Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and the broader ecosystem," a Microsoft spokesperson told The Hacker News via email. "We temporarily removed some
Cybersecurity News and Vulnerability Aggregator
Cybersecurity news aggregator
Updated: 3:20 am
J/K Navigate / Search S Save V Open Link
— or
treemd <(curl -sL https://allsec.sh/md) (as Markdown) Top Cybersecurity Stories Today
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The activity has been attributed by Trend Micro to Earth Dahu (aka Gamaredon) and SHADOW-EARTH-066 (aka UAC-0226). It involves the exploitation of CVE-2025-8088, a path traversal flaw that allows an
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company’s monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft’s most dire “critical” rating, and exploit code for at least three of the weaknesses is now publicly available. The software giant said in a blog post last month that both its engineers and the security community are increasing using artificial intelligence tools to find bugs, meaning this month’s heavy Patch Tuesday may start to become the norm, said Satnam Narang , senior staff research engineer at Tenable . “Some surveys put AI usage among security professionals generally at 90%, so it’s unsurprising that this volume of patches may be the norm,” Narang said. “Pandora’s proverbial box has been opened, and as more advanced AI models become available, we expect the norm to continue upward across the board, not just for Patch Tuesday.” June’s zero-day bugs include CVE-2026-49160 , a denial of service vulnerability affecting a range of web servers, including Microsoft Internet Information Services (IIS). Microsoft says the flaw was reported by OpenAI’s Codex. Two of the zero-days addressed this month appear to stem from recent vulnerability disclosures by Nightmare Eclipse , the nickname chosen by a security researcher who has been dropping exploits for various Windows flaws. One of those, dubbed “GreenPlasma,” leverages an elevation of privilege weakness in the Windows Collaborati
AI is changing the economics of offensive security. Models can now accelerate vulnerability discovery, reason about attack paths, draft exploit logic, and speed up remediation guidance. For defenders, that is a meaningful step forward. It is also the hard part. The capabilities that help defenders move faster also help attackers because cyber AI is dual-use […] The post Trusted Access, Human Validation, and the Future of AI Pentesting appeared first on Synack .
Anthropic is releasing Claude Mythos 5 to trusted organizations and Claude Fable 5 to the public, a version it says can’t be used for cyberattacks.
Latest
Wednesday, June 10
How FCaptcha v1.11 and v1.12 detect AI agents that drive real browsers, using CDP input forensics, think-time cadence, and declared-agent matching. [https://github.com/WebDecoy/FCaptcha](https://github.com/WebDecoy/FCaptcha)
Enabled PMF on my AP, expected my deauth tool to fail. It didn’t. Even though every frame gets rejected by the crypto, flooding enough of them in aggressive mode still disconnected all three Android phones I tested (latest security patch). Took around 9 seconds on average. Has anyone else seen this on iOS, Windows, or IoT? Curious how widespread it is. For anyone asking; the tool scans and deauths in parallel so there’s no breathing room and the agressive mode is what let me discover this. [https://github.com/Ymsniper/KTO](https://github.com/Ymsniper/KTO)
Anthropic has begun rolling out a new model called "Fable," which is based on the same underlying model as Mythos, its most powerful AI model class. [...]
More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520)
Today, Ivanti published an advisory. “No way?” we hear you say. "Yes way!" a random dog screams back at you, across the street. Today’s rare advisory outlines two vulnerabilities in Ivanti’s Sentry product, appealing directly to our inner desire for sophisticated server-side, pre-authenticated vulnerabilities. With our inner desire only partially satisfied, we found adults who could help us read the advisory. We were kindly told that although Ivanti managed to provide minimal information, there are a few clues about what the supposed drama is about: CVE-2026-10520 An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution (Credit to Unknown, but not us) CVE-2026-10523 An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access (Credit to Bryan Lam)
Tuesday, June 9
[...]
