Cybersecurity

Attackers exploit Microsoft Entra ID OAuth spoofing blind spot

Threat actors are using OAuth client ID spoofing to silently enumerate accounts and validate credentials in Microsoft Entra ID.The technique exploits a telemetry blind...

Grok AI Uploads Full Git Repos, Not Just Code Files

xAI's Grok Build CLI was uploading entire Git repositories with full commit history to a Google Cloud Storage bucket, not just files needed for...

New macOS Malware ‘CrashStealer’ Steals Crypto, Passwords

Researchers at Jamf Threat Labs have discovered a new macOS information stealer called CrashStealer that harvests sensitive data from compromised systems.Unlike typical AppleScript-based malware,...

AI-coded PowerShell script used in Active Directory intrusion

Threat actors used an AI-generated PowerShell script to enumerate Active Directory, marking a new wave of vibe-coded malware.The attack chain included RDP access with...

CISA adds two critical Joomla extension flaws to KEV list

U.S. CISA added two maximum-severity Joomla extension flaws to its Known Exploited Vulnerabilities (KEV) catalog after zero-day attacks in the wild.Both vulnerabilities—CVE-2026-48939 in iCagenda...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber espionage campaign between February 2024 and April 2026.The operation compromised...

Three OpenClaw AI flaws allow host takeover via WhatsApp

Three high-severity flaws in the OpenClaw AI assistant (CVSS 8.8, 8.8, 8.4) could enable credential theft, privilege escalation, and arbitrary code execution.Researcher Chinmohan Nayak...

XRING bug lets attackers crash XQUIC servers with legal traffic

A remote crash vulnerability dubbed XRING affects all versions of Alibaba's XQUIC library, disclosed July 8.The flaw requires only 260 bytes of legitimate QPACK...

Latest news

France orders Polymarket block over illegal gambling

France’s National Gambling Authority (ANJ) ordered ISPs to block Polymarket, deeming prediction markets illegal gambling.The ANJ cited a lack...

ChartUp Solana Volume Bot: An All-in-One Toolkit Review

Solana teams often assemble testing workflows from unrelated scripts, wallets, dashboards, and venue-specific services. That fragmentation makes it harder...

ChartUp Solana Volume Booster: Random Trade Size Tests

A private Solana test becomes less informative when every swap repeats the same value. Uniform orders may prove that...