The world of art forgery and cybercrime share a surprising common ground: the art of deception. By studying the notorious forger Elmyr de Hory, defenders can uncover timeless tactics that hackers still employ today. This article draws parallels and offers fresh insights for modern security teams.
Security researchers have identified a zero‑click cross‑site scripting vulnerability in Anthropic's Claude Chrome extension. The bug allowed any visited website to silently inject malicious prompts into the AI assistant, creating a new attack vector without user interaction.
Most security teams rely on alerts, dashboards, and threat intel to gauge safety, but those signals often mask hidden gaps. A recent webinar showed how realistic attack simulations can expose blind spots and confirm that defenses truly work.
Red Menshen, a threat cluster with Chinese ties, has been quietly infiltrating telecom infrastructure using a custom implant called BPFDoor. The campaign targets government networks, leveraging the trusted position of telecom carriers to maintain long‑term access.
Amazon Threat Intelligence has flagged an active Interlock ransomware campaign that is leveraging a newly disclosed Cisco Secure Firewall Management Center flaw (CVE-2026-20131). The vulnerability, rated 10.0 on the CVSS scale, enables unauthenticated attackers to gain root privileges on affected devices.
Outpost24, a well‑known cybersecurity firm, fell victim to a meticulously crafted seven‑stage phishing operation aimed at one of its C‑suite leaders. The attackers masqueraded as reputable brands, leveraging familiar domains to coax the executive into surrendering login details, underscoring the rising sophistication of social‑engineering attacks.
A new investigation reveals that popular AI development platforms—Amazon Bedrock, LangSmith, and SGLang—contain sandbox design flaws that can be abused to steal data and launch remote code execution attacks. The findings highlight how DNS queries can become covert channels for exfiltrating sensitive information from AI code‑execution environments. The report, authored by security firm BeyondTrust, demonstrates a practical exploit against Amazon Bedrock's AgentCore interpreter, showing how attackers can gain an interactive shell and move laterally within a target network. These revelations underscore the urgent need for stronger isolation and monitoring in AI‑driven workloads.
LeakNet ransomware has shifted its initial‑access strategy, leveraging the ClickFix social‑engineering technique through compromised websites. By prompting victims to run fabricated commands, the group bypasses traditional credential‑theft methods. The campaign also introduces a Deno‑based in‑memory loader, allowing the malicious payload to execute without touching disk. This combination creates a stealthy, fast‑moving threat that challenges conventional detection tools.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed the Wing FTP information‑disclosure flaw, CVE‑2025‑47813, into its Known Exploited Vulnerabilities catalog. The medium‑severity issue leaks server installation paths and is already being leveraged by threat actors. Experts recommend immediate mitigation steps, including patching, configuration hardening, and continuous monitoring, to reduce exposure while organizations reassess their reliance on legacy FTP services.
A recent advisory from China's National Computer Network Emergency Response Technical Team (CNCERT) has highlighted significant security concerns surrounding the OpenClaw AI agent. The self-hosted, open-source platform, previously known as Clawdbot and Moltbot, presents serious risks due to its default configurations.
A sophisticated evolution of the GlassWorm campaign has been identified, significantly escalating its reach by exploiting the Open VSX registry. This new tactic weaponizes a large number of extensions to infiltrate developer environments.
In a significant global operation, INTERPOL has successfully dismantled a vast network of malicious digital infrastructure, taking down 45,000 IP addresses and servers. This coordinated effort also led to the apprehension of 94 individuals suspected of involvement in various cybercriminal activities.
Cybersecurity researchers have identified a novel iteration of the Click-Fix malware, signaling an alarming evolution in its operational tactics. This new variant poses a significant threat, necessitating a deeper understanding of its mechanisms and potential impact.
Security researchers have brought to light a significant set of nine vulnerabilities, collectively dubbed 'CrackArmor,' within the Linux kernel's AppArmor module. These flaws could potentially allow unprivileged users to gain elevated system access and bypass crucial security barriers.
Google has swiftly deployed emergency patches for its widely used Chrome browser, targeting two severe security vulnerabilities that were actively being exploited by malicious actors. These 'zero-day' flaws, meaning they were known and exploited before a fix was available, posed a significant risk to users worldwide.
