Latest stories — Page 23

Ransomware

The Gentlemen RaaS Ships an In-House EDR Killer to Affiliates

GentleKiller bundles signed-driver abuse, third-party utilities, and a kill list of roughly 400 security processes — handed out as part of the affiliate package.

2 min
AI Security

AutoJack: When the AI Browser Becomes the Initial Access Broker

Microsoft researchers describe an exploit chain that turns an agentic browser into a one-click path from web page to host process execution.

3 min
Policy & Regulation

Operation Endgame Sweep Takes Down SocGholish Loader Infrastructure

Dutch-led coalition disrupts servers and remediates 14,971 compromised WordPress sites, in the latest tranche of the multinational takedown effort.

2 min
Vulnerabilities

Briefing: Apple Fixes Beats Bug, GCP Config Connector Flaw Enables Account Takeover, Velvet Ant's Decade in the Shadows

A Bluetooth eavesdropping patch, a quietly dangerous GCP misconfiguration vulnerability, and a threat actor that spent ten years undetected — here's what you may have missed.

2 min
Threat Intelligence

FortiBleed Campaign Hits 86,644 FortiGate Boxes; CISA Pushes Customers to Lock Down

Russian-speaking operators are working through internet-exposed Fortinet appliances at scale. CISA wants admins moving now.

2 min
Vulnerabilities

June Patch Tuesday Breaks OLE Automation, Leaves Word and Excel Silent on Failure

A Windows update shipped June 9 quietly severed the OLE bridge between Office apps and dozens of third-party tools. No error message. Just nothing.

2 min
AI Security

The SOC Triangle Was Always a Lie We Accepted. AI Is Changing the Math.

Security operations have run on a structural compromise for decades — quality, consistency, or cost: pick two. That constraint is finally starting to bend.

3 min
AI Security

AutoJack Exploit in Web-Enabled AI Agents: Bypassing Localhost Security

Microsoft uncovers RCE vulnerability in AutoGen Studio through local AI agent misuse.

2 min
AI Security

Tool Sprawl Meets Agentic AI: Why SOCs Are Rethinking the Triage Stack

Forty tools, forty-three day dwell times. Vendors are pitching agentic AI as the fix. Analysts have questions.

3 min
Identity & Access

Device Code Phishing Is Eating MFA. Behavioral Detection Is the Backstop.

Token theft and consent-grant abuse sidestep the second factor entirely. Defenders are leaning on anomaly detection because the login looks legitimate.

3 min
Identity & Access

Shadow AI Is an IAM Problem Now, Not a DLP Problem

The risk isn't what employees paste into ChatGPT. It's what tokens, scopes, and service accounts the AI agents they spin up are quietly holding.

3 min
Cloud Security

Salesforce Cuts Klue Battlecards Tie-In After OAuth Token Compromise

The CRM giant pulled the competitive-intelligence app's integration on June 11 following a security incident that exposed connected customer data.

2 min
AI Security

Security Protocols for SMBs Adopting Claude

Understanding and managing security risks with Claude’s AI solutions for small and medium-sized businesses.

2 min
Identity & Access

Cisco Acquires WideField Security to Wire Identity Intelligence Into Splunk's Agentic SOC

The deal adds credential, session, and blast-radius visibility to Splunk's autonomous detection pipeline — filling a gap that pure log-correlation has always struggled with.

2 min
AI Security

SearchLeak Shows How a Single Crafted URL Can Drain Your M365 Tenant

Varonis researchers chained three weaknesses in Copilot Enterprise Search into a full data-exfiltration path. Microsoft patched it. The attack class isn't going anywhere.

3 min
Vulnerabilities

Beats Studio Buds Pick Up Patch for Bluetooth Pairing Flaw Rated 8.8

An Airoha SDK authorization bug let attackers within range pair without consent. Apple has shipped a firmware fix.

2 min
Vulnerabilities

Splunk Enterprise RCE Flaw Under Active Exploitation, CISA Gives Feds 72 Hours

CVE-2026-20253 allows unauthenticated remote code execution in Splunk Enterprise. Attackers didn't wait long.

2 min
Vulnerabilities

Two Critical NGINX Open Source Bugs Open the Door to Remote Code Execution

F5 patches a use-after-free in the HTTP/3 module and a second critical flaw. QUIC-enabled deployments are the immediate concern.

2 min
Threat Intelligence

The Popa Botnet: When Your $40 Streaming Box Moonlights as a Residential Proxy

Researchers tie a four-year-old Android TV box botnet to NetNut, the residential proxy arm of NASDAQ-listed Alarum Technologies. The company disputes the framing.

3 min
Threat Intelligence

Browser Add-Ons, AI Chat Links and In-Memory macOS Attacks: A Week the Internet Worked As Designed

Shady extensions, weaponised Claude conversations, fileless macOS intrusions and cloud agents turned into shells dominated the criminal feeds this week.

2 min
Ransomware

INC Ransomware Fills the LockBit Vacuum, Racks Up 830+ Victims

Two years after a quiet debut, INC has graduated from boutique RaaS to one of 2026's busiest extortion brands — riding the affiliate exodus from LockBit and BlackCat.

2 min
© 2026 Threat Vectr