Deep dives into AI security, offensive techniques, compliance frameworks, and emerging threats.
Recent research from Forcepoint X-Labs, Google Online Security, and Pillar Security shows that indirect prompt injection is now a live-fire threat, enabling API key exfiltration, payment abuse, and copyright denial-of-service attacks.
SentinelLabs’ analysis of fast16, a Lua-based Windows sabotage framework with an August 30, 2005 build timestamp, shows that sophisticated, likely state-backed cyber sabotage capabilities existed at least five years before Stuxnet.
ESET has detailed a new China-aligned APT dubbed GopherWhisper, active since November 2023, that uses a Go-heavy toolset and abuses Discord, Slack, Microsoft 365 Outlook, and file.io as covert C2 channels—bypassing traditional egress monitoring.
Trend Micro has released the first end-to-end public analysis of the Vercel breach, highlighting a critical but under-discussed weakness: the OAuth gap. Here’s what happened, why it matters, and what teams building on Vercel and similar platforms should do next.
Sysdig observed a live exploit against an lmdeploy honeypot just 12.5 hours after a GitHub advisory dropped. For AI infrastructure teams, this means your effective patch window is now measured in hours, not days.
a threat actor called teampcp hit checkmarx's kics open-source security scanner with valid publisher credentials on april 22. trojanized docker images and vs code extensions shipped for about 80 minutes. this is the second compromise of checkmarx's supply chain in two months and the pattern is the point.
cisa added a pre-auth rce in a python ai notebook to the kev catalog on april 23. sysdig caught the exploit in the wild within ten hours, then watched attackers stage a blockchain-backed backdoor through a typosquatted hugging face space. if you run marimo, you are now officially late.
Rapid7 reverse-engineered two Kyber ransomware variants from a single March 2026 incident. The gang markets itself on Kyber1024 post-quantum encryption. The Linux ESXi build actually runs ChaCha8 wrapped with RSA-4096. The real signal is not the fake branding, it is that one affiliate encrypted Windows and ESXi simultaneously, which defeats the standard "restore from backup" plan.
SGLang CVE-2026-5760 weaponizes a GGUF model file into remote code execution on the inference server. The exploit is an SSTI in the model's chat_template field, rendered through an unsandboxed Jinja2 environment. Hugging Face is now a malware channel, and the mitigation is not "trust less," it is "pin hashes and template shapes."
Microsoft pushed an emergency out-of-band patch for ASP.NET Core DataProtection. CVE-2026-40372 is a CVSS 9.1 cryptographic regression: versions 10.0.0 through 10.0.6 mishandle the HMAC, letting unauthenticated attackers forge auth cookies and pivot to SYSTEM. The lesson is not the patch, it is that a foundational crypto primitive quietly regressed in a Microsoft NuGet package and stayed in production for six months.
CISA gave federal agencies four days to patch three actively exploited Cisco Catalyst SD-WAN Manager vulnerabilities. That compressed deadline is a signal: attackers are already chaining these bugs for high-impact compromise. Inventory your SD-WAN managers, pull them off the public internet, and patch on the federal timeline—not your usual one.
Check Point’s telemetry on a shared SystemBC C2 shows over 1,570 proxied hosts tied to the Gentlemen ransomware operation and others, underscoring that new RaaS brands are usually old operators with mature tooling—and that SystemBC infrastructure must be treated as shared, high-value hunting ground.
BRIDGE:BREAK exposes 22 vulnerabilities in Lantronix and Silex serial-to-IP converters that sit invisibly between OT and IT. With nearly 20,000 devices exposed to the internet and chronic patching failures, the real risk is silent data manipulation on critical industrial and medical systems. Here’s why it matters and what to do this week.
An employee installed an AI tool, Context.ai, as a Google OAuth app. When Context.ai got breached, the blast radius landed at Vercel. This is the shadow-AI supply chain risk we have all been pretending is theoretical.
OpenAI launched GPT-5.4-Cyber for security defenders this week. The model is good. The harder question is whether that changes the arithmetic.
Iranian hackers are manipulating industrial control systems in US water and energy facilities. The FBI, CISA, NSA, EPA, DOE, and Cyber Command all issued a joint warning. The internet still has 3,900 exposed PLCs sitting out there.
CVE-2026-34621 has been quietly doing damage since late 2025, hidden inside PDFs that look completely normal. Adobe finally patched it Saturday. Here's what happened.
Anthropic just released a preview of Mythos, its most capable model yet, to a select group of companies for cybersecurity work. The company simultaneously warned it could be weaponized by attackers. Both things can be true.
Two critical FortiClient EMS flaws, both unauthenticated, both actively exploited before a patch existed.
LAPSUS$ claimed a hit on AstraZeneca - AWS keys, code repos, employee data - and they're selling, not leaking. Here's what that shift tells you.
The first confirmed supply chain attack on a core LLM routing library landed today. It won't be the last.
The Trivy supply chain compromise didn't stop at stealing CI/CD secrets. It spawned a self-propagating worm across npm - and it uses blockchain for C2.
CNCERT issued two warnings in two days, and state banks started banning it from office computers.
Everyone is building AI agents. Almost nobody is securing them. Here's what that actually looks like.
Most AI agent security is an afterthought. ClawSec is what happens when you build monitoring for agent systems the way you'd build it for production infrastructure.
Claude Code is genuinely useful. It also has an attack surface most people haven't thought about yet.
No posts match this tag.