VS Code Vulnerability Allows One-Click GitHub Token Theft
A researcher has disclosed the full details of the vulnerability and released a PoC without notifying Microsoft in advance. The post VS Code Vulnerability Al...
SecurityWeek
20 articles
Coralogix Raises $200M at $1.6B Valuation to Scale AI Observability Platform
Coralogix offers a full-stack observability platform that unifies logs, metrics, traces, security, and AI observability. The post Coralogix Raises $200M at $1.
Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs
Threat actors are exploiting vulnerable Kirki and Burst Statistics deployments to elevate privileges and take over websites. The post Kirki, Burst Statistics...
Security of 100 AI Agents Tested and Ranked – What You Need to Know
The AI Risk Quadrant evaluates AI agents based on three factors: how vulnerable they are to compromise, the potential impact of a breach, and the strength of...
Hackers Target Global Stock Exchange in Espionage Operation
The attackers had access to a senior executive’s email account for 150 days and exfiltrated data for months. The post Hackers Target Global Stock Exchange in...
IMA Diligence Services Data Breach Impacts 525,000 People
The affected individuals’ personal information was stolen from a legacy server managed by a third party. The post IMA Diligence Services Data Breach Impacts ...
Organizations Warned of Exploited Linux Kernel Vulnerability
An improper authentication bug allows attackers to escalate their privileges and escape containers. The post Organizations Warned of Exploited Linux Kernel V...
‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds
The default HTTP/2 configuration of major web servers is vulnerable to an attack chain combining a compression bomb and a Slowloris-style hold. The post ‘HTT...
Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash
Microsoft has responded to backlash over its initial threats of legal action against researchers who publicly disclose zero-day vulnerabilities without coord...
Trump Signs Executive Order That Invites Vetting of Top AI Models for National Security Risks
The order establishes a framework for the federal government to vet the national security risks of the most advanced AI systems for up to a month before thei...
Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis
As AI shortens the path from vulnerability disclosure to exploitation, researchers disagree on whether the problem is inadequate security tools or inadequate...
Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk
A simple development setting bypassed protections designed to prevent unauthorized Android apps from accessing Microsoft account tokens, exposing billions of...
Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities
Google says the Android vulnerability CVE-2025-48595 has been exploited in limited, targeted attacks. The post Android Update Patches Exploited Zero-Day, 123...
Anthropic Expanding Mythos Access to 150 New Organizations
Only approximately 50 companies have had access to Mythos until now and they have found thousands of vulnerabilities in their products. The post Anthropic Ex...
The Zero-Knowledge Threat Actor and the End of Responsible Disclosure
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. Th...
Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches
A stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device. The post Critical Vulnerability in HP VoIP Phones Enable...
Oracle WebLogic Vulnerability Exploited in the Wild
The vulnerability is CVE-2024-21182 and it can be exploited without authentication to hack affected WebLogic servers. The post Oracle WebLogic Vulnerability ...
Meta AI Hands Over High-Profile Instagram Accounts to Hackers
Exploiting a confused deputy weakness, the hackers simply asked the chatbot to link the account to a new email address. The post Meta AI Hands Over High-Prof...
Supply Chain Attack Hits 32 Red Hat NPM Packages
Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud. The post Supply Chain Attack Hits 32 Re...
Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads
Dashlane’s security systems automatically locked accounts to protect them against the hacking attempts. The post Dashlane Brute-Force Attack Leads to Limited...