I triaged this pattern hundreds of times. Here's the KQL that actually works (with noise reduction built in)
Most encoded PowerShell detections I see shared online look like this: SecurityEvent | where EventID == 4688 | where CommandLine has "-enc" Deploy that in a real enterprise and you'll get 100-200 hits a day, 95% of which are SCCM, Tanium, or Microsoft's own tooling. Analysts learn to ignore it within two weeks. That's how real detections get missed. After a decade in SOC operations I built a weighted scoring model for this instead. The encoding flag alone scores zero. It's the combination of indicators that triggers the alert: \*\*Score modifiers:\*\* \- +30: Office app or browser spawned PowerShell (Word, Excel, Outlook, Chrome, Edge) \- +25: Download cradle keywords in command line (DownloadString, WebClient, IWR, wget) \- +20: Execution from user-writable path (\\Temp\\, \\AppData\\, \\Downloads\\) \- +15: Hidden window flag (-WindowStyle Hidden) \- +15: Execution policy bypass (-ExecutionPolicy Bypass) \- +10: Non-interactive / no-profile flags A legitimate SCCM script that happens to use -enc scores 0. A phishing-delivered payload that spawns from Outlook with a download cradle and hidden window scores 70. You set the threshold at 30 or 40 and the noise drops dramatically. \*\*Full production KQL in the article\*\* (too long to paste here in full, but the core structure is): let BenignParents = dynamic(\["taniumclient.exe","ccmexec.exe","devenv.exe","msbuild.exe"\]); let HighRiskParents = dynamic(\["winword.exe","excel.exe","outlook.exe","chrome.exe","msedge.exe"\]); let DownloadCradles = dynamic(\["downloadstring","webclient","invoke-webrequest","iwr"\]); SecurityEvent | where EventID == 4688 | where NewProcessName endswith "\\\\powershell.exe" | where CommandLine matches regex @'(?i)-e\[nN\]?\[cC\](\[oO\]\[dD\]\[eE\]\[dD\]\[cC\]\[oO\]\[mM\]\[mM\]\[aA\]\[nN\]\[dD\])?\[\\s:\]' | where not(ParentProcessName has\_any (BenignParents)) | extend Score = 0 | extend Score = Score + iff(ParentName in\~ (HighRiskParents), 30, 0) | extend Score = Score + iff(CmdLower has\_any (DownloadCradles), 25, 0) // ... (continues with remaining modifiers) | extend AlertSeverity = case(Score >= 60, "Critical", Score >= 40, "High", Score >= 20, "Medium", "Low") | where Score >= 20 \*\*A few things I've learned deploying this:\*\* 1. Build your BenignParents allowlist before deploying. Run the basic detection against 7 days of logs, export ParentName, add anything appearing 20+ times that's legitimate in your environment. 2. Start threshold at 30 in noisy environments. Tune down as you build confidence. 3. Set alert grouping by Computer in Sentinel with a 24h window or you'll get 20 identical incidents instead of one. 4. PowerShell 2.0 is a blind spot. Add a separate rule for \`-version 2\` combined with encoding flags — no script block logging at all in v2. 5. When this fires High or Critical: decode the Base64 first before isolating. You need to know if it's fileless before you pull the network cable. MITRE: T1059.001 + T1027. When combined with an Office parent, the chain is T1566.001 → T1204.002 → T1059.001 → T1105. Full article with complete KQL, scoring table, and triage steps: [socauthority.com/blog/how-to-detect-powershell-encoded-commands-sentinel-kql/](http://socauthority.com/blog/how-to-detect-powershell-encoded-commands-sentinel-kql/) Happy to answer questions or discuss tuning approaches for specific environments.
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company’s monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft’s most dire “critical” rating, and exploit code for at least three of the weaknesses is now publicly available. The software giant said in a blog post last month that both its engineers and the security community are increasing using artificial intelligence tools to find bugs, meaning this month’s heavy Patch Tuesday may start to become the norm, said Satnam Narang , senior staff research engineer at Tenable . “Some surveys put AI usage among security professionals generally at 90%, so it’s unsurprising that this volume of patches may be the norm,” Narang said. “Pandora’s proverbial box has been opened, and as more advanced AI models become available, we expect the norm to continue upward across the board, not just for Patch Tuesday.” June’s zero-day bugs include CVE-2026-49160 , a denial of service vulnerability affecting a range of web servers, including Microsoft Internet Information Services (IIS). Microsoft says the flaw was reported by OpenAI’s Codex. Two of the zero-days addressed this month appear to stem from recent vulnerability disclosures by Nightmare Eclipse , the nickname chosen by a security researcher who has been dropping exploits for various Windows flaws. One of those, dubbed “GreenPlasma,” leverages an elevation of privilege weakness in the Windows Collaborati
[https://www.youtube.com/watch?v=3WqOP2iL6R0](https://www.youtube.com/watch?v=3WqOP2iL6R0) The FBI is announcing Operation Riptide, an ongoing, coordinated law enforcement campaign targeting criminal actors and the key services they rely on, their infrastructure, their tools and services, their communications platforms, and their money.
ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances. [...]
Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users. [...]
