Impersonating a legitimate extension from AITOPIA, the two malicious extensions were also exfiltrating users’ browser activity.
The post Chrome Extensions With 900,000 Downloads Caught Stealing AI Chats appeared first on SecurityWeek.
In 2026, Hackers Want AI: Threat Intel on Vibe Hacking & HackGPT
Cybercriminals are increasingly using AI to lower the barrier to entry for fraud and hacking, shifting from skill-based to AI-assisted attacks known as “vibe hacking.” Flare examines how underground forums promote AI tools, jailbreak techniques, and so-called “Hacking-GPT” services that promise ease rather than technical mastery. […]
ownCloud urges users to enable MFA after credential theft reports
File-sharing platform ownCloud warned users today to enable multi-factor authentication (MFA) to block attackers using compromised credentials from stealing their data. […]
Vulnerability in Totolink Range Extender Allows Device Takeover
An error in the firmware-upload handler leads to devices starting an unauthenticated root-level Telnet service.
The post Vulnerability in Totolink Range Extender Allows Device Takeover appeared first on SecurityWeek.
Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control
Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n, a popular workflow automation platform, that allows an unauthenticated remote attacker to gain complete control over susceptible instances.
The vulnerability, tracked as CVE-2026-21858 (CVSS score: 10.0), has been codenamed Ni8mare by Cyera Research Labs. Security researcher Dor Attias has been
The vulnerability, tracked as CVE-2026-21858 (CVSS score: 10.0), has been codenamed Ni8mare by Cyera Research Labs. Security researcher Dor Attias has been
Several Code Execution Flaws Patched in Veeam Backup & Replication
Four vulnerabilities have been fixed in the latest release of Veeam Backup & Replication.
The post Several Code Execution Flaws Patched in Veeam Backup & Replication appeared first on SecurityWeek.
New Veeam vulnerabilities expose backup servers to RCE attacks
Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability. […]
Cybersecurity Firms Secured $14 Billion in Funding in 2025
2025 was the strongest year for cybersecurity funding since the 2021 peak, according to Pinpoint Search Group.
The post Cybersecurity Firms Secured $14 Billion in Funding in 2025 appeared first on SecurityWeek.
Google Search AI hallucinations push Google to hire “AI Answers Quality” engineers
AI, including AI Overviews on Google Search, can hallucinate and often make up stuff or offer contradicting answers when asked in two different ways. […]
Hackers Exploit Zero-Day in Discontinued D-Link Devices
The critical-severity vulnerability allows unauthenticated, remote attackers to execute arbitrary shell commands.
The post Hackers Exploit Zero-Day in Discontinued D-Link Devices appeared first on SecurityWeek.