The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building "a functioning operational presence inside the Drift ecosystem." [...]
Cybersecurity News and Vulnerability Aggregator
Cybersecurity news aggregator
Updated: 10:00 pm
J/K Navigate / Search S Save V Open Link
— or
treemd <(curl -sL https://allsec.sh/md) (as Markdown) Top Cybersecurity Stories Today
CISA added the flaw to KEV after Fortinet confirmed exploitation in the wild Fortinet released an emergency patch over the weekend for a critical FortiClient Enterprise Management Server (EMS) bug believed to be under attack since at least March 31.…
Pay no attention to that code behind the curtain, says Anthropic as it scrambles to defend its IPO Kettle When it comes to circling up for this week's Kettle, what is there to discuss but Anthropic's accidental release of Claude Code's source code?…
Major AI labs are investigating a security incident that impacted Mercor, a leading data vendor. The incident could have exposed key data about how they train AI models.
Latest
Monday, April 6
A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. [...]
Cloudflare was designed to be simple to use for even the smallest customers, but it’s also critical that it scales to meet the needs of the largest enterprises. While smaller customers might work solo or in a small team, enterprises often have thousands of users making use of Cloudflare’s developer, security, and networking capabilities. This scale can add complexity, as these users represent multiple teams and job functions. Enterprise customers often use multiple Cloudflare Accounts to segment their teams (allowing more autonomy and separation of roles), but this can cause a new set of problems for the administrators by fragmenting their controls. That’s why today, we’re launching our new Organizations feature in beta — to provide a cohesive place for administrators to manage users, configurations, and view analytics across many Cloudflare Accounts. Principle of least privilege The principle of least privilege is one of the driving factors behind enterprises using multiple accounts. While Cloudflare’s role-based access control (RBAC) system now offers fine-grained permissions for many resources, it can be cumbersome to enumerate all the resources one by one. Instead, we see enterprises use multiple accounts, so each team’s resources are managed by that team alone. This allows organic growth within the account: they can add new resources as needed, without giving Administrative control too widely. While multiple accounts are great at limiting permissions for most of the users within an organization, they complicate things for the administrators, as the administrators need to be added to every account and given the appropriate
The Kill Chain models how an attack succeeds. The Attack Helix models how the offensive baseline improves. The Tipping Point One person. Two AI subscriptions. Ten government agencies. 150 gigabytes of sovereign data. In December of 2025, a single unidentified operator used Anthropic’s Claude and OpenAI’s ChatGPT to breach ten Mexican government agencies and a financial institution. No cu
Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. [...]
Microsoft has resolved a known issue that was preventing some Classic Outlook users from sending emails via Outlook.com. [...]
Free OWASP Top 10 for LLM Applications exercises for AI security training. Fully white-labeled for your teaching / learning needs, no strings attached
Heads up: this post has been admin approved and I'm affiliated with the platform used to build the exercises. It's commercial, and the exercise preview link is on that tool's domain. That said, the **SCORM files are fully white-labeled — no logos, no backlinks, no sign-up, no paywall.** You can grab them and self-host if you'd prefer. \------- Hey r/cybersecurity I'm a cybersec engineer with an L&D background, and all the time I see news like this: "The #1 most downloaded skill on [OpenClaw marketplace was malware](https://www.reddit.com/r/cybersecurity/comments/1r9cuew/the_1_most_downloaded_skill_on_openclaw/)". Since I'm contributing to a training builder tool, our team put together **10 free interactive exercises on the OWASP Top 10 for LLM Applications** and decided to share them with the community. Exercises designed to build practical skills around safe AI use. Sharing them here for anyone building with LLMs, deploying AI tools, or simply trying not to become the next breach headline lol :D Free to use personally, professionally, or in commercial workshops. The only restriction is reselling or redistributing the content as a standalone product. Sharing the materials for free is encouraged! What's included: \- Identifying hidden prompt injection instructions in uploaded documents \- Spotting sensitive data categories that should never enter AI prompts \- Evaluating third-party AI plugins for supply chain risks before deployment ...and more Two ways to use it: Web view — run exercises directly in a browser, ideal for workshops or sharing with students and colleagues. GitHub repo — every exercise is packaged as a SCORM .zip, ready to import into any LMS, embed into an existing training pipeline, or test on SCORM Cloud before rollout. Note: SCORM files make API calls to the server for pre-rendered scene files and iframes. If that's a blocker for you, drop a comment, we'll figure something out. The repo root contains full course package prefixed with `[full course]`. Other .zip files in this folder contain standalone exercises if you want to build a custom curriculum. [Demo video](https://youtu.be/w2JJZWH352s) [Web view](https://learning.ransomleak.com/?category=ai-security&course=OWASP+Top+10+for+LLM+Applications) [GitHub](https://github.com/anthonydavidson189/free-interactive-ai-training-materials) Happy to answer questions or take your thoughts on the exercises! P.S: In case this gets traction — I'll add more free exercises for the community! Feel free to drop exercise topics in the comments. There's also "OWASP Top 10 for Agentic AI Applications" course in the works
An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East. The activity, assessed to be ongoing, was carried out in three distinct attack waves that took place on March 3, March 13, and March 23, 2026, per Check Point. "The campaign is primarily
Nonprofits run out of US Border Patrol stations are also selling other “operation”-themed coins that include a phrase popularized by the Proud Boys, potentially in violation of government rules.
