Latest IntelligencePage 27
Search by keyword →
AI-Generated npm Malware Accidentally Exposes Threat Actor’s Private GitHub Token
A new wave of AI-generated malware is hitting the open-source software ecosystem, and this time, the attacker made a critical mistake that gave researchers a ra...
Claude Opus 4.8 Released With Ability to Work as an Experienced Engineer
Anthropic has launched Claude Opus 4.8, the latest iteration of its flagship AI model, bringing sharper judgment, improved self-awareness about its own progress...
Hackers exploit FortiClient EMS flaw to push infostealer malware
Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented cred...
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitr...
Geordie Raises $30 Million for AI Security and Governance Platform
The funding round was led by Balderton Capital, with additional support from Crosspoint Capital and previous investors General Catalyst and Ten Eleven Ventures....
New Gogs 0-Day Vulnerability Lets Attackers Run Malicious Code on the Server Remotely
A critical zero-day vulnerability has been discovered in Gogs, one of the most widely deployed self-hosted Git platforms in the world, allowing any authenticate...
Proton Mail adds support for Gmail account syncing and sending
Proton has announced a new feature that allows users to connect their Gmail accounts directly to Proton Mail, enabling them to read and send Gmail messages from...
Critical OpenVPN Connect for macOS Vulnerability Let Attackers Execute Arbitrary Commands
A critical privilege escalation vulnerability has been discovered in OpenVPN Connect for macOS, enabling local attackers to execute arbitrary commands with elev...
Agentic AI Isn't Risky; the Way Orgs Deploy It Is
AI agents aren't black boxes — they're models interacting with software tools. The risk lies in their overlap....
.webp)
Hackers Deploy VIP Keylogger Through Phishing Emails Masquerading as Business Documents
Hackers are using deceptive phishing emails dressed up as routine business documents to spread a dangerous malware strain known as VIP Keylogger. The campaign h...
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver cred...
ClearFake Uses BSC Testnet Smart Contracts for Takedown-Resistant Command and Control
A new and dangerously clever malware campaign called ClearFake has been caught using blockchain smart contracts to run its operations, making it nearly impossib...
New Linux CIFSwitch Kernel Vulnerability Allows Attackers to Gain Root Access
A newly disclosed Linux local privilege escalation (LPE) vulnerability dubbed “CIFSwitch” enables low-privileged users to gain root access by abusin...
Malicious Websites Track Visitors by Analyzing their SSD Timing Activity
Malicious websites can track visitors by measuring tiny changes in SSD access times, turning normal browser activity into a privacy leak. Researchers showed tha...
New Zapocalypse Attack Chain Enables Full Zapier Account Takeover
A newly disclosed exploit chain dubbed Zapocalypse shows how a low-privilege code-execution feature inside Zapier could have been chained into a supply-chain pa...
Carnival Data Breach Exposed 6 Million People
Data breach leaves nearly 6 million Carnival customers navigating identity theft risks. The post Carnival Data Breach Exposed 6 Million People appeared first on...
Carnival begins notifying 6 million people of a data breach
Carnival Corporation has begun notifying roughly six million individuals that their personal information was stolen in the cyberattack claimed by the ShinyHunte...
New Gogs zero-day flaw lets hackers get remote code execution
An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. [....
How SIEM helps MSPs reduce noise and stop threats faster
MSPs don't lack security data. They struggle to separate real threats from alert noise. Kaseya explains how SIEM helps MSPs improve visibility, reduce fatigue, ...
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected ...