Agentjacking Attack Can Trick AI Coding Agents Into Running Hacker-Controlled Code
A new attack called Agentjacking shows how AI coding agents can be tricked into running attacker-controlled code after reading a fake Sentry error report. The…
News
Here you can find the latest news and developments in the VPN world. Read about new breakthroughs, bypassing online censorship, and much more!
152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic
A network of 152 Chrome live wallpaper extensions used misleading privacy disclosures while funneling users to ad-monetized websites, according to the Socket Threat Research Team.…
Maine Takes Data Breach Portal Offline After Fake VRChat and Discord Filings
The Office of the Maine Attorney General has taken its public data breach database offline after fake breach notices impersonated VRChat and Discord. In a…
Anthropic Blocks Fable 5 and Mythos 5 Access After US Government Directive
Anthropic has disabled access to Claude Fable 5 and Claude Mythos 5 for all customers after receiving a US government export control directive. In an…
Splunk Enterprise Flaw Exposes Pre-Auth RCE Chain Through PostgreSQL Sidecar Service
Splunk has patched a critical Splunk Enterprise vulnerability that can let unauthenticated attackers create or truncate files through a PostgreSQL sidecar service endpoint. The flaw…
BugHunter Adds Free AI Provider Support for Bug Bounty Research
BugHunter is an open-source bug bounty toolkit that helps security researchers move from reconnaissance to vulnerability reports from the terminal. The BugHunter GitHub project says…
Oracle PeopleSoft Zero-Day Exploited by ShinyHunters in Data Theft Attacks
Oracle has warned customers about a critical PeopleSoft vulnerability that was exploited as a zero-day in attacks tied to ShinyHunters. The flaw is tracked as…
Microsoft Teams for Android Vulnerability Could Expose Sensitive Data
Microsoft has patched an information disclosure vulnerability in Microsoft Teams for Android that could allow an authenticated attacker to expose sensitive data over a network.…
Google Chrome Update Fixes 27 Security Bugs That Could Allow Code Execution
Google has released a Chrome security update that fixes 27 vulnerabilities in the desktop browser, including five critical flaws that could let attackers execute malicious…
Palo Alto PAN-OS Vulnerability Lets Authenticated Admins Run Root Commands
Palo Alto Networks has patched a PAN-OS command injection vulnerability that can let an authenticated administrator run arbitrary commands as root. The flaw is tracked…
Microsoft Patches Outlook and Word Flaws That Could Let Attackers Run Malicious Code
Microsoft has patched three critical remote code execution vulnerabilities affecting Outlook and Word. The flaws are tracked as CVE-2026-45456, CVE-2026-45458, and CVE-2026-47635. The fixes were…
Solana FakeFix Campaign Uses Malicious npm and PyPI Packages to Steal Developer Secrets
A newly uncovered software supply chain campaign is targeting Solana developers through malicious npm and PyPI packages. The operation, tracked as Solana FakeFix by JFrog…
Fake Free Spotify Premium Videos on TikTok and Instagram Are Spreading Vidar Infostealer
Hackers are using fake free Spotify Premium tutorials on TikTok and Instagram Reels to trick Windows users into installing malware. The campaign uses short videos…
Authorities Dismantle AudiA6 Crypto Laundering Service Used by Ransomware Gangs
International law enforcement has dismantled AudiA6, a cryptocurrency laundering service accused of helping ransomware gangs and cybercriminals hide more than EUR 336 million in illicit…
SHEETCREEP C# RAT Abuses Google Sheets API as C2 to Target Diplomatic Organizations
SHEETCREEP, a C# remote access trojan, is being used in an espionage campaign that hides command-and-control traffic inside Google Sheets API activity. A new Securonix…