CISA added the flaw to KEV after Fortinet confirmed exploitation in the wild Fortinet released an emergency patch over the weekend for a critical FortiClient Enterprise Management Server (EMS) bug believed to be under attack since at least March 31.…
Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10. [...]
Fuse is a blazing fast and robust wordlist generator that parses character classes, quantifiers, files, and numeric ranges. It brings a “regex-like” paradigm to generating precise datasets, allowing offensive security professionals and developers to generate specific password lists, payloads, or permutations from a compact syntax.
Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. [...]
The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building "a functioning operational presence inside the Drift ecosystem." [...]
Threat actors likely associated with the Democratic People's Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows shortcut (LNK) files acting as the starting point to drop a decoy PDF
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday. [...]
[RESEARCH] We scanned 3,471 MCP servers for invisible Unicode — GPT-5.4 follows hidden instructions 100% of the time
We just published research on invisible Unicode smuggling in MCP (Model Context Protocol) tool descriptions the metadata that AI coding agents like Claude Code, Cursor, and Codex read to decide what tools to use. **The** **short** **version:** An attacker who can publish an npm/PyPI package can embed invisible instructions in tool descriptions that survive code review, registry inspection, and security scanning and GPT-5.4 follows them with 100% reliability. **What** **we** **found** **scanning** **the** **ecosystem:** We decoded every codepoint in every string field across 3,471 MCP servers from npm and PyPI, checking 22 invisible Unicode classes. 63 servers (1.8%) contain hidden codepoints 298 total. 263 of those are U+FE0F emoji presentation selectors (benign residue from developer tooling), and 35 are U+200E left-to-right marks padding a visible prompt injection in one pedagogical package. Zero encoded payloads across any weaponizable class no tag blocks, no zero-width binary, no Graves variation selectors. Nothing weaponized. But the benign bytes prove the channel is live. So we tested what happens when you weaponize them. **Compliance** **testing** **(120** **trials** **across** **3** **models):** We embedded invisible tag-block and zero-width binary payloads in tool descriptions and tested GPT-5.4, Claude Sonnet 4.6, and Gemini 2.5 Flash with 20 trials each. **GPT-5.4** **followed** **the** **hidden** **tag-block instruction** **100%** **of** **the** **time** (20/20) it responded with the attacker's chosen answer instead of computing the actual result. Claude detected both payload types 100% of the time (40/40). Gemini ignored both but echo tests confirmed it receives and can decode the bytes, it just *chooses* *not* *to* *follow* *them*. Three models, three completely different behaviors, same payload. **The** **scariest** **part** **—** **scanner** **signal** **inversion:** We took: @mseep/railway-mcp (a real npm package with 34 tools carrying orphaned emoji selectors) and built a weaponized fork that replaces the benign bytes with a tag-block exfiltration payload. The original scores 0/100 (F) on the only security scanner in the ecosystem. The weaponized fork scores 75/100 (C). The attacker's version looks cleaner because counting findings without decoding content inverts the signal benign emoji noise generates 34 findings while a single targeted payload generates 1. **The** **pipeline** **applies** **zero** **sanitization:** We traced the bytes from npm publish through registry indexing, tools/list, SDK transport, and into the LLM context window. No layer strips invisible codepoints. No registry normalizes them. No MCP client sanitizes them before feeding tool descriptions to the model. The bytes arrive byte-for-byte intact. **Full** **paper** **+** **all** **PoC** **code:** [https://github.com/stevenkozeniesky02/agentsid-scanner/blob/master/docs/census-2026/invisible-ink.md](https://github.com/stevenkozeniesky02/agentsid-scanner/blob/master/docs/census-2026/invisible-ink.md) Everything is reproducible census decode scripts, compliance batch runner, weaponized fork demo, echo tests. This is the companion to our earlier "Weaponized by Design" research on MCP tool-description injection. Happy to answer questions.
