1:04 pm – June 15, 2026 Cybersecurity researchers have unveiled a novel attack technique, dubbed “Agentjacking,” that subverts artificial intelligence (AI) coding agents, compelling them to execute arbitrary code on developer workstations. This groundbreaking vulnerability exploits a fundamental architectural weakness at the intersection of error tracking platforms and AI agents, potentially granting attackers unfettered access to…
The cybercriminal group ShinyHunters has been actively exploiting a critical vulnerability in Oracle PeopleSoft, a widely used enterprise resource planning (ERP) system. This zero-day exploit, identified as CVE-2026-35273, allows attackers to gain unauthorized access, exfiltrate sensitive data, and then demand ransom payments to prevent its public release. The campaign has…
Security researcher Chaotic Eclipse has unveiled a significant new vulnerability, dubbed GreatXML, that bypasses Windows BitLocker encryption. This discovery, detailed just a day after the release of an exploit targeting Microsoft Defender, highlights a critical weakness in Microsoft’s endpoint security posture. The GreatXML exploit allows unauthorized access to encrypted drives,…
Cybersecurity threats reported: Worm code leaked, AI agent compromised, software patch released.
By News RoomCybercrime Ecosystem Evolves: Supply Chain Attacks and Advanced Tools Threaten Security This week has highlighted a significant maturation in the cybercriminal landscape, moving beyond rudimentary attacks to sophisticated operations. A concerning trend involves the emergence of polished, readily available tools for complex attacks, such as supply chain compromise kits found…
Artificial Intelligence Disrupts Vulnerability Management, Prompting CISO Budget Reallocation to Breach and Attack Simulation
By News RoomThe landscape of cybersecurity has been fundamentally altered by the rapid advancements in artificial intelligence, compressing the discovery-to-exploit window for vulnerabilities from months to mere hours. This seismic shift renders traditional vulnerability management strategies, built on ample reaction time, obsolete. Organizations must now adapt to a new paradigm where the…
Cybersecurity researchers have identified a significant resurgence and expansion of JDY, a covert botnet linked to Chinese state-sponsored threat actors. This sophisticated network, primarily composed of compromised small office and home office (SOHO) and Internet of Things (IoT) devices, is actively being utilized for large-scale reconnaissance and targeting operations on…
Research & Analysis
More Articles
Leaked Data Reveals Key Personnel, Front Companies, and Thousands of Compromised Systems
By News RoomRecent leaks originating from the Iranian state-sponsored hacking group “Charming Kitten,” also identified as APT35, have exposed critical personnel, front companies, and thousands of compromised digital systems across five continents. These revelations provide an unprecedented, granular view into the operations of Iran’s Department 40 within the IRGC Intelligence Organization, detailing…
A new macOS malware campaign is exploiting the official ChatGPT website to distribute an infostealer known as AMOS. Attackers are leveraging a technique dubbed “ClickFix” to spread the malicious software by posting fake installation guides on the legitimate chatgpt.com domain. This sophisticated attack highlights how threat actors can manipulate popular…
A new and dangerous Android malware, dubbed DroidLock, is actively targeting users, particularly in Spanish-speaking regions, by employing sophisticated phishing techniques. This emerging threat combines the notorious characteristics of ransomware with powerful remote-control capabilities, creating a significant security risk for both individual consumers and corporate-owned devices. Once successfully installed, DroidLock…
Threat actors are leveraging the popularity of ChatGPT to distribute new malware, specifically targeting Mac devices with the AMOS InfoStealer. This sophisticated social engineering campaign tricks unsuspecting users into executing malicious commands by posing as a helpful AI assistant for troubleshooting common technical issues. Security researchers have identified that this…
A critical, unpatched security vulnerability in the self-hosted Git service Gogs is currently being actively exploited by attackers, with security researchers from Wiz identifying over 700 compromised instances accessible online. Tracked as CVE-2025-8110, this high-severity flaw (CVSS score: 8.7) allows for arbitrary file overwrite within the service’s file update API,…
Security researchers have identified a new ransomware family, dubbed 01flip ransomware, which represents a significant evolution in malware development due to its sophisticated multi-platform architecture. Discovered in June 2025 by Palo Alto Networks, this threat is notable for being written entirely in the Rust programming language, enabling it to target…
A sophisticated backdoor malware known as ValleyRAT, also referred to as Winos or Winos4.0, has emerged as a significant threat targeting organizations globally. This modular malware family is particularly adept at compromising Windows systems, including the latest Windows 11 installations even with updated security patches. Recent developments indicate a shift…
Google has released critical security updates for its Chrome browser, addressing three vulnerabilities, including a zero-day flaw that is actively being exploited by cybercriminals. This high-severity vulnerability, identified as ID 466192044 in the Chromium issue tracker, represents the latest in a series of recent security patches for the popular web…
Hackers compromise VS Code Marketplace with 19 malicious extensions disguised as PNG files.
By News RoomSecurity researchers have uncovered a significant threat targeting developers through the VS Code Marketplace. A coordinated campaign involving 19 malicious extensions has been actively infiltrating the platform, with the attack remaining undetected since February 2025. These deceptive extensions carry hidden malware in their dependency folders, designed to evade security detection…
Saudi Arabia’s healthcare sector undergoes digital transformation amid rising cyber threats.
By News RoomSaudi Arabia’s smart hospital sector is on a trajectory to triple its value within the next decade, driven by the ambitious Vision 2030 initiative and a significant push towards digital transformation in the Kingdom’s healthcare system. A new report by Renub Research highlights that this rapid expansion, while promising, is…
Gladinet suffers active attacks exploiting hard-coded keys for unauthorized access and code execution.
By News RoomA critical vulnerability in Gladinet’s CentreStack and Triofox products is being actively exploited by threat actors, according to a recent advisory from cybersecurity firm Huntress. The flaw stems from the use of hard-coded cryptographic keys, which allows attackers to potentially decrypt or forge access tickets, thereby gaining unauthorized access to…
King Abdullah University of Science and Technology (KAUST) and Italian shipbuilding company Fincantieri have partnered to establish a new scholarship program focusing on next-generation security research. This collaboration aims to advance the development of innovative solutions in maritime security and cyber-resilience. The initiative is designed to train young researchers in…