A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent. According to Seqrite… Read More »China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan
Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some “patched-ish” thing already getting chewed on in the wild, and then… Read More »⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
Three years ago, the practical question for an MSP building a cybersecurity practice was which “vCISO platform” to buy. The term was good shorthand for the work at the time:… Read More »The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools
Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that’s targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named codexui-android, is advertised… Read More »OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market, to create… Read More »Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks. The bot network,… Read More »Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices
Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257… Read More »PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant’s implicit trust in Markdown links and images to trigger prompt injections and… Read More »ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network… Read More »Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
Shadow AI used to mean employees pasting things they shouldn’t into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing… Read More »What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks