2:19 pm – June 15, 2026 U.S. law enforcement agencies, in collaboration with international partners, have seized multiple internet domains alleged to have hosted nonconsensual AI-generated pornography. The operation targeted websites that specialized in creating and distributing digitally altered images and videos of women without their consent. The domains, CFAKE.com and SOCFAKE.com, are accused of publishing…
Cybersecurity researchers have unveiled a novel attack technique, dubbed “Agentjacking,” that subverts artificial intelligence (AI) coding agents, compelling them to execute arbitrary code on developer workstations. This groundbreaking vulnerability exploits a fundamental architectural weakness at the intersection of error tracking platforms and AI agents, potentially granting attackers unfettered access to…
The cybercriminal group ShinyHunters has been actively exploiting a critical vulnerability in Oracle PeopleSoft, a widely used enterprise resource planning (ERP) system. This zero-day exploit, identified as CVE-2026-35273, allows attackers to gain unauthorized access, exfiltrate sensitive data, and then demand ransom payments to prevent its public release. The campaign has…
Security researcher Chaotic Eclipse has unveiled a significant new vulnerability, dubbed GreatXML, that bypasses Windows BitLocker encryption. This discovery, detailed just a day after the release of an exploit targeting Microsoft Defender, highlights a critical weakness in Microsoft’s endpoint security posture. The GreatXML exploit allows unauthorized access to encrypted drives,…
Cybersecurity threats reported: Worm code leaked, AI agent compromised, software patch released.
By News RoomCybercrime Ecosystem Evolves: Supply Chain Attacks and Advanced Tools Threaten Security This week has highlighted a significant maturation in the cybercriminal landscape, moving beyond rudimentary attacks to sophisticated operations. A concerning trend involves the emergence of polished, readily available tools for complex attacks, such as supply chain compromise kits found…
Artificial Intelligence Disrupts Vulnerability Management, Prompting CISO Budget Reallocation to Breach and Attack Simulation
By News RoomThe landscape of cybersecurity has been fundamentally altered by the rapid advancements in artificial intelligence, compressing the discovery-to-exploit window for vulnerabilities from months to mere hours. This seismic shift renders traditional vulnerability management strategies, built on ample reaction time, obsolete. Organizations must now adapt to a new paradigm where the…
Research & Analysis
More Articles
King Abdullah University of Science and Technology (KAUST) and Italian shipbuilding company Fincantieri have partnered to establish a new scholarship program focusing on next-generation security research. This collaboration aims to advance the development of innovative solutions in maritime security and cyber-resilience. The initiative is designed to train young researchers in…
Security experts are observing a dramatic escalation in attacks exploiting React2Shell, a critical vulnerability affecting React Server Components. This heightened threat landscape has prompted urgent action from the Cybersecurity and Infrastructure Security Agency (CISA), which has expedited the deadline for federal agencies to patch the flaw. The vulnerability, identified as…
React2Shell Vulnerability Exploited to Deliver Cryptominers and New Malware Across Sectors
By News RoomReact2Shell Exploitation Surges, Delivering Novel Malware and Crypto Miners The critical security flaw in React Server Components (RSC), dubbed React2Shell, is experiencing widespread exploitation. Threat actors are actively leveraging this maximum-severity vulnerability to deploy cryptocurrency miners and a range of previously undocumented malware families, including a Linux backdoor named PeerBlight,…
Three critical security vulnerabilities have been discovered within the Peripheral Component Interconnect Express (PCIe) Integrity and Data Encryption (IDE) protocol specification. These flaws, which specifically impact PCIe Base Specification Revision 5.0 and later, could allow a local attacker to compromise sensitive data, escalate privileges, or disrupt system operations. The vulnerabilities…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw afflicting the popular WinRAR file compression utility to its Known Exploited Vulnerabilities (KEV) catalog. This WinRAR vulnerability, designated as CVE-2025-6218, is being actively exploited by threat actors, prompting urgent calls for immediate patching. The path…
Microsoft concluded 2025 by releasing patches for 56 security flaws across its Windows platform, a significant update that includes a critical vulnerability actively being exploited in the wild. This end-of-year Patch Tuesday addresses issues ranging from privilege escalation to remote code execution, underscoring the ongoing cybersecurity challenges faced by users.…
The Milan International Building Alliance (MIBA) 2025 concluded recently, highlighting a critical shift towards sustainable and digital transformations within the building sector. The event, held from November 19-22 at Fiera Milano, saw a record attendance and underscored the growing convergence of physical construction with technological innovation and environmental responsibility. MIBA…
Cybersecurity leaders Fortinet, Ivanti, and SAP have issued urgent patches for critical security vulnerabilities discovered in their respective products. These flaws, if exploited, could allow attackers to bypass authentication and execute arbitrary code, posing a significant threat to enterprise security. Organizations are strongly advised to apply these updates immediately to…
A significant surge in ransomware attacks targeting virtual machine platforms, specifically Hyper-V and VMware ESXi, has been identified, with the Akira ransomware group at the forefront of this escalating threat. These sophisticated attacks are rapidly compromising enterprise environments that depend on virtualization technologies for their core operations, leading to widespread…
Gold Blade Actor Uses Custom QWCrypt Locker for Data Exfiltration and Ransomware Deployment
By News RoomThe threat actor group known as GOLD BLADE has evolved its tactics, transitioning from a primary focus on espionage to a hybrid model that intertwines data exfiltration with targeted ransomware attacks. This sophisticated operation now deploys a custom-built ransomware variant dubbed QWCrypt, significantly amplifying its potential financial and disruptive impact…
Cybercriminals Utilize Search Engine Poisoning to Distribute Malicious Microsoft Teams Installers
By News RoomA sophisticated cyber campaign is actively exploiting search engine optimization (SEO) results to distribute a malicious installer disguised as Microsoft Teams, a tactic designed to ensnare organizations. This ongoing operation, identified as active since November 2025, utilizes counterfeit Microsoft Teams websites to trick users into downloading a trojanized application. This…
Makop ransomware, a variant of the Phobos malware family, continues to pose a significant threat to businesses globally, with recent analyses highlighting a sophisticated approach that combines brute-force RDP attacks with advanced privilege escalation and security bypass techniques. The majority of observed attacks, around 55%, specifically target organizations in India,…