With Cloudflare now supporting PQC encryption, I thought it'd be a fun experiment to see if I could encapsulate Plex traffic in a tunnel since it's not supported natively. 🤓
hid-omg-detect is a passive HID monitor that scores potentially malicious keyboard-like USB devices (BadUSB / [O.MG](http://O.MG) style) using: * keystroke timing entropy * plug-and-type latency * USB descriptor fingerprinting
Infostealers are harvesting credentials and session cookies at scale, bypassing traditional defenses. Lunar explains why simple breach monitoring alone can't keep up with modern credential-based attacks. [...]
SELinux is the default Linux Security Module (LSM) framework for RHEL, Fedora and openSUSE. So, many orgs have no choice but to use it for mandatory access control (MAC). From my research, I've come across many complaints about it. [Poor](https://lobste.rs/s/mjd9er/selinux_is_unmanageable_just_turn_it_off#c_mfx9sj) documentation & [usability](https://lobste.rs/s/mjd9er/selinux_is_unmanageable_just_turn_it_off#c_huuym0) are the two main issues I see most users complain about. [Turning it off](https://news.ycombinator.com/item?id=41446964) or using it in permissive mode (logging only) are common workarounds used to make it work smoothly. How does your org deal with it? SELinux is useful in shrinking the attack surface and reducing the severity of some exploits. But if it requires grinding at it for years to get proficient enough, then most users will not be able to take full advantage of its capabilities. I don't know much about AppArmor but this [article](https://unix.foo/posts/insecurity-of-debian/) claims SELinux is more robust but at the cost of increased complexity.
Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices, taking advantage of the fact that many SOC workflows are still fragmented by platform. For security leaders, this creates a
This week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much effort because the path was already there. One weak spot now spreads wider than before. What starts small can reach a lot of systems fast. New bugs, faster use, less time to react. That’s this week. Read&
The most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, copied, and reused across services, bots, build tools, and now local AI agents. In March 2026, the TeamPCP threat actor proved just how valuable developer machines are. Their supply chain attack on
Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend Micro. Qilin attacks analyzed by Talos have been found to deploy a malicious DLL named "msimg32.dll,"
To reduce the amount of noise from questions, we have disabled self-posts in favor of a unified questions thread every week. Feel free to ask any question about reverse engineering here. If your question is about how to use a specific tool, or is specific to some particular target, you will have better luck on the [Reverse Engineering StackExchange](http://reverseengineering.stackexchange.com/). See also /r/AskReverseEngineering.
Germany's Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identities of two of the key figures associated with the now-defunct REvil (aka Sodinokibi) ransomware-as-a-service (RaaS) operation. One of the threat actors, who went by the alias UNKN, functioned as a representative of the group, advertising the ransomware in June 2019 on the XSS cybercrime forum
Pay no attention to that code behind the curtain, says Anthropic as it scrambles to defend its IPO Kettle When it comes to circling up for this week's Kettle, what is there to discuss but Anthropic's accidental release of Claude Code's source code?…
Sunday, April 5
Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. [...]
Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. [...]
True-crime tales of criminals making fools of themselves interview Cybercrime crews have become almost mystical entities, with security vendors assigning them names like Wizard Spider and Velvet Tempest.…
When Syrian government accounts were hijacked in March, the breach looked chaotic. But it revealed something more troubling: a state struggling with the most basic layer of cybersecurity.
Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. "Every package contains three files (package.json, index.js, postinstall.js), has no description, repository,
Leveraging Wazuh detection and alerting with Clickdetect | Anomaly Detection | Multiple Source Correlation | by Vinicius Morais
Hello Blueteamsec community! I created this post to explain how to improve Wazuh detection using SQL-based detection in Clickhouse (or another compatible data source like loki, victoria logs). I cover things like Anomaly Detection, Multiple Sources, disconnected agents or agents not sending logs, etc. I hope you enjoy the post
Saturday, April 4
Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. [...]
x64dbg Reversing a Jump Tutorial | Breakpoints, Zero Flag, Binary Patching & Cracking Basics - YouTube
Friday, April 3
Ex-CISA official tells The Reg: 'this would weaken the system for managing cyber risk' The US Cybersecurity and Infrastructure Security Agency's budget will see yet another deep cut if Congress approves President Trump's proposal to slash CISA's spending by $707 million in fiscal year 2027.…
Major AI labs are investigating a security incident that impacted Mercor, a leading data vendor. The incident could have exposed key data about how they train AI models.
A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data. [...]
