AI Found Three Critical Microsoft RCEs on Its Own — And Got the CVEs to Prove It
For the first time in the history of vulnerability research, an autonomous AI system has been formally credited with discovering critical remote co…
Security
North Korean Hackers Behind Axios npm Attack — Says Google
The same North Korean threat group that deployed AI-generated deepfakes to trick cryptocurrency executives into handing over system access has now pu…
Chrome's WebGPU Engine Is Becoming Hackers' Favorite Target — Update Now
Google has patched a zero-day vulnerability in Chrome that attackers are already exploiting — and this time, the target isn't JavaScript or the b…
Opening a Single File in Vim Can Hand Attackers Full Control of Your System
A two-bug chain quietly sitting in Vim since version 9.1.1391 lets a malicious file execute arbitrary shell commands the moment you open it — no plug…
Axios Hack Alert: Malicious npm Versions Drop RAT on macOS, Windows, and Linux
Developers relying on axios — the JavaScript HTTP client installed over 300 million times weekly — woke up Tuesday to a nightmare scenario: two versi…
Telegram 0-Day: One Sticker Could Hack You — Telegram Calls It Fake
[Updated: March 30, 2026 — Score revised from 9.8 to 7.0. Original story below.] On Sunday, Telegram's official account dismissed a newly disclos…
ShinyHunters Claims 350GB EU Commission Breach — Databases, Emails, and Contracts Up for Leak
The European Commission confirmed on Friday that its public-facing web infrastructure was hit by a cyberattack discovered on March 24 — and now a th…
The LiteLLM Hack Was Just the Opening Move. Now 300K Dark Web Users Are Being Armed With Ransomware
What started as a poisoned Python package has evolved into something with far darker implications — a coordinated alliance between supply chain hacke…
Hackers Are Actively Exploiting a Critical Microsoft SharePoint Flaw — Patch Now
Attackers are exploiting a critical remote code execution (RCE) vulnerability in Microsoft SharePoint that Microsoft patched two months ago but many …
How Third-Party Risk Management Solutions Are Protecting from Supply Chain Attacks
In 2025, cybersecurity teams across Australia noticed a worrying trend. Breaches were no longer coming only from direct attacks on banks or financial…
Hackers Poisoned a Python Package Trusted by 95 Million Monthly Installs — and It Stole Everything
The Python package that quietly powers AI infrastructure for thousands of organizations — routing API calls across OpenAI, Anthropic, Bedrock, and 10…
10 Top AI Tools for Red Teaming in 2026
Red teaming has traditionally been defined by creativity, unpredictability, and human intuition. Unlike vulnerability assessments, red team operation…
Magento's REST API Has Let Anyone Upload Malicious Files Since Day One
A security flaw hiding in Magento's codebase since its very first release has finally surfaced — and it's bad. Researchers at Sansec disclos…
7 Email Security Mistakes That Put Your Business at Risk
If you run a business today, you probably live in your inbox. Quotes, invoices, HR updates, login links, calendar invites, everything passes through …
One Packet. Full Root. GNU Telnetd Has a Critical Hole Nobody Logged
Security researchers have found a critical, pre-authentication remote code execution flaw in the telnetd server in GNU Inetutils that allows any unau…
A Two-Year-Old JavaScript Worm Locked Wikipedia
A rogue script quietly planted in Russian Wikipedia in March 2024 lay undetected until a Wikimedia Foundation security engineer inadvertently woke it…
Google Uncovers "Coruna": The iOS Exploit Kit That Jumped From Spies to Scammers
Google's Threat Intelligence Group (GTIG) has pulled back the curtain on one of the most technically accomplished iOS exploit kits ever documente…
7 Best Next Gen Endpoint Security Platforms in 2026
Endpoint security has evolved from reactive malware prevention into a strategic control layer embedded across identity, cloud, SaaS, and AI-driven op…