CYBERSECZERO-DAY

SharePoint JWT Bypass and the AI Agent That Rewrites Zero-Day Discovery

Microsoft patched a SharePoint authentication bypass (CVE-2026-55040) discovered by Rapid7 using agentic AI. The CVSS 5.3 rating masks…

Jul 14, 2026views - 1.3k

exploitEXPLOIT

Metasploit Arms FlowiseAI and macOS: Two Exploits Land in the Framework

Metasploit has merged exploit modules for CVE-2026-41264, an unauthenticated RCE in FlowiseAI's CSV Agent, and CVE-2024-27822, a local…

Jul 11, 2026views - 1.3k

aiCRITICAL

Friendly Fire: Defensive AI Agents Turn into RCE Attack Vectors

The AI Now Institute's Friendly Fire report, published July 8, 2026, demonstrates that Anthropic's Claude Code and OpenAI's Codex — to…

Jul 10, 2026views - 1.3k

CYBERSEC

Microsoft: AI Will Make Patch Tuesday Permanently More Demanding

Microsoft EVP Pavan Davuluri confirmed on July 9, 2026 that AI will permanently increase the volume of security updates in each Patch…

Jul 10, 2026views - 1.7k

CYBERSEC

AI-Generated Malware Maps Active Directory: How It Was Caught

On June 3, 2026, Huntress detected an attack using an AI-generated PowerShell script created via vibe coding. Behavioral detection suc…

Jul 09, 2026views - 1.2k

agentic

Agentic AI: A Lone Attacker Compromises Enterprise AWS in 72 Hours

Sygnia documents the first operational case of a lone threat actor using AI-assisted workflows to compress an enterprise AWS attack fr…

Jul 08, 2026views - 1.4k

aiZERO-DAY

Ollama Zero-Day DoS: downloadBlob Bug Puts Local AI Servers at Risk

ZDI has disclosed a zero-day vulnerability in Ollama enabling unauthenticated remote denial-of-service attacks via the downloadBlob fu…

Jul 08, 2026views - 1.5k

ai

HalluSquatting Turns AI Assistants' Predictable Hallucinations into a Botnet Installation Vector

Researchers from Tel Aviv University, Technion, and Intuit demonstrated that nine AI coding tools install botnet malware when asked fo…

Jul 08, 2026views - 1.4k

CYBERSEC

Malicious AI Skills: 3,000 Evade Scanning, Enterprises Exposed

ESET detected over 3,000 malicious skills among nearly 900,000 analyzed. The SkillCloak technique bypasses static scanners in more tha…

Jul 08, 2026views - 1.3k

linuxEXPLOIT

GhostLock: 15-Year Linux Kernel Bug Now Publicly Exploitable, Guarantees Root

CVE-2026-43499 enables root escalation and container escape on nearly every Linux distribution since 2011. Nebula Security published t…

Jul 08, 2026views - 1.4k

aiADVISORY

Elastic Automates CVE Advisory Writing with RAG on MITRE Data

Elastic Security Labs has put into production an AI pipeline that generates complete CVE advisory drafts with CWE, CAPEC, and CVSS, gr…

Jul 06, 2026views - 220

ai

SkillCloak: 90% of AI Agent Skill Scanners Fail Against Obfuscated Skills

HKUST researchers demonstrate that static scanners on AI skill marketplaces systematically fail against active evasion techniques. The…

Jul 06, 2026views - 1.3k