GitLab has released security updates addressing multiple critical vulnerabilities in both Community Edition (CE) and Enterprise Edition (EE), including severe flaws in its Duo AI features, authorization bypass issues, and denial-of-service (DoS) vectors. The most severe vulnerabilities allow unautho
Threat actors are exploiting ChatGPT’s legitimate conversation-sharing feature to host convincing fake service outage pages that distribute malware. By leveraging OpenAI’s trusted domain reputation, attackers bypass security filters and trick users into downloading malicious payloads disguised as sy
Security researchers have disclosed ChatGPhish, a novel attack technique that exploits ChatGPT’s web browsing and content summarization features to conduct sophisticated phishing campaigns. By manipulating webpage content that ChatGPT accesses and summarizes, attackers can inject malicious instructi
A robotics startup is offering free professional home cleaning services in exchange for permission to record every moment of the cleaning process—including video, audio, and sensor data—to train AI models. This arrangement raises serious privacy concerns, creates potential data breach vectors, and e
Microsoft has been recognized as a Leader in the 2026 Gartner Magic Quadrant for Endpoint Protection Platforms, reinforcing its position in the enterprise security market. The recognition highlights Microsoft Defender for Endpoint’s comprehensive threat protection capabilities, integration ecosystem
The Gentlemen ransomware leverages Windows SYSTEM-level scheduled tasks to execute encryption operations with the highest privileges available on compromised machines. By creating tasks that run under the NT AUTHORITY\SYSTEM account, this ransomware strain ensures unfettered access to all local driv
A federal audit has exposed serious operational failures at NIST’s National Vulnerability Database (NVD), revealing a staggering backlog of 27,000 unprocessed security vulnerabilities. The investigation uncovered systematic issues including inadequate resource planning, excessive duplication of effo
Threat actors are leveraging Large Language Model (LLM) agents to automate post-exploitation activities after successfully compromising systems through CVE-2026-39987, a critical vulnerability in Marimo, a popular Python notebook framework. This novel attack chain represents a significant evolution
A newly identified Russian-linked threat actor dubbed GREYVIBE has deployed AI-enhanced cyberattacks targeting Ukrainian critical infrastructure and government networks. The campaign leverages machine learning algorithms to automate reconnaissance, evade detection systems, and optimize payload deliv
Carnival Cruise Line has confirmed a significant data breach impacting nearly 6 million individuals, including current and former employees as well as cruise passengers. The breach exposed sensitive personal information including Social Security numbers, passport details, and health records. The com