AI agents have quickly moved from experimental tools to core components of daily workflows across security, engineering, IT, and operations. What began as individual productivity aids, like personal code assistants,… Read More »AI Agents Are Becoming Privilege Escalation Paths
Security experts have disclosed details of an active malware campaign that’s exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls… Read More »Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware
Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The operating system (OS) injection… Read More »Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution
Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the… Read More »Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited
Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. Government sector malicious activity spiked from 2%… Read More »New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification
Node.js has released updates to fix what it described as a critical security issue impacting “virtually every production Node.js app” that, if successfully exploited, could trigger a denial-of-service (DoS) condition.… Read More »Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between October and December 2025. The… Read More »PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces
Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club, Discover, JCB Co., Ltd.,… Read More »Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages
Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that’s capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries,… Read More »Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool
AI agents are no longer just writing code. They are executing it. Tools like Copilot, Claude Code, and Codex can now build, test, and deploy software end-to-end in minutes. That… Read More »[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl