Cybersecurity
News
AsyncAPI npm packages compromised, deliver Miasma botnet loader
Four npm packages in the @asyncapi namespace were compromised, distributing a multi-stage botnet loader called Miasma.The attack exploited the project’s own GitHub Actions release...
News
Attackers exploit Microsoft Entra ID OAuth spoofing blind spot
Threat actors are using OAuth client ID spoofing to silently enumerate accounts and validate credentials in Microsoft Entra ID.The technique exploits a telemetry blind...
News
Grok AI Uploads Full Git Repos, Not Just Code Files
xAI's Grok Build CLI was uploading entire Git repositories with full commit history to a Google Cloud Storage bucket, not just files needed for...
News
New macOS Malware ‘CrashStealer’ Steals Crypto, Passwords
Researchers at Jamf Threat Labs have discovered a new macOS information stealer called CrashStealer that harvests sensitive data from compromised systems.Unlike typical AppleScript-based malware,...
News
AI-coded PowerShell script used in Active Directory intrusion
Threat actors used an AI-generated PowerShell script to enumerate Active Directory, marking a new wave of vibe-coded malware.The attack chain included RDP access with...
News
CISA adds two critical Joomla extension flaws to KEV list
U.S. CISA added two maximum-severity Joomla extension flaws to its Known Exploited Vulnerabilities (KEV) catalog after zero-day attacks in the wild.Both vulnerabilities—CVE-2026-48939 in iCagenda...
News
China, India groups target Pakistani police in cyber espionage
Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber espionage campaign between February 2024 and April 2026.The operation compromised...
News
Three OpenClaw AI flaws allow host takeover via WhatsApp
Three high-severity flaws in the OpenClaw AI assistant (CVSS 8.8, 8.8, 8.4) could enable credential theft, privilege escalation, and arbitrary code execution.Researcher Chinmohan Nayak...
Latest news
Saylor lists 110 reasons against Bitcoin BIP-110 fork
Strategy executive chairman Michael Saylor published a 3,700-word post with 110 reasons against Bitcoin Improvement Proposal-110 (BIP-110), which aims...
Sandworm Uses ClickFix Fake CAPTCHA to Target Ukraine
Russian state-sponsored hackers from the Sandworm group are using fake CAPTCHA checks to trick Ukrainian targets into executing malware.The...
China’s Free AI Models Won’t Kill The AI Boom
Chinese LLMs like DeepSeek and Qwen are advancing rapidly, but the AI boom's core value lies in hardware, energy,...