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416, a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda. "This TA416 activity included multiple
Praetorian is excited to announce the release of Vespasian, a probabilistic API endpoint discovery, enumeration, and analysis tool. Vespasian watches real HTTP traffic from a headless browser or your existing proxy captures and turns it into API specifications (OpenAPI, GraphQL SDL, WSDL). We built it because pentesters spend the first days of every API engagement manually reconstructing documentation that should already exist. You know the scenario. You are three days into an API penetration test. Documentation was promised during scoping, and it existed at some point, but the Confluence page was last updated eighteen months ago and describes endpoints that have since been replaced. The Swagger UI returns a 404. The mobile app calls endpoints that don’t appear in any documentation at all. Nobody dropped the ball; the API just evolved faster than the docs. So you do what every pentester does: you open Burp Suite, click through the application for an hour, and start reading raw HTTP traffic. You spot JSON responses on /api/v2/ paths. GraphQL queries appear on a different subdomain. There’s a SOAP service that the frontend calls exactly once during login. Endpoint URLs are copied into a spreadsheet. You guess at parameter names. You manually reconstruct the API over the course of a couple days. This part of the project is informative, but it’s also a bottleneck. Vespasian reduces that bottleneck. It observes real HTTP traffic, either by crawling the target with a headless browser or by importing captures you’ve already made in Burp Suite, HAR, or mitmproxy, and generates API specifications automatically. REST endpoints become OpenAPI 3.0. GraphQL endpoints become SDL schemas. SOAP services become WSDL documents. You can try it yourself at
Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execution through URL parameters or request bodies, these web shells rely on threat actor-supplied cookie values to gate execution,
Using undocumented AWS CodeBuild endpoints to extract privileged tokens from AWS CodeConnections allowing lateral movement and privilege escalation through an organisation's codebase
My write up around a research project I've been doing in my spare time around investigating the security of AWS CodeConnections. This post covers the techniques I used to hook a CodeBuild job to monitor the requests the CodeBuild bootstrapping makes before user code is run. Using this information I then also show the endpoints I found that can be used to retrieve the raw GitHub App token or BitBucket JWT App token CodeConnections uses which tends to be very privileged in a lot of environments, granting far more access than to just the single repository where the CodeBuild job is being run.
The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface, and most organizations are underprepared for it. Cynomi's new guide, Securing the Modern Perimeter: The Rise of Third-Party
Mixed Boolean-Arithmetic (MBA) obfuscation disguises simple operations like x + y behind tangles of arithmetic and bitwise operators. Malware authors and software protectors rely on it because no standard simplification technique covers both domains simultaneously; algebraic simplifiers don’t understand bitwise logic, and Boolean minimizers can’t handle arithmetic. We’re releasing CoBRA , an open-source tool that simplifies the full range of MBA expressions used in the wild. Point it at an obfuscated expression and it recovers a simplified equivalent: $ cobra-cli --mba "(x&y)+(x|y)" x + y $ cobra-cli --mba "((a^b)|(a^c)) + 65469 * ~((a&(b&c))) + 65470 * (a&(b&c))" --bitwidth 16 67 + (a | b | c) CoBRA simplifies 99.86% of the 73,000+ expressions drawn from seven independent datasets. It ships as a CLI tool, a C++ library, and an LLVM pass plugin. If you’ve hit MBA obfuscation during malware analysis, reversing software protection schemes, or tearing apart VM-based obfuscators, CoBRA gives you readable expressions back. Why existing approaches fall short The core difficulty is that verifying MBA identities requires reasoning about how bits and arithmetic interact under modular wrapping, where values silently overflow and wrap around at fixed bit-widths. An identity like (x ^ y) + 2 * (x & y) == x + y is true precisely because of this interaction, but algebraic simplifiers only see the arithmetic and Boolean minimizers only see the logic; neither can verify it alone. Obfuscator
Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within seemingly benign apps, such as enterprise messengers and food delivery services, while
The Quizlet flashcards, which WIRED found through basic Google searches, seem to include sensitive information about gate security at Customs and Border Protection locations.
A threat actor who goes by the name "Mr. Raccoon" has claimed to hack Adobe support via 3rd party Indian BPO firm
A massive data breach (allegedly) has occurred at Adobe. Carried out by a threat actor calling themselves "Mr. Raccoon", the claims are that over 13M support ticket details have been leaked along with details of over 15,000 employees. Additionally, they have access to their microsoft SharePoint instance and also to make matters worse, Adobe's HackerOne account. Adobe is yet to comment on this matter.
Thursday, April 2
A new MaaS has been promoted on Telegram as combining spyware, stealer, and remote access capabilities, Kaspersky reports. April 2026
‘Uncanny Valley’: Iran’s Threats on US Tech, Trump’s Plans for Midterms, and Polymarket’s Pop-up Flop
In this episode, we discuss Iran’s threats to target US tech firms, gear up for the midterm elections, and get a scene report from the Polymarket pop-up bar in DC.
Built a small experiment: turn a file into a “sonic fingerprint” in the browser I wanted to share a side project we put together: [https://listen.maliscope.com/](https://listen.maliscope.com/) It takes a file and turns it into a deterministic audio representation of file characteristics. A few important caveats: * it runs locally in the browser * it does not claim to detect malware through music * it is not a verdict engine * it is just an experimental visualization The idea was not “can analysts detect malware by ear?” but more: what happens if you represent file structure and characteristics as sound instead of another chart? I thought some people here might find it interesting, even if only as a weird security-adjacent experiment.