It seems Chaotic eclipse has release a new Windows Defender Vulnerability by the name RoguePlanet. It is worth mentioning today is Patch Tuesday. Found here: [https://github.com/MSNightmare/RoguePlanet](https://github.com/MSNightmare/RoguePlanet)
SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud. [...]
Writing my own virtualized loader is something I’ve been wanting to do since I first read Microsoft’s deep dive on FinFisher’s multi-layered VM obfuscation back in 2018. FinFisher didn’t just use one layer of protection, it implemented a custom virtual machine with 32 opcode handlers, wrapped that in spaghetti code and anti-debug checks, and then buried a second VM inside the 64-bit payload. Microsoft’s researchers had to write their own IDA plugins and build a full opcode interpreter just to understand what the malware was doing. The idea that you could interpose an entire bytecode interpreter between your real logic and an analyst’s tools, making both static and dynamic analysis incredibly difficult, stuck with me. I made real progress toward this over
AI is changing the economics of offensive security. Models can now accelerate vulnerability discovery, reason about attack paths, draft exploit logic, and speed up remediation guidance. For defenders, that is a meaningful step forward. It is also the hard part. The capabilities that help defenders move faster also help attackers because cyber AI is dual-use […] The post Trusted Access, Human Validation, and the Future of AI Pentesting appeared first on Synack .
Microsoft has released the Windows 10 KB5094127 extended security update, which fixes the June 2026 Patch Tuesday vulnerabilities and adds new functionality to monitor the rollout of updated Secure Boot certificates that replace those expiring this month. [...]
Overview Microsoft-signed UEFI bootloaders of the open-source shim project, primarily from version 0.9 and earlier, were identified as vulnerable to Secure Boot bypass. To mitigate this risk, the affected bootloaders will be added to the Microsoft UEFI Forbidden Signature Database (DBX). Once the DBX update is applied, these bootloaders will no longer be trusted for execution during the boot process. An attacker could exploit these vulnerable shim bootloaders using a Bring Your Own Vulnerable Driver (BYOVD)-style technique to execute arbitrary code during the early boot phase, prior to operating system initialization, thereby bypassing Secure Boot protections. Description The Unified Extensible Firmware Interface (UEFI) standard defines the modern firmware architecture used to initialize hardware and transfer control to the operating system during system startup. On systems with Secure Boot enabled, UEFI applications and drivers must be cryptographically signed and verified before execution. Trust for these signatures is established through several firmware-managed databases, including the authorized signature database (DB), which commonly contains the "Microsoft Corporation UEFI CA 2011" certificate. This Microsoft certificate is widely used to sign third-party boot components intended to run under Secure Boot. The open-source UEFI shim project is a small, signed bootloader that Microsoft signed using the "Microsoft Corporation UEFI CA 2011" certificate. Shim acts as a bridge between the motherboard's UEFI firmware and the operating system (typically a Linux distribution). Its purpose is to allow Linux distributions to boot with Secure Boot enabled without requiring every individual distribution's key to be built into the motherboard's NVRAM settings. In doing so, shim allows Linux distributions and other third parties to esta
What are your recommendations for platforms to post IOCs on?
Microsoft has released Windows 11 KB5094126 and KB5093998 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]
Meta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond targeted ads. "Businesses often share information about people's activity on their sites with us to make ads more relevant," Meta said in a statement. "We already use this data - like games you play
Anthropic is releasing Claude Mythos 5 to trusted organizations and Claude Fable 5 to the public, a version it says can’t be used for cyberattacks.
Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," Veeam said in a Tuesday advisory. It
Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and the broader ecosystem," a Microsoft spokesperson told The Hacker News via email. "We temporarily removed some
Tech company says it ‘caught and disrupted’ NSO Group’s attempts to access accounts in Jordan and Lebanon A spyware firm has been targeting WhatsApp users with malicious links in contravention of a US court order forbidding it from doing so, Meta has said. In a post, Meta said WhatsApp had “caught and disrupted spear phishing attempts” by NSO Group, which a spokesperson said targeted a handful of users in Jordan and Lebanon. It had also caught the group creating “test accounts and groups” on WhatsApp. Continue reading...
Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers. [...]
