HexStrike AI fork adds BOAZ integration for AI-driven red team workflows
A public fork of HexStrike AI is drawing attention after adding BOAZ, a dual-use payload evasion framework, to an AI-driven penetration testing platform built around…
News
Here you can find the latest news and developments in the VPN world. Read about new breakthroughs, bypassing online censorship, and much more!
Trail of Bits says AI skill scanners from ClawHub, Cisco, and skills.sh can be bypassed
Security researchers at Trail of Bits say several AI skill scanners can be bypassed with simple techniques, allowing malicious agent skills to pass automated checks…
Dashlane explains how attackers downloaded encrypted password vaults from fewer than 20 accounts
Dashlane has completed its investigation into a brute-force attack that let an external threat actor register unauthorized devices on a small number of user accounts…
Microsoft Edge vulnerability allowed remote code execution through feedback log files
Microsoft Edge users should make sure their browser is updated after Microsoft fixed a remote code execution vulnerability tied to how Edge handles feedback log…
Let’s Encrypt plans Merkle Tree Certificates to prepare HTTPS for quantum threats
Let’s Encrypt is preparing a major change to web certificates as the industry gets ready for a post-quantum internet. The nonprofit certificate authority says it…
Cisco SD-WAN Manager zero-day exploited to execute commands as root
Cisco has warned that a newly disclosed Catalyst SD-WAN Manager vulnerability is being exploited in limited attacks, allowing attackers with netadmin-level access to execute arbitrary…
VECT 2.0 ransomware can damage files its own decryptor may not restore
VECT 2.0 ransomware can leave victims with broken files even if they pay for a decryptor. The problem comes from flaws in the ransomware’s own…
Chinese APT VerdantBamboo used BRICKSTORM malware to hide on firewalls and storage appliances
A China-linked hacking group tracked as VerdantBamboo used BRICKSTORM malware to maintain long-term access inside corporate networks by targeting systems that often sit outside normal…
Microsoft Red Team Warns Agentic AI Systems Can Bypass Human Approval Controls
Microsoft says a year of red teaming against deployed agentic AI systems revealed attack chains that can bypass human-in-the-loop controls and reach high-impact outcomes such…
Malicious Browser Extensions Target ChatGPT, Claude, Copilot, Gemini, DeepSeek, and Other AI Users
Security researchers are warning that several browser extensions are collecting AI chat conversations from users of ChatGPT, Claude, Copilot, Gemini, DeepSeek, and other popular AI…
New SHub Reaper Malware Targets Mac Browsers, Crypto Wallets, Keychains, and Files
A new SHub Stealer variant called Reaper is targeting macOS users with a more convincing infection chain that impersonates trusted technology brands and abuses Apple’s…
Microsoft Fixes Windows Update Caching Issue That Bypassed Driver Auto-Update Controls
Microsoft has resolved a Microsoft 365 service degradation that caused some managed Windows devices to install driver updates even when policies were configured to prevent…
Microsoft Unveils Scout, an Always-On AI Agent for Teams, Outlook, OneDrive, and More
Microsoft has introduced Scout, a new always-on AI agent designed to keep work moving across Microsoft 365 apps without waiting for a user to prompt…
Fake Claude Code and Codex Install Pages on Google Sites Push Credential-Stealing Malware
A new ClickFix-style phishing campaign is impersonating Claude Code and OpenAI Codex to trick developers into running malicious setup instructions. The attack uses Google Sites…
Bots Now Outpace Humans in Cloudflare’s Web Page Traffic Data as AI Agents Reshape the Internet
Bots now generate more web page requests than humans in Cloudflare’s latest Radar data, marking a major shift in how the open web gets used.…