Email is the most accessible interface in the world. It is ubiquitous. There’s no need for a custom chat application, no custom SDK for each channel. Everyone already has an email address, which means everyone can already interact with your application or agent. And your agent can interact with anyone. If you are building an application, you already rely on email for signups, notifications, and invoices. Increasingly, it is not just your application logic that needs this channel. Your agents do, too. During our private beta, we talked to developers who are building exactly this: customer support agents, invoice processing pipelines, account verification flows, multi-agent workflows. All built on top of email. The pattern is clear: email is becoming a core interface for agents, and developers need infrastructure purpose-built for it. Cloudflare Email Service is that piece. With Email Routing , you can receive email to your application or agent. With Email Sending, you can reply to emails or send outbounds to notify your users when your agents are done doing work. And with the rest of the developer platform, you can build a full email client and Agents SDK onEmail hook as native functionality. Today, as part of Agents Week, Cloudflare Email Service is entering public beta , allowing any application and any agent to send emails. We are also completing the toolkit for building email-native agents: Email Sending binding, available from your Workers and the Agents SDK A new Email MCP server Wrangler CLI email commands Skills for coding agents An open-source agentic inbox reference app Email Sending: now in public beta Email Sending graduates from private beta to pu
Cybersecurity News and Vulnerability Aggregator
Cybersecurity news aggregator
treemd <(curl -sL https://allsec.sh/md) (as Markdown) Top Cybersecurity Stories Today
A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. [...]
Last week, Anthropic announced it was restricting the initial release of its Mythos Preview model to "a limited group of critical industry partners," giving them time to prepare for a model that it said is "strikingly capable at computer security tasks." Now, the UK government's AI Security Institute (AISI) has published an initial evaluation of the model's cyberattack capabilities that adds some independent public verification to those Anthropic reports. AISI's findings show that Mythos isn't significantly different from other recent frontier models in tests of individual cybersecurity-related tasks. But Mythos could set itself apart from previous models through its ability to effectively chain these tasks into the multistep series of attacks necessary to fully infiltrate some systems. "The Last Ones" finally falls AISI has been putting various AI models through specially designed Capture the Flag challenges since early 2023, when GPT-3.5 Turbo struggled to complete any of the group's relatively low-level "Apprentice" tasks. Since then, the performance of subsequent models has risen steadily, to the point where Mythos Preview can complete north of 85 percent of those same Apprentice-level CTF tasks. Read full article Comm
Google says it is increasingly using its Gemini AI models to detect and block harmful ads on its advertising platforms, as scammers and threat actors continue to evolve their tactics to evade detection. [...]
Fortune 500 companies and one US defense contractor got taken for $5m in four-year scam Two Americans have been jailed for a combined 200 months for helping North Korea generate $5 million through fraudulent IT worker schemes.…
Latest
An agentic memory system built for cyber threat intelligence. ZettelForge was built from the ground up for analysts who think in threat graphs, not chat histories. It automatically extracts CVEs, threat actors, IOCs, and MITRE ATT&CK techniques, resolves aliases across naming conventions, builds a knowledge graph with causal relationships, and retrieves memories using intent-aware blended search -- all offline, with no API keys or cloud dependencies. [https://github.com/rolandpg/zettelforge](https://github.com/rolandpg/zettelforge)
I want to use this on an authorised website but Claude Desktop agent is not giving me permission asking me for authorisation do you have any idea how to bypass it or give me some other method pls help 🥀 \--------------- HexStrike AI MCP is a multi-agent architecture with autonomous AI agents, intelligent decision-making, and vulnerability intelligence. How It Works AI Agent Connection - Claude, GPT, or other MCP-compatible agents connect via FastMCP protocol Intelligent Analysis - Decision engine analyzes targets and selects optimal testing strategies Autonomous Execution - AI agents execute comprehensive security assessments Real-time Adaptation - System adapts based on results and discovered vulnerabilities Advanced Reporting - Visual output with vulnerability cards and risk analysis Supported AI Clients for Running & Integration VS Code Copilot Roo Code Cursor Claude Desktop For More info -- https://github.com/0x4m4/hexstrike-ai.git
Google says it is increasingly using its Gemini AI models to detect and block harmful ads on its advertising platforms, as scammers and threat actors continue to evolve their tactics to evade detection. [...]
Fortune 500 companies and one US defense contractor got taken for $5m in four-year scam Two Americans have been jailed for a combined 200 months for helping North Korea generate $5 million through fraudulent IT worker schemes.…
A new cybercrime platform called ATHR can harvest credentials via fully automated voice phishing attacks that use both human operators and AI agents for the social engineering phase. [...]
AI-powered SOC tools promise automation, but most only speed up triage instead of reducing real workload. Tines shows how real gains come from end-to-end workflows that execute actions across systems, not just summarize alerts. [...]