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The activity has been attributed by Trend Micro to Earth Dahu (aka Gamaredon) and SHADOW-EARTH-066 (aka UAC-0226). It involves the exploitation of CVE-2025-8088, a path traversal flaw that allows an
University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate itself, all without human intervention and without touching a commercial AI service. The preprint, posted to arXiv on
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome's JavaScript and WebAssembly engine. "Out-of-bounds read and write in V8 in Google Chrome prior to 149.0.7827.103
Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort. But the same challenges persist. Outages still last hours, causing significant financial losses, operational disruption, and reputational impact. Threat response and mean time to
Worm is a desktop forensic acquisition tool for authorized investigations. It brings disk imaging, memory acquisition, Android collection, hash verification, case output handling, image viewing, and reporting into one native application. The app runs as a real desktop window on Linux and Windows. [https://github.com/noirlang/worm](https://github.com/noirlang/worm) [https://worm.noirlang.tr/](https://worm.noirlang.tr/)
DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government's encrypted messaging platform. [...]
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the drive for contention in the background. Researchers at Graz University of Technology built it and
The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems. "The compromised releases shipped a *-setup.pth file that attempts to execute automatically
Microsoft Entra Agent ID introduces dedicated identity concepts for AI agents in Entra ID. While agent identities are based on the existing service principal infrastructure, they add agent-specific objects and relationships such as agent blueprints, blueprint principals, agent identities, agent users, and dedicated authentication flows. From a security perspective, the important question is not only whether such agents exist in a tenant. It is also important to understand how agent identities differ from traditional service principals, such as enterprise applications. This includes identifying who controls them, how they authenticate, and what they can access. Introduction This post does not aim to provide a complete technical introduction to every Entra Agent ID object or authentication flow. These concepts are only summarized briefly to provide enough context for the security-relevant observations in the following sections. New Agent ID Objects With Entra Agent ID, Microsoft introduced several new objects and relationships for representing AI agents in Entra ID. These objects differ from the traditional App Registration and Enterprise Application model. In the traditional model, the relationship is usually relatively simple: an app registration defines the application, and an enterprise application represents the tenant-specific service principal. With Entra Agent ID, this model becomes more layered. Depending on the scenario, the relevant objects may include an agent blueprint, a blueprint principal, one or more agent identities, and optionally agent users.
Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. [...]
Monday, June 8
New variants of the NFCShare Android malware are being distributed as fake updates for legitimate banking apps hosted on GitHub. [...]
Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw, CVE-2026-23111, sits in the kernel's nf_tables packet-filtering code and was patched upstream on February 5, 2026. Exodus Intelligence released its full technical walkthrough on June 8, and it is not even
Fake Interview deploys stealthy cross platform (macOS/Windows) through npm package install in take home assessment
NPM supply chain hidden as main payload in a take home project for a fake job interview..
The code WIRED identified is gone from the latest version of Meta AI, the companion app for the company’s smart glasses. Meta won’t say why or whether it’s coming back.
Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group. In addition, the tech giant said it's filing a federal court contempt order against the company for violating a permanent injunction that barred it from targeting WhatsApp and its users. "They tried to trick people into clicking on malicious links to drive them to external websites
HTTP/2 HPACK amplification: detection signatures + the nginx/Apache directives that actually stop it (lab- & vps verified)
Open harness for authorized lab validation: Whole Project --> https://github.com/Leviticus-Triage/APEX-Ngin2dos Lab write-up on HTTP/2 **HPACK amplification** (the "HTTP/2 bomb" primitive) — studied across nginx, Apache httpd, Envoy, Pingora and IIS with hard 8 GiB memory caps. **For defenders:** - **Detect:** low wire-bytes / high header-count on HTTP/2; worker RSS climbing without a traffic spike and not receding after disconnects - **Apache-specific:** cookie-crumb merge path bypasses `LimitRequestFields` on pre-2.0.41 `mod_http2` - **Harden:** patch first (nginx ≥ 1.29.8 + `http2_max_headers`; httpd mod_http2 ≥ 2.0.41), then stream/conn caps, tighter timeouts, emergency HTTP/2 disable - **Verify:** authorization-gated harness to confirm your fix actually stops RSS climb (not just on paper) **Lab numbers:** httpd ~0.19 MB wire → 8 GiB; nginx ~200 MB → 8 GiB. Single-IP caveat: ~31 concurrent bombs from one public IPv4, no persistent OOM. Feedback on detection beyond rate-limiting welcome.
