Hot stuff

Amazon Quick authorization bypass let users reach blocked AI chat agents

Amazon Quick authorization bypass let users reach blocked AI chat agents 2026-05-12 at 20:12 By Mirko Zorz Enterprises running Amazon Quick, the AWS business intelligence and agentic AI service, rely on a feature called custom permissions to restrict who inside an account can use AI chat agents. Fog Security founder Jason Kao discovered that those […]

Amazon Quick authorization bypass let users reach blocked AI chat agents Read More »

JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413)

JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413) 2026-05-12 at 17:35 By Zeljka Zorz JetBrains has patched a high-severity vulnerability (CVE-2026-44413) in TeamCity, its popular continuous integration and continuous delivery platform, and is urging organizations with on-premises and self-managed deployments to upgrade to the fixed version or implement a security patch. About CVE-2026-44413 CVE-2026-44413

JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413) Read More »

The hidden smart fridge risks that emerge years after purchase

The hidden smart fridge risks that emerge years after purchase 2026-05-12 at 09:28 By Mirko Zorz Household refrigerators are built to last more than a decade. The software, cloud services, and mobile apps that control them are not. A new analysis from Erik Buchmann at Leipzig University maps what happens when those two timelines collide,

The hidden smart fridge risks that emerge years after purchase Read More »

Linux developers weigh emergency “killswitch” for vulnerable kernel functions

Linux developers weigh emergency “killswitch” for vulnerable kernel functions 2026-05-11 at 16:48 By Zeljka Zorz Linux kernel developers are reviewing a proposal for an emergency risk mitigation mechanism (“Killswitch”) that would allow administrators to disable vulnerable kernel functions at runtime. The proposal, submitted by Linux kernel developer/maintainer Sasha Levin, arrives in the wake of the

Linux developers weigh emergency “killswitch” for vulnerable kernel functions Read More »

Google researchers uncover criminal zero-day exploit likely built with AI

Google researchers uncover criminal zero-day exploit likely built with AI 2026-05-11 at 16:48 By Mirko Zorz Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-based system administration tool. It allowed attackers to bypass two-factor authentication once they had valid user credentials.

Google researchers uncover criminal zero-day exploit likely built with AI Read More »

Rustinel: Open-source endpoint detection for Windows and Linux

Rustinel: Open-source endpoint detection for Windows and Linux 2026-05-11 at 08:51 By Mirko Zorz Open-source endpoint detection has long been split between Windows-focused tools built around Sysmon and Linux tools built around eBPF or auditd. Defenders running mixed environments have had to stitch together separate pipelines, separate rule sets, and separate maintenance burdens. Rustinel, a

Rustinel: Open-source endpoint detection for Windows and Linux Read More »

Dirty Frag: Unpatched Linux vulnerability delivers root access

Dirty Frag: Unpatched Linux vulnerability delivers root access 2026-05-08 at 18:03 By Zeljka Zorz A week after Copy Fail, another Linux local privilege escalation vulnerability dubbed “Dirty Frag” has been revealed, along with a PoC exploit. What is Dirty Frag In effect, Dirty Frag refers to two flaws: A xfrm-ESP Page-Cache Write vulnerability (CVE-2026-43284, aka

Dirty Frag: Unpatched Linux vulnerability delivers root access Read More »

Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)

Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973) 2026-05-08 at 13:30 By Zeljka Zorz Ivanti has released fixes for 5 high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) solution, one of which (CVE-2026-6973) has being exploited as a zero-day by attackers. “We are aware of a very limited number of customers exploited with CVE-2026-6973,” the

Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973) Read More »

What Mozilla learned running an AI security bug hunting pipeline on Firefox

What Mozilla learned running an AI security bug hunting pipeline on Firefox 2026-05-08 at 01:14 By Mirko Zorz Over the past several months, Mozilla ran an agentic harness powered by Claude Mythos Preview across Firefox’s source code, identifying 271 security bugs that were fixed in Firefox 150, with additional fixes shipped in versions 149.0.2 and

What Mozilla learned running an AI security bug hunting pipeline on Firefox Read More »

One keypress is all it takes to compromise four AI coding tools

One keypress is all it takes to compromise four AI coding tools 2026-05-08 at 01:14 By Mirko Zorz Developers clone unfamiliar repositories all the time. Open-source projects, work from teammates, sample code from a tutorial, a library someone recommended on a forum. The convention is old and reasonable: you look at what’s inside before you

