Topic: security vulnerabilities
-
The Hidden Danger in Big Tech's Moltbook and OpenClaw Bet
Major tech companies like Meta and OpenAI are prioritizing viral hype over security, acquiring or hiring from platforms like Moltbook and OpenClaw that are built on fundamentally insecure foundations. Investigations reveal severe security flaws, including Moltbook's publicly accessible database a...
Read More » -
Microsoft Patches Critical Zero-Day Exploits
Microsoft's latest security update patches 79 vulnerabilities, including two publicly disclosed zero-day exploits, requiring urgent attention from IT teams. One critical zero-day (CVE-2026-21262) is a high-severity privilege escalation flaw in SQL Server, posing a risk to exposed instances, while...
Read More » -
AI-Powered Vishing Platform Exposed by Researchers
Security researchers have uncovered a sophisticated vishing-as-a-service platform called P1, which uses AI voice technology from ElevenLabs to automate convincing "press 1" phone scams, lowering the barrier for large-scale fraud. The subscription-based platform allows criminals to spoof caller ID...
Read More » -
HPE Issues Critical Alert for AOS-CX Admin Password Reset Flaw
HPE has released critical security patches for its Aruba AOS-CX operating system, addressing multiple vulnerabilities including a severe authentication bypass (CVE-2026-23813) in the web management interface. For immediate protection, HPE recommends isolating management interfaces on a dedicated ...
Read More » -
AI Uncovers Hidden Bugs in Decades-Old Code
AI can uncover long-hidden vulnerabilities in legacy software, demonstrating a powerful dual-use capability for both security enhancement and potential weaponization by malicious actors. While AI complements traditional security tools by reasoning about system functions to identify novel attack p...
Read More » -
OpenAI Acquires Promptfoo to Fortify AI Agent Security
OpenAI has acquired security startup Promptfoo to integrate its specialized tools, enhancing defenses against threats to its enterprise AI agent platform. The acquisition addresses growing security challenges as autonomous AI agents become more integral to business, with Promptfoo's technology al...
Read More » -
FBI Urges Americans: Replace These Risky Wi-Fi Routers Now
The FBI warns that outdated Wi-Fi routers have severe, actively exploited security flaws, allowing cybercriminals to upload malware and directly threaten personal and financial data. Compromised routers are hijacked into botnets, enabling large-scale attacks and the secret interception of unencry...
Read More » -
DJI Pays $30K to Hacker Who Exposed 7,000 Robovac Flaws
A security researcher discovered a major flaw in DJI's Romo robot vacuum network, exposing around 7,000 devices to potential remote access and viewing into private homes. DJI confirmed a $30,000 reward, has patched one vulnerability, and is implementing a broader system upgrade to address more se...
Read More » -
Google's Android Openness at Risk with Developer Verification
Google's new developer verification policy is seen as a threat to Android's open ecosystem, acting as a gatekeeper for software installation despite developer opposition. Independent developers may abandon Android for alternatives like progressive web apps, while users seeking full control face t...
Read More » -
Critical SolarWinds Serv-U Flaws Grant Root Server Access
SolarWinds has released critical security patches for its Serv-U file transfer software to fix four vulnerabilities that could allow remote code execution and full administrative takeover of servers. All four flaws require the attacker to already have high-privilege access, limiting exploitation ...
Read More » -
iOS 26.3.1 Update Nears Release for iPhone
Apple is preparing to release a minor iOS 26.3.1 update, focused on bug fixes and security patches, with a public rollout expected soon. The update may include foundational support for upcoming hardware, as Apple is rumored to announce new products like the iPhone 17e in early March. This update ...
Read More » -
Microsoft's AI Summaries Allegedly Manipulated by 'Poison' Buttons
Microsoft's report identifies "AI Recommendation Poisoning," where companies embed hidden instructions in website buttons to secretly program AI assistants to remember them as trusted sources, skewing future recommendations without user consent. The investigation found 50 prompt injection attempt...