Phishing has always been a numbers game. AI has turned it into a volume machine. Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another link to inspect, and another alert that cannot be dismissed at a glance. As the queue grows, a credential theft attempt or malware delivery can easily
Mythos is real. I know a big chunk of the industry thinks it's a marketing stunt, and I get why. I get it. But I've seen the findings, and they're bad. These aren't "whoops, this line right here is wrong, and that's RCE." They're novel combinations of a few dozen issues out of thousands of things every SAST scanner already finds, chained together into something much worse. It's real creativity,
COPENHAGEN, Denmark, June 8, 2026 – Heimdal has achieved ISAE 3000 SOC 2 Type II certification for the sixth consecutive year, reflecting the company’s continued focus on operational security, accountability, and data protection. The 2026 audit covered the period from 1 April 2025 to 31 March 2026 and examined Heimdal’s controls across access management, data […] The post Heimdal® Marks Six Years of Consecutive ISAE 3000 SOC 2 Type II Certification appeared first on Heimdal Security Blog .
A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems. The activity has been attributed by Volexity to a threat cluster it tracks as VerdantBamboo, which it said overlaps with hacking groups known as Clay Typhoon (Microsoft),
Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026. The activity has been attributed by Google Mandiant and Google Threat Intelligence Group (GTIG) to a threat actor dubbed UNC3753, which is also known as
To reduce the amount of noise from questions, we have disabled self-posts in favor of a unified questions thread every week. Feel free to ask any question about reverse engineering here. If your question is about how to use a specific tool, or is specific to some particular target, you will have better luck on the [Reverse Engineering StackExchange](http://reverseengineering.stackexchange.com/). See also /r/AskReverseEngineering.
Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in an attempt to tackle software supply chain threats. "When automatic updates are enabled, new versions are auto-updated two hours after they are published, adding an extra layer of protection
A WIRED timeline shows how dozens of governments, companies, and other organizations across Europe are moving, or planning to shift, away from US Big Tech.
Sunday, June 7
Slapping an LLM onto a security tool without guardrails is a massive liability. In digital forensics and incident response (DFIR), an AI hallucination can ruin an entire chain of custody. An answer without mathematical, binary proof is completely worthless. If an AI agent cannot anchor its reasoning to exact offsets, hashes, and unmanipulated timestamps, it has no business touching forensic data. With **Crow-Eye v0.11.0**, we are pushing a massive update to our full-spectrum forensic lifecycle platform. This release introduces a hardened AI compliance architecture and completely upgrades the core correlation engines. We are treating the underlying intelligence layer like a highly supervised junior analyst. Everything it sees is hashed, everything it thinks is visible, its memory management is strictly audited, and its ability to alter rules is completely sandboxed. Here is exactly how we are enforcing forensic integrity under the hood in v0.11.0: # 1. AI Compliance & Governance # Evidence Seal & Cryptographic Chain of Custody Every single time the AI interacts with your forensic data, it is cryptographically verified. * **The Process:** Before any payload is passed to the AI model, the `evidence_seal.py` service steps in. * **Hashing & Provenance:** It calculates the SHA-256 hash of the exact bytes being sent and attaches metadata tracking the absolute source (e.g., `database:table:rowid`), token count, and the specific AI model used. * **Hash-Chaining:** This metadata is written to an append-only JSONL ledger. Each new record incorporates the hash of the previous record. If a single byte of historical evidence is tampered with, the entire cryptographic chain breaks instantly. # The TruncationAuditor Service (Context Auditing) AI context windows are a massive compliance bottleneck. Silent truncation—where a tool quietly drops data when limits are exceeded—is unacceptable in an investigation. The `TruncationAuditor` service acts as a strict forensic bookkeeper to log exactly how history is modified during our Self-Healing Context routine. * **The Append-Only Audit Log:** Events are permanently written to `<case>/EYE_Logs/truncation_audit.log`, tracking whether data was compressed (`SUMMARIZED`) or entirely removed (`TRUNCATED`). * **High-Fidelity Tracking:** Every single dropped or compressed message records its unique Message ID, token count, reason (e.g., `budget_exceeded`), extra JSON metadata, and a SHA-256 Content Hash of the exact message text to mathematically prove what was removed. * **Tamper-Evident Hash-Chaining:** Each log entry combines its content with the hash of the previous log line using a `chain=...