Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large...
Year: 2026
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild – Patch Now
Ravie LakshmananJun 09, 2026Vulnerability / Browser Security Google has released security updates to address 74 vulnerabilities, including one that has...
The Hidden Security Risk in Modern Networks: The Work Between Tools
Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI...
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and...
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
Ravie LakshmananJun 09, 2026Vulnerability / Artificial Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity...
You do surprise me.exe: An unexpected executable in Hola Browser
During review work related to an AppEsteem Windows Certified Application test, Sophos X-Ops recently identified an unexpected executable delivered alongside...
Meta Accuses NSO of Violating WhatsApp Court Injunction
Meta Accuses NSO of Violating WhatsApp Court Injunction Pierluigi Paganini June 08, 2026 Meta says NSO violated a court injunction...
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
Swati KhandelwalJun 08, 2026Linux / Vulnerability Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that...
Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open
We track the binary payload chain (CVE-2025-8088 to LNK to PowerShell to result.dll) under SHADOW-EARTH-066, our temporary designation for the...
Governing Claude Enterprise in Environments Where Inline Controls Can’t Go
When Anthropic launched the Claude Compliance API in May 2026, it acknowledged something security teams have been wrestling with quietly:...
Meta: NSO Tried Targeting WhatsApp Users Despite Court Order
A court order told NSO Group to stay away from WhatsApp. Meta says the spyware maker came back anyway. Meta...
Everest Forms Pro WordPress Flaw is Handing Attackers Admin Access
Everest Forms Pro WordPress Flaw is Handing Attackers Admin Access Pierluigi Paganini June 08, 2026 Hackers exploit CVE-2026-3300 in Everest...
Meta Blocks NSO Group’s New WhatsApp Phishing Attack, Files Contempt Order
Ravie LakshmananJun 08, 2026Spyware / Mobile Security Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli...
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
Ravie LakshmananJun 08, 2026Vulnerability / Network Security Check Point has warned of active exploitation of a critical vulnerability impacting Remote...
OpenAI Expands ChatGPT Lockdown Mode to Millions of Eligible Users
ChatGPT’s stricter security mode is getting a wider release. OpenAI is making Lockdown Mode, an optional setting in ChatGPT that...