A Russian-speaking threat actor successfully jailbroke Google’s Gemini AI to conduct sophisticated social engineering attacks that resulted in cryptocurrency wallet theft. The attacker leveraged the compromised AI to craft convincing phishing communications, targeting at least one victim with politi
The FBI has issued an urgent warning about Kali365, a sophisticated phishing-as-a-service (PhaaS) kit specifically designed to compromise Microsoft 365 accounts. This turnkey solution enables even low-skilled cybercriminals to launch convincing phishing campaigns that bypass multi-factor authenticat
Metasploit Framework released five new exploit modules in their May 22, 2026 update, targeting vulnerabilities across enterprise software, IoT devices, and web applications. The additions include remote code execution exploits for widely-deployed systems, providing penetration testers and red teams
Two former executives of US-based payment processing companies have pleaded guilty to federal charges for their role in facilitating a massive tech support scam operation. The executives knowingly processed payments for fraudulent tech support schemes that defrauded thousands of victims, primarily e
An author’s reliance on AI language models resulted in fabricated quotes being published in a book about truth and authenticity. Despite discovering the synthetic content, the author defended continued AI usage, highlighting a critical vulnerability in AI-assisted content creation: hallucination wit
A contractor working with the Cybersecurity and Infrastructure Security Agency (CISA) inadvertently exposed sensitive government credentials through improper security practices. The incident highlights significant risks in third-party vendor relationships and credential management within critical fe
A highly critical SQL injection vulnerability (CVE-2026-9082) has been discovered in Drupal core affecting sites running PostgreSQL databases. With a CVSS score of 9.8, this flaw allows unauthenticated attackers to execute arbitrary SQL queries, potentially leading to complete database compromise. A
Google has released an emergency security update for Chrome addressing multiple critical vulnerabilities, including CVE-2025-0411 and CVE-2025-0410, which could allow remote attackers to execute arbitrary code on affected systems. These high-severity bugs affect Chrome’s V8 JavaScript engine and ANG
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: a command injection flaw in Trend Micro Apex One (CVE-2024-51537) and an arbitrary file read vulnerability in Langflow (CVE-2024-11056). Both
A new investigation reveals that one telecommunications provider has been hosting the majority of active command-and-control (C2) servers operating across the Middle East. This concentration of malicious infrastructure under a single provider raises significant questions about infrastructure abuse,