` signature. If a rogue actor manually deletes a record from the text log to hide missed evidence, the chain breaks instantly, and the `verify_chain()` check fails. * **Protocol Compliance Panel:** The auditor exports this ledger into a structured JSON array (`audit_trail.json`). The React UI reads this to give investigators a clean visual timeline of exactly what was preserved, summarized, or dropped. https://preview.redd.it/7yysi31xgu5h1.png?width=3394&format=png&auto=webp&s=16032abda1bbbccd2986be1479e37a0c45ec5a69 # The ThinkingStep Protocol (Anti-Black-Box Streaming) The AI is hard-coded to "show its work." The `ThinkingStep` protocol bridges the Python backend (`eye_bridge.py` and `query_processor.py`) and the React frontend (`EyeDialogue.tsx`), streaming real-time updates over `QWebChannel` across 4 distinct, auditable phases: * **Phase 1: thinking (Intent Detection):** The backend queries the LLM to determine intent (e.g., separating general questions from direct MFT queries). The UI displays "Analyzing request..." * **Phase 2: rag (Retrieval-Augmented Generation):** The backend searches local forensic rules inside `configs/knowledge_base/` (like pulling up Living off the Land tactics for PowerShell analysis) and shows you exactly what was fetched. * **Phase 3: tool\_call (Execution):** If the AI needs hard data, it sends a structured command to the backend to fire off a tool (e.g., executing a raw SQLite database query). The UI displays a dedicated "Tool Execution" block exposing the exact arguments, execution status, and raw JSON payloads returned. This layer loops sequentially if multiple tools are required. If a tool fails on a bad SQL query, the step turns red, exposes the raw Python exception, and allows the AI to catch the error in its context to heal and try a corrected query. * **Phase 4: synthesis (Final Generation):** The backend bundles the RAG knowledge and tool results securely using the Evidence Seal, routing them to the model to stream out the final human-readable response. * **UI Transparency:** In the frontend, these phases are rendered as interactive, collapsible accordion blocks. You can expand a tool block to verify every database query syntax or piece of documentation the AI used before arriving at its final conclusion. # Governance Enforcement Protocols (GEP Rules 9-11) When the AI acts as an author (like generating correlation rules), it is locked down: * **Reasoning Required (R9):** The AI cannot create or edit any rule without rendering a clear text justification. * **Evidence Linking (R10):** The AI cannot hallucinate a rule. It must bind it back to the exact physical forensic artifact (`related_evidence`) that prompted it. * **Read-Only Built-ins (R11):** The AI is strictly sandboxed from modifying human-authored rules or built-in system defaults. # 2. Core Engine Upgrades With the AI heavily supervised, v0.11.0 also delivers massive architectural upgrades to the data engines feeding the platform. **Advanced Core Correlation Engine Upgrade** An adversary leaves footprints across multiple layers of the system simultaneously. * **Deep Artifact Stitching:** Crow-Eye automatically maps the connective tissue between Master File Table (MFT) records, Registry hives, LNK files, and Jump Lists. * **Instant Timeline Reconstruction:** The engine identifies non-obvious relationships instantly, allowing you to trace an execution lifecycle from initial file access straight to system persistence without manual cross-referencing. **Ironclad Identity Engine Upgrade** Attributing actions to specific security identifiers (SIDs) in modern Windows 11 environments can get incredibly messy during high-stress triage. * The upgraded **Identity Engine** brings precise, deterministic execution-context tracking. It resolves user sessions, elevation states, and mapped SIDs with absolute certainty, eliminating ambiguity during credential abuse investigations. For the next release, I am focusing completely on user bugs and performance edge-cases. Please feel free to contact me for any bug reports or support queries you can find all of my direct contact details on the official website:https://crow-eye.com/ **GitHub:**[https://github.com/Ghassan-elsman/Crow-Eye](https://github.com/Ghassan-elsman/Crow-Eye) for the full details of the Resale notes please check [https://github.com/Ghassan-elsman/Crow-Eye/releases/tag/0.11.0](https://github.com/Ghassan-elsman/Crow-Eye/releases/tag/0.11.0) Good hunting,
EDRChoker uses **Policy-based Quality of Service (QoS)** to set hard bandwidth caps (throttling) on Endpoint Detection and Response (EDR) agents, causing them to always time out - effectively blocking them.
I recently learned about multiple sandbox bypasses discovered in Twig by project Glasswing. From the descriptions, only CVE-2026-46640 and CVE-2026-46633 seemed universally exploitable, so I decoded to research them. This writeup documents my development of payloads for the CVE-2026-46640 and the corresponding SSTImap module.
Saturday, June 6
OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. The feature is primarily designed for people and organizations that handle sensitive data and require stricter protection guarantees. Lockdown Mode is available to logged-in users across Free, Go, Plus, and Pro, and
Plus: Hackers use Meta’s AI bots to hack Instagram accounts, Anthropic helps NSA hackers, a decades-long GPS satellite mystery may have been solved, and more.
