11:44 am – June 15, 2026 Cybersecurity researchers have unveiled a novel attack technique, dubbed “Agentjacking,” that subverts artificial intelligence (AI) coding agents, compelling them to execute arbitrary code on developer workstations. This groundbreaking vulnerability exploits a fundamental architectural weakness at the intersection of error tracking platforms and AI agents, potentially granting attackers unfettered access to…
The cybercriminal group ShinyHunters has been actively exploiting a critical vulnerability in Oracle PeopleSoft, a widely used enterprise resource planning (ERP) system. This zero-day exploit, identified as CVE-2026-35273, allows attackers to gain unauthorized access, exfiltrate sensitive data, and then demand ransom payments to prevent its public release. The campaign has…
Security researcher Chaotic Eclipse has unveiled a significant new vulnerability, dubbed GreatXML, that bypasses Windows BitLocker encryption. This discovery, detailed just a day after the release of an exploit targeting Microsoft Defender, highlights a critical weakness in Microsoft’s endpoint security posture. The GreatXML exploit allows unauthorized access to encrypted drives,…
Cybersecurity threats reported: Worm code leaked, AI agent compromised, software patch released.
By News RoomCybercrime Ecosystem Evolves: Supply Chain Attacks and Advanced Tools Threaten Security This week has highlighted a significant maturation in the cybercriminal landscape, moving beyond rudimentary attacks to sophisticated operations. A concerning trend involves the emergence of polished, readily available tools for complex attacks, such as supply chain compromise kits found…
Artificial Intelligence Disrupts Vulnerability Management, Prompting CISO Budget Reallocation to Breach and Attack Simulation
By News RoomThe landscape of cybersecurity has been fundamentally altered by the rapid advancements in artificial intelligence, compressing the discovery-to-exploit window for vulnerabilities from months to mere hours. This seismic shift renders traditional vulnerability management strategies, built on ample reaction time, obsolete. Organizations must now adapt to a new paradigm where the…
Cybersecurity researchers have identified a significant resurgence and expansion of JDY, a covert botnet linked to Chinese state-sponsored threat actors. This sophisticated network, primarily composed of compromised small office and home office (SOHO) and Internet of Things (IoT) devices, is actively being utilized for large-scale reconnaissance and targeting operations on…
Research & Analysis
More Articles
New research details what happens to data stolen in a phishing attack, revealing a sophisticated criminal ecosystem that transforms stolen credentials into a persistent threat. Far from being a one-off incident, the compromised information becomes a valuable commodity, fueling a continuous cycle of attacks and fraud that can persist for…
A sophisticated new information-stealing malware dubbed JSCEAL is posing a significant threat to Windows users, particularly those who handle cryptocurrency applications and sensitive online accounts. First identified by Check Point Research in July 2025, JSCEAL has recently evolved, showcasing advanced techniques designed to evade security detection and enhance its command-and-control…
Movie enthusiasts eager to watch the latest releases online are being targeted by cybercriminals distributing the potent Agent Tesla malware through fake torrent files. Specifically, threat actors are exploiting the popularity of the new Leonardo DiCaprio film, “One Battle After Another,” to lure unsuspecting users into downloading malicious content disguised…
BlackForce Phishing Kit Facilitates Credential Theft Via Man-in-the-Browser Attacks and MFA Evasion
By News RoomA potent new phishing kit named BlackForce has surfaced, posing a significant threat to organizations globally by enabling attackers to steal credentials through advanced Man-in-the-Browser (MitB) attacks and bypass multi-factor authentication (MFA). First detected in August 2025, this sophisticated tool is being peddled on Telegram forums for €200-€300, making it…
A sophisticated new Windows backdoor, dubbed NANOREMOTE, has emerged, posing a significant threat to enterprise environments by utilizing the Google Drive API for its command-and-control (C2) infrastructure. Discovered in October 2025, this malware leverages legitimate cloud services to facilitate stealthy operations, making it difficult to detect through traditional network monitoring.…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive for federal agencies to patch the critical React2Shell vulnerability by December 12, 2025, due to widespread exploitation observed by multiple threat actors. The vulnerability, identified as CVE-2025-55182 with a CVSS score of 10.0, presents a severe security…
The React team has issued critical security patches addressing two new vulnerabilities discovered in React Server Components (RSC). These newly identified flaws, stemming from ongoing security research following the patching of a severe earlier vulnerability (CVE-2025-55182), could potentially lead to denial-of-service (DoS) attacks or unauthorized source code exposure. These disclosures…
A Hamas-affiliated hacking group, identified as Ashen Lepus and also known as WIRTE, has been actively conducting a sophisticated espionage campaign targeting governmental and diplomatic entities across the Middle East. This operation utilizes highly realistic Arabic-language diplomatic lures, referencing regional politics and security discussions, to manipulate officials into opening malicious…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security vulnerability impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog. Identified as CVE-2025-58360, this high-severity flaw, with a CVSS score of 8.2, has reportedly been actively exploited in the wild, prompting immediate attention from cybersecurity…
The Ministry of Interior is implementing comprehensive strategies to bolster national security and enhance sector readiness as part of Kuwait Vision 2035. The initiative aims to foster long-term stability through a proactive and preventive approach to public safety. According to the Kuwait News Agency (KUNA), the ministry is focusing on…
Spy law renewal debate may be influenced by warrant requirements and Democratic concerns.
By News RoomA bipartisan push in Congress is resurfacing to require federal agents to obtain a warrant before searching a government surveillance database for information on U.S. citizens. This renewed effort comes just four months before a critical deadline to reauthorize Section 702 of the Foreign Intelligence Surveillance Act (FISA). While the…
Hackers are leveraging LLM shared chats to steal passwords and crypto, a new malware campaign has emerged that exploits legitimate AI platforms to deliver malicious code directly to unsuspecting users. Threat actors are using sponsored Google search results to redirect users searching for common macOS troubleshooting tips, such as “how…