CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited
CISA adds two vulnerabilities affecting Microsoft Office and HPE OneView to its KEV list, urging agencies…
[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl
AI agents now build and run software automatically. Insecure MCPs and CVE-2025-6514 show how trusted automation…
PLUGGYAPE Malware Targets Ukrainian Defense Forces via Signal and WhatsApp
PLUGGYAPE malware targets Ukrainian defense forces via Signal and WhatsApp using phishing and evolving backdoors, CERT-UA…
AI Agents: Privilege Escalation and Authorization Bypass Risks
Enterprise AI agents automate tasks, but with broad permissions, they can bypass access controls, enabling unauthorized…
Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers
Over 550 Kimwolf and Aisuru botnet command-and-control (C2) servers have been null-routed to combat DDoS attacks…
Microsoft Disrupts RedVDS Cybercrime Infrastructure Used for Fraud
Microsoft took legal action to disrupt RedVDS, a crimeware service linked to $40M losses and 191,000…
4 Outdated Habits Destroying Your SOC’s MTTR in 2026
Leading SOCs reduce MTTR and MTTD by using automated, behavior-based analysis instead of manual reviews and…
AI Security: Workflow Security Is Critical, Not Just Model Security
AI security is shifting to workflows as malicious extensions steal chat data and prompt injections abuse…
Reprompt Attack: Single-Click Data Exfiltration From Microsoft Copilot
Researchers reveal Reprompt attack allowing single-click data exfiltration from Microsoft Copilot via indirect prompt injection, now…
AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks
A misconfigured AWS CodeBuild webhook allowed bypass of actor ID checks, risking takeover of four AWS…
Latest Posts
- Drones to Diplomas: Russia’s University Linked to $25M Essay Mill
- The Kimwolf Botnet is Stalking Your Local Network
- Who Benefited from the Aisuru and Kimwolf Botnets?
- Windows 11 PCs may fail to shut down after January update: Microsoft confirms
- Cisco Patches AsyncOS Zero-Day Exploited Since November 2025
