16+ hour, 27+ min ago  (429+ words) A newly observed extortion brand called Pink (CL-CRI-1147) that is actively targeting enterprise users to harvest cloud storage credentials and bypass multi-factor authentication. The group's leak site went live on May 31, 2026, and its operations combine social engineering with classic credential-phishing…...

19+ hour, 58+ min ago  (421+ words) A new, fully featured Lucid Stealer build that combines large-scale credential theft with hidden remote access. The sample, distributed through Telegram-linked underground channels, is not a simple packed executable but a Lucid-branded information stealer and RAT wrapped inside a legitimate…...

22+ hour, 55+ min ago  (577+ words) Security Advisory Bulletin 064 describing a critical chain of vulnerabilities in Uni Fi OS Server that allows unauthenticated remote code execution and full root takeover. When chained, these flaws let an attacker send a single crafted HTTP request to the admin…...

18+ hour ago  (288+ words) Google has released Chrome 149 to the stable channel, addressing a significant batch of 429 security vulnerabilities across Windows, mac OS, and Linux, including 22 critical flaws that could enable remote code execution, memory corruption, and sandbox escapes. The update, version 149. 0. 7827. 53/54, is being…...

19+ hour, 33+ min ago  (530+ words) A suspected China-linked espionage cluster dubbed OP-512 after rapidly correlating many low-fidelity events into a single high-priority incident that human analysts then validated. OP-512 compromised an Internet Information Services (IIS) server and deployed a custom web shell framework built to…...

18+ hour, 32+ min ago  (553+ words) OWASP has released a new edition of its AI security report, "State of Agentic AI Security and Governance v2. 01," giving security teams a concrete playbook for defending autonomous AI agents and the expanding ecosystem of tools they rely on. Positioned within…...

23+ hour, 57+ min ago  (575+ words) Threat researchers have uncovered a novel man-in-the-middle (Mit M) attack chain targeting Anthropic's Claude Code ecosystem, where adversaries hijack Model Context Protocol (MCP) traffic to steal OAuth authentication tokens and persist access to enterprise Saa S platforms. The technique, detailed by…...

1+ day, 40+ min ago  (433+ words) Open AI this week introduced Lockdown Mode, a security-focused setting for Chat GPT designed to reduce the risk of data exfiltration from prompt-injection attacks. The feature is rolling out to eligible personal accounts (Free, Go, Plus, Pro) and self-serve Chat…...

1+ day, 28+ min ago  (589+ words) Cybercriminals are already turning the 2026 FIFA World Cup into a fraud opportunity, using phishing pages, fake online stores, and ticket scams to steal money and personal data. The risk is rising because the tournament will attract huge global demand, fast…...

23+ hour, 50+ min ago  (558+ words) Anthropic's Claude Code Git Hub Action could unintentionally expose CI/CD workflow secrets when AI agents process untrusted Git Hub content. The risk arises because certain tools the agent uses to read files were not sandboxed like subprocess execution paths…...