Robert Brown
Vulnerabilities & exploit research
Robert spent a decade in offensive security before pivoting to journalism. He covers vulnerability disclosures, exploit chains, and the patch-management treadmill — translating CVE detail for working defenders without dumbing it down.
Recent stories
Threat Intelligence
Operation Endgame Hits Amadey and StealC, Pulls 27M Credentials From Loader Infrastructure
Europol-led takedown dismantled command servers behind two of the most prolific malware-as-a-service loaders, with Microsoft, ESET, Bitdefender, and Bitsight providing technical support.
Jun 24
Opinion
The Patch Cycle Won't Survive Machine-Speed Adversaries
Defenders measured dwell time in days. Agentic attack pipelines are about to measure it in minutes.
Jun 24
Vulnerabilities
Cisco Unified CM Bug Under Active Exploit After PoC Drops Root File-Write Chain
CVE-2026-20230 (CVSS 8.6) lets unauthenticated attackers smuggle crafted HTTP requests into Unified CM. Cisco's PSIRT confirms in-the-wild attempts following public PoC release.
Jun 24
AI Security
Anthropic's AI Model Found Vulnerabilities in Classified U.S. Government Systems
An unnamed U.S. official says Anthropic's Mythos model identified security flaws in sensitive government infrastructure during a joint exercise with intelligence agencies.
Jun 24
AI Security
Dify AI Platform Carried Multi-Tenant Flaws Exposing Private Chats and Internal APIs
Cross-tenant data leakage vulnerabilities in Dify's cloud service let attackers read other users' conversations, preview documents, and probe internal API endpoints.
Jun 23
Vulnerabilities
GitHub Hardens actions/checkout Against Pwn Request Exploits
Blocking malicious code execution from pull_request_target workflows.
Jun 23
AI Security
Five Eyes to CSOs: AI Has Already Changed Your Threat Model — Act Now
A joint advisory from CISA and four allied agencies demands strategic action on AI-amplified threats. Experts say the advice is late, vague, and misses the real risk sitting inside your own network.
Jun 23
Threat Intelligence
OXLOADER Drops CastleStealer via Poisoned Google Ads, Researchers Say
Elastic Security Labs links the malvertising chain to a likely Russian-speaking, financially motivated operator.
Jun 22
Vulnerabilities
Gravity SMTP Flaw Under Active Exploitation, Leaks API Keys and OAuth Tokens
CVE-2026-4020 lets unauthenticated attackers pull secrets from roughly 100,000 WordPress installs running the mail plugin.
Jun 20
Ransomware
The Gentlemen RaaS Platform Enhances Arsenal with EDR Killer Framework
The Gentlemen's new EDR killer, 'GentleKiller', arms affiliates with advanced intrusion tools.
Jun 19
Ransomware
The Gentlemen RaaS Ships an In-House EDR Killer to Affiliates
GentleKiller bundles signed-driver abuse, third-party utilities, and a kill list of roughly 400 security processes — handed out as part of the affiliate package.
Jun 19
Identity & Access
Device Code Phishing Is Eating MFA. Behavioral Detection Is the Backstop.
Token theft and consent-grant abuse sidestep the second factor entirely. Defenders are leaning on anomaly detection because the login looks legitimate.
Jun 19
Vulnerabilities
Two Critical NGINX Open Source Bugs Open the Door to Remote Code Execution
F5 patches a use-after-free in the HTTP/3 module and a second critical flaw. QUIC-enabled deployments are the immediate concern.
Jun 18
Ransomware
DragonForce Crew Tunnels RAT Traffic Through Microsoft Teams Relays
A Go-based backdoor dubbed Backdoor.Turn piggybacks on Teams' own relay infrastructure to hide C2 calls inside a U.S. services firm's network.
Jun 18
Threat Intelligence
Clipper Crew Buys Sponsored Posts on News Sites to Push Trojanized Crypto Tools
An untracked actor is laundering credibility through paid press placements, a phishing-grade WordPress hub, and seeded GitHub and SourceForge repos to deliver clipboard hijackers.
Jun 17