Friday, June 5
At Gartner SRM 2026 this week I gave a talk called “Cutting Through AI Noise: Defending Against Machine-Speed Cyber Adversaries.” The room was full of security leaders who’ve been through enough hype cycles to be skeptical of seeing AI on the label. That skepticism is warranted, and I built the session around it. Here’s what […] The post What I Told Security Leaders at Gartner SRM 2026 appeared first on Synack .
Thursday, June 4
Adversaries have always relied on legitimate tools to carry out their attacks. These tools are already trusted by security solutions, which allows them to blend in with normal activity, maintain a low footprint, and make detection much harder for defenders. By using these legitimate tools, adversaries can carry out a wide range of a
In our last post we used a Claude skill to systematically beat down VirusTotal detection rates on offensive security tools, with a brief mention of a new loader we’d been using to apply those techniques in bulk. This post is about that loader, which we call WasmForge. WasmForge is, from the user’s perspective, a build wrapper. You point it at a Go project and you get back a Windows or macOS binary that runs your tool but doesn’t look anything like it. Internally it’s a lot more. It’s a Go-to-WebAssembly compiler, a custom Wazero fork, around eighty host shim functions for MacOS and Windows APIs, and a healthy amount of evasion techniques from our previously discussed skill. The whole pipeline exists to solve one specific problem: take an existing offensive security tool, change zero lines of its source code, and produce a binary you can actually drop on a hardened endpoint. The Tool Authors Won, Then The Tool Authors Lost Many red team engagements can be completed using the same handful of established tools. Sliver for
One thing that kept slowing me down during investigations and security assessments wasn't exploitation. Once I had initial access (e.g. Domain Admin), there is often still a large gap in demonstrating the exploitability of business-critical assets. You might tell a customer, "I got Domain Admin, job done". But in reality, that’s not always enough. A CISO may understand why it’s critical, but what would the CTO or CEO say? They need dead-head proofs, so you go beyond and look for business-critical assets, that\`s where post-exploitation begins!) My small research is about logs. Windows ones. Collecting Windows Event Logs does not simply mean copying EVTX files. We\`ve got some problems here :) \- How do I acquire logs when Windows blocks direct access? \- How do I exfiltrate the content? \- How do I process it? \- How do I work around AV, even trying to read it? \- How do I get even some use out of it? In practice, things become more complicated when investigating live systems. Windows keeps many log files open and actively written to. After several iterations I ended up building a small open-source project called LogHound. I'm curious how other people here approach large-scale log analysis during: * DFIR investigations * Red Team operations * malware analysis * incident response * system troubleshooting So here is how i solved all the problems: **How do I acquire logs when Windows blocks direct access?** We know - Windows blocks every .evtx file with process and does not let anyone to read\\copy\\download it. So we\`re looking for a simple solution As it is a post-exploitation engagement, we could make use of native Windows tools, especially - wevtutils. A small command lets us do all the dumping/filtering job `wevtutil epl Security "%s" /q:%s` **How do I exfiltrate the content?** As we are talking about Red Team engagements, we would like to make use of smth legitimate and widespread everywhere - and impackets smb library fits the best here. Minimum load logs, straightforward protocol and speed. **How do I process it?** If I were in a defender role, I would probably use some PowerShell module or GUI. Here we do not have such privileges, so Python\`s evtx lib + multithreading + filtering at start help to do the job quickly. **How do I work around AV, even trying to read it?** Well, nowadays you cannot just log in to Windows, get some shell and execute commands. 99% of available pentester tools would be blocked by every EDR, so we are also looking for smth legit and widespread. Most reason that is not the case with GitHub tools - EDRs collects behavioral patterns even with legit protocols and detects it easy. I\`ll use a legit WMI query with Win32\_Process.Create, hoping I won't leave a lot of indicators... and, for now, it works! **How do I get even some use out of it?** Collecting post-exploitation data is a fun process, but you can't really make a profit from gigabytes of raw data, and I\`m glad there are strong visualisation frameworks like BloodHound. It has a pretty convenient JSON scheme and, if not very adaptive but usable API. So I decided - importing that data to the BloodHound scheme would work out the best. And after all, we could continue our post-exploitation activities with a bit more useful information :) Project: [LogHound GitHub Repository](https://github.com/RNB-Team/LogHound)
At Accenture’s scale, training alone cannot solve every security problem. That was the reality facing Kris Burkhardt, Global CISO at Accenture. With a workforce of more than 800,000 people, close to 80,000 new hires each year, and a sprawling global attack surface, traditional penetration testing was no longer enough. A once-a-year compliance audit may check […] The post How Accenture Turned Penetration Testing Into a Force Multiplier for Security appeared first on Synack .
