Today's News Highlights
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Today · 09:56 UTC
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-…
Read full article →Microsoft links Mastra AI supply chain attack to North Korean hackers
Today · 14:09 UTC
Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoro…
Read full article →Threat Brief: Mitigating Large-Scale Credential Attacks
Today · 02:05 UTC
We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors' devices. The post Threat Brief: Mitiga…
Read full article →Key Trump allies and Musk on leaked list for secretive Peter Thiel retreat
Today · 12:00 UTC
Figures including Jared Kushner and Scott Bessent named in directory of Dialog participants that was exposed onlineA website leak has exposed participants in the secretive, Peter T…
Read full article →The UK will scan asylum-seekers’ faces for age checks—despite knowing the tech is flawed
Today · 11:15 UTC
Tests of age-verification technology show the risks of life-altering errors.
Read full article →A viral doomsday scenario aims to shake Europe out of its AI complacency
Today · 09:59 UTC
Does a thought-experiment about US ascendancy in the technology say as much about AI jitters as it does about the reality?It’s 2031 and the US and China are about to tear Europe in…
Read full article →Top Stories by Impact
Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more
Yesterday · 17:08 UTC
This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation s…
Read full article →Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Today · 09:56 UTC
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-…
Read full article →AzeoTech DAQFactory
18 Jun 2026 · 12:00 UTC
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to upload malicious .ctl files that may lead to arbitrary code execution. The following vers…
Read full article →Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT
18 Jun 2026 · 12:00 UTC
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive health-related information and prevent legitimate users from establis…
Read full article →Malware à la Mode: Tracking Dropping Elephant Tradecraft Through a China-Themed Loader Chain
17 Jun 2026 · 11:20 UTC
Executive summaryRapid7 researchers have identified a sophisticated malware campaign attributed to the threat actor "Dropping Elephant," characterized by the use of a China-themed…
Read full article →Why Security Teams Need To Start Earlier
18 Jun 2026 · 14:45 UTC
Security leaders are facing an unusual set of circumstances. The drumbeat for better security prioritization has been rising for years in boardrooms around the world. The desire is…
Read full article →AutoJack: How a single page can RCE the host running your AI agent
Yesterday · 00:17 UTC
AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in…
Read full article →Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
Yesterday · 18:37 UTC
Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips.…
Read full article →Cybersecurity
The Hacker News
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
CriticalToday · 09:56 UTC
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium…
Read full article →Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
CriticalYesterday · 18:37 UTC
Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips. That code is burned into the silicon at…
Read full article →The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes
HighYesterday · 18:33 UTC
The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that it hands out to affiliates for impairing system defenses before…
Read full article →CISA Alerts
AzeoTech DAQFactory
Critical18 Jun 2026 · 12:00 UTC
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to upload malicious .ctl files that may lead to arbitrary code execution. The following versions of AzeoTech DAQFactory are affected…
Read full article →Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT
Critical18 Jun 2026 · 12:00 UTC
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive health-related information and prevent legitimate users from establishing a connection with the device. The f…
Read full article →CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure
Critical18 Jun 2026 · 12:00 UTC
CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices across government and private sector organizations using compromised credentials. This activity, referred to…
Read full article →BleepingComputer
Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin
CriticalYesterday · 20:25 UTC
Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites. [...]
Read full article →Klue OAuth breach victim list grows as Icarus hackers claim attack
CriticalYesterday · 22:31 UTC
Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers' Salesforce environments, as the new "Icarus" extortion gr…
Read full article →Microsoft links Mastra AI supply chain attack to North Korean hackers
CriticalToday · 14:09 UTC
Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. [...]
Read full article →Infosecurity Magazine
Operation Endgame Disrupts Malware Network Linked to Major Ransomware Gang
CriticalYesterday · 10:15 UTC
SocGholish malware has been removed from 15,000 sites associated with Evil Corp hackers
Read full article →AWS Unveils 'Continuum,' an AI-Powered Vulnerability Management Platform
MediumYesterday · 11:00 UTC
Working with frontier AI models, this new platform aims to help discovering, prioritizing, validating and remediating code vulnerabilities
Read full article →Confidence Lacks in Threat Detection Across Non-Email Channels like Slack and Teams
MediumYesterday · 09:00 UTC
Half of cybersecurity leaders lack confidence in detecting threats on Slack, Teams and other non-email platforms, despite growing attacker focus
Read full article →Cloudflare Blog
Project Glasswing: what Mythos showed us
High18 May 2026
Cloudflare shares findings from testing Mythos and other security-focused LLMs against live code across critical infrastructure, including model strengths, weaknesses, and what is needed before this work can scale.
Read full article →CyberScoop
Authorities disrupt Evil Corp’s SocGholish botnet
Medium18 Jun 2026 · 22:03 UTC
Cybersecurity firms, researchers and officials took down 106 servers and remediated nearly 15,000 sites that were infected with the malware. The post Authorities disrupt Evil Corp’s SocGholish botnet appeared first on Cy…
Read full article →How software development’s speed obsession enabled TeamPCP’s chaos crusade
18 Jun 2026 · 15:25 UTC
The threat group’s remarkable success targeting open-source software was inevitable and fueled by the industry’s decision to prioritize code shipping over security. The post How software development’s speed obsession ena…
Read full article →Congress tees up No FAKES Act, aiming at AI-generated deepfakes
18 Jun 2026 · 20:20 UTC
While preventing third parties from profiting off unauthorized deepfakes of artists and performers is a bipartisan concern, some business and digital rights groups are opposed. The post Congress tees up No FAKES Act, aim…
Read full article →Dark Reading
Novo Nordisk Breach Exposes Software Development Pipeline Risk
Medium18 Jun 2026 · 20:05 UTC
A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem.
Read full article →Stressors, AI Forcing Changes to Cybersecurity Teams
Yesterday · 13:00 UTC
As threats proliferate and AI complicates cybersecurity, CISOs say the job is getting harder, but more companies still want cybersecurity expertise, if even on a part-time basis.
Read full article →Operation Escaneo Signals Shift in LatAm Threat Landscape
18 Jun 2026 · 19:09 UTC
The threat group's curious business model may combine opportunistic monetization alongside intel collection, without much coordination between the two.
Read full article →Schneier on Security
Embedding Forbidden Text in Spyware to Discourage AI Analysis
18 Jun 2026 · 11:04 UTC
At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The _index.js payload begins with a large JavaScript block comment…
Read full article →Friday Squid Blogging: Victims of Unregulated Squid Fishing
Yesterday · 21:03 UTC
Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets. Another news article. As usual, you can also use this squid post to talk about the security stories in the news that I hav…
Read full article →Anthropic’s Fable and the State of AI
Yesterday · 11:03 UTC
On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign nationals from acces…
Read full article →SANS Internet Storm Center
The Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary], (Wed, Jun 17th)
18 Jun 2026 · 01:49 UTC
[This is a Guest Diary by Adam Nason, an ISC intern as part of the SANS.edu BACS program]
Read full article →eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address, (Fri, Jun 19th)
Yesterday · 08:37 UTC
I detected an interesting phishing email this morning. It targets a major Belgian bank:
Read full article →ISC Stormcast For Thursday, June 18th, 2026 https://isc.sans.edu/podcastdetail/9978, (Thu, Jun 18th)
18 Jun 2026 · 02:00 UTC
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Read full article →Ars Technica
The UK will scan asylum-seekers’ faces for age checks—despite knowing the tech is flawed
Today · 11:15 UTC
Tests of age-verification technology show the risks of life-altering errors.
Read full article →Rocket Report: Rebuild begins at Blue Origin launch pad; Relativity targets Mars
Yesterday · 13:36 UTC
A French launch startup is scrapping the name of its rocket, apparently due to a trademark issue.
Read full article →As global warming threatens corals, scientists search for reefs that can take the heat
Yesterday · 11:15 UTC
Researchers say these coral strongholds may help repopulate more degraded reefs.
Read full article →Krebs on Security
‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm
18 Jun 2026 · 17:37 UTC
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. Thi…
Read full article →Cybercrime Magazine
Nir Zuk: Backstory of a Cybersecurity Legend
17 Jun 2026 · 13:20 UTC
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 17, 2026 – Watch the YouTube video “I started my cybersecurity ‘career’ as one of the earlier virus developers in the world,” Ni…
Read full article →AI & Technology
The Guardian Technology
Key Trump allies and Musk on leaked list for secretive Peter Thiel retreat
MediumToday · 12:00 UTC
Figures including Jared Kushner and Scott Bessent named in directory of Dialog participants that was exposed onlineA website leak has exposed participants in the secretive, Peter Thiel-founded Dialog retreats which inclu…
Read full article →A viral doomsday scenario aims to shake Europe out of its AI complacency
Today · 09:59 UTC
Does a thought-experiment about US ascendancy in the technology say as much about AI jitters as it does about the reality?It’s 2031 and the US and China are about to tear Europe into pieces.The US ploughed vast sums into…
Read full article →On the trail of the dotcom queen: how Julie Meyer left a pattern of unpaid bills, missing funds and broken dreams in her wake
Yesterday · 07:00 UTC
Investigation: The entrepreneur was once the toast of London’s tech scene, a ‘global leader of tomorrow’ who starred on Dragons’ Den and promised untold riches for the startups she championed. But people she worked with…
Read full article →ITNews Australia
ASD draws a hard line on developers lacking security skills
Medium18 Jun 2026 · 01:36 UTC
Updated ASD ISM drops with new and revised controls.
Read full article →CBA appoints new group CIO
18 Jun 2026 · 23:35 UTC
Elevates CTO to executive leadership team.
Read full article →LMG bets on Slack as an enterprise platform
18 Jun 2026 · 04:02 UTC
Unifies company messaging in move away from email.
Read full article →The Guardian Technology
Anthropic releases 'safe' version of Claude Mythos AI model to public
9 Jun 2026 · 22:28 UTC
Anthropic released Fable 5, a public version of its advanced Mythos AI model class, while keeping tighter controls around cybersecurity and other sensitive uses.
Read full article →TechCrunch AI
Is the US government’s Anthropic ban accidentally helping the brand?
Yesterday · 16:08 UTC
Just as last week was ending, the US government forced Anthropic to pull its two newest models, Fable 5 and Mythos 5, citing national security concerns after Amazon researchers allegedly found a way to bypass Fable 5’s g…
Read full article →The US banned Anthropic’s Fable 5 release, but the numbers don’t seem to care
Yesterday · 16:01 UTC
Just as last week was ending, the US government forced Anthropic to pull its two newest models, Fable 5 and Mythos 5, citing national security concerns after Amazon researchers allegedly found a way to bypass Fable 5’s g…
Read full article →From PGP to Mythos: a brief history of export controls that didn’t stop anyone
Yesterday · 22:40 UTC
For the last 30 years, stopping the flow of cybersecurity-related software has proven to be ineffective. It's unclear why it would work now with Anthropic’s cybersecurity model Mythos.
Read full article →MIT Technology Review AI
A startup claims it broke through a bottleneck that’s holding back LLMs
Yesterday · 10:40 UTC
Miami-based AI startup Subquadratic came out of stealth mode last month with a huge claim. It announced that it had solved a mathematical bottleneck that had been holding back large language models for almost a decade. T…
Read full article →The Verge
Moves of the Diamond Hand is an unfinished, irresistibly weird dice-based RPG
Today · 14:00 UTC
From its opening minutes, Moves of the Diamond Hand is upfront about what it offers: You're going to have a lot of strange conversations, and you're going to roll a lot of dice. Get on board with this proposition, and th…
Read full article →Toy Story has the right take on tech
Today · 12:00 UTC
Hi, friends! Welcome to Installer No. 133, your guide to the best and Verge-iest stuff in the world. (If you're new here, welcome, happy belated Juneteenth, and also you can read all the old editions at the Installer hom…
Read full article →SwitchBot’s Standing Circulator Fan is worth fighting for
Today · 07:00 UTC
I can't remember the last time I got excited about a fan. Normally, I just buy whatever Vornado or Dreo model fits my budget, but that was before I started testing the battery-powered Standing Circulator Fan from SwitchB…
Read full article →Wired AI
Siri AI Hands On: A Smart, Helpful Assistant
Today · 10:00 UTC
The new Siri AI is conversational, omnipresent, and actually helpful.
Read full article →How the Peter Thiel-Linked Dialog Club Secretly Ranks Its Members
18 Jun 2026 · 22:12 UTC
Leaked files show the invite-only network grades members by their money and fame, shaping who’s in, who’s out, and who pays.
