[Research] Analysis of 74,636 AI Agent Interactions: 37.8% Contained Attack Attempts - New "Inter-Agent Attack" Category Emerges
https://www.reddit.com/r/netsec/comments/1qp3rpz/research_analysis_of_74636_ai_agent_interactions/
CrowdCyber
npub1xm6q...7acu
Revolutionizing and Democratizing Cybersecurity
Microsoft Rushes Emergency Patch for Office Zero-Day
https://www.darkreading.com/vulnerabilities-threats/microsoft-rushes-emergency-patch-office-zero-day
SolarWinds Web Help Desk Hit with Multiple RCE and Auth Bypass Vulnerabilities
Daily CyberSecurity
SolarWinds Web Help Desk Hit with Multiple RCE and Auth Bypass Vulnerabilities
Critical SolarWinds Web Help Desk flaws (CVSS 9.8) allow unauthenticated RCE and auth bypass. Hardcoded credentials also found. Patch immediately.
Sandbox Shattered: Critical n8n Flaw (CVSS 9.9) Allows Remote Code Execution
Daily CyberSecurity
Sandbox Shattered: Critical n8n Flaw (CVSS 9.9) Allows Remote Code Execution
Critical n8n RCE (CVE-2026-1470) lets attackers bypass sandbox defenses via malicious expressions. CVSS 9.9. Check versions 1.123.17 & 2.x now.
Fortinet blocks exploited FortiCloud SSO zero day until patch is ready
BleepingComputer
Fortinet blocks exploited FortiCloud SSO zero day until patch is ready
Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-...
Microsoft Starts 2026 With a Bang: A Freshly Exploited Zero-Day
https://www.darkreading.com/application-security/microsofts-starts-2026-bang-zero-day
Critical Telnet Server Flaw Exposes Forgotten Attack Surface
https://www.darkreading.com/ics-ot-security/critical-telnet-server-flaw-forgotten-attack-surface
Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor
BleepingComputer
Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor
The Chinese espionage threat group Mustang Panda has updated its CoolClient backdoor to a new variant that can steal login data from browsers and m...
Critical sandbox escape flaw found in popular vm2 NodeJS library
BleepingComputer
Critical sandbox escape flaw found in popular vm2 NodeJS library
A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrar...
CISA says critical VMware RCE flaw now actively exploited
BleepingComputer
CISA says critical VMware RCE flaw now actively exploited
CISA has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered U.S. federal agencies to secure their servers wit...
DPRK's Konni Targets Blockchain Developers With AI-Generated Backdoor
https://www.darkreading.com/cyberattacks-data-breaches/dprks-konni-targets-blockchain-developers-ai-generated-backdoor
Nearly 800,000 Telnet servers exposed to remote attacks
BleepingComputer
Nearly 800,000 Telnet servers exposed to remote attacks
Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical auth...
CVSS 9.8 Sandbox Escape: Critical vm2 Flaw Exposes Millions of Apps
Daily CyberSecurity
CVSS 9.8 Sandbox Escape: Critical vm2 Flaw Exposes Millions of Apps
CVSS 9.8 vm2 flaw (CVE-2026-22709) affects 3.7 million users, allowing total sandbox escape via async functions. Update to v3.10.2 immediately.
New ClickFix attacks abuse Windows App-V scripts to push malware
BleepingComputer
New ClickFix attacks abuse Windows App-V scripts to push malware
A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V) script to ultimately...
New malware service guarantees phishing extensions on Chrome web store
BleepingComputer
New malware service guarantees phishing extensions on Chrome web store
A new malware-as-a-service (MaaS) called 'Stanley' promises malicious Chrome extensions that can clear Google's review process and p...
Code by AI: KONNI APT Targets Crypto Devs with “Polished” Backdoor
Daily CyberSecurity
Code by AI: KONNI APT Targets Crypto Devs with "Polished" Backdoor
KONNI APT targets APAC developers with AI-generated malware disguised as crypto projects. The "polished" backdoor steals wallets & credenti...
Microsoft patches actively exploited Office zero-day vulnerability
BleepingComputer
Microsoft patches actively exploited Office zero-day vulnerability
Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks.
Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies
BleepingComputer
Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies
The defense mechanisms that NPM introduced after the 'Shai-Hulud' supply-chain attacks have weaknesses that allow threat actors to bypass...
The $0 Transaction That Signaled a Nation-State Cyberattack
The $0 Transaction That Signaled a Nation-State Cyberattack
A $0 card test signaled a Chinese state-linked cyberattack on Anthropic’s AI platform. Learn how card-testing fraud intelligence spots nation-sta...