Two ransomware groups are licking their wounds and rebuilding their infrastructure after leaking each other’s operational data online, according to Halcyon. The set-to began when 0APT claimed the scalps of three ransomware groups on its leak site: newcomer KryBit and… Read More "Ransomware Turf War as 0APT and KryBit Groups Trade Blows"
Between malware, online impersonation, and account takeovers, there are enough digital security problems out there as it is. And with the rise of agentic AI, more activity is being carried out by agents on behalf of humans—creating different risks that… Read More "The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards"
More than 70 extensions that were published to the Open VSX marketplace in April are likely sleeper extensions linked to the GlassWorm malware, Socket reports. GlassWorm appeared in the Open VSX registry in October 2025 in a dozen extensions that… Read More "Dozens of Open VSX Extension Clones Linked to GlassWorm Malware"
Ravie LakshmananApr 28, 2026Vulnerability / Network Security Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face’s open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution. The vulnerability… Read More "Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE"
Traditional phishing training teaches people to look for indicators of fake pages: Misspellings, suspicious URLs, unusual sender addresses. AiTM phishing pages show none of these indicators because they are not fake. They proxy the real service in real time. The… Read More "Stopping AiTM attacks: The defenses that actually work after authentication succeeds"
Cybercriminals have recently deployed a new set of phishing pages designed to target TikTok for Business accounts by using TikTok- or Google-themed content. Push Security said it had identified a new wave of an Adversary-in-the-Middle (AiTM) phishing pages registered on March… Read More "New Wave of AiTM Phishing Targets TikTok for Business"
A vulnerability in the Windows Remote Procedure Call (RPC) mechanism allows attackers to elevate their privileges to System, Kaspersky reports. The local privilege escalation issue potentially affects all Windows versions and abuses another legitimate Windows mechanism, where processes are allowed… Read More "No Patch for New PhantomRPC Privilege Escalation Technique in Windows"
ANZ Organizations Are in the Ransomware Crosshairs— What the Dark Web Is Telling Us Ransomware in ANZ is evolving into a scalable cybercrime model, with dark web intelligence revealing targeted attacks, data theft, and rising risks. The conversation around ANZ ransomware… Read More "ANZ Ransomware Threats Rise As Attacks Grow More Advanced"
When patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure,… Read More "New Playbooks For a Zero-Window Era"
In the enterprise SaaS space, AI agents are becoming an integral part of the SaaS product. To make these intelligent agents truly useful, they need contextual, customer-specific knowledge, something standard Large Language Models (LLMs), open source or otherwise, inherently lack… Read More "Securing RAG pipelines in enterprise SaaS"