An agent needs to be powered by a large language model. A few weeks ago, we announced that Workers AI is officially entering the arena for hosting large open-source models like Moonshot’s Kimi K2.5. Since then, we’ve made Kimi K2.5 3x faster and have more model additions in-flight. These models have been the backbone of a lot of the agentic products, harnesses, and tools that we have been launching this week. Hosting AI models is an interesting challenge: it requires a delicate balance between software and very, very expensive hardware. At Cloudflare, we’re good at squeezing every bit of efficiency out of our hardware through clever software engineering. This is a deep dive on how we’re laying the foundation to run extra-large language models. Hardware configurations As we mentioned in our previous Kimi K2.5 blog post , we’re using a variety of hardware configurations in order to best serve models. A lot of hardware configurations depend on the size of inputs and outputs that users are sending to the model. For example, if you are using a model to write fanfiction, you might give it a few small prompts (input tokens) while asking it to generate pages of content (output tokens). Conversely, if you are running a summarization task, you might be sending in hundreds of thousands of input tokens, but only generating a small summary with a few thousand output tokens. Presented with these opposing use cases, you have to make a choice — should you tune your model configuration so it’s faster at processing input tokens, or faster at generating output tokens? When we launched large language models on Workers AI, we knew that most of the use cases would be used for agents. With agents, you send in a large number of input tokens. It starts off with a large system prompt, all
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole "crime" part, ancient vulnerabilities somehow still ruining people's days, and enough supply chain drama to fill a season of television nobody asked for. Not all bad though. Some
Every agent needs search: Coding agents search millions of files across repos. Support agents search customer tickets and internal docs. Even an agent's memory, its ability to recall past interactions, is fundamentally a search problem. The use cases are different, but the underlying problem is the same: get the right information to the model at the right time. If you're building search yourself, you need a vector index, an indexing pipeline that parses and chunks your documents, and something to keep the index up to date when your data changes. If you also need keyword search, that's a separate index and fusion logic on top. And if each of your agents needs its own searchable context, you're setting all of that up per agent. AI Search (formerly AutoRAG ) is the plug-and-play search primitive you need. You can dynamically create instances, give it your data, and search — from a Worker, the Agents SDK, or Wrangler CLI. Here's what we're shipping: Hybrid search . Enable both semantic and keyword matching in the same query. Vector search and BM25 run in parallel and results are fused. (The search on our blog is now powered by AI Search. Try the magnifying glass icon to the top right. ) Built-in storage and index. New instances come with their own storage and vector index. Upload files directly to an instance via API and they're indexed. No R2 buckets to set up, no external data sources to connect first. The new ai_search_namespaces binding lets you create and delete instances at runtime from your Worker, so you can spin up one per agent, per customer, or per language without redeployment. You can now also attach metadata to documents and use it to boos
Cloudflare announced our PlanetScale partnership last September to give Cloudflare Workers direct access to Postgres and MySQL databases for fast, full-stack applications. Soon, we’re bringing our technologies even closer: you’ll be able to create PlanetScale Postgres and MySQL databases directly from the Cloudflare dashboard and API, and have them billed to your Cloudflare account. You choose the data storage that fits your Worker application needs and keep a single system for billing as a Cloudflare self-serve or enterprise customer. Cloudflare credits like those given in our startup program or Cloudflare committed spend can be used towards PlanetScale databases. Postgres & MySQL for Workers SQL relational databases like Postgres and MySQL are a foundation of modern applications. In particular, Postgres has risen in developer popularity with its rich tooling ecosystem (ORMs, GUIs, etc) and extensions like pgvector for building vector search in AI-driven applications. Postgres is the default choice for most developers who need a powerful, flexible, and scalable database to power their applications. You can already connect your PlanetScale account and create Postgres databases directly from the Cloudflare dashboard for your Workers. Starting next month, a new Cloudflare subscription will bill for new PlanetScale databases direct to your Cloudflare account as a self-serve or enterprise user.
Agents have changed how we think about source control, file systems, and persisting state. Developers and agents are generating more code than ever — more code will be written over the next 5 years than in all of programming history — and it’s driven an order-of-magnitude change in the scale of the systems needed to meet this demand. Source control platforms are especially struggling here: they were built to meet the needs of humans, not a 10x change in volume driven by agents who never sleep, can work on several issues at once, and never tire. We think there’s a need for a new primitive: a distributed, versioned filesystem that’s built for agents first and foremost, and that can serve the types of applications that are being built today. We’re calling this Artifacts: a versioned file system that speaks Git. You can create repositories programmatically, alongside your agents, sandboxes, Workers, or any other compute paradigm, and connect to it from any regular Git client. Want to give every agent session a repo? Artifacts can do it. Every sandbox instance? Also Artifacts. Want to create 10,000 forks from a known-good starting point? You guessed it: Artifacts again. Artifacts exposes a REST API and native Workers API for creating repositories, generating credentials, and commits for environments where a Git client isn’t the right fit (i.e. in any serverless function). Artifacts is available in private beta for any developers on the paid Workers plan, and we’re aiming to open this up as a public beta by early May. // Create a repo const repo = await env.AGENT_REPOS.create(name) // Pass back the token & remote to your agent return { repo.remote, repo.token } # Clone it and use it like any regular git remote $ git clone https://x:${TOKEN}@123def456abc.artifacts.cloudflare.net/git/repo-13194.git That’s it. A bare repo, ready to go, crea
Forged metadata made AI reviewer treat hostile changes as though they came from known maintainer Security boffins say Anthropic's Claude can be tricked into approving malicious code with just two Git commands by spoofing a trusted developer's identity.…
The use of hidden virtual machines (VMs) enables long-term access, credential harvesting, data exfiltration, and PayoutsKing ransomware deployment.