A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale. Cisco Talos has attributed the operation to a threat cluster it tracks as
As strikes continue on Iran’s nuclear facilities, the real danger isn’t the explosion, but what happens if critical safety systems fail—and how that risk could spread across the Gulf.
A few days ago I wrote about how the Trivy ecosystem got turned into a credential stealer. One of my takeaways was “pin by SHA.” Every supply chain security guide says it, I’ve said it, every subreddit says it, and the GitHub Actions hardening docs say it. The Trivy attack proved it wrong, and I think we need to talk about why.
Overview Artifex's MuPDF contains an integer overflow vulnerability, CVE-2026-3308, in versions up to and including 1.27.0. Using a specially crafted PDF, an attacker can trigger an integer overflow resulting in out-of-bounds heap writes. This heap corruption typically causes the application to crash, but in some cases could be exploited to enable arbitrary code execution. Description Artifex MuPDF is a lightweight framework for viewing and converting PDF, XPS, and e-book files. A vulnerability exists in pdf_load_image_imp , which is responsible for preparing image data for decoding. The function processes image parameters including w (width), h (height), and bpc (bits per component), which are used to determine the amount of memory allocated during image decoding. The current implementation validates these parameters against SIZE_MAX rather than INT_MAX , but because stride calculations use integer-sized values, this check does not sufficiently protect against integer overflow when exceedingly large values are supplied. When the overflow occurs, the resulting corrupted values are passed into the fz_unpack_stream function, which expands packed image samples into a destination buffer during image decoding. Because this too-small overflow value is used to calculate the size of the destination buffer, not enough memory is allocated for the actual size of the image. This causes fz_unpack_stream to write beyond the bounds of the allocated heap buffer, resulting in a heap out-of-bounds write. Impact Successful exploitation results in a heap out-of-bounds write during PDF image decoding.
Posted by Adam Gavish, Google GenAI Security Team Indirect prompt injection (IPI) is an evolving threat vector targeting users of complex AI applications with multiple data sources, such as Workspace with Gemini. This technique enables the attacker to influence the behavior of an LLM by injecting malicious instructions into the data or tools used by the LLM as it completes the user’s query. This may even be possible without any input directly from the user. IPI is not the kind of technical problem you “solve” and move on. Sophisticated LLMs with increasing use of agentic automation combined with a wide range of content create an ultra-dynamic and evolving playground for adversarial attacks. That’s why Google takes a sophisticated and comprehensive approach to these attacks. We’re continuously improving LLM resistance to IPI attacks and launching AI application capabilities with ever-improving defenses.
Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges. The vulnerability, tracked as CVE-2026-20093, carries a CVSS score of 9.8 out of a maximum of 10.0. "This
Cloudflare data shows that 32% of traffic across our network originates from automated traffic . This includes search engine crawlers, uptime checkers, ad networks — and more recently, AI assistants looking to the web to add relevant data to their knowledge bases as they generate responses with retrieval-augmented generation (RAG). Unlike typical human behavior, AI agents , crawlers, and scrapers’ automated behavior may appear aggressive to the server responding to the requests. For instance, AI bots frequently issue high-volume requests, often in parallel. Rather than focusing on popular pages, they may access rarely visited or loosely related content across a site, often in sequential, complete scans of the websites. For example, an AI assistant generating a response may fetch images, documentation, and knowledge articles across dozens of unrelated sources. Although Cloudflare already makes it easy to control and limit automated access to your content, many sites may want to serve AI traffic. For instance, an application developer may want to guarantee that their developer documentation is up-to-date in foundational AI models, an e-commerce site may want to ensure that product descriptions are part of LLM search results, or publishers may want to get paid for their content through mechanisms such as pay per crawl . Website operators therefore face a dichotomy: tune for AI crawlers, or for human traffic. Given both exhibit widely different traffic patterns, current cache architectures force operators to choose one approach to save resources. In this
The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week. Things are moving fast. The list includes researchers chaining small bugs together to create massive backdoors, old software flaws
A WIRED analysis of DHS records identified dozens of specialized federal agents who used force against US civilians during the largest known deployment of its kind in US history.
