Researchers at QiAnXin’s XLab have tracked it since February 2026, and say the real story is not how big it is today, but how fast it is changing.
The end goal is a
Category Added in a WPeMatico Campaign
Researchers at QiAnXin’s XLab have tracked it since February 2026, and say the real story is not how big it is today, but how fast it is changing.
The end goal is a
The activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, indicating threat actors are scanning and targeting exposed artificial intelligence (AI)
The cryptocurrency clipper activity has been codenamed Silent Swap by McAfee Labs.
“The campaign is delivered through unsigned installers – observed in both .NET and Golang variants – that
New research from Adversa AI, which is named the bypass GuardFall, found it works against ten of the eleven popular open-source coding and computer-use agents the firm tested. Only one, “Continue,” was built to
In many cases, the path in was visible just by watching what the app sent: a plaintext API key, a reusable token, or a backend server that accepted requests with no key at all.
Whoever grabs it can send model requests on the developer’s account,
Check Point Exposure Management published the FIFA World Cup 2026 Cyber Threat Report this month, covering
The intrusion involves the exploitation of CVE-2026-48558 (CVSS score: 10.0), a critical authentication bypass vulnerability impacting the OpenID Connect (OIDC) flow that an unauthenticated
An attacker within wireless range, with just a laptop and no prior connection, can crash the sharing service on a Mac or iPhone set to receive from anyone, with no tap or prompt.
The same research found Quick Share flaws that
The targets included OpenAI’s ChatGPT Atlas, Perplexity’s Comet, and Anthropic’s Claude browser extension.
An
The flaw, tracked as CVE-2026-8037, carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run LoadMaster with the API enabled, update now.
Progress published its advisory on June
