Latest stories — Page 32

AI Security

OpenAI Ships ChatGPT 'Lockdown Mode' to Blunt Prompt-Injection Data Theft

The opt-in setting strips connectors and browsing tools that attackers have used to siphon data from logged-in sessions.

3 min
Vulnerabilities

One-Click VS Code Flaw Exposed GitHub OAuth Tokens to Theft

A researcher-disclosed bug in Microsoft's browser-based VS Code variant let a single crafted link siphon tokens with read/write access to private repos.

3 min
Threat Intelligence

Bright Data's iOS SDK Quietly Conscripts Smart TVs Into a Scraping Proxy Network

A reverse-engineering of the SDK shows how consumer apps — including always-on televisions — relay traffic for the proxy giant now courting AI customers.

3 min
Vulnerabilities

CISA Flags SolarWinds Serv-U DoS Bug as Actively Exploited

CVE-2026-28318 crashes the file transfer service. Federal agencies get the usual three-week patch window.

2 min
Vulnerabilities

FFmpeg Gets 21 New Bugs from an AI Fuzzer; Chrome 149 Ships a Record 429 Fixes

An autonomous agent dug up zero-days in the codec library that ships in everything. Google's browser shipped its largest single security release on record. Same week.

2 min
Threat Intelligence

Miasma Self-Replicating Worm Reaches Microsoft GitHub Orgs, 73 Repos Affected

The campaign — tracked publicly as Miasma — propagated into Azure, Azure-Samples, Microsoft, and MicrosoftDocs before GitHub pulled access.

2 min
Vulnerabilities

Cisco SD-WAN Manager Bug Under Active Exploit, No Fix Yet

CVE-2026-20245 affects on-prem and FedRAMP deployments. Cisco confirms exploitation in the wild while customers wait on a patch.

2 min
Threat Intelligence

npm Hit by Dual Supply-Chain Campaigns: Rust Stealer With eBPF Rootkit, Self-Spreading Worm

Researchers flagged two parallel intrusions into the npm registry. One delivers a kernel-level credential scraper. The other propagates through more than 50 poisoned packages.

3 min
AI Security

Microsoft Expands Its Agentic AI Failure Taxonomy With Seven New Attack Classes

From inter-agent trust escalation to MCP plugin abuse, the updated taxonomy surfaces threat categories that didn't exist — or weren't well-understood — when Microsoft published its first version.

2 min
Vulnerabilities

RubyGems Adds Installation Cooldown to Bundler as Supply Chain Defense

A configurable delay before newly published gems install gives the community time to spot malicious code before it reaches developer machines.

2 min
Threat Intelligence

Asin Android Spyware Surfaces in Arabic-Language Lures, ESET Says

ESET ties early-2025 campaigns to decoy sites posing as utilities, war-tracking tools and a fake government news portal.

3 min
Vulnerabilities

OWASP's CVE Lite CLI Puts Dependency Scanning in the Terminal

A new OWASP Incubator project lets developers scan project dependencies for known vulnerabilities from the command line — no dashboard, no subscription, no delay.

2 min
Vulnerabilities

Fuel, Chemicals, Food: CISA Warns ATG Attacks Can Drain Tanks Silently

Hardcoded credentials and unauthenticated command execution leave automated tank gauges wide open. The fix list is embarrassingly short.

2 min
Vulnerabilities

900+ Fuel Tank Gauges Still Hanging Off the Public Internet

ATG systems in gas stations, hospitals, and military sites are exposed to known CVEs — and nobody owns the patch cycle.

2 min
Threat Intelligence

OP-512 Cluster Hits IIS Servers With Custom Web Shell Kit, Researchers Link Activity to China

A previously unreported intrusion set is dropping a bespoke web shell framework on Microsoft IIS servers, with espionage indicators pointing toward Beijing.

2 min
Breaches

Ultrahuman Data Leak, Ransomware Tradecraft, and a Browser That Mines Your CPU: The Week's Overlooked Stories

Three stories that didn't dominate the feed — a wearable-tech data exposure, a dissection of The Gentlemen ransomware, and Hola Browser quietly bundling a cryptominer.

2 min
Opinion

The AI SOC Hit Production. Only 10% of Buyers Call It Excellent.

Budgets shifted fast. Outcomes lagged. What the next wave of agentic SOC tooling has to prove before renewal season.

3 min
Policy & Regulation

Voluntary AI Security Rules: The Industry Already Knows What That Means

Trump's AI cybersecurity executive order drew polite applause from vendors and quiet skepticism from practitioners. The gap between those two reactions is where the real story lives.

2 min
Vulnerabilities

Everest Forms Pro RCE Under Active Exploitation on WordPress Sites

CVE-2026-3300 carries a 9.8 CVSS. Attackers are using it to take over sites running unpatched versions of the premium form-builder plugin.

3 min
Threat Intelligence

Five Eyes Warns: Chinese Intelligence Officers Posing as Recruiters to Harvest Government Secrets

A joint advisory flags a persistent social engineering campaign targeting personnel with access to classified material — fake job offers, real espionage.

2 min
Ransomware

AI Tools Surge in Ransomware Markets, Lowering Entry Barriers

Underground markets see a boom in AI-driven tools, making ransomware more accessible and profitable.

2 min
© 2026 Threat Vectr