Cisco has released security updates to patch four critical vulnerabilities, including a fixed improper certificate validation flaw in the company's cloud-based Webex Services platform that requires further customer action. [...]
Publisher claims misconfigured Salesforce-hosted page leaked data Textbook giant McGraw Hill has landed on a ransomware crew's leak site after an alleged Salesforce-linked misconfiguration spilled 13.5 million records into the wild.…
A bank approved a Taboola pixel. That pixel quietly redirected logged-in users to a Temu tracking endpoint. This occurred without the bank’s knowledge, without user consent, and without a single security control registering a violation. Read the full technical breakdown in the Security Intelligence Brief. Download now → The "First-Hop Bias" Blind Spot Most&
A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors. Dubbed REF6598 by Elastic Security Labs, the activity has been found to leverage
Microsoft announces product it doesn't want you to buy: Extended security updates for old Exchange, and Skype for Biz
Just migrate already, would you? But if you can't, Redmond will take your cash Microsoft will keep delivering security updates for old versions of Exchange Server and Skype for Business Server, after admitting that some customers aren't ready to make the move to newer products.…
Your cybersecurity is only as good as the physical security of the servers PWNED Welcome back to Pwned, the column where we immortalize the worst vulns that organizations opened up for themselves. If you’re the kind of person who leaves your car doors unlocked with a pile of cash in the center console, this week’s story is for you.…
Microsoft is investigating an issue causing this month's KB5082063 security update to fail to install on some Windows Server 2025 systems. [...]
>Now, normally I would just drop the PoC code and let people figure it out. But I can't for this one, it's way too funny. When Windows Defender realizes that a malicious file has a cloud tag, for whatever stupid and hilarious reason, the antivirus that's supposed to protect decides that it is a good idea to just rewrite the file it found again to it's original location. The PoC abuses this behaviour to overwrite system files and gain administrative privileges.
The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data from Chromium-based web browsers and WhatsApp. The activity, which was observed between March and April
Email is the most accessible interface in the world. It is ubiquitous. There’s no need for a custom chat application, no custom SDK for each channel. Everyone already has an email address, which means everyone can already interact with your application or agent. And your agent can interact with anyone. If you are building an application, you already rely on email for signups, notifications, and invoices. Increasingly, it is not just your application logic that needs this channel. Your agents do, too. During our private beta, we talked to developers who are building exactly this: customer support agents, invoice processing pipelines, account verification flows, multi-agent workflows. All built on top of email. The pattern is clear: email is becoming a core interface for agents, and developers need infrastructure purpose-built for it. Cloudflare Email Service is that piece. With Email Routing , you can receive email to your application or agent. With Email Sending, you can reply to emails or send outbounds to notify your users when your agents are done doing work. And with the rest of the developer platform, you can build a full email client and Agents SDK onEmail hook as native functionality. Today, as part of Agents Week, Cloudflare Email Service is entering public beta , allowing any application and any agent to send emails. We are also completing the toolkit for building email-native agents: Email Sending binding, available from your Workers and the Agents SDK A new Email MCP server Wrangler CLI email commands Skills for coding agents An open-source agentic inbox reference app Email Sending: now in public beta Email Sending graduates from private beta to pu
Recently I've been analyzing an APT attack dataset. I encountered some advanced methods of how APTs get into a system, how they maintain persistence, perform lateral movement, and execute payloads. While working on this dataset, it took me days to understand techniques that attackers can execute in seconds. So I thought, why not create Sigma detection rules for threats that look legitimate but carry malicious intent? So, here am I with my first detection rule, "Suspicious Process Access to LSASS with Full Permissions." **What it does** \- Detects Powershell.exe or cmd.exe accessing lsass.exe with full or near full access rights, indicating potential credential dumping activity. **Possible False Positive** \- Security monitoring tools \- Administrative Powershell scripts performing legitimate system checks **What I did** \- Created and validated the Sigma rule \- Converted it into SPL \- Tested it successfully **Rule Link** \- You can find it on my [github](https://github.com/Manishrawat21/SOC_Dectection_Rules/) I’ll be adding more detection rules soon. **Feedback** \- If you have suggestions or improvements, I’d really like to hear them. And if you’re working on similar detections, feel free to connect.
Browser fingerprinting is everywhere Google markets its Chrome browser by citing its superior safety features, but according to privacy consultant Alexander Hanff, Chrome does not protect against browser fingerprinting – a method of tracking people online by capturing technical details about their browser.…
Understanding npm and the importance of dependency cooldowns.
A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. [...]
A new malware family named 'AgingFly' has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger. [...]
Like the majority of the companies participating, it remains a mystery Last week, Anthropic surprised the world by declaring that its latest model, Mythos, is so good at finding vulns that it would create chaos if released. Now, under the title of Project Glasswing, over 50 selected companies and orgs are allowed to test the hyped up LLM to find security holes in their own products. But just how many problems have they really discovered?…
More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them. [...]
