Latest stories — Page 15

FortiBleed Credential Haul Now Feeding INC and Lynx Ransomware Crews
A single operator was spotted running negotiation panels for both gangs, turning stolen FortiGate logins into ransomware payloads.

Sysdig Flags 'JADEPUFFER' as First End-to-End AI-Run Ransomware Attack
Researchers say a large language model handled intrusion, lateral movement and destruction of a production database without a human at the keyboard.

ChocoPoC: The Fake Exploit Repos Turning Bug Hunters Into Victims
A Python-based infostealer is hiding inside GitHub proof-of-concept code marketed to vulnerability researchers, siphoning credentials, cookies, and files before dropping a remote shell.

CISA Flags SharePoint Deserialization Bug CVE-2026-45659 as Actively Exploited
The RCE flaw joins KEV with a three-week federal patch deadline. Attribution details remain thin.

DeepSeek-Generated PoC Ransomware Runs Entirely in the Browser via Chromium File System Access API
Researchers documented what they describe as the first frontier-model-produced malware artifact combining LLM ideation with a legitimate Chromium capability to encrypt user files without a native binary.

Cursor IDE's Sandbox Cracked by Prompt Injection — No User Interaction Required
Two logic flaws in Cursor's command execution sandbox let attackers escape the isolation layer and run code on the underlying OS. Patches landed in April. The researchers say Cursor isn't alone.

ChocoPoC RAT Hides in Fake GitHub Exploits, Targets Security Researchers
A cluster of trojanized proof-of-concept repositories is pushing a Python-based RAT to the very people who go looking for them.

Scattered Spider Suspect, 19, Extradited From Finland to Chicago
Peter Stokes, a dual U.S.-Estonian citizen, faces conspiracy, intrusion and fraud charges tied to the loose-knit crew behind a string of high-profile enterprise breaches.

No Patch, No CVE: Argo CD Repo-Server Flaw Opens Door to Kubernetes Cluster Takeover
Synacktiv reported the unauthenticated RCE bug to maintainers. There's still no fix.

ScreenConnect Turned Loader: Trojanized Installers Push AsyncRAT via Spoofed Software Sites
A sprawling campaign is abusing a legitimate RMM binary to sideload AsyncRAT onto victims chasing free copies of OBS Studio, Bandicam, and other utilities.

VEIL#DROP: Blogger-Hosted Chain Drops PureLogs Stealer
Researchers flag a multi-stage delivery scheme abusing Google's Blogger platform to stage PureLogs, an infostealer sold in underground forums.

Microsoft Tightens Teams Meeting Controls for External AI Bots
A new admin policy requires organizer approval before automated external participants can join Teams meetings — a quiet but consequential shift in how enterprises govern AI access to sensitive calls.

DHS Probes Intrusion Into HSIN, the Federal Info-Sharing Platform
The Homeland Security Information Network was compromised, according to the department. Attribution remains open. The exposure question is bigger than the intrusion itself.

Behavioral AI Pitched as Answer to Identity-Abuse Phishing, But Regulators Still Set the Bar
A vendor webinar makes the case for behavioral detection against BEC and account takeover. The compliance questions sit underneath.

DuneSlide: Two Cursor Bugs Turn a Prompt Into a Shell
A pair of 9.8-rated flaws in the AI code editor let a single crafted prompt escape the sandbox and execute arbitrary commands — no user approval required.

Ousaban Resurfaces in Iberia, Hiding Bank-Stealer Payloads Inside Images
A Brazilian trojan pivots to Spanish and Portuguese banking customers, using geofenced PDF lures and steganography to bury its real payload.

Adobe Ships Emergency Fixes for Seven CVSS 10.0 Bugs in ColdFusion, Campaign Classic
Out-of-band advisories cover arbitrary code execution and privilege escalation paths. Administrators face a short remediation window before public exploit code is likely.

Active Exploitation Reported Against Progress Kemp LoadMaster Pre-Auth RCE (CVE-2026-8037)
Threat responders flag in-the-wild attempts against a 9.6-rated OS command injection flaw in the load balancer, days after Progress issued a fixed build.

DeepSeek Spits Out Working Browser-Native Ransomware for Windows and Android
Researchers say a frontier model stitched together a real Chromium capability with fantasy malware ideas and produced something that actually encrypts files from inside a tab.

The 2026 Vendor Survey Nobody Asked For, Except The Findings Actually Track
A survey of 1,200 practitioners says awareness is up and resilience is flat. Anyone running production already knew that.

Citrix Patches Six NetScaler Flaws, Including HTTP/2 Bomb DoS and a CitrixBleed Echo
Citrix is pushing customers to patch NetScaler after disclosing six vulnerabilities — among them a denial-of-service vector exploiting HTTP/2 frame handling and a high-severity information disclosure bug drawing uncomfortable comparisons to last year's CitrixBleed.