VulnHub

Researchers at RSAC discovered a way to bypass Apple Intelligence's AI guardrails using techniques called Neural Exect and Unicode manipulation. This vulnerability could allow attackers to exploit the AI's systems, potentially leading to unauthorized access or misuse of the technology. The implications of this breach are significant, as it raises concerns about the security and reliability of AI systems used by Apple and possibly other tech companies. Users and developers relying on Apple Intelligence need to be aware of this vulnerability to ensure their systems are secure. The researchers' findings emphasize the importance of ongoing scrutiny and improvement of AI security measures.

Edge devices, which connect various networks and serve as points of entry, are increasingly becoming targets for cyber attackers. These devices can be exploited to gain unauthorized access to systems, allowing attackers to persist within networks and pivot to steal sensitive identity information. This trend raises concerns for organizations relying on edge computing, as vulnerabilities in these devices can lead to significant data breaches. Ensuring the security of edge devices is crucial, as they play a pivotal role in the overall security posture of an organization. Companies need to prioritize safeguarding these devices to protect against modern cyber threats.

The official WordPress site for the open-source decompiler ILSpy has been compromised by malicious actors, leading to a supply chain attack that targets developers. This breach allows attackers to distribute malware disguised as legitimate software, putting users who download from the site at risk. Developers using ILSpy may unknowingly install malware on their systems, which can lead to further exploitation or data breaches. Supply chain attacks like this one are particularly concerning because they exploit trusted sources, making it harder for users to detect malicious activity. As a result, developers need to be cautious about where they download software and ensure they verify the integrity of their tools.

A serious vulnerability in Flowise, identified as CVE-2025-59528, is currently being exploited by attackers to execute malicious code remotely. This flaw, which has a CVSS score of 10, arises from insufficient validation of user-supplied JavaScript, allowing unauthorized access to systems and file systems. Organizations using Flowise are at risk, as this vulnerability can lead to significant security breaches. The exploitation of such vulnerabilities can result in data theft, system compromise, and other malicious activities. It's essential for users and administrators to be aware of this issue and take appropriate action to protect their systems.

A new privilege escalation vulnerability, dubbed 'BlueHammer', has been identified in Windows operating systems. This flaw, which merges a time-of-check to time-of-use (TOCTOU) vulnerability with path confusion, allows attackers to gain higher-level access to systems. Users of affected Windows versions are particularly at risk, as this could enable unauthorized actions that compromise system security. The release of exploit code for BlueHammer raises concerns about its potential use in cyberattacks, making it crucial for organizations to address this vulnerability promptly. Keeping systems updated and applying any available patches will be essential to mitigate the risks associated with this flaw.

A new exploit known as GrafanaGhost has been discovered that can bypass AI guardrails, allowing attackers to exfiltrate sensitive data from Grafana instances. This vulnerability combines AI prompt injection techniques with URL flaws to access information that should be protected. Grafana, a widely used open-source platform for data visualization, is particularly vulnerable, and this breach could expose critical insights stored by companies using the software. The implications are serious, as organizations could face data leaks that might compromise their operations and customer trust. Users of Grafana are urged to review their security settings and monitor for any unusual access patterns to safeguard their data.

Recent findings reveal that attackers can exploit Grafana's AI components to leak sensitive enterprise data. By directing Grafana to external resources and using indirect prompts, they can bypass existing security measures. This vulnerability poses a significant risk to organizations that rely on Grafana for data visualization and monitoring, as it may expose confidential information. Companies using Grafana should take immediate action to assess their configurations and consider implementing additional safeguards to protect against such exploitation. The implications of this issue are serious, as it could lead to unauthorized access to critical business data.

The Medusa ransomware group has been swift in exploiting vulnerabilities, utilizing zero-day exploits to gain access to systems. Once inside, they quickly exfiltrate and encrypt data, often within days of their initial breach. This rapid response poses a significant threat to organizations, as it reduces the time available for victims to respond and mitigate the damage. Companies across various sectors need to be vigilant and ensure their systems are updated to prevent falling victim to these attacks. The effectiveness of Medusa's tactics highlights the importance of maintaining robust cybersecurity defenses and monitoring for unusual activity.

Recent research has identified several email-based threats that are evolving with the rise of AI and sophisticated attack methods. Key threats include OAuth consent attacks, where attackers exploit legitimate app permissions to gain unauthorized access to accounts. Lateral phishing is also on the rise, where compromised accounts are used to target other users within the same organization. Additionally, AI is being misused in payroll fraud schemes, tricking companies into making mistaken payments. These threats impact a wide range of organizations, as they rely heavily on email for communication and transactions. As these tactics become more common, businesses must remain vigilant and enhance their email security measures to protect against these evolving risks.

In March 2026, a threat actor known as TeamPCP executed a supply chain attack that targeted developer workstations, turning them into credential vaults for attackers. These machines are crucial for developers, as they handle the creation and management of various credentials across services and tools. By infiltrating these systems, attackers gained access to sensitive information that could be reused across multiple platforms, increasing the risk of data breaches. This incident raises significant concerns for companies that rely on developer machines, highlighting the need for improved security measures to protect sensitive credentials. As attackers continue to exploit these valuable resources, organizations must reassess their security protocols to safeguard against similar threats in the future.