Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT
Ravie LakshmananJun 02, 2026Cyber Espionage / Threat Intelligence Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by...
Hacking
Category Added in a WPeMatico Campaign
Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded
Ravie LakshmananJun 02, 2026Identity Security / Data Protection Password manager Dashlane has disclosed that "fewer than" 20 users on the...
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from...
⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
Ravie LakshmananJun 01, 2026Cybersecurity / Hacking Monday hit like a cron job with anger issues. A busted auth path here,...
China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan
A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic...
The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools
Three years ago, the practical question for an MSP building a cybersecurity practice was which "vCISO platform" to buy. The...
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a...
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
Ravie LakshmananJun 01, 2026Vulnerability / Website Security, Threat actors are attempting to actively exploit a critical security flaw impacting WP...
Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices
Ravie LakshmananMay 31, 2026IoT Security / Network Security Dutch authorities have announced the takedown of a botnet that enslaved millions...
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Ravie LakshmananMay 30, 2026Vulnerability / Network Security Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting...
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant's implicit trust...
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
Ravie LakshmananMay 29, 2026Vulnerability / Artificial Intelligence An unknown threat actor has been observed using a large language model (LLM)...
New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks
Ravie LakshmananMay 29, 2026Cyber Espionage / Artificial Intelligence A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing...
What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks
Shadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something bigger: employees building full...
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of...
