Latest stories — Page 38

AI Security

AI Governance Is Broken Because It Still Lives Outside the Pipeline

Building compliance as a post-ship review layer made sense for static software. For AI systems that mutate overnight, it is organizational negligence dressed up as process.

3 min
Threat Intelligence

TrapDoor: The Supply Chain Campaign That Wants Your Whole Dev Environment, Not Just Your Secrets

A cross-registry malware campaign hitting npm, PyPI, and Crates.io is going after CI/CD pipelines, SSH trust chains, and AI coding assistant files — not just credentials on install.

3 min
Opinion

Twenty Years of Cyber Lessons and We're Still Losing on the Basics

The industry spent two decades reinventing its philosophy — perimeter defense to assume-breach — yet the attacks that still hit hardest exploit the same unpatched, misconfigured, un-MFA'd mistakes we should have buried years ago.

3 min
Identity & Access

AI Agent Identities Are Redrawing Enterprise IAM Budgets

New Omdia research finds that the rapid spread of AI agent deployments is forcing organisations to treat non-human identities as a distinct governance category, with budget implications that traditional identity and access management frameworks were not designed to absorb.

3 min
Vulnerabilities

Two Defender flaws under active exploitation, Microsoft confirms

A SYSTEM-level link-following bug and a denial-of-service issue in Microsoft Defender are both being abused in the wild.

2 min
Threat Intelligence

The Boring Attacks Are Winning: Why Defenders Keep Losing to Trusted Tools

Leaked tokens, poisoned npm packages, and login replays are doing more damage than zero-days this quarter. Here is how to spot the pattern before it spots you.

3 min
Threat Intelligence

Showboat: A Modular Linux Backdoor Quietly Camped in a Middle East Telco Since 2022

Lumen's Black Lotus Labs ties the SOCKS5-capable implant to a years-long intrusion at a regional carrier, with an in-memory loader and ELF payloads that sidestep most host telemetry.

2 min
Vulnerabilities

Cisco's Secure Workload Earns a Perfect 10, in the Wrong Sense

An unauthenticated REST API flaw rated CVSS 10.0 lets remote attackers help themselves to sensitive data. Cisco has issued fixes.

2 min
Vulnerabilities

CISA's KEV List Just Picked Up Langflow and Apex One — Both Already Being Hit

Two flaws, one AI workflow tool and one veteran endpoint suite, now carry a federal patch deadline because attackers got there first.

2 min
Vulnerabilities

When the Hardware Isn't There: Coaxing Vulnerable Drivers Into Range

BYOVD research keeps colliding with a stubborn problem — many kernel drivers refuse to talk unless their device is plugged in. New work shows how to make them talk anyway.

2 min
Policy & Regulation

Justice Department Charges Ottawa Man With Operating Kimwolf DDoS Botnet

Federal prosecutors say Jacob Butler, 23, developed and rented out a variant of the AISURU botnet for paid denial-of-service attacks.

2 min
Threat Intelligence

Megalodon Campaign Plants Malicious Workflows in 5,561 GitHub Repos in Six Hours

Throwaway accounts pushed 5,718 commits forging build-bot identities to exfiltrate CI/CD secrets, researchers said.

2 min
Threat Intelligence

CERT-UA Attributes Prometheus-Themed Phishing Run Against Ukrainian Government to Ghostwriter (UAC-0057)

Compromised mailboxes deliver lures impersonating a Ukrainian e-learning platform, with the Belarus-aligned operator tracked as UNC1151 named as the responsible cluster.

2 min
Ransomware

Operation Saffron Yanks the Plug on First VPN, the Getaway Car of at Least 25 Ransomware Crews

French and Dutch police led the takedown of a bulletproof VPN service that prosecutors say routed traffic for Conti, LockBit affiliates, and roughly two dozen other ransomware brands.

2 min
Vulnerabilities

CISA Flags Exploited Drupal SQL Injection Flaw. Drupal Won't Say Who Got Hit.

CVE-2026-9082 is in the Known Exploited Vulnerabilities catalog. The advisory mentions active exploitation. It does not mention victims, telemetry, or how anyone found out.

2 min
Vulnerabilities

LiteSpeed cPanel Plugin Flaw Hands Root to Any Logged-In User, and the Vendor Won't Say How Many Hosts Are Hit

CVE-2026-48172 carries a CVSS of 10.0, is already being exploited, and LiteSpeed has not answered three questions about exploitation telemetry.

2 min
Threat Intelligence

Laravel-Lang Packages Hijacked to Push a Cross-Platform Credential Stealer

Four popular Laravel-Lang packages were tagged with malicious releases that drop a credential-harvesting framework on Windows, macOS, and Linux.

3 min
AI Security

Anthropic Says Project Glasswing AI Has Flagged 10,000 High-Severity Bugs in a Month

The Claude-based scanner has been pointed at widely deployed open-source code since October. Anthropic has not named the affected projects.

2 min
Threat Intelligence

Eight Packagist Projects Hijacked to Pull Linux Payload From GitHub Releases

The injected code lived in package.json, not composer.json, and targeted JavaScript-shipping Composer projects.

2 min
Threat Intelligence

TrapDoor Campaign Plants Credential Stealers Across npm, PyPI, and Crates.io

A coordinated operation seeded 34+ malicious packages across three registries since May 2026. If you ship code, this one is sitting in your dependency tree right now.

3 min
Threat Intelligence

GRU Operators Drained Microsoft 365 Tokens by Rewriting DNS on 18,000 SOHO Routers

Forest Blizzard shifted from targeted router malware to mass DNS hijacking after a UK advisory in August, intercepting OAuth tokens on Outlook on the web.

3 min
© 2026 Threat Vectr