Connected devices can leave an otherwise secure network vulnerable Pwned Welcome to Pwned, The Register's new column, where we highlight the worst infosec own goals so you can, hopefully, protect against them. Caffeine is an essential tool for most IT defenders, so, on balance, we're sure it has protected against a lot more exploits than it has caused. But in this case, the desire for everyone's favorite stimulant led to a massive breach.…
First public downstream victim, but won't be the last AI hiring startup Mercor confirmed it was "one of thousands of companies" affected by the LiteLLM supply-chain attack as the fallout from the Trivy compromise continues to spread.…
Attackers route malicious traffic through ordinary home internet connections — and to a reputation feed, the source IP is indistinguishable from a legitimate user's connection. GreyNoise analyzed 4 billion sessions over 90 days and found that 39% of unique IPs targeting the edge come from residential address space. 78% vanish after just 1–2 sessions, before any reputation system can flag them. The report documents why detection must shift from where the traffic comes from to what it is doing.
Wednesday, April 1
Introduction The Zodiac Killer, one of America’s most notorious unsolved serial killer cases, sent numerous encrypted messages to newspapers during his reign of terror in the late 1960s and early 1970s. While his 408-character cipher was eventually cracked, the shorter “Z32” cipher that accompanied a map of the San Francisco Bay Area has remained unsolved for over five decades. The Z32 cipher consists of just 32 characters combining both letters and symbols. Alongside this cipher, the Zodiac included a chilling note: “The Map coupled with this code will tell you where the bomb is set. You have until next Fall to dig it up.”
Plus: how to train your human AI interview Amazon has seen a 40 percent efficiency gain by using AI tools to pentest its products before and after launch, according to security chief CJ Moses.…
Finding Value in the AI Noise Over the past year, the cybersecurity conversation has shifted hard toward AI. Walk through any conference and you’ll see it everywhere: agentic systems, autonomous testing, and machines operating at a scale that humans simply can’t match. A lot of that progress is real. At Synack, we’re investing heavily in […] The post Why AI Alone Won’t Fix the Security Problem appeared first on Synack .
1. macOS ClickFix Campaign Targets Claude Code Users with **AMOS Stealer** and Backdoor Access 2. **RUTSSTAGER**: Registry-Stored DLL Leads to OrcusRAT Deployment 3. **Kamasers**: A Multi-Vector DDoS Botnet Targeting Organizations Worldwide 4. **MicroStealer**: A Fast-Spreading Infostealer with Limited Detection * This one is super interesting in my opinion; the chain and way it is created makes the detection complicated - obfuscated java modules are pain to deal with - ends up most of the time without any static engine flags Source: [https://any.run/cybersecurity-blog/major-cyber-attacks-march-2026/](https://any.run/cybersecurity-blog/major-cyber-attacks-march-2026/)
We could tell you no for free The UK government will spend about £630,000 running a discussion panel on its digital identity card plans, which minister James Frith said will "consider different perspectives and debate trade-offs" alongside a formal consultation .…
The cost of building software has drastically decreased. We recently rebuilt Next.js in one week using AI coding agents. But for the past two months our agents have been working on an even more ambitious project: rebuilding the WordPress open source project from the ground up. WordPress powers over 40% of the Internet . It is a massive success that has enabled anyone to be a publisher, and created a global community of WordPress developers. But the WordPress open source project will be 24 years old this year. Hosting a website has changed dramatically during that time. When WordPress was born, AWS EC2 didn’t exist. In the intervening years, that task has gone from renting virtual private servers, to uploading a JavaScript bundle to a globally distributed network at virtually no cost. It’s time to upgrade the most popular CMS on the Internet to take advantage of this change. Our name for this new CMS is EmDash. We think of it as the spiritual successor to WordPress. It’s written entirely in TypeScript. It is serverless, but you can run it on your own hardware or any platform you choose. Plugins are securely sandboxed and can run in their own isolate , via Dynamic Workers , solving the fundamental security problem with the WordPress plugin architecture. And under the hood, EmDash is powered by Astro , the fastest web framework for content-driven websites. EmDash is fully open source, MIT licensed, and available on GitHub . While EmDash aims to be compatible with WordPress functionality, no WordPress code was used to create EmDas
Exactly 8 years ago today, we launched the 1.1.1.1 public DNS resolver , with the intention to build the world’s fastest resolver — and the most private one. We knew that trust is everything for a service that handles the "phonebook of the Internet." That’s why, at launch, we made a unique commitment to publicly confirm that we are doing what we said we would do with personal data. In 2020, we hired an independent firm to check our work , instead of just asking you to take our word for it. We shared our intention to update such examinations in the future. We also called on other providers to do the same, but, as far as we are aware, no other major public resolver has had their DNS privacy practices independently examined. At the time of the 2020 review, the 1.1.1.1 resolver was less than two years old, and the purpose of the examination was to prove our systems made good on all the commitments we made about how our 1.1.1.1 resolver functioned, even commitments that did not impact personal data or user privacy. Since then, Cloudflare’s technology stack has grown significantly in both scale and complexity. For example, we built an entirely new platform that powers our 1.1.1.1 resolver and other DNS systems. So we felt it was vital to review our systems, and our 1.1.1.1 resolver privacy commitments in particular, once again with a rigorous and independent review. Today, we are sharing the results of our most recent privacy examination by the same Big 4 accounting firm. Its independent examination is available on our compliance page . Foll
Code coverage is one of the most dangerous quality metrics in software testing. Many developers fail to realize that code coverage lies by omission: it measures execution, not verification. Test suites with high coverage can obfuscate the fact that critical functionality is untested as software develops over time. We saw this when mutation testing uncovered a high-severity Arkis protocol vulnerability , overlooked by coverage metrics, that would have allowed attackers to drain funds. Today, we’re announcing MuTON and mewt , two new mutation testing tools optimized for agentic use, along with a configuration optimization skill to help agents set up campaigns efficiently. MuTON provides first-class support for TON blockchain languages (FunC, Tolk, and Tact), while mewt is the language-agnostic core that also supports Solidity, Rust, Go, and more. The goal of mutation testing is to systematically introduce bugs (mutants) and check if your tests catch them, flagging hot spots where code is insufficiently tested. However, mutation testing tools have historically been slow and language-specific. MuTON and mewt are built to change that. To understand how, it helps to first understand what they’re replacing. The regex era Mutation testing dates to the 1970s, but for a long time, the technique rarely saw much adoption in the blockchain space as a software quality measurement. Testing frameworks are coupled tightly to target languages, making support for new languages expensive.