What Are Shadow Admins in AD? A common problem we encounter within many customer AD environments are accounts that, at first glance, may appear innocuous, but that actually have hidden administrative privileges equivalent to those of a domain administrator account. We call these accounts shadow admins. They represent one of the most persistent shadow admin risks in enterprise cybersecurity today. A “shadow admin” is any user account that holds sensitive privileges or admin permissions without being a member of a traditional admin group like the “Domain Admins” or “Enterprise Admins” groups. These shadow admin accounts don’t show up when you run the net group command. They won’t appear in your PAM solution’s reports. But a malicious actor who finds one has effectively won the domain. Unlike a traditional admin who is visible in privileged groups, a shadow admin account becomes a blind spot. Identity and access management tools often miss these indirect privilege paths. Over the past several years, the problem has gotten significantly worse as organizations undergo digital transformation. Workloads are migrating to AWS and Azure, identity is being federated to the cloud via ADFS, and domain controllers are running as virtual machines on ESXi. The blast radius of a single compromised account now extends well beyond the traditional AD boundary. A “shadow” admin path in 2016 might have been a service account with an overly permissive access control entry. In 2026, it’s an ADFS server running on a hypervisor managed by a VMware operator who doesn’t even know they’re one hop from full domain compromise, and two hops from your entire AWS environment. In this post, we’ll walk through several real-world examples we routinely discover during engagements and show how Praetorian Guard’s continuous attack path mapping surfaces them before an adversary does.
A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors. [...]
No reports of active exploitation (yet) Watch out for more Fortinet vulns! Two critical bugs in Fortinet's sandbox could allow unauthenticated attackers to bypass authentication or execute unauthorized code on vulnerable systems.…
Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery
Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year's Zero Day Quest hacking contest. [...]
Some customer orgs tell staff to block inbound email from the provider Autovista confirms that it called in outside support to help clean up a ransomware infection currently affecting systems in Europe and Australia.…
CISA warned U.S. government agencies to secure their systems against a Windows Task Host privilege escalation vulnerability that could allow attackers to gain SYSTEM privileges. [...]
Modern trucks are rolling networks packed with sensors, connectivity, and attack surfaces, creating new cyber risks. NMFTA's Cybersecurity Conference brings industry leaders together to tackle emerging threats in transportation. [...]
Latest in a string of cases that have earned France an unfortunate title A mother and her ten-year-old son are now free after being kidnapped for around 20 hours while the father was being extorted for hundreds of thousands of euros.…
AI agents need to interact with the web. To do that, they need a browser. They need to navigate sites, read pages, fill forms, extract data, and take screenshots. They need to observe whether things are working as expected, with a way for their humans to step in if needed. And they need to do all of this at scale. Today, we’re renaming Browser Rendering to Browser Run , and shipping key features that make it the browser for AI agents . The name Browser Rendering never fully captured what the product does. Browser Run lets you run full browser sessions on Cloudflare's global network, drive them with code or AI, record and replay sessions, crawl pages for content, debug in real time, and let humans intervene when your agent needs help. Here’s what’s new: Live View : see what your agent sees and is doing, in real time. Know instantly if things are working, and when they’re not, see exactly why. Human in the Loop : when your agent hits a snag like a login page or unexpected edge case, it can hand off to a human instead of failing. The human steps in, resolves, then hands back control. Chrome DevTools Protocol (CDP) Endpoint : the Chrome DevTools Protocol is how agents control browsers. Browser Run now exposes it directly, so agents get maximum control over the browser and existing CDP scripts work on Cloudflare. MCP Client Support: AI coding agents like Claude Desktop, Cursor, and OpenCode can now use Browser Run as their remote browser. WebMCP Support : agents will outnumber humans using the web. WebMCP allows websites to declare what actions are available for agents to discover and call, making navigation more reliable. Session Recordings : capture every browser session for debugging purposes. When something goes wrong, you have the full
When we originally built Workflows , our durable execution engine for multi-step applications, it was designed for a world in which workflows were triggered by human actions, like a user signing up or placing an order. For use cases like onboarding flows, workflows only had to support one instance per person — and people can only click so fast. Over time, what we’ve actually seen is a quantitative shift in the workload and access pattern: fewer human-triggered workflows, and more agent-triggered workflows, created at machine speed. As agents become persistent and autonomous infrastructure, operating on behalf of users for hours or days, they need a durable, asynchronous execution engine for the work they are doing. Workflows provides exactly that: every step is independently retryable, the workflow can pause for human-in-the-loop approval, and each instance survives failures without losing progress. Moreover, workflows themselves are being used to implement agent loops and serve as the durable harnesses that manage and keep agents alive. Our Agents SDK integration accelerated this, making it easy for agents to spawn workflow instances and get real-time progress back. A single agent session can now kick off dozens of workflows, and many agents running concurrently means thousands of instances created in seconds. With Project Think now available, we anticipate that velocity will only increase. To help developers scale their agents and applications on Workflows, we are excited to announce that we now support: 50,000 concurrent instances (number of workflow executions running in parallel),
Vuln old enough to drive lands on CISA's exploited list While Microsoft was rolling out its bumper Patch Tuesday updates this week, US cybersecurity agency CISA was readying an alert about a 17-year-old critical Excel flaw now under exploit.…
Command prefix will require password by default The latest version of Raspberry Pi OS now requires a password for sudo by default.…
Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions. Pentera’s AI Security and Exposure Report 2026 reflects that momentum: every CISO surveyed
Open Rights Group says years of reliance on US giants have left Britain exposed Britain has spent years wiring its public sector into US Big Tech, and a new report says that dependence could quickly become a national security headache.…
An analysis by WIRED and Indicator found nearly 90 schools and 600 students around the world impacted by AI-generated deepfake nude images—and the problem shows no signs of going away.
