A legitimate Lenovo diagnostics driver has been weaponized by threat actors to terminate Endpoint Detection and Response (EDR) processes through a Bring Your Own Vulnerable Driver (BYOVD) attack. The vulnerable driver allows attackers with administrative privileges to execute code at the kernel leve
Law enforcement agencies have successfully dismantled one of the largest botnets in history, comprising over 17 million compromised devices worldwide. This massive network of infected computers, IoT devices, and servers was capable of launching devastating distributed denial-of-service (DDoS) attack
Threat actors are leveraging Large Language Model (LLM) agents to automate post-exploitation activities after successfully compromising systems through CVE-2026-39987, a critical vulnerability in Marimo, a popular Python notebook framework. This novel attack chain represents a significant evolution
OpenAI confirms employee devices compromised in TanStack supply chain attack. Code-signing certificates rotated after breach affected hundreds of npm and PyPI packages.
Dutch law enforcement, in collaboration with international partners, has successfully disrupted one of the largest botnets ever recorded, comprising approximately 17 million infected devices worldwide. The operation targeted malware infrastructure that had compromised routers, IoT devices, and netwo
GitLab has released security updates addressing multiple critical vulnerabilities in both Community Edition (CE) and Enterprise Edition (EE), including severe flaws in its Duo AI features, authorization bypass issues, and denial-of-service (DoS) vectors. The most severe vulnerabilities allow unautho
Security researchers discovered a devastating 0-click exploit chain targeting Google Pixel 10 devices that requires just five lines of code to bypass kernel security. The vulnerability leverages a race condition in the device’s window management subsystem, allowing attackers to gain kernel-level exe
AI is reshaping OSINT: automation powers modern investigations while legacy social tracking tools lose access. The game has changed for digital investigators.
Anthropic has announced plans to release its Mythos-class AI models to the public, marking a significant shift in accessibility for advanced language models. This expansion raises critical security concerns around prompt injection attacks, jailbreaking attempts, data exfiltration risks, and potentia
ALERT: Hackers exploit Funnel Builder flaw to inject skimmers into WooCommerce checkouts, stealing payment data. 600K+ sites at risk. Patch NOW. Severity: High Target: WooCommerce sites