Deep dives into AI security, offensive techniques, compliance frameworks, and emerging threats.
A typosquatted, malware-laced "Privacy Filter" model on HuggingFace racked up 244K downloads before being flagged, illustrating how AI model hubs have become a new software supply chain attack surface.
Two now-patched Semantic Kernel vulnerabilities (CVE-2026-26030 and CVE-2026-25592) show how prompt injection plus unsafe plugin design can lead to host-level RCE. Learn what went wrong, whether you’re affected, and how to harden your AI agent architecture.
Dirty Frag is a newly disclosed Linux kernel local privilege escalation chain following Copy Fail (CVE-2026-31431). With a public exploit and confirmed in-the-wild attacks, defenders must patch immediately or blacklist affected modules.
OpenAI expanded access to GPT-5.5-Cyber on May 7, one day after the UK AI Security Institute published side-by-side results showing it nearly matches Anthropic's restricted Mythos Preview. Both labs now run dual-use AI cyber programs with vetted-access gates. Here is what that means if you are a defender trying to get your hands on these tools.
CVE-2026-6973, a zero-day in Ivanti EPMM, is under active exploitation and was added to CISA’s Known Exploited Vulnerabilities catalog on May 7, the same day Ivanti released its advisory. On‑prem EPMM admins have until May 10 to patch under the federal mandate.
Rapid7 found that an intrusion attributed with moderate confidence to MuddyWater, Iran’s MOIS-linked APT, used Microsoft Teams social engineering to steal credentials and bypass MFA, then deployed Chaos ransomware as a false flag while the real objective was espionage and persistent access.
Kaspersky GReAT found that official DAEMON Tools installers were backdoored from April 8 to May 5, 2026, by a Chinese-speaking actor who used a valid developer certificate to hide malware across thousands of installations in 100+ countries.
ShinyHunters breached Instructure, the company behind Canvas LMS, via API key compromise and claimed 3.65 TB of data from 275 million accounts across 9,000 institutions. Here is what happened, what data is at risk, and what affected institutions should do today.
A Nature Communications study reports a 97.14% jailbreak success rate using autonomous reasoning attackers. Here’s what that actually measures, what it doesn’t, and the concrete steps security and platform teams should take to harden real-world LLM deployments.
A forensic walkthrough of how TeamPCP compromised Aqua Security's Trivy GitHub Action, poisoned release tags, and used CI/CD pipelines as a stealthy exfiltration layer to reach Cisco source code.
Trend Micro has disclosed SHADOW-EARTH-053, a China-aligned APT active since December 2024 that has been targeting government and defense organizations across seven Asian countries and Poland. This post breaks down the campaign’s objectives, tradecraft, and what regional defenders can do next.
CVE-2026-31431 is a nine-year-old Linux kernel flaw that just landed on CISA's KEV list. A tiny 732-byte Python script can get root on most major distros released since 2017. Here’s what the bug is, why it matters, and how to respond fast.
Hugging Face’s LeRobot framework exposes an unauthenticated gRPC service that calls pickle.loads(), yielding remote code execution (CVE-2026-25874, CVSS 9.3). The issue is unpatched; immediate mitigations focus on strict network isolation and port blocking.
CVE-2026-42208 turns vulnerable LiteLLM proxies into master keys for OpenAI, Anthropic, and AWS Bedrock credentials. Here’s how the SQL injection works, why LLM proxies are prime targets, and what you must do now: patch to v1.83.7-stable, disable error logs if you can’t, and rotate every API key on exposed instances.
Vimeo confirmed an Anodot-linked breach April 28. ShinyHunters set an April 30 leak deadline. The architecture is the 2024 Snowflake-customer wave relaunched through a SaaS-analytics middle-tier, and any third-party integration holding a customer warehouse token is now in scope.
Microsoft's Agent ID Administrator role was meant for agent-related objects only. Silverfort showed it could take over any service principal in the tenant. The bug is fixed, but the failure mode generalizes to every identity provider racing to ship AI-agent identities.
Aonan Guan and Johns Hopkins researchers demonstrated how ordinary GitHub comments can compromise AI coding agents like Claude Code Security Review, Gemini CLI Action, and GitHub Copilot Agent through prompt injection, revealing systemic weaknesses in tool-augmented LLM workflows.
The brief compromise of the Bitwarden CLI npm package wasn’t just a one-off incident—it exposed how tagged Docker images, automation bots like Dependabot, and blind trust in tags can silently poison software supply chains.
Recent research from Forcepoint X-Labs, Google Online Security, and Pillar Security shows that indirect prompt injection is now a live-fire threat, enabling API key exfiltration, payment abuse, and copyright denial-of-service attacks.
SentinelLabs’ analysis of fast16, a Lua-based Windows sabotage framework with an August 30, 2005 build timestamp, shows that sophisticated, likely state-backed cyber sabotage capabilities existed at least five years before Stuxnet.
