A vulnerability in the SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts on servers using the OpenID Connect (OIDC) authentication protocol. […]
SimpleHelp bug lets hackers create rogue remote support accounts Read More »
The U.S. Department of Justice announced Friday that it has seized the CFAKE.com and SOCFAKE.com websites, which allegedly hosted nonconsensual AI-generated nude images and videos of women, in what appears to be the first publicly announced domain seizure under the TAKE IT DOWN Act. […]
DOJ seizes CFAKE, SOCFAKE deepfake nude sites under TAKE IT DOWN Act Read More »
A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model providers behind one OpenAI-compatible interface. A server takeover exposes every provider
LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers Read More »
WordPress plugins OptinMonster, TrustPulse, and PushEngage have been compromised in a supply-chain attack impacting Awesome Motive-s content distribution network (CDN). […]
OptinMonster WordPress plugin hacked in CDN supply-chain attack Read More »
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten
⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More Read More »
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link pointed to a real microsoft.com domain, traditional anti-phishing and
Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in attacks to escalate to root privileges. […]
Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks Read More »
Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe. That usually means sharing a temporary “first-day” password so employees can access systems for the first time. The issue is that these passwords don’t always stay temporary. They may be sent
The Onboarding Password Mistake That Creates Unnecessary Risk Read More »
The U.S. Federal Bureau of Investigation (FBI) warned that criminals are using couriers to collect money from victims of cryptocurrency investment scams, also known as pig butchering or romance baiting. […]
FBI: Fraudsters use couriers to steal money in crypto scams Read More »
The Council of Europe, the continent’s oldest intergovernmental body, is probing claims of a data breach made by the ShinyHunters extortion group over the weekend. […]
Council of Europe investigates ShinyHunters data breach claims Read More »