One keypress is all it takes to compromise four AI coding tools Read More »

State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls

State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls 2026-05-08 at 01:14 By Zeljka Zorz Palo Alto Networks believes the in-the-wild exploitation of a zero-day vulnerability (CVE-2026-0300) in its firewalls is likely the work of state-sponsored threat actors. A flaw with no patch (yet) CVE-2026-0300 is a buffer overflow vulnerability in the User-ID Authentication

State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls Read More »

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) 2026-05-04 at 18:59 By Zeljka Zorz Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerabilities were reported privately by Airbus researchers and there’s

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) Read More »

Pipelock: Open-source AI agent firewall

Pipelock: Open-source AI agent firewall 2026-05-04 at 09:46 By Mirko Zorz AI coding agents run with shell access, environment variables containing API keys, and unrestricted internet connectivity, creating a single point of failure where one compromised tool call can leak credentials to an attacker-controlled domain. Pipelock, an open-source security harness developed by Joshua Waldrep under

Pipelock: Open-source AI agent firewall Read More »

cPanel zero-day exploited for months before patch release (CVE-2026-41940)

cPanel zero-day exploited for months before patch release (CVE-2026-41940) 2026-04-30 at 16:45 By Zeljka Zorz A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers in the wild. What’s more, attackers didn’t have to wait for watchTowr security researchers to release technical

cPanel zero-day exploited for months before patch release (CVE-2026-41940) Read More »

Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)

Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) 2026-04-30 at 15:31 By Zeljka Zorz Security researchers at Theori have disclosed a high-severity local privilege escalation (LPE) vulnerability (CVE-2026-31431) in the Linux kernel. The flaw, nicknamed “Copy Fail”, has affected virtually every major Linux distribution shipped since 2017, and a working proof-of-concept (PoC) exploit

Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) Read More »

The AI criminal mastermind is already hiring on gig platforms

The AI criminal mastermind is already hiring on gig platforms 2026-04-27 at 10:30 By Mirko Zorz Labor-hire platforms let anyone with a credit card post a task and pay a stranger to complete it. The RentAHuman platform extends that model to AI agents through a Model Context Protocol server, allowing an agent to post gigs

The AI criminal mastermind is already hiring on gig platforms Read More »

Indirect prompt injection is taking hold in the wild

Indirect prompt injection is taking hold in the wild 2026-04-24 at 23:26 By Zeljka Zorz The open web is slowly but surely filling up with “traps” designed for LLM-powered AI agents. The technique, known as indirect prompt injection (IPI), involves hiding (more or less) covert instructions inside ordinary web pages, waiting for an AI agent

Indirect prompt injection is taking hold in the wild Read More »

New Cisco firewall malware can only be killed by pulling the plug

New Cisco firewall malware can only be killed by pulling the plug 2026-04-24 at 13:17 By Zeljka Zorz Suspected state-sponsored attackers are using a custom backdoor to persistently compromise Cisco security devices (firewalls), the US CISA and the UK National Cyber Security Centre warned on Thusday. “The [Firestarter] malware (…) is relevant for both Cisco

New Cisco firewall malware can only be killed by pulling the plug Read More »

AI is speeding up nation-state cyber programs

AI is speeding up nation-state cyber programs 2026-04-24 at 08:40 By Mirko Zorz Im this Help Net Security interview, Kaja Ciglic, Senior Director, Cybersecurity Policy and Diplomacy at Microsoft, discusses how nation-state cyber programs have changed over three years. Cyber has become a core instrument of state power, integrated with military, economic, and diplomatic tools.

AI is speeding up nation-state cyber programs Read More »

With AI’s help, North Korean hackers stumbled into a near-undetectable attack

With AI’s help, North Korean hackers stumbled into a near-undetectable attack 2026-04-24 at 08:22 By Zeljka Zorz For many years, state-sponsored hacking was defined by human expertise in finding security holes, writing malware and exploits, pulling off social engineering and phishing attacks, and much more. Since the advent of LLM-powered AI assistants and tools, less

With AI’s help, North Korean hackers stumbled into a near-undetectable attack Read More »

Scroll to Top