ESET has detailed a new China-aligned APT dubbed GopherWhisper, active since November 2023, that uses a Go-heavy toolset and abuses Discord, Slack, Microsoft 365 Outlook, and file.io as covert C2 channels—bypassing traditional egress monitoring.
Trend Micro has released the first end-to-end public analysis of the Vercel breach, highlighting a critical but under-discussed weakness: the OAuth gap. Here’s what happened, why it matters, and what teams building on Vercel and similar platforms should do next.
Sysdig observed a live exploit against an lmdeploy honeypot just 12.5 hours after a GitHub advisory dropped. For AI infrastructure teams, this means your effective patch window is now measured in hours, not days.
a threat actor called teampcp hit checkmarx's kics open-source security scanner with valid publisher credentials on april 22. trojanized docker images and vs code extensions shipped for about 80 minutes. this is the second compromise of checkmarx's supply chain in two months and the pattern is the point.
cisa added a pre-auth rce in a python ai notebook to the kev catalog on april 23. sysdig caught the exploit in the wild within ten hours, then watched attackers stage a blockchain-backed backdoor through a typosquatted hugging face space. if you run marimo, you are now officially late.
Rapid7 reverse-engineered two Kyber ransomware variants from a single March 2026 incident. The gang markets itself on Kyber1024 post-quantum encryption. The Linux ESXi build actually runs ChaCha8 wrapped with RSA-4096. The real signal is not the fake branding, it is that one affiliate encrypted Windows and ESXi simultaneously, which defeats the standard "restore from backup" plan.
SGLang CVE-2026-5760 weaponizes a GGUF model file into remote code execution on the inference server. The exploit is an SSTI in the model's chat_template field, rendered through an unsandboxed Jinja2 environment. Hugging Face is now a malware channel, and the mitigation is not "trust less," it is "pin hashes and template shapes."
Microsoft pushed an emergency out-of-band patch for ASP.NET Core DataProtection. CVE-2026-40372 is a CVSS 9.1 cryptographic regression: versions 10.0.0 through 10.0.6 mishandle the HMAC, letting unauthenticated attackers forge auth cookies and pivot to SYSTEM. The lesson is not the patch, it is that a foundational crypto primitive quietly regressed in a Microsoft NuGet package and stayed in production for six months.
CISA gave federal agencies four days to patch three actively exploited Cisco Catalyst SD-WAN Manager vulnerabilities. That compressed deadline is a signal: attackers are already chaining these bugs for high-impact compromise. Inventory your SD-WAN managers, pull them off the public internet, and patch on the federal timeline—not your usual one.
Check Point’s telemetry on a shared SystemBC C2 shows over 1,570 proxied hosts tied to the Gentlemen ransomware operation and others, underscoring that new RaaS brands are usually old operators with mature tooling—and that SystemBC infrastructure must be treated as shared, high-value hunting ground.
BRIDGE:BREAK exposes 22 vulnerabilities in Lantronix and Silex serial-to-IP converters that sit invisibly between OT and IT. With nearly 20,000 devices exposed to the internet and chronic patching failures, the real risk is silent data manipulation on critical industrial and medical systems. Here’s why it matters and what to do this week.
An employee installed an AI tool, Context.ai, as a Google OAuth app. When Context.ai got breached, the blast radius landed at Vercel. This is the shadow-AI supply chain risk we have all been pretending is theoretical.
OpenAI launched GPT-5.4-Cyber for security defenders this week. The model is good. The harder question is whether that changes the arithmetic.
Iranian hackers are manipulating industrial control systems in US water and energy facilities. The FBI, CISA, NSA, EPA, DOE, and Cyber Command all issued a joint warning. The internet still has 3,900 exposed PLCs sitting out there.
CVE-2026-34621 has been quietly doing damage since late 2025, hidden inside PDFs that look completely normal. Adobe finally patched it Saturday. Here's what happened.
Anthropic just released a preview of Mythos, its most capable model yet, to a select group of companies for cybersecurity work. The company simultaneously warned it could be weaponized by attackers. Both things can be true.
Two critical FortiClient EMS flaws, both unauthenticated, both actively exploited before a patch existed.
LAPSUS$ claimed a hit on AstraZeneca - AWS keys, code repos, employee data - and they're selling, not leaking. Here's what that shift tells you.
The first confirmed supply chain attack on a core LLM routing library landed today. It won't be the last.
The Trivy supply chain compromise didn't stop at stealing CI/CD secrets. It spawned a self-propagating worm across npm - and it uses blockchain for C2.
CNCERT issued two warnings in two days, and state banks started banning it from office computers.
Everyone is building AI agents. Almost nobody is securing them. Here's what that actually looks like.
Most AI agent security is an afterthought. ClawSec is what happens when you build monitoring for agent systems the way you'd build it for production infrastructure.
Claude Code is genuinely useful. It also has an attack surface most people haven't thought about yet.
No posts match this tag.