Read More » -
Major Password Managers Have Design Flaws Enabling Vault Attacks
A security analysis reveals significant design vulnerabilities in major cloud-based password managers (Bitwarden, LastPass, Dashlane, 1Password), challenging their "zero-knowledge" encryption claims and potentially allowing full vault compromise. The vulnerabilities stem from common architectural...
Read More » -
Password Managers Can Sometimes See Your Vaults
Password managers rely on a "zero knowledge" encryption model, promising that service providers cannot access user data, but recent research shows this guarantee can be compromised under specific conditions. Security researchers found vulnerabilities not in the core encryption, but in common conv...
Read More » -
Top Android OS Alternatives for 2026: Our Expert Reviews
The primary alternative to Google's mobile ecosystem involves using modified versions of Android (AOSP forks) that remove proprietary services, prioritizing privacy while maintaining app compatibility, with Linux-based systems like SailfishOS being a less polished, more radical departure. A key m...
Read More » -
DJI's Robovac: An Autonomous Drone That Falls Short on Trust
The DJI Romo P is a highly advanced, multifunctional robot vacuum and mop that offers impressive cleaning performance and near-total autonomy through its self-emptying, self-cleaning base station. A critical security flaw that allowed unauthorized remote access to its camera feed raises serious p...
Read More » -
OpenClaw Scanner: Detect AI Agents with Open-Source Tool
The OpenClaw Scanner is a free, open-source tool that helps companies detect the presence of the autonomous OpenClaw AI agent (or MoltBot) within their networks, which can operate independently and access internal systems. Security investigations have found that poorly configured OpenClaw deploym...
Read More » -
Hackers Exploit Critical Microsoft Zero-Day Bugs in Windows, Office
Microsoft has released critical patches for actively exploited zero-day vulnerabilities in Windows and Office, including a severe flaw (CVE-2026-21510) in the Windows shell that bypasses the SmartScreen security filter. A second critical vulnerability (CVE-2026-21513) exists in the legacy MSHTML ...
Read More » -
Can AI Assistants Ever Be Truly Secure?
The core vulnerability of AI assistants is prompt injection, where malicious commands hidden in processed data are indistinguishable from legitimate user instructions, creating a significant security challenge. Current defense strategies are imperfect and include specialized training to recognize...
Read More » -
Microsoft's Valentine's Day Patch: 6 Critical Zero-Day Fixes
Microsoft's February security update patched 59 vulnerabilities, with six actively exploited as zero-days before the fix, indicating a more aggressive threat landscape. Among the critical flaws patched were high-severity security feature bypasses in Windows Shell and Internet Explorer, which coul...
Read More » -
Over 40,000 OpenClaw Instances Found Exposed Online
Over 40,000 publicly exposed OpenClaw AI instances have been discovered, granting attackers the same access to systems and data as the AI agent itself. Exploitation is active, with many instances linked to prior breaches and vulnerabilities, including critical remote code execution flaws that all...
Read More » -
Windows Secure Boot Certificates Expire in June: Your Action Plan
The foundational security certificates for UEFI Secure Boot, introduced with Windows 8, are expiring in 2024, requiring a planned update to maintain the system's integrity. Devices that fail to install the necessary updates will enter a degraded security state, losing the ability to receive criti...
Read More » -
OpenClaw's AI Evolution Alarms Cybersecurity Experts
The OpenClaw AI project has rapidly evolved from a niche tool into a viral phenomenon, shifting from reactive chatbots to autonomous systems that proactively perform tasks on a user's device, raising significant security alarms. Its explosive growth has outpaced security vetting, creating major r...
Read More » -
State-Sponsored Hackers Hijacked Notepad++ Updates
A suspected Chinese state-sponsored hacking group compromised Notepad++'s update server, exploiting vulnerabilities in its updater to deliver malicious software to targeted organizations in East Asia. The attackers maintained access for months by hijacking the shared hosting infrastructure, redir...
Read More » -
Viral AI Assistant Sparks Data Security Concerns
The Moltbot AI assistant's deep system integration and popularity pose severe security risks, as its power can lead to leaks of sensitive corporate and personal data if deployments are not properly secured. Insecure enterprise deployments are common, often due to misconfigured proxies that expose...
