Smart, Real-Time Protection for Your Digital Life. Because your digital life is different from ordinary people.
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild.… Read MoreThe Hacker News
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant’s implicit trust in Markdown links and images… Read MoreThe Hacker News
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation… Read MoreThe Hacker News
New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks
A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025.… Read MoreThe Hacker News
What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks
Shadow AI used to mean employees pasting things they shouldn’t into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them… Read MoreThe Hacker News
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil’s largest cooperative financial systems,… Read MoreThe Hacker News
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean… Read MoreThe Hacker News
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under… Read MoreThe Hacker News
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. “The campaign abused… Read MoreThe Hacker News
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an… Read MoreThe Hacker News
