aviation: drone simulators and Starlink tools steal geospatial data. Here is what you need to know.

157. NCSC Warning: AI-Driven Patch Wave Is Exposing Technical Debt Across Networks 2026-05-01

     The NCSC warns AI is accelerating vulnerability discovery, causing a patch wave. Historic technical debt now risks overwhelming IT teams.

158. Systemic Risk: Banking Data Breaches and the Supply Chain 2026-05-01

     2026 banking data breaches highlight the systemic risk linked to the supply chain: here's why the weakest link is the third-party vendor.

159. Ruby and Go Supply Chain Attack: Discover the Sleeper Risk 2026-05-01

     A new supply chain attack targets Ruby and Go using sleeper packages and fake wrappers. Learn how to protect CI/CD pipelines and corporate secrets.

160. Italian DPA Fines Poste: Security and GDPR Impact 2026-05-01

     Analysis of the Italian DPA fine against Poste Italiane for excessive app permissions: the conflict between PSD2 security and GDPR. Here's what to know.

161. Insider Risk in BlackCat Ransomware: Analyzing the Betrayal 2026-05-01

     Discover the impact of insider betrayal in the BlackCat ransomware: negotiators exploited defenses for extortion. What to know about the 2026 convictions.

162. OT Security: APT Alarm and Italy's Industrial Lag 2026-05-01

     Italy's lag in OT security is evident: APTs silently manipulate processes and AI reduces exploit time to hours.

163. Deepfake Analysis: Taylor Swift Trademarks Voice and Image 2026-05-01

     Taylor Swift files three trademarks for voice and image against AI deepfakes. Find out why this legal move shifts the fight to intellectual property.

164. Cyberattacks and Cargo Theft: RMM Risk in Logistics 2026-05-01

     The impact of cyberattacks on cargo theft: how phishing and RMM software hijack goods in logistics. Here's what to know about the new scenarios.

165. Anthropic Mythos Zero-Day Risk: Security Paradox Revealed 2026-04-30

     The Anthropic Claude Mythos Discord leak reveals a defensive paradox and access flaws. Discover its impact on AI security and what to know now.

166. Bluekit Risk: The AI Phishing Kit That Bypasses MFA 2026-04-30

     Discover how Bluekit, the new AI phishing kit, leverages Evilginx to bypass MFA on over 40 platforms. Learn what you need to know to protect yourself.

167. Cybersecurity: CERT-AGID Report Reveals AI Risks and GitHub RCE 2026-04-30

     Discover CERT-AGID's cybersecurity analysis: PagoPA phishing, emerging risks like GitHub RCE, and AI MCP vulnerabilities. Here's what to know.

168. PyTorch Lightning Attack: Supply Chain Risk Revealed 2026-04-30

     Discover the details of the PyTorch Lightning supply chain attack: malicious versions, npm propagation, and AI impersonation. Here's what to know.

169. ANTS France Breach: Fraudulent Access and Data Risks 2026-04-30

     A 15-year-old breached the ANTS database in France, exposing millions of records. Discover why the fraudulent access highlights systemic data risks.

170. DDoS Botnet and DNS Amplification: The Case of Brazilian ISPs 2026-04-30

     A threat actor compromised Huge Networks' infrastructure to build a DDoS botnet against Brazilian ISPs, exploiting CVE-2023-1389 and DNS reflection.

171. CVE-2026-41940: cPanel Bypass Risk and Mitigations 2026-04-30

     Analysis of CVE-2026-41940, a critical cPanel vulnerability with CVSS 9.8. Exploited for months, here is its impact on millions of servers and countermeasures.

172. EtherRAT: C2 Risk Analysis via Ethereum Smart Contracts 2026-04-30

     EtherRAT exploits Ethereum Smart Contracts for takedown-proof C2 infrastructure. Discover the impact on sysadmins and DevOps: here's what to know.

173. Linux Copy Fail Risk: The Invisible 4-Byte Root Exploit 2026-04-30

     The Linux Copy Fail vulnerability allows root escalation in 4 bytes, corrupting only RAM. Discover the impact on Kubernetes and how to mitigate the threat.

174. Fast16, Pre-Stuxnet Malware Revealed: Analysis and Impact 2026-04-30

     Discovered Fast16, a 2005 pre-Stuxnet malware that altered scientific calculations: here is what changes in cyberwarfare history and why it matters today.

175. FISA 702 Renewal Analysis: Senate Deadlock on Surveillance 2026-04-30

     The FISA 702 renewal in the Senate faces a deadlock over the CBDC amendment. Discover its impact on surveillance, privacy, and what to know.

176. RCE Vulnerability in Gemini CLI and Cursor AI: Details and Patches 2026-04-30

     Details on the critical severity vulnerability in Gemini CLI, the flaw in Cursor AI, and the hijacking of the Gemini panel in Chrome. Dates, versions, and patches.

177. Cybercrime Dubai: US-China Operation Dismantles Crypto Scam Centers 2026-04-30

     Discover the details of the joint US-China raid against crypto scams in Dubai: 276 arrests and the impact on cybercrime networks.

178. Qinglong RCE Vulnerability: Express.js Bypass Revealed 2026-04-30

     RCE authentication bypass discovered in Qinglong: how Express.js routing differences enabled the attack and why payload filtering fails.

