“Cyber warfare is as much about psychological strategy as technical prowess.”
― James Scott
-

AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks [email protected] (The Hacker News)
Two researchers have found six security flaws in AirDrop and Quick Share, the wireless features that beam files between nearby devices with no cables or shared network. An attacker within wireless range, with just a laptop and no prior connection, can crash the sharing service on a Mac or iPhone set to receive from anyone,…
-

New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials [email protected] (The Hacker News)
Convince an AI browser that it is playing a game, and it can hand over your login details. That is the finding behind BioShocking, a technique from security firm LayerX that tricked six AI browsers and assistants into copying a user’s credentials and sending them to an attacker. The targets included OpenAI’s ChatGPT Atlas, Perplexity’s Comet,…
-

Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth [email protected] (The Hacker News)
A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037, carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run LoadMaster with the API enabled, update now. Progress published…
-

Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs [email protected] (The Hacker News)
Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence (AI) tools like Anthropic Claude and OpenAI Codex Security. The WebKit vulnerabilities are listed below – CVE-2026-43707 – A memory corruption issue that could…
-

Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild [email protected] (The Hacker News)
A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances. “Easily exploitable vulnerability allowsRead More
-
Splunk Enterprise Authentication Bypass Vulnerability
What is the Attack? A critical authentication bypass vulnerability, CVE-2026-20253 (CVSS 9.8), affects Splunk Enterprise versions 10.0.x and 10.2.x. The flaw stems from missing authentication on a PostgreSQL sidecar service endpoint, allowing an unauthenticated attacker to create or truncate arbitrary files on a vulnerable server. Security researchers have demonstrated that the vulnerability can be leveraged…
-

Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input [email protected] (The Hacker News)
Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to real results. Microsoft says Google removed it from the store after responsible disclosure.…
-

WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private [email protected] (The Hacker News)
WhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform. The optional feature is designed to help users connect with someone on the service through usernames, as opposed to directly sharing their phone numbers. Username reservations…
-

Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks [email protected] (The Hacker News)
The China-aligned espionage group Mustang Panda is running two campaigns against the Indian government and hydropower targets, deploying new malware and turning a legitimate cloud service into its command channel. Acronis Threat Research Unit found active compromises inside Indian government networks, including machines used by senior administrative staff, and worked with Read More
-
8 key aspects of a mobile device security audit program
A mobile device audit program helps IT assess endpoint inventory, access controls, encryption, MDM, UEM, BYOD risk, compliance and remediation across mobile endpoints.Read More
“Security used to be an inconvenience sometimes, but now it’s a necessity all the time.”
― Martina Navratilova
