Cybersecurity

Android, WebLogic, WinRAR, and AI-assisted exploit tooling all point at the same boring truth: patching slowly is becoming a security decision, not an operations delay.

Miasma, codexui-android, and the Meta support-bot incident all point at the same uncomfortable pattern: developer and AI workflows are becoming account-recovery, credential, and deployment surfaces.

Two incidents this week point to the same shift: AI assistants are no longer just tools you ask questions. They are trusted rendering surfaces, link brokers, and post-exploitation operators. That changes the security model.

Microsoft's MDASH system — 100+ AI agents orchestrated across multiple models — found 16 Windows vulnerabilities including four critical RCEs, all patched in May's Patch Tuesday. The defensive side of the AI vulnerability arms race just showed up.

A nine-year-old Linux kernel bug was publicly disclosed after a third party broke the embargo. Every major distro is vulnerable, a PoC exploit exists, and Microsoft is already observing active exploitation.

Iran's MuddyWater group posed as a ransomware gang, used Microsoft Teams to social-engineer credentials, and deployed Chaos ransomware as cover. The real operation was espionage. Most victims never figured that out.

At 5:57 PM ET yesterday, attackers pushed a trojanized @bitwarden/cli@2026.4.0 to npm. It silently stole SSH keys, cloud credentials, and GitHub tokens — then used them to inject itself into every CI/CD pipeline it could reach.

In February, a Context.ai employee downloaded a Roblox exploit script. By April 19, that chain of events had placed Vercel's customer environment variables in front of a $2 million ransom demand. Here's the exact chain — and why it will happen again.

Three Microsoft Defender zero-days are being actively weaponized right now. Two still have no patch. Here's what the attack chain looks like and what you can actually do.

Anthropic's unreleased Mythos Preview autonomously found and exploited zero-days in every major OS and browser — including a 27-year-old OpenBSD bug. The defenders got a head start. The rest of us should be paying attention.

North Korean hackers are sending developers fake coding assessments that auto-execute malware the moment you open the project in VS Code. No clicks required.

Attackers are using WebRTC — the same tech that powers your video calls — to steal payment data from online stores. No firewall, WAF, or content security policy catches it.

A critical RCE vulnerability in the popular AI agent builder was exploited within hours of disclosure. The 'patched' version wasn't actually fixed. Here's what happened.

SIM swapping lets attackers steal your phone number without touching your phone. They use it to drain bank accounts, hijack social media, and bypass your 2FA.

Attackers are bypassing your MFA by stealing session tokens — your browser's proof that you already logged in. Here's how it works and what actually stops it.

The Trivy vulnerability scanner was compromised in a supply-chain attack. When your security tools become the attack vector, here's what to watch for.

Fake QR codes are showing up on parking meters, restaurant tables, and in your inbox. Here's how quishing works and how to avoid it.

Passwords have been broken for decades. Passkeys might actually fix the problem — if enough sites get on board.

Researchers just showed that Copilot and Grok can be hijacked as covert attack channels. Here's what that means for you and what you can do about it.

A sneaky social engineering attack is tricking people into infecting their own computers. Here's how ClickFix works and how to spot it.

A fake 7-Zip website is turning computers into proxy nodes. Here's how to spot fake download sites before you install malware.

How attackers use invisible characters and lookalike symbols to hide malicious commands in plain sight — and a new tool that stops them.

Germany's intelligence agencies just issued a warning about Signal account hijacking. The attacks use social engineering, not malware. Here's what to do.

175,000 Ollama servers are exposed online. AI agent frameworks like Clawdbot are next. Here's how to lock them down before someone else does.

Researchers found 29 Chrome extensions stealing ChatGPT tokens and hijacking affiliate links. Here's how to audit yours.

Still using the same password everywhere? Here's a practical guide to password managers that anyone can follow.

Damage control steps for when you've clicked a bad link or entered credentials on a fake site.

How to check if your router is vulnerable and the settings you should change today.