Iran cyber conflict widens after Epic Fury and Roaring Lion, but many attack claims still lack proof
The cyber side of the Iran conflict is clearly growing, but the picture is messy. After the United States and Israel launched their joint campaign…
News
Here you can find the latest news and developments in the VPN world. Read about new breakthroughs, bypassing online censorship, and much more!
Malvertising campaign tricks Mac users into installing AMOS infostealer through fake “how-to” pages
Attackers now use Google Search ads to lure macOS users onto fake help pages that tell them to paste a Terminal command. When the victim…
How to cut MTTR by improving threat visibility in your SOC
If you want to cut MTTR in a SOC, start with better threat visibility. Faster response usually does not begin with a new dashboard. It…
Langflow’s AI CSV Agent Vulnerability Allows Remote Code Execution Attacks
A critical security flaw in Langflow, a popular platform used to build and deploy AI-powered agents and workflows, can allow attackers to execute arbitrary code…
Google Chrome Moves to Merkle Tree Certificates for Quantum‑Safe HTTPS
Google Chrome is shifting to Merkle Tree Certificates (MTCs) as its main way to protect HTTPS against future quantum‑computing threats. Instead of stuffing every TLS…
Hackers Use CyberStrikeAI Tool to Hit Fortinet FortiGate Devices
Threat actors are using an AI‑driven offensive security tool called CyberStrikeAI to breach Fortinet FortiGate firewalls and other edge network devices. This open‑source platform, written…
Aqua Trivy Extension Hit by AI-Powered Supply Chain Attack
Threat actors compromised two versions of the Aqua Trivy VS Code extension on OpenVSX on February 27 and 28, 2026. They injected malicious code that…
Claude Memory Import Revolutionizes AI Switching
Anthropic launched a groundbreaking memory import tool for Claude on March 3, 2026. This feature lets users transfer stored preferences, habits, and context from ChatGPT,…
Hackerbot-Claw Bot Attacks: Exploits GitHub Actions CI/CD in Microsoft, DataDog Repositories
Hackerbot-claw, an autonomous AI-powered bot, ran a week-long attack from February 21-28, 2026. It hit CI/CD pipelines in open-source repos from Microsoft, DataDog, Cloud Native…
Android Security Update March 2026: Patches 129 Vulnerabilities Including Actively Exploited Zero-Day CVE-2026-21385
Google rolled out the March 2026 Android Security Bulletin with fixes for 129 vulnerabilities. This update tackles one of the biggest patch lists in recent…
AuraStealer Infostealer Emerges: 48 C2 Domains Fuel Active Campaigns Since Mid-2025
Threat actors unleashed AuraStealer, a potent new infostealer, starting in July 2025. Russian-speaking developers promote it on forums like XSS, Exploit, and others as a…
Chrome Gemini Vulnerability CVE-2026-0628: Remote Camera, Microphone Access Without User Interaction
A high-severity flaw in Google Chrome’s Gemini AI assistant allows attackers to access cameras, microphones, and local files remotely. Tracked as CVE-2026-0628, it needs no…
Windows Error Reporting ALPC Zero-Day: CVE-2026-20817 PoC Enables Local Privilege Escalation
A critical local privilege escalation flaw in Windows Error Reporting (WER) service now has a public PoC exploit. Known as CVE-2026-20817, it lets low-privileged users…
DuckDuckGo Browser UXSS Vulnerability: Cross-Origin Code Execution via AutoConsent JS Bridge
A critical Universal Cross-Site Scripting (UXSS) flaw hit the DuckDuckGo Android browser. It carried a CVSS score of 8.6. Cross-origin iframes could run arbitrary JavaScript…
MSHTML Zero-Day CVE-2026-21513: APT28 Exploitation Before February 2026 Patch
APT28 hackers exploited a zero-day flaw in Microsoft’s MSHTML framework before the February 2026 Patch Tuesday fix. Tracked as CVE-2026-21513, this vulnerability carries a CVSS…