[Release] Built an open-source Distributed Deception Hub to replace noisy alerts with high-fidelity tripwires. v1.0.0 is officially live.
Hey everyone, A while back I shared the early concept of a project I was building to get better visibility into internal networks (homelabs/SMBs). Today, HoneyWire v1.0.0 is officially released, stable, and ready to be deployed. I originally looked into solutions like Wazuh, but got tired of the traditional SIEM approach. Collecting gigabytes of legitimate traffic logs and constantly tuning out false positives was a massive resource drain. I just wanted a low-maintenance, high-signal solution for my LAN. So, I built HoneyWire. Instead of a "magnifying glass" approach, it uses a tripwire model. Instead of watching everything that goes through a legitimate door, you set up a fake door (or put sensors on existing doors that shouldn't be touched). If it trips, it’s not a misconfiguration it’s an active threat or lateral movement. It basically acts as an instant alarm system for your network. It’s completely free, open-source, and deploys in less than 60 seconds via docker compose. I built it for myself, but I'm sharing it because it might solve the same problem for someone else. With the v1.0.0 release, the architecture is production-ready. Here is a quick breakdown: * **The Dashboard:** Pure Go + SQLite backend serving a Vue 3 frontend. Uses WebSockets to instantly stream events and syntax-highlight forensic payloads. * **UI Alerts:** Native integrations for Discord, Slack, Ntfy, and Gotify. You manage keys, retention, and webhooks directly from the UI without editing text files. * **The Sensors:** Ships with official, statically-linked Go binaries: TCP Tarpits, Web Admin Decoys, File Canaries (FIM), ICMP Canaries, and Network Scan Detectors. * **Sandboxing:** Security is the priority. Everything runs in minimal Distroless containers as non-root users, with dropped Linux capabilities. * **Universal Standard:** The Hub is sensor-agnostic. I built a universal JSON contract, meaning you can write custom tripwires in Python, Bash, or Rust, send a payload, and the Hub will automatically parse it. I would absolutely love your feedback. I am excited to hear what experienced blue teamers think of this architecture, and I want to know where my blind spots are. Specifically: 1. What decoy or sensor types are absolute must-haves that I am currently missing? 2. Is the "Bring Your Own Sensor" JSON extensibility actually useful for custom environments, or does it introduce too much risk? 3. What gaps in the architecture would prevent you from testing this in a lab or SMB right now? 4. Would you find integration with existing enterprise SIEMs useful? Someone suggested using this tool alongside standard SIEMs to forward these high-fidelity logs, which sounds like an interesting next step. Here is the GitHub repo: [https://github.com/andreicscs/HoneyWire](https://github.com/andreicscs/HoneyWire) Please roast it as much as you can, I am here to learn. Thanks!
Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one is rated Low in severity. Ninety-three of the flaws are
OpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model, GPT‑5.4, that's specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos. "The progressive use of AI accelerates defenders – those responsible for keeping systems, data, and users safe – enabling them to find and fix problems
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “ BlueHammer .” Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution. Redmond warns that attackers are already targeting CVE-2026-32201 , a vulnerability in Microsoft SharePoint Server that allows attackers to spoof trusted content or interfaces over a network. Mike Walters , president and co-founder of Action1 , said CVE-2026-32201 can be used to deceive employees, partners, or customers by presenting falsified information within trusted SharePoint environments. “This CVE can enable phishing attacks, unauthorized data manipulation, or social engineering campaigns that lead to further compromise,” Walters said. “The presence of active exploitation significantly increases or
Crow-eye v0.9.0 is out! Now with Direct Forensic Image Parsing, a rebuilt Timeline, and full Linux support.
Hey everyone! we just released version 0.9.0 of Crow-eye, and it brings some major updates we've been working hard on. A big focus for us in this version was removing the friction of dealing with forensic images. We actually added direct support for analyzing images right inside Crow-eye, so you don't need any other mounting software to get started. You can just point it at the image and let it parse. Right now we support parsing directly from: \* E01 / Ex01 \* VHDX / VHD \* VMDK \* ISO \* Raw / DD We also decided it was time to move on from the old timeline prototype. We built a brand new version of the Timeline Visualization from the ground up, making it way easier to correlate everything and actually see the full picture in one place. https://preview.redd.it/t22zt7ty68vg1.png?width=3439&format=png&auto=webp&s=7d5bc5f51cb0e93029ce0641813636a068ba3d58 And finally, something a lot of people asked for: Crow-eye is now completely cross-platform! We updated all the parsers so they no longer depend on Windows APIs for offline artifacts. This means you can now run it natively on Linux to parse offline artifacts and process those forensic images without needing a Windows machine. GitHub : [https://github.com/Ghassan-elsman/Crow-Eye](https://github.com/Ghassan-elsman/Crow-Eye) Let me know how it runs for you, what you think of the new timeline, or if you run into any bugs or issues!
