GitLab Patches Duo AI, DoS, and Authorization Flaws in CE and EE
GitLab has released versions 19.0.1, 18.11.4, and 18.10.7 for Community Edition and Enterprise Edition, fixing seven security issues across Duo AI workflows, Wiki, GraphQL APIs,…
News
Here you can find the latest news and developments in the VPN world. Read about new breakthroughs, bypassing online censorship, and much more!
Palo Alto PAN-OS Authentication Bypass Exploited in the Wild Against GlobalProtect VPNs
Palo Alto Networks has confirmed limited exploitation of CVE-2026-0257, an authentication bypass vulnerability affecting PAN-OS GlobalProtect portals and gateways under specific configurations. The Palo Alto…
GREYVIBE Hackers Use ChatGPT and Google Gemini to Support Cyberattacks on Ukraine
WithSecure has identified a previously untracked threat group called GREYVIBE that has used generative AI tools across cyber operations targeting Ukraine and Ukraine-related entities. The…
Google Chrome’s Device-Bound Session Credentials Are Now GA to Block Account Takeovers
Google has made Device Bound Session Credentials generally available in Chrome on Windows, giving users and Workspace admins a stronger defense against session cookie theft.…
Pentest Swarm AI Brings Agent-Based Security Testing to Open-Source Pentesting
Pentest Swarm AI is an open-source autonomous penetration testing project that uses multiple AI-driven agents to coordinate reconnaissance, vulnerability classification, exploitation decisions, and reporting. The…
Hackers Abuse Microsoft Teams Collaboration Features to Impersonate IT Helpdesk Staff
Attackers are abusing Microsoft Teams external collaboration features to contact employees directly, impersonate IT helpdesk staff, and push victims toward remote access tools or malicious…
VS Code Remote-SSH Attack Path Lets Compromised Developer Machines Reach Cloud Servers
A newly disclosed Visual Studio Code Remote-SSH attack path shows how a compromised developer machine can become a bridge into cloud servers and production infrastructure.…
Google Engineer Charged Over Alleged $1.2 Million Polymarket Insider Trading Scheme
A Google software engineer has been charged in New York for allegedly using confidential company information to make more than $1.2 million in trading profits…
Google Patches 151 Chrome Vulnerabilities, Including 22 Critical Flaws
Google has released a major Chrome Stable update that fixes 151 security vulnerabilities, including 22 flaws rated critical. The Chrome Stable Channel update is rolling…
Critical Samba Printing Flaw Allows Remote Code Execution on Misconfigured Servers
The Samba Team has released security fixes for CVE-2026-4480, a remote code execution flaw in the Samba printing subsystem. The official Samba advisory says affected…
Fake RVTools Installer Uses Sectigo Certificate to Deploy Python RAT
A fake RVTools installer has been used to deliver a modular Python-based remote access trojan to Windows systems, according to a new K7 Security Labs…
MicrosoftSystem64 Malware Uses Hugging Face Datasets to Steal Data From Developers
A cross-platform malware payload called MicrosoftSystem64 is using Hugging Face datasets as a stealthy data exfiltration channel after spreading through malicious npm packages. According to…
Oracle Releases First Critical Security Patch Update With Fixes for 35 Vulnerabilities
Oracle has released its first Critical Security Patch Update, a new monthly patch format designed to deliver high-priority security fixes between the company’s larger quarterly…
Legitimate-Looking Codex Remote UI Stole OpenAI Codex Authentication Tokens
Security researchers have found that a popular npm package promoted as a remote web UI for OpenAI Codex was secretly stealing developer authentication tokens. According…
Fake Adobe Document Cloud Pages Push ScreenConnect Malware at Financial Firms
Fortra researchers have uncovered a phishing campaign that uses fake Adobe Document Cloud pages to install ScreenConnect remote access malware on victim systems. According to…