“Cyber warfare is as much about psychological strategy as technical prowess.”
― James Scott
-

Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants [email protected] (The Hacker News)
Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read artificial intelligence (AI) conversions from other customers’ applications without requiring authentication. The vulnerabilities have been collectively codenamed DifyTap by Zafran Security.Read More
-

29-Year-Old Squid Proxy Bug ‘Squidbleed’ Can Leak Cleartext HTTP Requests [email protected] (The Hacker News)
A heap over-read in the Squid web proxy can leak another user’s cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Squid’s default configuration. Researchers at Calif.io disclosed it in…
-

New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer [email protected] (The Hacker News)
Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER. According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting point to distribute the malware. Evidence indicates that the threat actor is likely Russian-speaking and financially motivated, owing to…
-
A CISO’s guide to infostealers: Prevention and detection
Infostealers aren’t new. But what is new is that almost anyone — regardless of skill — can now deploy the malware. Update incident response plans to safeguard your operations.Read More
-

Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries [email protected] (The Hacker News)
Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major device-maker app stores are in from the start. On that date, certified Android phones in Brazil, Indonesia, Singapore, and Thailand will block normal installs of apps whose developers have not registered an identity with…
-

Stop Your Legacy Infrastructure from Hijacking Your AI Agents [email protected] (The Hacker News)
Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for – how attackers are circumventing AI security programs by using legacy infrastructure to hijack AI agents. AI adoption is moving faster than security programs can account for. Roughly 71% of…
-

⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More [email protected] (The Hacker News)
It’s Monday again. This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking for way too much control. The annoying part is how little of this feels new. Weak credentials, sketchy downloads, browser extensions with too much access, and WordPress…
-

Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices [email protected] (The Hacker News)
Canada’s spy service got a judge’s permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets. The Federal Court released a public version of the ruling on June 15. It is the first time the Canadian Security Intelligence Service has used its threat reduction warrant powers…
-

AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network [email protected] (The Hacker News)
A new malware family is turning forgotten home routers into a distributed reconnaissance and proxy network, not the DDoS botnet these devices usually end up in. QiAnXin’s XLab calls it AryStinger and counts at least 4,300 infected routers, a total it says is still rising. The distinction matters. AryStinger exists for the stage of an attack that…
-

INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific [email protected] (The Hacker News)
A new report from INTERPOL has revealed a “dramatic increase” in cybercrime in Asia and the South Pacific, fueled by rapid digitalization, internet penetration, new technologies, organized criminal networks, and a disparity in cybersecurity maturity. According to INTERPOL’s 2025/2026 Asia and South Pacific Cyberthreat Assessment Report, phishing has emerged as the most widespread andRead More
“Security used to be an inconvenience sometimes, but now it’s a necessity all the time.”
― Martina Navratilova
