Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data
Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting…
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution…
Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning…
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to…
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine…
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex…
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561…
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations…
GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos
GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP…
Most Remediation Programs Never Confirm the Fix Actually Worked
Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed.…
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure…
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures…
New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities…
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's…
AI Rush is Reviving Old Cybersecurity Mistakes, Mandiant VP Warns
The rush to adopt AI in enterprise environments is not only creating new security vulnerabilities, but is also reviving old security failures,…
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware
A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams…
Google Favors General-Purpose Gemini Models Over Cybersecurity‑Specific AI
Google Cloud’s operations chief said the tech giant does not plan to release a separate, cyber‑focused frontier model like…
Google Introduces Unique AI Agent Identities in New Gemini Enterprise Platform
Google is betting big on agentic AI and wants professionals to track their AI agents on its new hub Gemini Enterprise Agent Platform.…
Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8562
In the previous post, we continued our series on the unpatchable vulnerabilities of Kubernetes, examining how CVE-2020-8561 combined multiple…
Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts
Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence…
Compromised axios npm package delivers cross-platform RAT
Key points and observations On March 31, 2026, an attacker hijacked an axios npm maintainer account and published two malicious releases:…
LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign
Key points and observations On March 24, 2026, two PyPI releases of LiteLLM, 1.82.7 and 1.82.8, were published with malicious code as a result…
We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them
AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to…
Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver…
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to…
Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool
Salesforce has warned of an increase in threat actor activity that's aimed at exploiting misconfigurations in publicly accessible Experience…
Behind the console: Active phishing campaign targeting AWS console credentials
Key points and observations Datadog Security Research identified an active adversary-in-the-middle (AiTM) phishing campaign targeting AWS…
Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor
New research from Broadcom's Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself…
Hook, line, and vault: A technical deep dive into the 1Phish kit
Key points and observations The 1Phish kit evolved between September 2025 and February 2026 from a basic credential harvester into an…
SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women…
Kubernetes project issues warning on Ingress NGINX retirement
The title of the recent Kubernetes blog post "Ingress NGINX: Statement from the Kubernetes Steering and Security Response Committees" might…
Webinar: How Modern SOC Teams Use AI and Context to Investigate Cloud Breaches Faster
Cloud attacks move fast — faster than most incident response teams. In data centers, investigations had time. Teams could collect disk…
UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors
A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns…
Tech impersonators: ClickFix and MacOS infostealers
Key points and observations Datadog identified an active campaign employing fake GitHub repositories impersonating software companies and…
27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials
Cybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has…
Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors
In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for…
Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers
A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal…
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware
A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting…
Introducing Pathfinding.cloud
Today we’re releasing pathfinding.cloud, an extensive knowledge base that documents the IAM permissions and permission sets that allow…
Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure
Amazon's threat intelligence team has disclosed details of a "years-long" Russian state-sponsored campaign that targeted Western critical…
Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks
A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances…
Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes
Cloud security is changing. Attackers are no longer just breaking down the door; they are finding unlocked windows in your configurations,…