Cybersecurity
News
Attackers exploit Microsoft Entra ID OAuth spoofing blind spot
Threat actors are using OAuth client ID spoofing to silently enumerate accounts and validate credentials in Microsoft Entra ID.The technique exploits a telemetry blind...
News
Grok AI Uploads Full Git Repos, Not Just Code Files
xAI's Grok Build CLI was uploading entire Git repositories with full commit history to a Google Cloud Storage bucket, not just files needed for...
News
New macOS Malware ‘CrashStealer’ Steals Crypto, Passwords
Researchers at Jamf Threat Labs have discovered a new macOS information stealer called CrashStealer that harvests sensitive data from compromised systems.Unlike typical AppleScript-based malware,...
News
AI-coded PowerShell script used in Active Directory intrusion
Threat actors used an AI-generated PowerShell script to enumerate Active Directory, marking a new wave of vibe-coded malware.The attack chain included RDP access with...
News
CISA adds two critical Joomla extension flaws to KEV list
U.S. CISA added two maximum-severity Joomla extension flaws to its Known Exploited Vulnerabilities (KEV) catalog after zero-day attacks in the wild.Both vulnerabilities—CVE-2026-48939 in iCagenda...
News
China, India groups target Pakistani police in cyber espionage
Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber espionage campaign between February 2024 and April 2026.The operation compromised...
News
Three OpenClaw AI flaws allow host takeover via WhatsApp
Three high-severity flaws in the OpenClaw AI assistant (CVSS 8.8, 8.8, 8.4) could enable credential theft, privilege escalation, and arbitrary code execution.Researcher Chinmohan Nayak...
News
XRING bug lets attackers crash XQUIC servers with legal traffic
A remote crash vulnerability dubbed XRING affects all versions of Alibaba's XQUIC library, disclosed July 8.The flaw requires only 260 bytes of legitimate QPACK...
Latest news
France orders Polymarket block over illegal gambling
France’s National Gambling Authority (ANJ) ordered ISPs to block Polymarket, deeming prediction markets illegal gambling.The ANJ cited a lack...
ChartUp Solana Volume Bot: An All-in-One Toolkit Review
Solana teams often assemble testing workflows from unrelated scripts, wallets, dashboards, and venue-specific services. That fragmentation makes it harder...
ChartUp Solana Volume Booster: Random Trade Size Tests
A private Solana test becomes less informative when every swap repeats the same value. Uniform orders may prove that...
