Information Security News Blog
Authorities in South Korea and the nation’s preeminent financial institutions have intensified the integration of artificial intelligence to combat fraudulent machinations within the equity and cryptocurrency markets. This initiative primarily targets “pump and dump”...
For nearly half a year, the ubiquitous text editor Notepad++ inadvertently disseminated malicious payloads rather than legitimate refinements. This incursion remained veiled from June through December 2025, subverting the update mechanism of a utility...
Multi-turn Injection Planning System for LLM Evaluation MIPSEval is a modular framework for simulating and evaluating the behavior of Large Language Models (LLMs) in adversarial or structured multi-turn conversational scenarios. It supports both OpenAI-hosted...
The United States Department of Justice has disseminated a nascent cache of materials pertaining to the Jeffrey Epstein litigation, among which lies a document harboring startling allegations regarding a potential cyber-clandestine dimension to his...
The burgeoning AI assistant ClawdBot has precipitously descended into the vortex of a sophisticated malware offensive. Cybersecurity analysts have unearthed hundreds of deceptive plug-ins masquerading as indispensable cryptocurrency trading utilities; in reality, these modules...
The lead developer of the ubiquitous text editor Notepad++ has disclosed a formidable security breach that compromised the application’s update mechanism. State-sponsored adversaries successfully intercepted the update verification process, clandestinely rerouting users toward malicious...
A stealthy security breach has compromised one of the most prominent open-source content management projects. An anonymous adversary surreptitiously injected malicious code into several GitHub repositories by forcibly overwriting the commit history—a maneuver where...
Microsoft has resolved to finally relegate NTLM to the periphery of its ecosystem, decreeing that in forthcoming Windows iterations, the protocol shall no longer be invoked by default. The corporation justifies this transition by...
A critical sandbox escape vulnerability has been unearthed within the vm2 library—a utility frequently employed as a JavaScript sanctuary for the execution of untrusted code within Node.js. This flaw, designated as CVE-2026-22709 with a...
Ivanti has disseminated remedial updates addressing two critical zero-day vulnerabilities within its Endpoint Manager Mobile (EPMM) platform. At the time of the patches’ release, these flaws were already being actively weaponized in the wild....
The GnuPG Project has inaugurated a vital maintenance release, GnuPG 2.5.17, engineered to rectify a critical security deficit within the 2.5.x development branch. According to a formal dispatch via the gnupg-announce mailing list, the...
A team of cybersecurity experts has unearthed two critically severe vulnerabilities within the n8n workflow automation platform. Both flaws permit authenticated users to execute arbitrary code on the target system, potentially facilitating a comprehensive...