A new frontier in cybercrime is emerging as threat actors increasingly adopt artificial intelligence (AI) to craft sophisticated attack tools. Researchers have uncovered "Slopoly," an AI-assisted malware strain, being utilized by the financially motivated group Hive0163 to gain persistent access during ransomware operations.
A new, sophisticated banking malware named VENON has emerged, targeting 33 Brazilian financial institutions. What sets VENON apart is its foundation: it's built using the Rust programming language, a notable shift from the typical Delphi-based tools prevalent in the region's cybercrime landscape.
Phishing attacks are evolving beyond tricking individual employees. Modern campaigns are strategically engineered to overload and exhaust Security Operations Center (SOC) analysts, turning routine investigations into critical vulnerabilities. This shift in attacker methodology poses a significant threat, as prolonged investigation times can escalate minor incidents into major data breaches.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a significant security flaw affecting the n8n workflow automation tool to its actively exploited vulnerabilities list. This critical vulnerability, known as CVE-2025-68613, poses a severe risk due to its potential for remote code execution.
The rapid advancement of AI-powered web browsers, designed to autonomously navigate and interact with the internet, has introduced a new frontier in cybersecurity concerns. Recent findings demonstrate that these sophisticated tools, capable of complex reasoning, can be surprisingly susceptible to malicious manipulation, falling victim to phishing schemes within minutes.
Two critical vulnerabilities discovered in the n8n workflow automation platform have been successfully patched. These flaws posed significant risks, including the potential for remote code execution and the exposure of sensitive stored credentials.
Cybersecurity researchers have uncovered a sophisticated attack campaign involving five malicious Rust crates disguised as legitimate time-related utilities. These nefarious packages, published on the official crates.io repository, are designed to infiltrate and compromise Continuous Integration/Continuous Deployment (CI/CD) pipelines, ultimately aiming to exfiltrate sensitive developer secrets.
The complexity of Large Language Models (LLMs) presents ongoing challenges in ensuring they follow instructions accurately and safely. A novel approach, the IH-Challenge, is emerging to address this by teaching LLMs to discern and prioritize trusted instructions, thereby enhancing their overall reliability and security.
A concerning new cyber threat has emerged, with malicious actors targeting FortiGate Next-Generation Firewall (NGFW) devices. These attacks leverage vulnerabilities or weak login details to gain unauthorized access, ultimately aiming to pilfer sensitive service account credentials and map out victim networks.
AI agents, once a futuristic concept, are now active participants in our daily workflows, performing tasks autonomously. While their efficiency is undeniable, they introduce significant security vulnerabilities, acting as an 'invisible employee' that can inadvertently expose sensitive data.
A concerning new threat has emerged from the npm ecosystem, with a malicious package designed to impersonate a legitimate software installer. Discovered by cybersecurity experts, this package targets macOS users, aiming to pilfer sensitive credentials and establish remote access.
The cybersecurity landscape continues its relentless evolution, with attackers constantly devising new methods to breach defenses. This past week was no exception, highlighting critical vulnerabilities and sophisticated new threats that demand immediate attention from individuals and organizations alike.
OpenAI has launched Codex Security, an innovative AI-powered tool designed to proactively identify and address security flaws within software code. In its initial phase, the agent has already scanned a massive 1.2 million code commits, uncovering a significant number of high-severity issues.
Cybersecurity professionals are sounding the alarm about a sophisticated, multi-stage malware operation identified as VOID#GEIST. This campaign ingeniously employs obfuscated batch scripts to infiltrate systems and deploy a trio of potent Remote Access Trojans (RATs): XWorm, AsyncRAT, and Xeno RAT.
The notorious Transparent Tribe, a Pakistan-aligned threat actor, is leveraging artificial intelligence to accelerate malware production, posing a significant threat to Indian targets. This marks a concerning evolution in cyber warfare tactics.
For Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs), scaling cybersecurity offerings is a critical challenge. It demands not only deep technical prowess but also a robust business framework that demonstrably provides value at scale. Risk-based cybersecurity forms the bedrock of such a model, fostering client confidence, unlocking avenues for service expansion, and establishing a predictable revenue stream.
