Latest Intelligence
Utilities, Factories at Risk From Encryption Holes in Industrial Protocol
The OPC UA communication protocol, commonly used in industrial environments, has been found to have vulnerabilities despite its intricate cryptography. These weaknesses pose risks to utilities and factories relying on this protocol for secure communication. Read Original »
Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls
Researchers have identified a surge in exploits targeting a critical vulnerability in Erlang/OTP SSH, which has been actively exploited since May 2025. Approximately 70% of these attacks are aimed at firewalls that protect operational technology networks. Read Original »
Echo Chamber, Prompts Used to Jailbreak GPT-5 in 24 Hours
Researchers have demonstrated a jailbreaking technique that manipulates a language model (LLM) to produce harmful content, specifically instructions for creating a Molotov cocktail, without using inappropriate language. This highlights vulnerabilities in AI systems that can be exploited through creative prompting and storytelling. Read Original »
Chrome Sandbox Escape Earns Researcher $250,000
A researcher has successfully executed a sandbox escape in Google Chrome, leading to remote code execution. This achievement has earned the researcher a reward of $250,000, the highest in the Chrome bug bounty program. Read Original »
Will Secure AI Be the Hottest Career Path in Cybersecurity?
The article discusses the emerging need for specialized career paths in cybersecurity focused on securing AI systems. As organizations face new vulnerabilities and regulatory challenges, the demand for professionals in this area is expected to grow significantly. Read Original »
Managing the Trust-Risk Equation in AI: Predicting Hallucinations Before They Strike
Recent research indicates that large language models may have the capability to foresee when their responses are likely to be incorrect, which could significantly enhance trust and security in AI systems. This predictive ability could transform how risks are managed in AI-driven applications. Read Original »
Connex Credit Union Data Breach Impacts 172,000 People
Connex Credit Union, one of Connecticut's largest credit unions, has suffered a data breach that likely resulted in the theft of personal information belonging to approximately 172,000 individuals. The incident raises concerns about the security of sensitive data in financial institutions. Read Original »
⚡ Weekly Recap: BadCam Attack, WinRAR 0-Day, EDR Killer, NVIDIA Flaws, Ransomware Attacks & More
Cyber attackers are rapidly exploiting new vulnerabilities in popular software, posing significant risks to businesses. Unpatched flaws can lead to data theft or loss of control over systems, emphasizing the need for regular updates to defenses. Read Original »
Flaws in Major Automaker’s Dealership Systems Allowed Car Hacking, Personal Data Theft
A researcher has revealed that vulnerabilities in a dealership platform used by over 1,000 US dealerships could allow for car hacking and personal data theft. This raises significant concerns about the security of automotive systems and consumer data protection. Read Original »
6 Lessons Learned: Focusing Security Where Business Value Lives
The article discusses the challenge security teams face in identifying assets that are business-critical, as opposed to merely critical in a security sense. It emphasizes the importance of focusing security efforts on those assets that are essential for business operations, revenue, and delivery. Read Original »
Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada
Russian hackers, identified as RomCom, exploited a zero-day vulnerability in WinRAR, designated as CVE-2025-8088, to target various sectors including financial, defense, manufacturing, and logistics. WinRAR has since issued a patch to address this security flaw. Read Original »
BadCam: New BadUSB Attack Turns Linux Webcams Into Persistent Threats
Eclypsium researchers have revealed a new BadUSB attack, termed BadCam, that targets Linux webcams, particularly those from Lenovo. This vulnerability poses a persistent threat to users by potentially affecting other camera models as well. Read Original »
WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately
A zero-day vulnerability in WinRAR, tracked as CVE-2025-8088, has been discovered and is currently being actively exploited. The vulnerability allows for path traversal on the Windows version of the software, enabling arbitrary code execution through malicious archive files. Read Original »
New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP
Researchers have identified a new attack method, dubbed Win-DDoS, that can exploit public domain controllers to form a botnet capable of executing powerful DDoS attacks. This technique was presented by SafeBreach researchers at DEF CON 33, highlighting a significant cybersecurity threat. Read Original »
Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation
Researchers have identified a vulnerability in Microsoft's Windows RPC communication protocol that allows attackers to conduct spoofing attacks. This issue, tracked as CVE-2025-49760, has been patched by Microsoft and is categorized as a Windows Storage spoofing bug. Read Original »