The company's new software keeps an eye on your agents and backs up data. Keep your agents close and your agent-monitoring software closer. Commvault’s new AI Protect can discover and monitor AI agents running inside AWS, Azure, and GCP environments and even roll back their actions when something goes wrong.…
One CVE under attack, one already disclosed by angry bug hunter, and 163 more Attackers exploited a spoofing vulnerability in Microsoft SharePoint Server before Redmond issued a fix as part of April's mega Patch Tuesday.…
Hello, I downloaded a sample from Malwarebazaar. It was a .bat file around 208.38 KB. I set it up into [AnyRun](https://any.run), and started the analysis. \--- **Threat Type:** XWorm v6.5 (RAT) + Stealer sold as Malware-as-a-Service. Capabilities include credential theft, keylogging, screenshot capture, file exfiltration, and hijacking of crypto wallets and accounts. **Execution Process:** 1. `.bat` file runs -> checks for sandbox using `findstr.exe` 2. Uses `certutil.exe` to Base64-decode an embedded payload 3. `cscript.exe` executes decoded VBScript, dropping `svchost.exe` (fake) to %TEMP% 4. Payload launches, copies itself to `%APPDATA%\main.exe` and the startup folder for persistence 5. Connects to C2 and sends system fingerprint via Telegram Bot API # IOCs **Dropper SHA256:** dea6cfb3234780ceeea718787e027cc6d2de18cfead1f8cc234e0ad268987868 **Dropped Payload SHA256:** 7f2b0ffbc5b149b4f9858589763bacdebf63ea1b3a00532e9278d613f75462ea * **C2:** `23.160(.)168.174:3212` * **AES Key:** `<666666>` * **Mutex:** `XUH24Sz2TPub4OF4` * **USB drop name:** `XWorm V6.5 by c3lestial(.)fun` Full Analysis: [https://app.any.run/tasks/1cd22443-8259-49c0-8e6e-a0ca93b0371c](https://app.any.run/tasks/1cd22443-8259-49c0-8e6e-a0ca93b0371c)
Last week, Anthropic announced it was restricting the initial release of its Mythos Preview model to "a limited group of critical industry partners," giving them time to prepare for a model that it said is "strikingly capable at computer security tasks." Now, the UK government's AI Security Institute (AISI) has published an initial evaluation of the model's cyberattack capabilities that adds some independent public verification to those Anthropic reports. AISI's findings show that Mythos isn't significantly different from other recent frontier models in tests of individual cybersecurity-related tasks. But Mythos could set itself apart from previous models through its ability to effectively chain these tasks into the multistep series of attacks necessary to fully infiltrate some systems. "The Last Ones" finally falls AISI has been putting various AI models through specially designed Capture the Flag challenges since early 2023, when GPT-3.5 Turbo struggled to complete any of the group's relatively low-level "Apprentice" tasks. Since then, the performance of subsequent models has risen steadily, to the point where Mythos Preview can complete north of 85 percent of those same Apprentice-level CTF tasks. Read full article Comm
The UK designated Xinbi Guarantee as an enabler of crypto scammers and human trafficking weeks ago. Telegram is still hosting it in plain sight.
Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution. The vulnerabilities have been described as command injection flaws affecting the Perforce VCS (version control software) driver. Details of the two flaws are below - CVE-2026-40176 (CVSS
Internal emails obtained by WIRED reveal how a conservative legal group with a direct line into FCC chairman Brendan Carr’s office built the case against Jimmy Kimmel and his employees.
When you hire an elite Red Team, you start with an implicit signal of their talent. You review their resumes, their standing within the research community, certifications with trusted vendors like OffSec and CREST. You assume they can navigate your specific tech stack and pivot through your environment. But in offensive security, assumptions are liabilities. […] The post Validating AI Pentesting with Explicit Signals from Synack Red Team appeared first on Synack .
Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level. "The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of vulnerabilities in a risky area, while also laying
Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive news stories into Google's Discover feed and trick users into enabling persistent browser notifications that lead to scareware and financial scams. The campaign, which has been
Honey, the skids are fighting again Two rival ransomware gangs have locked horns after 0APT threatened to expose people affiliated with Krybit.…
Phantom-Evasion-Loader: Phantom-Evasion-Loader is a standalone, pure x64 Assembly injection engine engineered to minimize the detection surface of modern EDR/XDR solutions and Kernel-level monitors like Falco (eBPF). It leverages advanced techniques such as SROP and Zero-Copy Injectio
A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on Meta. "Mirax integrates advanced Remote Access Trojan (RAT) capabilities, allowing threat actors to fully interact with compromised devices in real
OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%. The surge in AI-assisted development is creating a "velocity gap" where the density of high-impact vulnerabilities is scaling faster than
This post is part of a small blog series covering common Entra ID security findings observed during real-world assessments. Each article explores selected findings in more detail to provide a clearer understanding of the underlying risks and practical implications. Part 1: Privileged Foreign Enterprise Applications Part 2: Privileged Unprotected Groups Part 3: Weak Privileged Identity Management Configuration Conditional Access Policies Conditional Access policies are among the most important security controls in Entra ID. As the name suggests, they define under which conditions access is allowed within a tenant. They are used to enforce protections such as MFA, restrict access based on device state or location, and apply stronger controls to sensitive applications or privileged accounts. At the same time, Conditional Access is a broad and complex topic. The
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite I'm starting to become pretty fond of Bruce. Actually, I've had a bit of an epiphany: an AI assistant like Bruce isn't just about auto-responding to tickets in an entirely autonomous manner; it's also pretty awesome at responding with just a little bit of human assistance. Charlotte and I both replied to some tickets today that were way too specific for Bruce to ever do on his own, but by feeding in just a little bit of additional info (such as the number of domains someone was presently monitoring), Bruce was able to construct a really good reply and "own" the ticket. So maybe that's the sweet spot: auto-reply to the really obvious stuff and then take just a little human input on everything else.