Learn four practical ways GreyNoise improves SOC outcomes—from reducing alert volume and surfacing targeted threats to identifying compromised hosts.
Wednesday, June 3
Four people suing Elon Musk's AI firm under pseudonyms due to the risks of being identified may face a difficult choice: Reveal your real names, or drop the lawsuit.
VU#595768: Securly Chrome Extension contains multiple weak encryption and access control vulnerabilities
Overview Version 3.0.7 of the Securly Chrome Extension contains multiple vulnerabilities involving insecure data transmission, weak cryptography, and improper access control. These issues may expose sensitive filtering rules, enable the manipulation of downloaded configuration files, and allow unauthenticated access to protected resources. An attacker could exploit these weakness to steal configuration information, induce a Denial of Service (DoS), or modify content blocking rules for student users. Description The Securly Chrome Extension is a browser add-on commonly used in K–12 school-managed Chromebooks to enforce internet safety policies, filter or block websites, and provide activity monitoring for students. It is an element of the Securly classroom management platform, which helps schools comply with web filtering requirements and safely manage student online access. CVE-2026-8874 Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch Internet Watch Foundation (IWF) and Children's Internet Protection Act (CIPA) data over HTTPS, demonstrating an inconsistent implementation of TLS. CVE-2026-8876 The Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js . These keys decrypt crisis alert keyword data and intervention site data. CVE-2026-8878 The Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that are inadequately obfuscated using a simple Caesar ciph
🚨 PCPJack's SMTP Toolkit Dissected: 3 Deployer Generations, Multi-Arch Chisel, and a Full EHLO/STARTTLS Verification Loop
PCPJack left a 12-file toolkit sitting on an open C2 directory, port 8444, no auth. Three multi-arch Chisel binaries, a Sliver-integrated deployer with three visible generations of iteration, and a persistent daemon handling EHLO/STARTTLS verification before enrolling hosts into the relay pool. One deployment wave, 230 beacons confirmed in state logs. Complete toolkit dissection, three deployer generations, and binary analysis here: [https://hunt.io/blog/pcpjack-230-cloud-servers-smtp-proxy-network-sliver-chisel](https://hunt.io/blog/pcpjack-230-cloud-servers-smtp-proxy-network-sliver-chisel)
I recently analysed a malvertising campaign where the attackers are using ChatGPT / OpenAI branding to deceive users into downloading malware. https://evalian.co.uk/fake-chatgpt-malvertising-campaign/
Public skill marketplaces are being flooded with malicious skills that steal credentials, exfiltrate data, and hijack agents. In response, a segment of the security industry released skill scanners, a new family of tools designed to detect malicious skills before they’re installed. But we tested them, and they don’t work. We recently bypassed ClawHub’s malicious skill detector , Cisco’s agent skill scanner , and all three of the scanners integrated into skills.sh . These were not advanced attacks: it took us less than an hour to conceive and implement three of the four malicious skills in trailofbits/overtly-malicious-skills , using standard tricks and rapid inspection of the scanner source code. The fourth malicious skill took a few hours, but only because the prompt injection required some trial and error. Our findings demonstrate that even when skill scanners have some defenses, their static nature gives an adversary unlimited bites at the apple to tweak an attack until it finds a way through. Why skill security matters Software supply chains have long been the soft underbelly of computer security. As fragile infrastructure susceptible to both insider threats and external attackers, these supply chains were vulnerable enough when malicious code was the sole vector of compromise. But the rise in agentic systems has spawned a new style of dependency—the skill—and with it a whole new ecosystem of marketplaces and distribution channels that now run alongside traditional package managers. Malicious skills can embed harmful instructions in nat
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Today, we welcome the 46th government onboarded to Have I Been Pwned’s free gov service: the Philippines. The Philippines’ National CERT, working with the Department of Information and Communications Technology, now has access to monitor official government domains against the data in HIBP. This gives their Cyber Threat Intel and Monitoring Section the ability to identify exposure across government email addresses and respond quickly when those accounts appear in new data breach. This is precisely what the HIBP government service was built for: helping national cyber teams better understand credential exposure across their government domain space, monitor for compromised accounts on demand via API, and receive notifications when government domains are impacted by newly loaded breach data. The Philippines joins a growing list of national CERTs and government cybersecurity teams using HIBP to help strengthen national cyber defense, protect government departments and resources, and reduce the risk posed by compromised credentials before attackers can take advantage.