Threat actors are leveraging Large Language Model (LLM) agents to automate post-exploitation activities after successfully compromising systems through CVE-2026-39987, a critical vulnerability in Marimo, a popular Python notebook framework. This novel attack chain represents a significant evolution
23andMe is facing a major lawsuit following allegations that the genetic testing company attempted to conceal a significant data breach exposing sensitive DNA and ancestry information of millions of users. The lawsuit claims 23andMe failed to promptly disclose the breach, implement adequate security
Distributed Denial of Service (DDoS) attacks have become commoditized through DDoS-as-a-Service (DDoSaaS) platforms, with attacks now available for as little as $5. These services operate like legitimate SaaS businesses, offering subscription tiers, customer support, and user-friendly interfaces. Po
Dutch law enforcement, in collaboration with international partners, has successfully disrupted one of the largest botnets ever recorded, comprising approximately 17 million infected devices worldwide. The operation targeted malware infrastructure that had compromised routers, IoT devices, and netwo
Malicious actors have deployed typosquatted npm packages mimicking popular JavaScript libraries to steal sensitive developer credentials, including cloud provider tokens, CI/CD secrets, and environment variables. These packages contain obfuscated code that exfiltrates data to attacker-controlled ser
A newly identified Russian-linked threat actor dubbed GREYVIBE has deployed AI-enhanced cyberattacks targeting Ukrainian critical infrastructure and government networks. The campaign leverages machine learning algorithms to automate reconnaissance, evade detection systems, and optimize payload deliv
A critical remote code execution (RCE) vulnerability has been discovered in Gogs, the popular self-hosted Git service. The flaw allows any authenticated user to execute arbitrary code on vulnerable servers, potentially leading to complete system compromise. Organizations running Gogs versions prior
Carnival Cruise Line has confirmed a significant data breach impacting nearly 6 million individuals, including current and former employees as well as cruise passengers. The breach exposed sensitive personal information including Social Security numbers, passport details, and health records. The com
Cybercriminals are distributing malware through a fraudulent ChatGPT download website, targeting both Windows and Mac users. The malicious site mimics OpenAI’s interface and tricks victims into downloading trojanized installers that deploy info-stealers and remote access tools. This campaign exploit
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the LiteSpeed Cache plugin for WordPress to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2024-28000, this privilege escalation flaw affects millions of WordPress sites and is b