Langflow’s AI CSV Agent Vulnerability Allows Remote Code Execution Attacks
A critical security flaw in Langflow, a popular platform used to build and deploy AI-powered agents and workflows, can allow attackers to execute arbitrary code…
News
Here you can find the latest news and developments in the VPN world. Read about new breakthroughs, bypassing online censorship, and much more!
Google Chrome Moves to Merkle Tree Certificates for Quantum‑Safe HTTPS
Google Chrome is shifting to Merkle Tree Certificates (MTCs) as its main way to protect HTTPS against future quantum‑computing threats. Instead of stuffing every TLS…
Hackers Use CyberStrikeAI Tool to Hit Fortinet FortiGate Devices
Threat actors are using an AI‑driven offensive security tool called CyberStrikeAI to breach Fortinet FortiGate firewalls and other edge network devices. This open‑source platform, written…
Aqua Trivy Extension Hit by AI-Powered Supply Chain Attack
Threat actors compromised two versions of the Aqua Trivy VS Code extension on OpenVSX on February 27 and 28, 2026. They injected malicious code that…
Claude Memory Import Revolutionizes AI Switching
Anthropic launched a groundbreaking memory import tool for Claude on March 3, 2026. This feature lets users transfer stored preferences, habits, and context from ChatGPT,…
Hackerbot-Claw Bot Attacks: Exploits GitHub Actions CI/CD in Microsoft, DataDog Repositories
Hackerbot-claw, an autonomous AI-powered bot, ran a week-long attack from February 21-28, 2026. It hit CI/CD pipelines in open-source repos from Microsoft, DataDog, Cloud Native…
Android Security Update March 2026: Patches 129 Vulnerabilities Including Actively Exploited Zero-Day CVE-2026-21385
Google rolled out the March 2026 Android Security Bulletin with fixes for 129 vulnerabilities. This update tackles one of the biggest patch lists in recent…
AuraStealer Infostealer Emerges: 48 C2 Domains Fuel Active Campaigns Since Mid-2025
Threat actors unleashed AuraStealer, a potent new infostealer, starting in July 2025. Russian-speaking developers promote it on forums like XSS, Exploit, and others as a…
Chrome Gemini Vulnerability CVE-2026-0628: Remote Camera, Microphone Access Without User Interaction
A high-severity flaw in Google Chrome’s Gemini AI assistant allows attackers to access cameras, microphones, and local files remotely. Tracked as CVE-2026-0628, it needs no…
Windows Error Reporting ALPC Zero-Day: CVE-2026-20817 PoC Enables Local Privilege Escalation
A critical local privilege escalation flaw in Windows Error Reporting (WER) service now has a public PoC exploit. Known as CVE-2026-20817, it lets low-privileged users…
DuckDuckGo Browser UXSS Vulnerability: Cross-Origin Code Execution via AutoConsent JS Bridge
A critical Universal Cross-Site Scripting (UXSS) flaw hit the DuckDuckGo Android browser. It carried a CVSS score of 8.6. Cross-origin iframes could run arbitrary JavaScript…
MSHTML Zero-Day CVE-2026-21513: APT28 Exploitation Before February 2026 Patch
APT28 hackers exploited a zero-day flaw in Microsoft’s MSHTML framework before the February 2026 Patch Tuesday fix. Tracked as CVE-2026-21513, this vulnerability carries a CVSS…
Claude AI Global Outage: March 2, 2026 Breakdown
Anthropic’s Claude AI faced a major global outage on March 2, 2026. Elevated error rates hit the web interface, developer console, and APIs starting at…
GTFire Phishing Campaign Abuses Google Firebase and Translate for Credential Theft
GTFire phishing scheme uses Google Translate and Firebase to steal login credentials worldwide. Attackers hide behind trusted Google domains to bypass email filters and security…
Hackers Scan SonicWall Firewalls from 4,000+ IPs for SSL VPN Exploits
Hackers launched a massive scan against SonicWall firewalls using over 4,000 unique IP addresses. The campaign hit 84,142 sessions from February 22-25, 2026. Attackers mapped…