Google Sites lure leads to bogus root certificate Imagine getting asked to do something by a person in authority. An unknown malware slinger targeting open source software developers via Slack impersonated a real Linux Foundation official and used pages hosted on Google.com to steal developers' credentials and take over their systems.…
The current version of RAGFlow, a widely-deployed Retrieval Augmented Generation solution, contains a post-auth vulnerability that allows for arbitrary code execution. This post includes a POC, walkthrough and patch. The TL;DR is to make sure your RAGFlow instances aren't on the public internet, that you have the minimum number of necessary users, and that those user accounts are protected by complex passwords. (This is especially true if you're using Infinity for storage.)
More than 70 organizations, including the ACLU, EPIC, and Fight for the Future, say the AI smart glasses feature would endanger abuse victims, immigrants, and LGBTQ+ people.
Travel giant says names, contact details, dates, and hotel messages potentially exposed Booking.com is warning customers that their reservation details may have been exposed to unknown attackers, in the latest reminder that the travel giant still can't quite keep a lid on the data flowing through its platform.…
Root cause: the $forbiddenphpstrings blocklist is only enforced in blacklist mode -> the default whitelist mode never touches it. The whitelist regex is also blind to PHP dynamic callable syntax (('exec')('cmd')). Either bug alone limits impact; together they reach OS command execution. Coordinated disclosure - patch available as of 4/4/2026.
Undisclosed number of names and contact and reservation details accessed in latest cybercrime attempt The accommodation reservation website Booking.com has suffered a data breach with “unauthorised parties” gaining access to customers’ details. The platform said it “noticed some suspicious activity involving unauthorised third parties being able to access some of our guests’ booking information”. Continue reading...
Last April, a hacker hijacked crosswalk announcements to mimic Mark Zuckerberg and Elon Musk. Records obtained by WIRED reveal how unprepared local authorities were.
Last week, a new BYOVD vulnerability (CVE-2026-29923) was discovered in pstrip64.sys driver, which allows an unprivileged user to escalate privileges to SYSTEM via a crafted IOCTL request. I just published a complete deep-dive on my GitHub covering the entire exploit lifecycle: ▪️Reverse-engineering the vulnerable IOCTL to gain a physical read/write primitive. ▪️ Building the Proof of Concept (PoC) from the ground up. ▪️ Actionable mitigation and detection recommendations for defenders. Enjoy the read, and feel free to DM me if you have any questions! ⚠️ Disclaimer: This write-up and code are provided strictly for educational and defensive research purposes only. Any malicious or unauthorized use is strictly prohibited.
To reduce the amount of noise from questions, we have disabled self-posts in favor of a unified questions thread every week. Feel free to ask any question about reverse engineering here. If your question is about how to use a specific tool, or is specific to some particular target, you will have better luck on the [Reverse Engineering StackExchange](http://reverseengineering.stackexchange.com/). See also /r/AskReverseEngineering.
Introducing the Glasswing-Readiness Assessment In my last post, we looked at the emergence of Anthropic’s Mythos and how it has collapsed the exploit timeline from weeks to days. But once you accept that the speed of the adversary has changed, a more difficult question remains for security leaders: What do we actually do now? The […] The post Become Mythos-Ready and Close the AI Coverage Gap with Synack appeared first on Synack .
drakoarmy/akamai-vm-reverse: Decompiled and cleaned Akamai v3 VM powering the latest sensor_data challenge script.
Plus: Iran’s internet blackout hits the 1,000-hour mark, cryptocurrency scams result in a record amount of money stolen from Americans, and more.
From AI-generated images to restricted satellite data, the systems used to verify what’s real online are struggling to keep up.
The Kill Chain models how an attack succeeds. The Attack Helix models how the offensive baseline improves. The Tipping Point One person. Two AI subscriptions. Ten government agencies. 150 gigabytes of sovereign data. In December of 2025, a single unidentified operator used Anthropic’s Clau
The Blind Spot As organizations race to deploy LLM-powered chat agents, many have adopted a layered defense model: a primary chat agent handles user interactions while a secondary supervisor agent monitors contextual input (i.e., chat messages) for prompt injection attacks and policy violations. This architecture mirrors traditional security patterns like web application firewalls sitting in front of application servers. But what happens when the supervisor only watches the front door? Indirect prompt injection is a class of attack where adversarial instructions are embedded not in the user’s direct input, but in external data sources that an LLM consumes as context: profile fields, retrieved documents, tool outputs, or database records. Unlike direct prompt injection, where a user explicitly sends malicious instructions through the chat interface, indirect injection hides the payload in data that the application fetches on the user’s behalf—often from sources the system implicitly trusts. During a recent engagement targeting a multi-model AI-integrated customer service solution, our team identified a weakness in the architecture that made it susceptible to indirect prompt injection attacks. The customer service solution consisted of an AI-enabled chat agent that processed user requests and a separate supervisor agent that monitored the chat communications for adversarial instructions and manipulation, including prompts injected into data provided to the agent via the chat window. The supervisor agent was effective in consistently detecting and blocking attempts to attack or manipulate the chat agent. However, by injecting adversarial instructions into user profile fields—such as a user’s name—that the chat agent would retrieve upon request, we were able to bypass supervisor protections and trick the chat agent into misinterpreting our user’s profile data as a prompt and executing our hidden instructions. The root cause is a fundamen
I got tired of juggling 10 different tools for DFIR, so I spent the last 9 months building an open-source alternative.
