Cybersecurity

AsyncAPI npm packages compromised, deliver Miasma botnet loader

Four npm packages in the @asyncapi namespace were compromised, distributing a multi-stage botnet loader called Miasma.The attack exploited the project’s own GitHub Actions release...

Attackers exploit Microsoft Entra ID OAuth spoofing blind spot

Threat actors are using OAuth client ID spoofing to silently enumerate accounts and validate credentials in Microsoft Entra ID.The technique exploits a telemetry blind...

Grok AI Uploads Full Git Repos, Not Just Code Files

xAI's Grok Build CLI was uploading entire Git repositories with full commit history to a Google Cloud Storage bucket, not just files needed for...

New macOS Malware ‘CrashStealer’ Steals Crypto, Passwords

Researchers at Jamf Threat Labs have discovered a new macOS information stealer called CrashStealer that harvests sensitive data from compromised systems.Unlike typical AppleScript-based malware,...

AI-coded PowerShell script used in Active Directory intrusion

Threat actors used an AI-generated PowerShell script to enumerate Active Directory, marking a new wave of vibe-coded malware.The attack chain included RDP access with...

CISA adds two critical Joomla extension flaws to KEV list

U.S. CISA added two maximum-severity Joomla extension flaws to its Known Exploited Vulnerabilities (KEV) catalog after zero-day attacks in the wild.Both vulnerabilities—CVE-2026-48939 in iCagenda...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber espionage campaign between February 2024 and April 2026.The operation compromised...

Three OpenClaw AI flaws allow host takeover via WhatsApp

Three high-severity flaws in the OpenClaw AI assistant (CVSS 8.8, 8.8, 8.4) could enable credential theft, privilege escalation, and arbitrary code execution.Researcher Chinmohan Nayak...

Latest news

Saylor lists 110 reasons against Bitcoin BIP-110 fork

Strategy executive chairman Michael Saylor published a 3,700-word post with 110 reasons against Bitcoin Improvement Proposal-110 (BIP-110), which aims...

Sandworm Uses ClickFix Fake CAPTCHA to Target Ukraine

Russian state-sponsored hackers from the Sandworm group are using fake CAPTCHA checks to trick Ukrainian targets into executing malware.The...

China’s Free AI Models Won’t Kill The AI Boom

Chinese LLMs like DeepSeek and Qwen are advancing rapidly, but the AI boom's core value lies in hardware, energy,...