ESET says factory outages, lost revenue, and supply chain disruption are becoming routine Nearly 80 percent of British manufacturers say they've been hit by a cyber incident in the past year, as new research suggests disruption on the factory floor is no longer an exception but business as usual.…
I wrote a custom decompiler for the bytecode used by Naughty Dog in the The Last of Us & Uncharted games
As DarkSword spreads, Apple tells WIRED it will enable iOS 18-specific fixes for millions of iPhone owners who remain on that iOS version rather than force them to update to iOS 26.
Tuesday, March 31
[https://codeworld.codes/](https://codeworld.codes/) Some background: I'm a DFE in the Army. I've done the job roughly 5 years. I've worked in a broad variety of areas and with other technical specializations, so I wanted to build a one-stop shop for myself and others I work with. The site has artifact locations, step actions for tools like X Ways (which desperately needs step actions), and a variety of other things. I have no current plans to monetize as the domain cost me $1. I hope it's helpful for somebody.
How to avoid social engineering attacks? Employee training tops the list Be careful what you click on. Miscreants are abusing WhatsApp messages in a multi-stage attack that delivers malicious Microsoft Installer (MSI) packages, allowing criminals to control victims' machines and access all of their data.…
PSA: That 'Disable NTLMv1' GPO you set years ago? It’s lying to you. LmCompatibilityLevel set to 5 is not enough.
If you set LmCompatibilityLevel to 5 a couple years back and called it done, there's a good chance NTLMv1 is still running in your environment. Not because the setting doesn't work. Because it doesn't work the way you think it does. This isn't just aimed at people who never fully switched to Kerberos. It's also for the ones who are pretty sure they did. For people not deep into auth protocols: NTLMv1 and NTLMv2 are both considered unsafe today. NTLMv1 especially. It uses DES encryption, which with a weak password can be cracked in seconds. And because NTLM never sends your actual password (challenge-response, the hash gets passed not the plaintext), it's also wide open to pass-the-hash. An attacker intercepts the hash and reuses it to authenticate as you. Responder is the tool that makes this trivial and it's been around forever.Silverfort's research puts 64% of authentications in AD environments still on NTLM. Here's the actual problem with the registry fix. LMCompatibilityLevel is supposed to tell your DCs to reject NTLMv1 traffic and require NTLMv2 or Kerberos instead. Sounds reasonable. But enforcement runs through the Netlogon Remote Protocol (MS-NRPC), the mechanism application servers use to forward auth requests to your domain controllers. There's a structure in that protocol called NETLOGON\_LOGON\_IDENTITY\_INFO with a field called ParameterControl. That field contains a flag that can explicitly request NTLMv1, and your DC will honor it regardless of what Group Policy says. The policy controls what Windows clients send. It has no authority over what applications request on the server side. Any third party or homegrown app that hasn't been audited can still be sending NTLMv1 traffic and you'd have no idea. Silverfort built a POC to confirm this. They set the ParameterControl flag in a simulated misconfigured service and forced NTLMv1 authentications through a DC that was configured to block them. Worked. They reported it to Microsoft, Microsoft confirmed it but didn't classify it as a vulnerability. Their response was to announce full removal of NTLMv1 starting with Windows Server 2025 and Windows 11 24H2. So that's something, atleast. If you're not on those versions, you're still exposed and there's no patch coming. What you can do right now: turn on NTLM audit logging across your domain. Registry keys exist to capture all NTLM traffic so you can actually see what's authenticating how. From there, map every app using NTLM, whether primary or as a fallback, and look specifically for anything requesting NTLMv1 messages. That's your exposure.