Read full article →The White House Is Making Up Its Rules for AI in Real Time
18 Jun 2026 · 21:03 UTC
Anthropic still can’t distribute Claude Mythos or Fable 5 after running afoul of the Trump administration. But no one can say exactly what the company did wrong.
Read full article →Ars Technica AI
As China looms, Taiwan makes more drones for defense and the US military
18 Jun 2026 · 21:21 UTC
Taiwan's drone spending plans for defense could also boost business overseas.
Read full article →Bernie Sanders unveils $7 trillion plan to give Americans control of AI industry
18 Jun 2026 · 17:02 UTC
Biggest AI firms will likely recoil at Bernie Sanders' AI wealth fund.
Read full article →AI coding agents taught robots how to install GPUs and cut zip ties
17 Jun 2026 · 19:25 UTC
Nvidia's self-improvement program for robots enlists teams of AI coding agents.
Read full article →NVIDIA AI Blog
How FERC’s Large-Load Interconnection Actions Help Address Grid Stress, Improve Affordability
18 Jun 2026 · 20:00 UTC
In a consequential grid infrastructure decision, the Federal Energy Regulatory Commission (FERC) today issued a major milestone on large-load interconnection impacting how those building AI factories, semiconductor fabri…
Read full article →At Cannes Lions, NVIDIA Partners Reshape Advertising and Marketing With AI
18 Jun 2026 · 13:00 UTC
The digital era gave the advertising and marketing industry speed; the AI era is giving it autonomous operations. For companies building next-generation technologies for advertising and marketing, the question is no long…
Read full article →Sync and Stream: GeForce NOW Connects to Members’ Game Libraries Across Devices
18 Jun 2026 · 13:00 UTC
Play favorite titles from popular game libraries, keep progress synced and jump back into gaming sessions on virtually any device. That’s the power of GeForce NOW cloud gaming. From providing access to members’ favorite…
Read full article →ABC Technology (AU)
Proposed urea plant secures $2.4b worth of deals without being built
Today · 02:00 UTC
The Australian Fertilizer Corporation has secured offtake agreements with international and domestic customers to sell its entire production capacity, despite not yet being built.
Read full article →Peanut industry confidence returns after Crumptons takes over Bega sites
Yesterday · 20:30 UTC
After being tossed a lifeline last year, Queensland's peanut harvest is in full swing with plans in place to help the industry thrive once again.
Read full article →Getting rid of an old fridge? Here's what you need to know
Yesterday · 18:30 UTC
Chemicals hiding in old fridges and air conditioners can contribute to the greenhouse gas effect if not properly disposed.
Read full article →Vendor Security
Rapid7 Blog
Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more
CriticalYesterday · 17:08 UTC
This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation side, the new windows/local/ntlm_relay_2_…
Read full article →Malware à la Mode: Tracking Dropping Elephant Tradecraft Through a China-Themed Loader Chain
Critical17 Jun 2026 · 11:20 UTC
Executive summaryRapid7 researchers have identified a sophisticated malware campaign attributed to the threat actor "Dropping Elephant," characterized by the use of a China-themed decoy document to deliver a heavily rewo…
Read full article →Why Security Teams Need To Start Earlier
Critical18 Jun 2026 · 14:45 UTC
Security leaders are facing an unusual set of circumstances. The drumbeat for better security prioritization has been rising for years in boardrooms around the world. The desire is there, but the processes of the past ar…
Read full article →Microsoft Security
AutoJack: How a single page can RCE the host running your AI agent
CriticalYesterday · 00:17 UTC
AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in localhost, missing authentication, and u…
Read full article →From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
High18 Jun 2026 · 03:43 UTC
A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend against supply chain attacks using Microsoft Defender and actionable threat intelligence. The po…
Read full article →New Forrester study shows customers who unified with Microsoft Security benefited from 124% ROI
18 Jun 2026 · 19:36 UTC
New Forrester Total Economic Impact™ study shows Microsoft Security consolidation delivers ROI, lowers risk, and prepares organizations to secure AI. The post New Forrester study shows customers who unified with Microsof…
Read full article →StepSecurity
Mastra npm Supply Chain Attack: 140+ Packages Backdoored via easy-day-js Typosquat