Read More » -
Nike Probes Data Breach Following Hacker Leak
Nike is investigating a potential cybersecurity incident after the World Leaks ransomware group published a large trove of allegedly stolen internal business data online. The World Leaks group is a rebrand of the Hunters International operation, which has shifted to pure data theft and extortion,...
Read More » -
Windows 2026 Update Bugs: Fix Outlook Freezes & App Errors
Microsoft's January security update, intended to patch critical vulnerabilities, has instead introduced several disruptive bugs affecting Windows users, with some issues resolved but others persisting. Key problems included a now-fixed remote access authentication failure and a resolved boot issu...
Read More » -
AI Agents Outpacing Safety, Deloitte Warns
A Deloitte report reveals a critical gap between rapid AI agent adoption in business and the implementation of safety governance, with only 21% of surveyed companies having strong oversight despite widespread use. The autonomous nature of AI agents, which can perform complex tasks like signing do...
Read More » -
SMS Sign-In Links Put Millions at Risk
SMS-based authentication links are creating major security vulnerabilities, exposing users to fraud and identity theft across numerous online services due to easily guessable or enumerable tokens in the URLs. Attackers can exploit these weak tokens to access other users' accounts, view sensitive ...
Read More » -
Find Security Flaws in Python Code with Bandit
Bandit is an open-source tool that scans Python source code to identify security vulnerabilities, such as unsafe use of `eval` or hard-coded passwords, by comparing code against a set of security rules. Each finding is assigned a severity and confidence rating to help prioritize fixes, and the to...
Read More » -
Anthropic's Official Git MCP Server Exposes Prompt Injection Bugs
Critical vulnerabilities were discovered in Anthropic's official Git server for its Model Context Protocol (MCP), exploitable via prompt injection attacks to manipulate AI assistants into unauthorized actions. The flaws, present in default installations, allow attackers to execute code, delete fi...
Read More » -
Microsoft's First Free Windows Update for 2026 Confirmed
Microsoft has released a critical 2026 security update for Windows 10, patching over 100 vulnerabilities, as the operating system's official support ends in October 2026. Despite the approaching end-of-life, Windows 10's market share remains high, creating a security challenge as many users have ...
Read More » -
Microsoft Copilot Hijacked in Reprompt Attack for Data Theft
The "Reprompt" attack is a cybersecurity threat that allows attackers to hijack a user's Microsoft Copilot session via a malicious link, exploiting a vulnerability where Copilot automatically executes prompts from a URL parameter. The attack uses three techniques—Parameter-to-Prompt injection, a ...
Read More » -
ownCloud Urges MFA Activation Following Credential Theft
ownCloud is urging all users to immediately enable multi-factor authentication (MFA) to block unauthorized access, even if login credentials are stolen. The company clarified its platform was not hacked; attackers instead used credentials stolen by malware from employee devices to access accounts...
Read More » -
AI and Rust: The New Era of OS Programming
The development of major operating systems like Windows and Linux is being fundamentally reshaped by the adoption of **Rust for memory safety** and **AI for developer efficiency**, though the transition from legacy C/C++ codebases will be gradual and incremental. While both ecosystems embrace the...
Read More » -
Condé Nast Data Breach Exposed, Ars Remains Secure
A hacker leaked over 2.3 million user records from WIRED, exposing personal details like names and email addresses, and plans to release 40 million more records from other Condé Nast publications. The hacker's claimed motive of improving security is disputed, with cybersecurity reports suggesting...
Read More » -
Your Car's Browser Is a Cyber Risk
Integrated browsers in devices like cars and smart TVs are often unpatched for years, creating significant security vulnerabilities and enabling phishing attacks. A study using crowdsourced testing found many newly released devices contain browsers several years out of date, with manufacturers fr...
