Cyber Security
A high-severity access-control vulnerability (CVSS 8.2) in Cursor, a widely used AI-powered coding environment. The flaw uncovered by LayerX has allowed any installed extension to access a developer’s API keys and session tokens secretly. This results in total...
Cyber Security
A sophisticated, memory-resident phishing campaign called BlobPhish, active since October 2024, that exploits browser Blob URL APIs to silently steal credentials from Microsoft 365 users, major U.S. banks, and financial platforms while remaining almost completely...
Cyber Security
A new fake document reader app found on the Google Play Store has been silently installing Anatsa, a powerful Android banking trojan, on thousands of user devices. The malicious application surpassed 10,000 downloads before Google removed it, putting a significant...
Cyber Security
A new open-source toolkit called pentest-ai-agents is redefining how security professionals leverage AI in penetration testing workflows, transforming Anthropic’s Claude Code into a fully specialized offensive security research assistant powered by 28 domain-specific...
Cyber Security
The GlassWorm supply chain attack targeting the Open VSX marketplace has escalated with the discovery of 73 new “sleeper” extensions. Identified in April 2026, this cluster marks a dangerous shift in how threat actors distribute malware to software developers. This...
Cyber Security
Home security giant ADT Inc. has confirmed a data breach after the notorious threat group ShinyHunters claimed to have stolen over 10 million records and issued a ransom ultimatum — “Pay or Leak.” ADT, headquartered in Boca Raton, Florida, disclosed the incident via a...
Cyber Security
A major investigation has revealed that sophisticated threat actors are exploiting fundamental vulnerabilities in global mobile networks to track users worldwide. By abusing legacy 3G SS7 and 4G Diameter signaling protocols, hackers are successfully bypassing telecom...
Cyber Security
Apple released iOS 26.4.2 and iPadOS 26.4.2 on April 22, 2026, to patch a critical notification privacy vulnerability that allowed law enforcement to extract Signal message content from iPhones — even after the app had been deleted. The flaw, tracked as...
Cyber Security
“`html Microsoft has released an urgent out-of-band (OOB) security update for .NET 10, issuing version 10.0.7 on April 21, 2026, to resolve a critical elevation of privilege flaw identified in the Microsoft.AspNetCore.DataProtection NuGet package. The...
Cyber Security
“`html A proof-of-concept (PoC) exploit has been made publicly available for a recently uncovered vulnerability in Microsoft’s Snipping Tool that enables attackers to covertly obtain users’ Net-NTLM credential hashes by enticing them to a harmful webpage....
