Latest stories — Page 16

Cloud Security

Microsoft Pulls Post-Quantum Deadline Forward to 2029

Azure CTO Mark Russinovich says the 'risk horizon' has moved. Redmond now wants PQC-ready systems four years ahead of the industry's 2033 target.

2 min
AI Security

Cutting Through the AI Noise: What Enterprises Should Actually Be Asking Security Vendors

Marketing copy is cheap. Measurable detection capability is not. Here's how to stress-test an AI security pitch before you sign anything.

2 min
Vulnerabilities

Apple Ships Multi-Component Patch Round Covering iOS, macOS, and Safari

Fixes land for WebKit, the kernel, WebRTC, and Web Extensions — touching every major Apple platform in a single release cycle.

2 min
Threat Intelligence

Phantom Squatting: When Attackers Camp on the Domains LLMs Hallucinate

Unit 42 documents a pre-positioning tactic where actors register non-existent domains that chatbots keep suggesting, then wait for the traffic to arrive.

2 min
Policy & Regulation

Claude Fable 5 Comes Back Online as Commerce Drops Export Curbs

Anthropic restores Fable 5 across Claude.ai, Claude Code, and Cowork on July 1 after a roughly two-and-a-half-week U.S. export restriction gets lifted.

2 min
Cloud Security

Detection Engineering Grew Up. Most Security Stacks Didn't.

Behavior-based, CI/CD-integrated detection logic is eating vendor-supplied rules. Here's what's actually driving the shift — and what teams still get wrong.

3 min
Cloud Security

Azure CLI Under Sustained IPv6 Password Spray; 78 Tenants Breached

Automated spray campaign from a single ASN burned through 81 million auth attempts in two weeks, hitting az login endpoints from an unusual IPv6 range.

2 min
Threat Intelligence

ClickFix Grows a Back Office: API-Served Payloads and a New AMSI Bypass

Researchers pulled roughly 3,000 live payloads from ClickFix infrastructure and found a polymorphic delivery pipeline built to defeat Windows script scanning.

2 min
Vulnerabilities

Citrix Ships Fixes for Six NetScaler Bugs, Including a File-Read Flaw Scoring 8.8

The patch batch covers NetScaler ADC and Gateway, with input-validation and DoS issues that admins should not sit on.

2 min
AI Security

Poisoned Tool Descriptions Turn Helpful AI Agents Into Quiet Exfiltration Channels

Microsoft Incident Response demonstrates how a single malicious MCP-style tool description can coax an agent into leaking corporate data — without tripping a single policy check.

3 min
Threat Intelligence

RustDuck: A Rust-Based DDoS Botnet Quietly Building Out Since February

XLab researchers say the two-stage loader is iterating faster than its install base is growing — and that's the interesting part.

2 min
Vulnerabilities

Langflow RCE Is Back on the Menu — This Time for a Monero Miner

Attackers are still pillaging exposed Langflow instances through CVE-2026-33017, turning forgotten AI workflow servers into XMR mining rigs.

3 min
Threat Intelligence

Silent Swap: Unsigned Installers Drop Fake Chromium Extensions That Hijack Crypto Transactions

McAfee Labs documents a clipper campaign using .NET and Golang loaders to sideload a malicious browser extension that rewrites wallet addresses at send time.

3 min
AI Security

GuardFall: A 1970s Shell Trick Walks Past AI Coding Agent Safety Checks

Adversa AI says ten of eleven open-source coding agents fall to a command-substitution bypass that any sysadmin would recognize on sight.

3 min
AI Security

Two-Thirds of iPhone AI Chatbot Apps Are Bleeding API Keys

A study of 444 iOS chatbot apps found 282 exposing paid model access in plaintext network traffic — sometimes with no authentication at all.

3 min
Threat Intelligence

BEC Isn't an Email Problem. It's a Supply Chain.

Underground forums show Business Email Compromise as a multi-stage operation — account access, target research, and mules — not a clever phishing lure.

2 min
AI Security

Bash Shell Tricks From the '90s Are Breaking AI Coding Agents Wide Open

Old-school shell injection techniques can bypass safeguards in most open-source AI coding agents — and a poisoned repo is all it takes to start the chain.

2 min
Threat Intelligence

FIFA 2026 Fraud Infrastructure Was Pre-Staged Months Before Kickoff, Researchers Say

A Check Point exposure report documents pre-positioned phishing kits, lookalike domains and multilingual scam pages built well ahead of the June 11 opening match.

2 min
AI Security

Malicious Extension Spoofs AI Platform to Intercept Searches

A fake browser extension impersonating Perplexity AI intercepted search queries, highlighting governance gaps in enterprise security.

2 min
Threat Intelligence

From Modded Game Controllers to IBM X-Force Red: The Chris Thompson Arc

A teenage hardware tinkerer grows up to run one of the most recognizable offensive-security brands in enterprise tech — then leaves to build something new.

2 min
Policy & Regulation

Supreme Court Extends Fourth Amendment Shield to Cell-Site Location Data

A geofence warrant case gives the Court a vehicle to rule that historical location records tied to a phone are constitutionally protected — full stop.

2 min
© 2026 Threat Vectr