🚨 Important Security Alert! An attachment in an email impersonating DHL about a shipment contains a link to a preconfigured SimpleHelp remote access tool—an ideal starting point for attackers to e...

Securing RAG Pipelines in Enterprise SaaS Connecting an LLM to your proprietary data via RAG is a massive liability; without document-level access controls, your AI is just one prompt away from ex...

New Android Spyware Morpheus Linked to Italian Surveillance Firm 🚨 Osservatorio Nessuno has uncovered a new spyware named Morpheus that spreads through fake Android apps to steal sensitive data. T...

Italy Extradites Chinese Cyber-Espionage Suspect to US 🚨 Italy has extradited an accused Chinese hacker wanted in the United States for allegedly stealing vaccine research at the height of the COV...

VECT: Ransomware by Design, Wiper by Accident 🚨 Check Point Research has discovered that the VECT 2.0 ransomware permanently destroys large files instead of encrypting them. A critical flaw in the...

Tall Tales: How Chinese Actors Use Impersonation and Stolen Narratives to Perpetuate Digital Transnational Repression In collaboration with the International Consortium of Investigative Journalist...

HTTP Requests with X-Vercel-Set-Bypass-Cookie Header This weekend, we observed several requests to our honeypot that included an X-Vercel-Set-Bypass-Cookie header. Here’s a sample request: GET / ...

DragonBreath: A Critical 0-Day Vulnerability in the Kernel 🚨 This report documents a critical 0-day vulnerability in dragoncore_k.sys, a Windows kernel-mode driver bearing a valid Microsoft WHQL s...

Robinhood Account Creation Flaw Abused to Send Phishing Emails 🚨 Online trading platform Robinhood’s account creation process was exploited by threat actors to inject phishing messages into legiti...

Firefox Bug CVE-2026-6770 Enables Cross-Site Tracking and Tor Fingerprinting A vulnerability, tracked as CVE-2026-6770, allowed attackers to fingerprint Firefox users, even in Private Browsing, an...

Canada Arrests Three for Operating SMS Blaster Device in Toronto 🚨 Canadian authorities have arrested three men for operating an “SMS blaster” device that pretends to be a cellular tower to send p...

American Teenager’s High-Flying Double Life EXPOSED 🚨 A notorious hacker who held companies hostage for millions while mocking the FBI’s efforts to catch him has been unmasked as a teenager. Prose...

ClickUp’s Hardcoded API Key Exposes 959 Emails from Fortune 500 Giants 🚨 A publicly accessible JavaScript file on ClickUp’s homepage has been silently leaking nearly a thousand corporate and gover...

Microsoft Entra Agent ID Flaw 🚨 A critical flaw in the Microsoft Entra Agent ID has been identified, allowing privilege escalation and tenant takeover via Service Principal abuse. This vulnerabili...

Critical Bug in CrowdStrike LogScale 🚨 CrowdStrike recently disclosed a critical vulnerability, tracked as CVE-2026-40050, affecting its LogScale self-hosted product. The company has released secu...

American Utility Firm Itron Discloses Breach of Internal IT Network 🚨 Breaking News: Utility technology company Itron, Inc. has disclosed that an unauthorized third party accessed some of its inte...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2026-6951 n/a - simple-git ...

California Money Launderer Sentenced to 70 Months Evan Tangeman, 22, of Newport Beach, California, was sentenced today in U.S. District Court to 70 months in prison for laundering millions of doll...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-59308 n/a - n/a In Mah...

🚨 NASA Employees Duped in Chinese Phishing Scheme 🚨 The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed...