Latest Intelligence
How Outer Space Became the Next Big Attack Surface
Andrzej Olchawa and Milenko Starcik from VisionSpace Technologies highlighted vulnerabilities in space systems that could jeopardize missions during their presentation at Black Hat USA 2025. The discussion emphasized the growing cybersecurity risks associated with outer space operations. Read Original »
Incode Acquires AuthenticID to Enhance AI-Driven Identity Verification
Incode has acquired AuthenticID to enhance its AI-driven identity verification capabilities. This acquisition aims to leverage Incode's AI models alongside AuthenticID's expertise to provide comprehensive fraud signal analysis and advanced detection methods. Read Original »
DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft
Popular password manager plugins for web browsers are vulnerable to clickjacking attacks, which can lead to the theft of sensitive information such as account credentials and 2FA codes. This vulnerability, identified as DOM-based extension clickjacking, raises significant security concerns for users of these tools. Read Original »
Tree of AST: A Bug-Hunting Framework Powered by LLMs
The article discusses a new vulnerability discovery framework developed by teenage security researchers Sasha Zyuzin and Ruikai Peng, which utilizes large language models (LLMs) to overcome previous limitations in cybersecurity. This innovative approach aims to enhance the efficiency of bug hunting in software systems. Read Original »
FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage
The FBI has issued a warning about the Russian state-sponsored group Static Tundra, which is exploiting a seven-year-old security vulnerability in Cisco IOS and Cisco IOS XE software to gain persistent access to targeted networks. The group is specifically targeting organizations in telecommunications, higher education, and manufacturing sectors. Read Original »
GPT-5 Has a Vulnerability: Its Router Can Send You to Older, Less Safe Models
The article highlights a vulnerability in GPT-5 where user queries can be redirected to older, less secure models. This flaw can lead to issues such as jailbreaks, hallucinations, and unsafe outputs. Read Original »
Slow and Steady Security: Lessons from the Tortoise and the Hare
The article emphasizes the importance of focusing on fundamental security practices rather than getting distracted by trends and hype. By adopting a steady and consistent approach, enterprises can develop security programs that are resilient and effective over time. Read Original »
Elastic Refutes Claims of Zero-Day in EDR Product
Elastic has denied claims of a zero-day vulnerability in their EDR product, stating that they found no evidence of a remote code execution (RCE) vulnerability following the publication of details and proof of concept for a Defend EDR bypass. The situation highlights ongoing scrutiny and discussions within the cybersecurity community regarding the security of EDR solutions. Read Original »
Europe's Ransomware Surge Is a Warning Shot for US Defenders
The article highlights the increasing threat of ransomware in Europe, serving as a cautionary tale for US cybersecurity defenders. It emphasizes the need for robust defenses, effective patch management, and a transparent incident response strategy that anticipates potential failures. Read Original »
Hacker Finds Flaws in McDonald’s Staff, Partner Hubs
A hacker has identified significant security flaws within McDonald's staff and partner hubs, including the exposure of APIs, sensitive data, and corporate documents. These vulnerabilities pose serious risks to the company's cybersecurity posture. Read Original »
Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts
Researchers have identified a new prompt injection technique called PromptFix that exploits generative AI models by embedding malicious instructions within fake CAPTCHA checks on web pages. This method highlights vulnerabilities in AI-driven browsers, similar to previous scams like ClickFix. Read Original »
RapperBot Botnet Disrupted, American Administrator Indicted
The US Department of Justice has successfully disrupted the RapperBot botnet and has indicted its American administrator. This operation highlights ongoing efforts to combat cybercrime and the use of botnets for malicious activities. Read Original »
Seemplicity Raises $50 Million for Exposure Management Platform
Seemplicity has successfully raised $50 million in a Series B funding round aimed at enhancing its exposure management platform through the development of AI agents. This investment will bolster the company's capabilities in managing cybersecurity exposures. Read Original »
🕵️ Webinar: Discover and Control Shadow AI Agents in Your Enterprise Before Hackers Do
The article highlights the growing concern of unmonitored AI agents operating within enterprises, often set up by business units without proper oversight. This lack of visibility can lead to security risks, as these agents may not have proper identification, ownership, or logging. Read Original »
Flaws in Software Used by Hundreds of Cities and Towns Exposed Sensitive Data
CERT/CC has revealed vulnerabilities in a Workhorse Software application that could lead to the exposure of sensitive data. These flaws were disclosed after patches were released, highlighting potential risks for cities and towns using the software. Read Original »