A sophisticated cyber campaign attributed to APT28 has surfaced, specifically targeting entities within Ukraine. This operation introduces two previously unknown malware families: BadPaw, a loader, and MeowMeow, a backdoor.
The cybersecurity landscape is witnessing a significant uptick in hacktivist-driven Distributed Denial of Service (DDoS) attacks, directly linked to escalating geopolitical tensions in the Middle East. Recent analysis reveals a concentrated wave of these cyber assaults targeting organizations across multiple continents.
A newly identified advanced persistent threat (APT) group, ominously named Silver Dragon, has been actively engaged in cyber espionage targeting government entities across Europe and Southeast Asia. Researchers have uncovered a sophisticated operational methodology that leverages well-known, yet potent, cyber tools.
A significant security vulnerability affecting Qualcomm chipsets has been actively exploited in targeted attacks against Android devices. This zero-day flaw, identified as CVE-2026-21385, presents a critical memory corruption issue that attackers are leveraging to compromise user devices.
A sophisticated cyber threat is targeting organizations by masquerading as legitimate IT support. This scheme aims to deploy the powerful Havoc command-and-control (C2) framework, a precursor to potentially devastating ransomware or data exfiltration attacks.
A sophisticated cyber campaign has utilized the open-source CyberStrikeAI platform to target Fortinet FortiGate appliances globally. This AI-driven offensive has already impacted organizations in over 55 countries, signaling a new era of automated exploitation.
A sophisticated new phishing toolkit, dubbed Starkiller, has emerged, employing advanced techniques to circumvent multi-factor authentication (MFA). This sophisticated platform utilizes an 'Adversary-in-the-Middle' (AitM) reverse proxy strategy, allowing threat actors to seamlessly impersonate legitimate login portals and capture sensitive user credentials.
The evolution of Artificial Intelligence has moved beyond simple chat interfaces to autonomous agents capable of executing complex business workflows. Central to this shift is the Model Context Protocol (MCP), a standard that provides LLMs with direct access to enterprise data and APIs.
A critical security flaw in Google Chrome's Gemini side panel has been addressed, preventing malicious extensions from gaining unauthorized system access. This vulnerability highlights the growing security risks associated with integrating AI tools into modern web browsers.
North Korean threat actors have escalated their cyber operations by injecting a new wave of malicious software into the widely-used npm package registry. This move, part of the 'Contagious Interview' campaign, sees 26 compromised packages disguised as legitimate developer tools.
A critical security flaw dubbed 'ClawJacked' has been discovered in the OpenClaw AI framework, potentially allowing external websites to seize control of local AI agents. This vulnerability highlights the growing risks associated with running powerful AI tools in local environments without robust cross-origin protections.
The U.S. Department of Defense has formally identified Anthropic, a prominent artificial intelligence company, as a potential supply chain risk. This significant designation stems from an unresolved dispute concerning the ethical application of AI in military contexts, particularly regarding autonomous weapons and domestic surveillance.
A sophisticated supply chain attack has been identified involving a malicious Go module that impersonates legitimate cryptographic libraries to steal credentials and deploy backdoors. This discovery highlights the growing vulnerability of the open-source ecosystem to targeted developer-focused threats.
A new sophisticated botnet, dubbed Aeternum C2, has emerged, employing an unconventional tactic to evade detection and takedown. Instead of traditional command-and-control (C2) servers, this malware embeds its instructions directly onto the public Polygon blockchain.
The digital landscape is constantly shifting, and with it, the nature of cyber threats. As quantum computing advances, the cryptographic foundations of our current digital security are facing an existential challenge. Experts are urging immediate action to prepare for this seismic shift.
A sophisticated cyber threat has emerged from the NuGet Gallery, with a malicious package designed to mimic Stripe's official .NET library. This impostor package, identified as StripeApi.Net, was engineered to deceive developers and exfiltrate critical API tokens.
A severe, unpatched security flaw affecting Cisco's SD-WAN solutions has been actively exploited by malicious actors for over a year, potentially compromising sensitive network infrastructure. This zero-day vulnerability allows for complete administrative control without any prior authentication.