Hey everyone, I don't know about you, but I was getting seriously frustrated with how fragmented our tools are. Trying to piece together an investigation across Windows, Linux, and Mac artifacts usually means jumping between half a dozen different apps, and the centralized "all-in-one" solutions cost some money So, about 9 months ago, I decided to just try and build the tool I actually wanted to use. It's called **Heimdall DFIR**. **GitHub:** [https://raiseix.github.io/Heimdall-DFIR](https://raiseix.github.io/Heimdall-DFIR) Instead of a bunch of marketing buzzwords, here is what it actually does right now: * **One giant timeline:** It takes your artifacts (EVTX, MFT, Prefetch and other Windows artifacts Linux/Mac logs, etc.) and merges them into a single chronological grid. I spent a lot of time trying to make the output actually human-readable instead of just dumping raw JSON on the screen * **RAM Analysis:** I hooked it up to VolWeb (Volatility 3). You can upload massive memory dumps directly in the UI and it actually handles the stream without crashing the backend * **Collaborative mode:** Investigating alone sucks, so I added a side-chat and an evidence-pinning system so a team can look at the exact same case simultaneously **To be completely transparent with you all:** This is very much a Beta. It’s a massive undertaking and it’s still missing a lot of features I want to add before calling it a complete platform That’s honestly why I’m sharing it today. I’m hoping to get some brutally honest feedback from people who do this daily. What parsers are you constantly missing in open-source tools? What would make you actually want to use this? If anyone wants to spin it up (Docker compose is ready to go), break it, submit bug reports, or even contribute code to help build this out, I would be incredibly grateful. Let me know what you think. If you like the vision, a GitHub ⭐ helps a lot!
Posted by Jiacheng Lu, Software Engineer, Google Pixel Team Google is continuously advancing the security of Pixel devices. We have been focusing on hardening the cellular baseband modem against exploitation. Recognizing the risks associated within the complex modem firmware, Pixel 9 shipped with mitigations against a range of memory-safety vulnerabilities. For Pixel 10, Google is advancing its proactive security measures further. Following our previous discussion on "Deploying Rust in Existing Firmware Codebases" , this post shares a concrete application: integrating a memory-safe Rust DNS(Domain Name System) parser into the modem firmware. The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of vulnerabilities in a risky area, while also laying the foundation for broader adoption of memory-safe code in other areas. Here we share our experience of working on it, and hope it can inspire the use of more memory safe languages in low-level environments. Why Modem Memory Safety Can’t Wait In recent years, we have seen increasing interest in the cellular modem from attackers and security researchers. For example, Google's Project Zero gained remote code execution on Pixel modems over the Internet. Pixel modem has tens of Megabytes of executable code. Given the complexity and remote attack surface of the modem, other critical memory safety vulnerabilities may remain in t
Keyloggers: A Persistent Threat Nowadays, virtually all digital services rely on logins and authentication, from email inboxes to help desks. These involve login credentials to prove identity, typically at least a username and a password. Initially, this information is confidential from a potential attacker. Whi
GreyNoise uncovers a concentrated RDP scanning campaign, revealing infrastructure patterns, rapid traffic shifts that impact detection, and recommendations for defenders.
Anthropic’s Mythos announcement marks a genuine inflection point in the threat landscape. And for those of us who have spent careers watching it evolve, this one feels different. Building a reliable working exploit used to take a skilled attacker the better part of a year. With AI-powered offensive tooling, we’re looking at potentially days. That […] The post Mythos Changes Everything: Why Your Entire Attack Surface Is Now at Risk appeared first on Synack .
Posted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team Following our April 2024 announcement , Device Bound Session Credentials (DBSC) is now entering public availability for Windows users on Chrome 146, and expanding to macOS in an upcoming Chrome release. This project represents a significant step forward in our ongoing efforts to combat session theft, which remains a prevalent threat in the modern security landscape. Session theft typically occurs when a user inadvertently downloads malware onto their device. Once active, the malware can silently extract existing session cookies from the browser or wait for the user to log in to new accounts, before exfiltrating these tokens to an attacker-controlled server. Infostealer malware families, such as LummaC2, have become increasingly sophisticated at harvesting these credentials. Because cookies often have extended lifetimes, attackers can use them to gain unauthorized access to a user’s accounts without ever needing their passwords; this access is then often bundled, traded, or sold among threat actors. Crucially, once sophisticated malware has gained access to a machine, it can read the local files and memory where browsers store authentication cookies. As a result, there is no reliable way to prevent cookie exfiltration using software alone on any operating system. Historically, mitigating session theft relied on detecting the stolen credentials after the fact using a complex set of abuse heuristics – a reactive approach that persistent attackers could often circumvent. DBSC fundamentally changes the web's capability to defend against this threat by shifting the paradigm from reactive detection to proactive prevention, ensuring that successfully exfiltrated c