Critical18 Jun 2026 · 10:03 UTC
On June 17, 2026, an attacker compromised the @mastra npm organization and quietly added easy-day-js as a dependency across 140+ packages in the Mastra AI framework ecosystem. easy-day-js is a typosquat of the popular da…
Read full article →15 Malicious JetBrains Plugins Stole AI API Keys from 70,000 Developers
CriticalYesterday · 20:44 UTC
A coordinated 8-month supply chain attack planted credential-stealing code inside fake AI coding assistants on the JetBrains Marketplace, quietly exfiltrating OpenAI, DeepSeek, and SiliconFlow API keys to an attacker-con…
Read full article →Prevent npm and Python Supply Chain Attacks on Developer Machines with Package Configs
High18 Jun 2026 · 10:03 UTC
npm and Python supply chain attacks run on developer machines and steal secrets. See how Package Configs audits registry, cooldown, and auth across your fleet
Read full article →Microsoft Threat Intel
From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
High18 Jun 2026 · 03:43 UTC
A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend against supply chain attacks using Microsoft Defender and actionable threat intelligence. The po…
Read full article →Palo Alto Unit 42
Threat Brief: Mitigating Large-Scale Credential Attacks
HighToday · 02:05 UTC
We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors' devices. The post Threat Brief: Mitigating Large-Scale Credential Attacks appe…
Read full article →AWS Security
Accelerate security investigations with Kiro CLI
High18 Jun 2026 · 19:24 UTC
When a security event occurs in your Amazon Web Services (AWS) environment, rapid response is critical. However security teams often struggle with time-consuming, manual processes that slow down investigations. Analysts…
Read full article →Spring 2026 SOC 1 and 2 reports are now available in OSCAL format
18 Jun 2026 · 16:50 UTC
Amazon Web Services (AWS) is excited to release the Spring 2026 System and Organization Controls (SOC) 1 and 2 reports in machine-readable OSCAL format alongside the PDF version of the reports. The reports cover 188 serv…
Read full article →Introducing AWS Continuum: Security at machine speed
17 Jun 2026 · 15:34 UTC
What we believe We’ve been thinking deeply about enterprise security. The operating model that served us for the past decade (collect telemetry, store it, query it, build dashboards to watch it) is no longer keeping pace…
Read full article →CrowdStrike Blog
New Abuse of the ClickOnce Technology, Part 2: Stop Threat Actors from Clicking Once and Staying Forever
18 Jun 2026 · 05:00 UTC
Read full article →New Abuse of the ClickOnce Technology, Part 1: The Inner Workings of ClickOnce Application Deployment
18 Jun 2026 · 05:00 UTC
Read full article →OpenAI News
New usage analytics and updated spend controls for enterprises
18 Jun 2026 · 17:00 UTC
OpenAI introduces new spend controls and usage analytics for ChatGPT Enterprise, helping organizations manage costs and scale AI with confidence.
Read full article →Using AI to help physicians diagnose rare genetic diseases affecting children
18 Jun 2026 · 08:00 UTC
Researchers used an OpenAI reasoning model to help diagnose rare diseases, identifying 18 new diagnoses in previously unsolved cases.
Read full article →Improving health intelligence in ChatGPT
18 Jun 2026 · 11:00 UTC
Learn how GPT-5.5 Instant improves ChatGPT’s health and wellness responses with stronger reasoning, better context, clearer communication, and physician-informed evaluations.
Read full article →Cisco Talos
Close Encounters of the Human Kind
18 Jun 2026 · 18:00 UTC
In the latest Threat Source, Hazel channels her inner Spielberg to explore why humans are delightfully irrational, reminding us that while security best practices are simple in theory, they’re a lot harder to pull off wh…
Read full article →Scripting the disassembler: Local agentic reverse engineering through vbdec’s live COM object model
18 Jun 2026 · 10:00 UTC
Cisco Talos detailed a new approach to reverse engineering that pairs local AI agents with traditional analysis tools like the VB6 disassembler vbdec. Instead of awkwardly bolting AI onto the software, vbdec exposes its…
Read full article →Check Point Research
From Stars to Upvotes: Fake Reputation Fueling a Crypto Clipboard Hijacker
17 Jun 2026 · 13:38 UTC
Key Points Introduction In this research, we analyze a clipboard hijacker campaign that is hidden inside a collection of “solutions” and “tools” that claim to give users an unfair advantage. These offers include Solana a…
Read full article →