The cybersecurity landscape is undergoing a massive transformation as venture capital firms flood the market with funding for AI-native startups. This shift marks a move away from traditional defense mechanisms toward proactive, intelligent security systems.
A former employee of a prominent U.S. defense contractor has received a significant prison sentence for a grave act of betrayal: selling critical zero-day exploits to a Russian intermediary. This case highlights the persistent threat of insider actions in the cybersecurity landscape.
A significant security incident has emerged involving the compromise of over 600 FortiGate firewalls, orchestrated by an actor utilizing generative AI tools to streamline the exploitation process. This breach highlights the evolving intersection of Large Language Models and automated vulnerability scanning in modern cyber warfare.
Cybersecurity researchers have identified a sophisticated supply chain campaign involving malicious NuGet packages designed to exfiltrate sensitive ASP.NET Identity data. These packages specifically target developers to gain unauthorized access to user accounts and permission structures.
Researchers have uncovered significant security flaws within Anthropic's Claude Code, an AI-driven programming assistant. These vulnerabilities could empower malicious actors to execute arbitrary code on compromised systems and pilfer sensitive API credentials. The disclosed issues highlight inherent risks in integrating powerful AI models into development workflows, particularly concerning their interaction with underlying system configurations and external services.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially recognized two critical vulnerabilities affecting the popular Roundcube webmail client by adding them to its Known Exploited Vulnerabilities (KEV) catalog. This designation signifies that these flaws are not merely theoretical weaknesses but are actively being leveraged by malicious actors in real-world attacks.
Anthropic, a prominent player in the artificial intelligence landscape, has unveiled a significant advancement in its code analysis capabilities with the introduction of Claude Code Security. This new feature leverages advanced AI to proactively identify and remediate security flaws within software codebases. Currently accessible in a limited research preview for Enterprise and Team clients, Claude Code Security represents a crucial step towards integrating robust security measures directly into the development lifecycle.
A highly sophisticated, financially motivated threat actor has successfully leveraged commercial generative artificial intelligence to compromise over 600 FortiGate devices globally. This operation, spanning 55 countries, highlights the escalating use of AI to automate the discovery and exploitation of network infrastructure. Unlike traditional manual campaigns, this incident demonstrates how AI-assisted reconnaissance can rapidly identify and breach hardware vulnerabilities at scale, posing a significant challenge to modern perimeter defense strategies.
A sophisticated supply chain attack campaign, dubbed 'SANDWORM_MODE', has been uncovered, exploiting a network of at least 19 malicious npm packages. This operation is designed to pilfer sensitive information, including cryptocurrency private keys, CI/CD environment secrets, and API tokens, posing a significant threat to the software development ecosystem.
The notorious Lazarus Group, a state-sponsored threat actor with ties to North Korea, has been detected deploying the Medusa ransomware strain. Recent intelligence indicates a targeted campaign focusing on entities within the Middle East's healthcare sector, with an unsuccessful attempt also noted against a U.S. healthcare organization.
A sophisticated new cryptojacking campaign has emerged, utilizing pirated software bundles to deploy a highly customized XMRig miner. This campaign distinguishes itself through the use of Bring Your Own Vulnerable Driver (BYOVD) exploits to bypass modern endpoint security. By incorporating time-based logic bombs and wormable propagation mechanisms, the threat actors prioritize sustained hashrate over stealth, often leading to significant system instability on compromised enterprise hosts.
Anthropic has recently exposed a series of sophisticated, industrial-scale campaigns designed to siphon proprietary intelligence from its Claude models. These operations, allegedly orchestrated by major Chinese AI developers, utilized millions of queries to reverse-engineer and replicate the model's high-level reasoning capabilities.
A critical vulnerability, dubbed RoguePilot, has been identified within GitHub Codespaces, posing a significant threat to developer workflows and repository security. This flaw allowed malicious actors to exploit the AI-powered GitHub Copilot to exfiltrate highly sensitive `GITHUB_TOKEN` credentials. The vulnerability stemmed from an intricate interplay between Codespaces' environment, Copilot's code generation capabilities, and the way GitHub issues are processed, enabling an attacker to inject hidden directives into a repository's issue tracker.
Free AI Security Board
Practitioner's Guide