Browsing Tag
Vulnerability
1598 posts
AI Gateway Connected to Amazon Bedrock Hijacked for Cryptomining
Darktrace says a LiteLLM AI gateway linked to Amazon Bedrock was compromised for cryptomining after signs of exposed SSH activity.
July 9, 2026
UNK_MassTraction Exploits Roundcube Flaws Against US, Canadian Universities
China-linked UNK_MassTraction targets US and Canadian universities through Roundcube flaws, stealing sessions and opening access to research mail servers.
July 8, 2026
GitLost: GitHub’s AI Agent Tricked Into Leaking Private Repository Data
Noma Labs details GitLost, a prompt injection flaw that made GitHub's AI agent expose private repo data through a crafted public issue and guardrail failures.
July 7, 2026
Sysdig Details JADEPUFFER, the First Documented Agentic Ransomware Operation
A new Sysdig report traces how an LLM agent abused a Langflow flaw, stole credentials, reached production MySQL, and destroyed Nacos config data in minutes flat.
July 2, 2026
New EvilTokens Attack Exposes Browser Visibility Gap in Enterprise SOCs
EvilTokens phishing hides takeover clues until browser execution leaving SOC teams needing deeper visibility to validate threats faster and reduce account risk.
June 30, 2026
212 New Venezuela Earthquake Domains Prompt Donation Scam Warnings
Researchers spotted 212 new domains registered after Venezuela's earthquake, warning donors of donation scam risks and urging them to verify relief sites first.
June 29, 2026
macOS Flaw Allowed Standard Users to Disable CrowdStrike and Kandji Security Tools
A macOS XPC flaw let regular users disable CrowdStrike and Kandji tools, exposing security gaps that vendors patched after XM Cyber reported the security issue.
June 26, 2026
LastPass Confirms Customer Data Breach After Klue OAuth Token Theft
LastPass has confirmed it was affected by the Klue supply chain incident, saying an unauthorised actor used stolen…
June 23, 2026
‘Cordyceps’ CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking
Novee Security reveals Cordyceps, a CI/CD vulnerability in GitHub Actions workflows that let anonymous users poison builds and expose tokens across major projects today.
June 23, 2026
Beats Studio Buds Flaw Could Let Nearby Attackers Eavesdrop on Users
Apple has released a security update to patch a Beats Studio Buds flaw that let nearby hackers listen to conversations through the microphone.
June 22, 2026