CYBERSEC

ChocoPoC RAT: How Fake PoCs on PyPI Infected Vulnerability Researchers

ChocoPoC, a Python RAT, spreads via GitHub repositories posing as proof-of-concept exploits that hide the payload in transitive PyPI d…

Jul 02, 2026views - 1.8k

malware

ClickFix Evolves Into a Platform: Analysis of 3,000 Payloads Reveals API-Driven Delivery

A researcher analyzed 3,000 live ClickFix payloads, uncovering an API-driven architecture, rotating cryptographic wrappers, and adopti…

Jul 01, 2026views - 1.2k

agentic

Agentjacking: Fake Bug Report Hijacks AI Coding Agents, 85% Success Rate

Tenet Security researchers demonstrated on June 12, 2026 that a poisoned Sentry error report can hijack Claude Code, Cursor, and Codex…

Jul 01, 2026views - 1k

CYBERSECCRITICAL

Langflow RCE Exploited for Miner Worm: 19-Day Campaign

CVE-2026-33017: Commodity operators exploit exposed AI endpoints to deploy Lambsys, an SSH worm that compromises entire enterprise inf…

Jun 30, 2026views - 1.4k

CYBERSEC

DarkMoon: Open-Source AI Pentesting at $10 a Scan — and the Hard Limit of Vendor LLM Classifiers

DarkMoon separates LLM reasoning from execution via MCP to bypass Anthropic's safety classifiers. At roughly $10 per web-app scan, the…

Jun 29, 2026views - 942

VULNZERO-DAY

ZDI-26-397: Use-After-Free in X.Org Server Opens Door to Local Privilege Escalation

A Use-After-Free flaw in X.Org Server's CreateSaverWindow function (CVE-2026-50263) lets a local low-privilege attacker leak sensitive…

Jun 28, 2026views - 1.6k

CYBERSECZERO-DAY

ZDI-26-393: Stack Buffer Overflow in X.Org Server XKB Subsystem Enables Local Root Escalation

The Zero Day Initiative disclosed ZDI-26-393 on June 24, 2026, detailing a local privilege escalation vulnerability in X.Org Server. A…

Jun 28, 2026views - 1.4k

linux

Masquerading Linux: When ps Lies and eBPF Exposes the Truth

A SANS ISC post demonstrates how prctl and argv overwriting make ps and top unreliable on Linux, and why only eBPF tools like Kunai ca…

Jun 27, 2026views - 1.5k

CYBERSECEXPLOIT

Miasma: The Malware Turning npm Into a Developer Trap

Miasma compromised 109 npm packages and GitHub Actions using Phantom Gyp and the Bun runtime. It extracts CI/CD secrets from memory an…

Jun 26, 2026views - 1.7k

linuxCVE

CVE-2026-46331: Linux 'pedit COW' Exploit Gains Root in 24 Hours

A Linux kernel bug corrupts the page cache of setuid binaries such as /bin/su without touching disk, bypassing all integrity checks.

Jun 26, 2026views - 1.1k

VULNEXPLOIT

DirtyClone: The Fourth Variant in the DirtyFrag Family

CVE-2026-43503, the fourth variant in the DirtyFrag family, exploits cloned packets to corrupt file-backed memory. JFrog published a f…

Jun 26, 2026views - 928

CYBERSEC

Linux Foundation Launches Akrites: A Shared SIRT for Open Source Software

Akrites brings 19 tech giants under one shared SIRT for open source vulnerabilities. A 5% patch rate and Dolan's admission: the road a…

Jun 26, 2026views - 1.2k