The GPS Next-Generation Operational Control System was due for completion in 2016. Ten years later, the software for controlling the military’s GPS satellites still doesn’t work.
The University of North Georgia is one of the lesser known of the nation's senior military colleges (SMCs). But last week it beat out all the other five SMCs—and two of the elite service academies—in a capture-the-flag hacker contest staged at the Pentagon's Cyber Workforce Summit. The contest was designed by specialists from the Air Force Research Laboratory to be operationally realistic. In the first round, teams had to geo-locate a targeted individual through his devices and apps, prevent him from getting warning messages, and then call in an air strike to kill him. More details and quotes from UNG students—plus the team from The Citadel they bested in the final—in my latest story.
Posted by Dirk G ö hmann, Tony Mendez, and the Vulnerability Rewards Program Team 2025 marked a special year in the history of vulnerability rewards and bug bounty programs at Google: our 15th anniversary ! Originally started in 2010 , our vulnera
Vessels are increasingly being abandoned during the war on Iran, revealing a hidden failure in the global systems that keep goods—and people—moving.
We're proud to introduce Programmable Flow Protection : a system designed to let Magic Transit customers implement their own custom DDoS mitigation logic and deploy it across Cloudflare’s global network. This enables precise, stateful mitigation for custom and proprietary protocols built on UDP. It is engineered to provide the highest possible level of customization and flexibility to mitigate DDoS attacks of any scale. Programmable Flow Protection is currently in beta and available to all Magic Transit Enterprise customers for an additional cost. Contact your account team to join the beta or sign up at this page . Programmable Flow Protection is customizable Our existing DDoS mitigation systems have been designed to understand and protect popular, well-known protocols from DDoS attacks. For example, our Advanced TCP Protection system uses specific known characteristics about the TCP protocol to issue challenges and establish a client’s legitimacy. Similarly, our Advanced DNS Protection builds a per-customer profile of DNS queries to mitigate DNS attacks. Our generic DDoS mitigation platform also understands common patterns across a variety of other well known protocols, including NTP, RDP, SIP, and many others. However, custom or proprietary UDP protocols have always bee
This post is adapted from a talk I gave at [un]prompted , the AI security practitioner conference. Thanks to Gadi Evron for inviting me to speak. You can watch the recorded presentation below or download the slides . Most companies hand out ChatGPT licenses and wait for the productivity numbers to move. We built a system instead. A year ago, about 5% of Trail of Bits was on board with our AI initiative. The other 95% ranged from passively skeptical to actively resistant. Today we have 94 plugins, 201 skills, 84 specialized agents, and on the right engagements, AI-augmented auditors finding 200 bugs a week. This post is the playbook for how we got there. We open sourced most of it , so you can steal it today. A recent Fortune article reported that a National Bureau of Economic Research study of
This post is part of a small blog series covering common Entra ID security findings observed during real-world assessments. Each article explores selected findings in more detail to provide a clearer understanding of the underlying risks and practical implications. Part 1: Privileged Foreign Enterprise Applications Introduction: What Are Unprotected Groups? Groups in Entra ID have various properties, such as: Group type: Security, Microsoft 365 (Unified), or Dynamic Security enabled: Yes / No Visibility: Public / Private Synced from on-premises: Yes / No Role-assignable: Yes / No These properties influence various aspects, such as whether Microsoft 365 resources are linked to the group, how membership is assigned, and how the group can be used for permission assignments. This blog post primarily focuses on security groups. Who Can Edit Security Groups? Some of these properties also determine who can edit the membership of a group. By default, numerous administrative roles can edit the membership of security groups, such as: User Administrator Groups Administrator Knowledge Administrator Knowledge Manager Windows 365 Administrator
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Day by day, I find we're eeking more goodness out of OpenClaw and finding the sweet spot between what the humans do well and the agent can run off and do on its own. Significantly, we're shifting more and more of the workload to the latter as all 3 of us at HIBP HQ get better at assigning workloads to machines. In addition to my use of my "PwnedClaw" bot to help catalogue and process data breaches, Stefan and I are both using GitHub Copilot in Visual Studio extensively, and Charlotte is using her own Telegram bot, "Pwny," plugged into OpenClaw to crawl all our content and look for inconsistencies while designing revised user interfaces. Over the last couple of weeks, I've spent US$854 on Claude tokens, which feels like a lot until you look at it like an employee doing work for you. But we've barely scratched the surface, and I can't wait to see the things we do with this in the weeks and months to come
An attacker hijacked an axios maintainer's npm account to publish malicious releases that deliver a cross-platform RAT.