Latest IntelligencePage 55
Search by keyword →
Microsoft Edge to stop loading cleartext passwords in memory on startup
Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup. [...]...
Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution
Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the REMUS infostealer evolved around sess...
Researchers claim the first macOS kernel exploit on Apple M5 chips
Security researchers have announced what they describe as the first public macOS kernel memory corruption exploit capable of bypassing Apple’s Memory Integrity ...
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persist...
Microsoft Edge, Windows 11 and LiteLLM Hacked in Pwn2Own Berlin 2026
Pwn2Own Berlin 2026 opened with a surge of zero-day exploits targeting modern browsers, operating systems, and emerging AI platforms. On Day One alone, security...
Hackers Use OrBit Rootkit to Harvest SSH and Sudo Credentials From Linux Systems
A dangerous rootkit called OrBit has been quietly targeting Linux systems for years, stealing login credentials and hiding deep inside infected machines without...
Microsoft to automatically roll back faulty Windows drivers
Microsoft is introducing a new capability that will allow it to remotely roll back problematic Windows drivers delivered through Windows Update. [...]...
.webp)
Microsoft Warns of Attackers Using Trusted HPE Operations Agent for Malware-Free Intrusions
A recent intrusion uncovered by security researchers revealed a calculated attack campaign that used a legitimate enterprise management tool as a weapon. The th...
Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild
Microsoft has shared mitigations for CVE-2026-42897 until a permanent patch can be released for affected Exchange Server versions. The post Microsoft Warns of E...
Cyber Pioneers Ponder Past as Prologue
Robert "RSnake" Hansen, Katie Moussouris, Rich Mogull, Richard Stiennon, and Bruce Schneier reflect on how their favorite columns penned for Dark Reading over t...
.webp)
Tycoon 2FA Operators Adopt OAuth Device Code Phishing to Bypass MFA
Cybercriminals behind the Tycoon 2FA phishing kit have added a powerful new weapon to their playbook. By combining their well-known phishing infrastructure with...
PraisonAI Vulnerability Exploited Within Hours of Public Disclosure
As artificial intelligence frameworks become central to enterprise operations, a critical flaw in a popular AI platform has exposed organizations to serious sec...
Amazon Redshift JDBC Driver Vulnerabilities Enables Remote Code Execution Attacks
A critical vulnerability in the Amazon Redshift JDBC driver has put enterprise applications at severe risk of Remote Code Execution (RCE). Threat actors can exp...
Multiple cPanel Vulnerabilities Allows Access to Sensitive System Resources
In a severe blow to web hosting environments worldwide, administrators are racing against the clock to patch a massive wave of security vulnerabilities affectin...
American Lending Center Data Breach Affects 123,000 Individuals
The non-bank lender discovered a ransomware attack nearly one year ago, but only recently completed its investigation. The post American Lending Center Data Bre...
%20through%20the%20elementary-data%20script%20injection%20(April%2024,%202026)%20(Source%20-%20Trend%20Micro).webp)
TeamPCP Hackers Abuse CI/CD Pipelines to Steal Developer and Cloud Credentials
TeamPCP is quietly turning trusted development tools into entry points for large scale credential theft. By slipping malicious code into popular CI/CD component...
What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface
In Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no l...
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but no...
OpenAI Hit by TanStack Supply Chain Attack
Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories. The post OpenAI Hit by TanStack Supply Ch...
TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code
The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The post TeamPCP Ups the Game, Releases Shai-Hu...