Archive
All articles, newest first. Page 13.
Italian Revenue Agency Phishing: CERT-AGID Alerts on Targeted SPID Credential Theft
CERT-AGID has identified a targeted phishing campaign impersonating Italy’s Revenue Agency. The attack uses pre-populated login forms…
Unit 42: Frontier AI Models Exploiting Open-Source Transparency to Automate Supply Chain Attacks
Frontier AI models are demonstrating the autonomous reasoning required to identify vulnerabilities in open-source code and orchestrate…
Talos Unveils AI Honeypots to Trap Malicious Agents: The Rise of Cognitive Warfare
Cisco Talos demonstrates how generative honeypots can deceive automated AI threats by weaponizing their lack of contextual awareness a…
Kemp LoadMaster Vulnerability: Authenticated RCE Found in customLocation Parameter
Advisory ZDI-26-319 reveals a command injection flaw in Progress Software’s Kemp LoadMaster. Authenticated users can exploit the custo…
PoC Zealot: Autonomous AI Executes End-to-End GCP Cloud Attack
Unit 42’s Zealot project demonstrates how multi-agent AI systems can autonomously chain SSRF, credential theft, and BigQuery exfiltrat…
18 Malicious AI Extensions Exposed: Unit 42 Details Email Spying and RAT Risks
Palo Alto Networks Unit 42 has uncovered 18 AI browser extensions that masquerade as productivity tools while deploying RATs and spyin…
First VPN Seized: 'No-Log' Service Revealed as Law Enforcement Trap for Cybercriminals
Europol and Dutch police have dismantled First VPN, a specialized infrastructure hub for ransomware and data theft. The operation seiz…
Chrome Internal Bug Reports Surge to 200+ as Google Leans on AI
Google addressed more than 200 internally discovered vulnerabilities in Chrome between March and May 2026. The spike aligns with the c…
Drupal Fixes 'Highly Critical' SQL Injection Vulnerability Impacting PostgreSQL
Drupal has released urgent security patches for CVE-2026-9082, an unauthenticated SQL injection flaw. The vulnerability specifically t…
Microsoft Defender Zero-Days Under Active Attack; CISA Mandates Patching by June 3
Microsoft has confirmed that two vulnerabilities in Microsoft Defender are being actively exploited in the wild. CISA has added both f…
CVE-2026-46333: Nine-Year-Old Linux Kernel Flaw Enables Root Escalation
Qualys researchers have disclosed CVE-2026-46333, a Linux kernel vulnerability dormant since 2016 that enables local privilege escalat…
GitHub: 3,800 Internal Repos Exfiltrated via Trojanized VS Code Extension
GitHub has confirmed the theft of approximately 3,800 internal repositories after an employee installed a trojanized version of the Nx…
Ransomware 2026: Extortion Tactics Pivot Beyond File Encryption
Kaspersky’s May 12, 2026 report reveals a fundamental shift in the threat landscape: as encryption loses its leverage, attackers are p…
CVE-2025-68670: Pre-auth RCE Vulnerability Identified in xrdp Server Domain Field
A technical breakdown of CVE-2025-68670: A stack buffer overflow within xrdp's domain name processing logic enables unauthenticated re…
Mirai Variant Targets EOL TP-Link Routers via Flawed Exploit for Valid Vulnerability
Unit 42 has identified active exploitation attempts targeting CVE-2023-33538 on end-of-life TP-Link routers. While current in-the-wild…
Frontier AI: The Shift from Coding Assistant to Autonomous Threat Agent
Research from Unit 42 reveals that frontier AI models now possess the autonomous reasoning capabilities of full-spectrum security rese…
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agent Workflows
Microsoft has unveiled two open-source security tools for AI agents: RAMPART, a Pytest-native framework for build-time testing, and Cl…
Trust3 AI Launches MCP Security: A Hardened Control Plane or Just Another Promise?
Trust3 AI has announced MCP Security to protect enterprise agentic workloads, focusing on connection verification, isolated tokens, an…
AI-Driven Mobile Attacks Hit New Record: Apps Compromised Within Two Hours of Release
The Digital.ai 2026 App Security Threat Report reveals that 87% of client-facing applications are now under systematic attack, with th…
1Password and OpenAI Partner to Provide Just-in-Time Credentials for AI Agents
1Password integrates its Environments MCP Server into OpenAI's Codex, enabling just-in-time credentialing for AI coding agents to prev…
CISA Faces Congressional Scrutiny After Months-Long AWS GovCloud Credential Leak on GitHub
Senator Maggie Hassan has demanded a classified briefing from CISA following the discovery of a public GitHub repository that exposed…
Italian Revenue Agency Phishing: Cloned SPID Portal Uses Pre-filled Emails to Target Public Sector
CERT-AGID has identified a targeted phishing campaign against the Italian Revenue Agency (Agenzia delle Entrate) featuring cloned SPID…
ExifTool RCE: Kaspersky GReAT Uncovers macOS Command Injection via Metadata
CVE-2026-3102 impacts ExifTool versions 13.49 and earlier on macOS. The vulnerability allows for command injection within the SetMacOS…
GitHub Breach: 3,800 Internal Repositories Stolen via Malicious VS Code Extension
GitHub has confirmed a security breach affecting approximately 3,800 internal repositories after an employee device was compromised by…