Category: Exploits

AI copilots are incredibly intelligent and useful — but they can also be naive, gullible, and even dumb at times. A new one-click attack flow discovered by Varonis Threat Labs researchers underscores this fact. ‘Reprompt,’ as they’ve dubbed it, is a three-step attack chain that completely bypasses security controls after an initial LLM prompt, giving…

Read more →

AI copilots are incredibly intelligent and useful — but they can also be naive, gullible, and even dumb at times. A new one-click attack flow discovered by Varonis Threat Labs researchers underscores this fact. ‘Reprompt,’ as they’ve dubbed it, is a three-step attack chain that completely bypasses security controls after an initial LLM prompt, giving…

Read more →

While ‘traditional’ ransomware attacks remain stable, some gangs are shifting towards exploiting zero-days and supply chains to go straight to stealing data

Read more →

A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack. The vulnerability, tracked as CVE-2026-23550 (CVSS score: 10.0), has been described as a case of unauthenticated privilege escalation impacting all versions of the plugin prior to and including 2.5.1. It has been patched…

Read more →

Hacktivists and cybercriminals have intensified their efforts to exploit vulnerabilities in industrial systems, according to a Cyble report

Read more →

[This is a Guest Diary by Matthew Presnal, an ISC intern as part of the SANS.edu BACS program] Cryptojacking and botnets can pose a greater threat than a simple drain of resources. These organizations have been known to engage in “DDoS for Hire” or even selling off footholds, acting as Initial Access Brokers (IABs). To…

Read more →

[This is a Guest Diary by Matthew Presnal, an ISC intern as part of the SANS.edu BACS program] Cryptojacking and botnets can pose a greater threat than a simple drain of resources. These organizations have been known to engage in “DDoS for Hire” or even selling off footholds, acting as Initial Access Brokers (IABs). To…

Read more →

Researchers have uncovered a new sophisticated and modular malware framework designed to operate stealthily inside Linux systems and containers. The framework seems to have been designed by Chinese developers with in-depth knowledge of Linux internals and was created to be used against cloud servers. “The framework, internally referred to by its original developers as VoidLink,…

Read more →

Popular vibe coding platforms consistently generate insecure code in response to common programming prompts, including creating vulnerabilities rated as ‘critical,’ new testing has found. Security startup Tenzai’s top-line conclusion: the tools are good at avoiding security flaws that can be solved in a generic way, but struggle where what distinguishes safe from dangerous depends on…

Read more →

Phishing attacks have been identified using fake PayPal alerts to exploit remote monitoring and management tools

Read more →

Security experts have disclosed details of an active malware campaign that’s exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. “Attackers achieve evasion by pairing a malicious libcares-2.dll with any signed version of the legitimate…

Read more →

CrowdStrike has agreed to acquire Israel-based Seraphic Security, a browser runtime security company, to extend its Falcon platform to browser-native enterprise security. Expected to close by April, the acquisition will allow CrowdStrike to integrate Seraphic’s browser-native protection with its Falcon endpoint telemetry and threat intelligence capabilities. The move comes just days after CrowdStrike announced plans…

Read more →

Microsoft has patched three zero-day vulnerabilities in the first patch Tuesday of 2026, including one under active exploitation

Read more →

Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the 114 flaws, eight are rated Critical, and 106 are rated Important in severity. As many as 58 vulnerabilities have been classified as privilege escalation, followed…

Read more →

Node.js has released updates to fix what it described as a critical security issue impacting “virtually every production Node.js app” that, if successfully exploited, could trigger a denial-of-service (DoS) condition. “Node.js/V8 makes a best-effort attempt to recover from stack space exhaustion with a catchable error, which frameworks have come to rely on for service availability,”…

Read more →

Today, Microsoft released patches for 113 vulnerabilities. One of these vulnerabilities affected the Edge browser and was patched upstream by Chromium. Eight of the vulnerabilities are rated critical. One has been disclosed before today, and one is already being exploited. Five of the critical vulnerabilities affect Microsoft Office components. Noteworthy Vulnerabilities %%cve:2026-20854%%: A remote code…

Read more →

Today, Microsoft released patches for 113 vulnerabilities. One of these vulnerabilities affected the Edge browser and was patched upstream by Chromium. Eight of the vulnerabilities are rated critical. One has been disclosed before today, and one is already being exploited. Five of the critical vulnerabilities affect Microsoft Office components. Noteworthy Vulnerabilities %%cve:2026-20854%%: A remote code…

Read more →

A high-severity security flaw in the Gogs Git service is being actively exploited, leading to remote code execution

Read more →

Old Playbook, New Scale: While defenders are chasing trends, attackers are optimizing the basics The security industry loves talking about “new” threats. AI-powered attacks. Quantum-resistant encryption. Zero-trust architectures. But looking around, it seems like the most effective attacks in 2025 are pretty much the same as they were in 2015. Attackers are exploiting the same…

Read more →

I have stared at enough scanner dashboards to recognize the pattern. SAST flags theoretical flaws that never execute. DAST shrugs because the route to the vulnerable function is blocked. SCA floods the zone with CVEs that never touch a hot path. MAST scolds my mobile app for secrets I retired last quarter. These tools are…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-8110 (CVSS score: 8.7), relates to a case of path traversal in the repository file editor that could result in code…

Read more →

Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far back as February 2024. Cybersecurity firm Huntress, which observed the activity in December 2025 and stopped it before it could progress to the final…

Read more →

Exploitation of CVE-2025-37164 can enable remote code execution on HPE’s IT infrastructure management platform, leading to devastating consequences.

Read more →

The “ZombieAgent” exploit makes use of ChatGPT’s long-term memory and advanced capabilities.

Read more →

Angreifer missbrauchen falsch konfigurierte Richtlinien, um Phishing-E-Mails wie interne E-Mails aussehen zu lassen, Filter zu umgehen und Anmeldedaten zu stehlen. batjaket – shutterstock.com Das Threat Intelligence Team von Microsoft hat kürzlich festgestellt, dass Angreifer zunehmend komplexe E-Mail-Weiterleitungen und falsch konfigurierte Domain-Spoofing-Schutzmaßnahmen ausnutzen. Dabei lassen sie ihre Phishing-Nachrichten so aussehen, als würden sie von den angegriffenen…

Read more →

Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit. The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below – CVE-2009-0556 (CVSS score: 8.8) – A code injection vulnerability in Microsoft Office

Read more →