The concept of connecting large language models to external data sources is swiftly transitioning from experimental novelty to everyday practice. Today, ChatGPT is capable not only of engaging in conversation, but also of interacting...
The top spot in HackerOne’s global ranking is no longer held by a human, but by a machine. Behind the alias “XBOW” is not a living researcher, but an AI-driven system that has already...
Trust in familiar IT tools is increasingly being weaponized by malicious actors: remote monitoring and management (RMM) solutions—originally designed for administration and support—are now leveraged for attacks, covert control, and data exfiltration. Security professionals...
Google has released a series of urgent security updates for Android, addressing multiple critical vulnerabilities, including two actively exploited flaws within Qualcomm components. This round of patches places particular emphasis on CVE-2025-21479 (rated 8.6...
Although humans have traditionally been regarded as the weakest link in the cybersecurity chain, a new study by Canadian researchers reveals that even untrained individuals can effectively detect malicious software when provided with minimal...
Over the past year, a social engineering technique known as ClickFix has witnessed a meteoric rise, propelled by a fusion of unique delivery methods, persuasive narratives, and sophisticated evasion tactics. According to analysts at...
The AI-powered code editor Cursor was recently found vulnerable to an attack technique dubbed “MCPoison” by the Check Point research team. This flaw enabled remote execution of arbitrary code on a developer’s machine, provided...
Critical vulnerabilities have been discovered in the Broadcom ControlVault microchip, a component responsible for storing sensitive data on over a hundred models of Dell laptops. According to Cisco Talos, this cluster of vulnerabilities allows...
In recent months, cybercriminals have once again turned their attention to long-known vulnerabilities in popular models of D-Link Wi-Fi cameras and network video recorders. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially...
Adobe has issued an out-of-band security update for its Adobe Experience Manager (AEM) Forms platform on Java EE, following the public disclosure of an exploit chain that enables unauthenticated remote code execution on vulnerable...
As the Pentagon grapples with the consequences of funding shortfalls and high turnover in the field of cybersecurity, Donald Trump’s inner circle is floating a bold proposal: the creation of a new combat branch—Cyber...
A recent automated study conducted by ETHIACK has revealed that modern web application security mechanisms—including widely adopted Web Application Firewalls (WAFs)—are vulnerable to a novel class of attacks that combine JavaScript injection with HTTP...
Amid the rapid proliferation of cryptocurrency ATMs across the United States, the Department of the Treasury has issued a warning about the growing risk of their exploitation for illicit purposes. In a recently published...
Generative AI models are rapidly evolving into fully-fledged instruments within the arsenals of cyber adversaries. This trend is underscored in CrowdStrike’s 2025 annual report, which highlights a sharp increase in the use of artificial...
A large-scale campaign exploiting a chain of vulnerabilities in Microsoft SharePoint continues to escalate—this time with the active involvement of ransomware groups. During an investigation into a series of coordinated attacks, researchers at Palo...
At first glance, static RAM (SRAM) appeared to be a reliable sanctuary for sensitive data. Embedded directly within the processor die and incapable of retaining information once power is cut, it was long considered...