179. WordPress Supply Chain Attacks: Dormant Backdoors and RCE in Plugins 2026-04-30

     Technical analysis of WordPress supply chain attacks: dormant backdoors, RCE, and compromised updates in Quick Page and Essential plugins.

180. Microsoft Zero-day: The Risk of the Faulty Patch Revealed 2026-04-30

     Discover the impact of the faulty Microsoft patch that left a new zero-click backdoor in Windows Shell. What to know about CVE-2026-32202.

181. Ukrainian Roblox Hackers Arrested: 610,000 Accounts Stolen 2026-04-29

     Ukrainian police arrest a hacker group that stole over 610,000 Roblox accounts and resold them for cryptocurrency. Learn how they operated and how to stay safe.

182. SAP npm Supply Chain Attack: Malware Targets CAP Packages 2026-04-29

     The Mini Shai-Hulud campaign compromises SAP npm packages, stealing credentials and establishing persistence via AI agents. Learn how to stay protected.

183. Submarine Cable Security: Europe Bolsters Defenses with €347 Million 2026-04-29

     The EU releases its submarine cable security report with a €347M allocation, while US hyperscalers control 90% of transatlantic capacity. Full analysis.

184. NPM Supply Chain Attack: Malware Found in Claude Code and VS Code Extensions 2026-04-29

     A new SAP npm package supply chain attack targets AI coding agent configurations. Discover how mini Shai-Hulud steals credentials and propagates.

185. PromptMink Malware: First Malicious Commit Co-Authored by Anthropic's Claude Opus 2026-04-29

     The Famous Chollima campaign marks the first instance of a malicious commit co-authored by an AI model, affecting over 1,700 software packages.

186. Black Axe: Southern Europe Leader Arrested in Switzerland 2026-04-29

     Ten arrests in Switzerland target Black Axe, a Nigerian criminal network specializing in romance scams and money laundering. Explaining their franchise model.

187. Vercel Breach: The Risks of Shadow AI OAuth Exposed 2026-04-29

     The Vercel breach highlights the danger of Shadow AI integrations: how a forgotten OAuth token opened corporate doors. Here is what you need to know.

188. CISA Shutdown: US Cyber Defense on Standby Due to Lack of Funds 2026-04-29

     CISA.gov is no longer actively managed due to a federal funding lapse. Meanwhile, the FIRESTARTER malware threat targets critical Cisco infrastructure.

189. EU Commission: Meta Accused of Failing to Protect Children Under 13 2026-04-29

     EU Commission finds DSA violations as Instagram and Facebook fail to block children under 13. Meta faces potential fines of up to 6% of its global revenue.

190. CISA KEV: Windows and ScreenConnect Added to List of Exploited Vulnerabilities 2026-04-29

     CISA adds CVE-2024-1708 and CVE-2026-32202 to the KEV catalog. Russian APT28 and Chinese Storm-1175 leverage these flaws for espionage and ransomware.

191. Firefox 150: Mythos AI Finds 271 Zero-Days in Paradigm Shift 2026-04-29

     Claude Mythos AI discovered 271 zero-days in Firefox 150. Learn why this marks a paradigm shift in cybersecurity and what it means for defenders.

192. Critical cPanel Vulnerability: Urgent Patch and Hosting Access Blocks 2026-04-29

     A critical cPanel authentication vulnerability forced providers to block access. Learn about the security risks and the importance of immediate updates.

193. The Gentlemen Ransomware: Over 320 Victims and Botnet of 1,570+ Companies 2026-04-29

     The Gentlemen group becomes the second most active ransomware of 2026. Over 320 victims and a ready botnet: here is the model attracting expert affiliates.

194. Scattered Spider: 'Bouquet' Arrested in Helsinki Under US Charges 2026-04-29

     A 19-year-old dual US-Estonian citizen known as 'Bouquet' has been arrested in Helsinki on US charges related to the Scattered Spider hacking collective.

195. CVE-2026-3854: Critical RCE Vulnerability on GitHub Discovered by AI 2026-04-28

     CVE-2026-3854 puts GitHub Enterprise Server at risk. Discovered via AI, it allowed RCE. Technical details and patch discrepancies inside.

196. VECT 2.0 Ransomware: The Critical Bug That Permanently Destroys Encrypted Files 2026-04-28

     A design flaw turns VECT 2.0 into a wiper: files over 131KB are irreversibly destroyed. Paying the ransom recovers nothing. Here is the full analysis.

197. CVE-2026-25874: Unpatched Critical RCE Found in Hugging Face LeRobot 2026-04-28

     A critical CVSS 9.3 flaw hits Hugging Face's LeRobot. Learn about the RCE risks and the month-long patch delay following initial disclosure.

198. Paragon Spyware: A Year of Silence on the Italian Investigation 2026-04-28

     Paragon Solutions has not responded to the Italian judiciary on Graphite spyware used against journalists. Here is why the case remains open after a year.

199. Entra ID Vulnerability: Patch for Agent ID Privilege Escalation 2026-04-28

     Microsoft fixed a vulnerability in Entra ID's Agent ID Administrator role. The bug allowed high-privilege service principal takeover. Here are the details.

200. PyPI: Package with 1.1 Million Downloads Hacked to Distribute Infostealer 2026-04-28

     A PyPI package with 1.1 million monthly downloads was compromised to distribute an infostealer. Analysis of the software supply chain attack.