Fake Anthropic Sites Deliver Fileless Infostealer to Claude Code Users
Fake Anthropic websites are being used to target Claude Code users with a fileless infostealer campaign that steals browser credentials and evades detection.
Fake Anthropic websites are being used to target Claude Code users with a fileless infostealer campaign that steals browser credentials and evades detection.
A newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges. [...]
Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass that …
The botnet was reportedly tied to a Russia-based residential proxy network.
Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. [...]
Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has bee…
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. "The attacker comprom…
DDoS attacks are increasingly being sold like subscription services, complete with pricing tiers, support, and reseller programs. Flare explores how the DDoS-as-a-Service market has evolved from scattered tools into polished attack platforms. [...]
Dutch authorities have taken offline a massive botnet of 17 million devices and seized more than 200 servers at a local provider that supported the operation. [...]
Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account takeovers. [...]
Your organization's security failures have consequences for everyone else too, since this neo-Nazi-infested criminal gang uses its cyber winnings to support more violent and widespread crimes.
O Notepad++ lançou uma atualização urgente para corrigir três vulnerabilidades de segurança, incluindo duas falhas críticas que podem permitir execução arbitrária de código em computadores Windows. A correção foi disponibilizada na versão 8.9.6.1, publicada em 26 de maio de 2026.…
A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the R…
Uma vulnerabilidade crítica no OpenVPN Connect para macOS pode permitir que invasores locais executem comandos arbitrários com privilégios elevados. A falha é rastreada como CVE-2026-9560 e afeta versões de 3.5.1 até 3.8.1. O problema está no componente privilegiado auxiliar do O…
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 o…
The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. "Kimsuky employed a range of tailored social engineering …
A likely Russian threat cluster tracked as GreyVibe has been targeting Ukrainian entities with AI-generated lures and a rich set of custom malware tools. [...]
Uma vulnerabilidade crítica de escalonamento de privilégios foi descoberta no OpenVPN Connect para macOS, permitindo que atacantes locais executem comandos arbitrários com privilégios elevados por meio do serviço de segundo plano do aplicativo. Registrada como CVE-2026-9560 (CVSS…
Um pacote malicioso chamado “mouse5212-super-formatter” foi descoberto no repositório npm, atuando como um ladrão de informações projetado para roubar arquivos de desenvolvedores que o instalassem. O caso se tornou incomum não apenas pelo que o malware fazia, mas pelo que revelou…
An Android remote access trojan named BTMOB is offered to cybercriminals with a builder interface for generating malware payloads tailored to phishing lures. [...]