Read More » -
Riot's New Anti-Cheat May Strain Older PCs
Advanced kernel-level anti-cheat software for online games now often requires modern Windows security features, leading Riot Games to mandate a BIOS update for some users to address vulnerabilities. The required update fixes critical UEFI firmware bugs that could disable memory protection during ...
Read More » -
Ditch Your Router's USB Port: What Tech Pros Use Instead
Security experts strongly advise against using a router's USB port due to outdated, insecure protocols like FTP and SMBv1, which can expose your network to data breaches and unauthorized access. Using a router's USB port for file sharing often degrades network performance, causing slower internet...
Read More » -
Microsoft Patches 56 Flaws, Including Two Zero-Days Under Active Attack
Microsoft's final 2025 security update patches 56 vulnerabilities, including three critical flaws, with two already being actively exploited. The most urgent fix is for CVE-2025-62221, a privilege escalation flaw in Windows that is under active attack and requires prompt patching. Other significa...
Read More » -
Freedom Chat App Exposed Users' Phone Numbers and PINs
Freedom Chat, a privacy-focused messaging app, fixed two major vulnerabilities that allowed attackers to identify registered users' phone numbers and exposed their app-lock PINs to other users in public channels. Security researcher Eric Daigle discovered the flaws, which included weak server pro...
Read More » -
Fortinet warns of critical FortiCloud SSO auth bypass flaw
Fortinet has patched two critical authentication bypass vulnerabilities (CVE-2025-59718 & CVE-2025-59719) in several products, which could allow attackers to gain unauthorized access via a crafted SAML message. The affected FortiCloud SSO feature is not enabled by default on new devices, but it i...
Read More » -
Inside DragonForce Ransomware and Scattered Spider
The DragonForce ransomware operation has evolved into a "cartel" model, offering affiliates high profit shares to scale its impact, and has formed a high-profile partnership with the social engineering group Scattered Spider. This alliance merges Scattered Spider's sophisticated initial access te...
Read More » -
Boost SaaS Security with NIST CSF & Agentic AI
The rapid adoption of SaaS and AI often outpaces security, creating risks; the NIST Cybersecurity Framework provides a structured blueprint to balance innovation with robust protection. Effective security requires strong governance and collaboration between InfoSec and SaaS teams, alongside criti...
Read More » -
Marquis Data Breach Exposes 74+ US Banks and Credit Unions
A ransomware attack on Marquis Software Solutions in August 2025 compromised sensitive personal data, including Social Security and financial account information, for over 400,000 individuals across more than 74 U.S. banks and credit unions. The breach occurred via a compromised SonicWall firewal...
Read More » -
Google's December Update Fixes 33 Bugs, Boosts Pixel Security
Google has released a December security patch for Pixel 6 and later models, addressing 33 bugs and patching critical vulnerabilities to enhance device stability and security. The update fixes specific user-reported issues, including a battery icon glitch, ensures the 80% charge limit works correc...
Read More » -
Android's December 2025 Security Patch: A Major Update
Google's December 2025 Android Security Bulletin details numerous critical vulnerabilities, including a severe flaw in the Android Framework that could enable remote denial-of-service attacks without special privileges. The update addresses high-severity system and kernel-level vulnerabilities th...
Read More » -
India Mandates Government Security App on All Smartphones
The Indian government mandates pre-installation of the "Sanchar Saathi" security app on all smartphones to combat theft and fraud, but critics warn it could enable state surveillance. Apple refuses to comply, citing global policy and security concerns, arguing the mandate risks user privacy and c...
Read More » -
The Hidden Dangers of Vibe Coding That Could Ruin Your Business
Vibe coding enables developers to program using plain English instructions, making application building faster and more accessible but often at the cost of code quality, security, and maintainability. Experts warn that over-reliance on AI-generated code can lead to inconsistent quality, rapid acc...
Read More » -
HashJack Attack Hijacks AI Browsers and Assistants
Security researchers have discovered a method called HashJack that embeds malicious commands in URL fragments to manipulate AI browsing tools into executing harmful actions like inserting dangerous links or sharing user data. The attack's success varies by platform, affecting Perplexity Comet, Mi...
Read More »