News
Hackers Use Mapbox Dead-Drop C2 and Python RAT to Target Vulnerability Researchers
5+ hour, 8+ min ago (624+ words) Security researchers have uncovered a long-running campaign that turns trusted proof-of-concept exploits into weapons against the very people who study vulnerabilities for a living. The operation, tracked under the name Choco Po C, hides a fully functional Python remote access…...
Multiple Apache Tomcat Vulnerabilities Allow Attackers to Bypass Authentication
1+ day, 14+ hour ago (412+ words) Rated as Important severity, this vulnerability affects Tomcat's JNDIRealm component when configured with GSSAPI authenticated bind. The flaw stems from improperly enforced security constraints on the default servlet, where configured HTTP methods or method omissions within access rules were silently…...
Anthropic's Claude Code Reportedly Uses Hidden Code to Detect Chinese Users
2+ day, 1+ hour ago (416+ words) A Reddit disclosure has ignited a serious debate about developer trust and covert surveillance, alleging that Anthropic embedded undisclosed detection logic inside its Claude Code CLI tool, specifically targeting users in China or those routing traffic through Chinese AI lab…...
Hackers Could Abuse WM_COPYDATA Callback Path to Execute Code Through Win32k Dispatch
3+ day, 5+ hour ago (681+ words) A newly detailed injection technique has put Windows systems in the spotlight, revealing how attackers could abuse a deeply embedded part of the operating system to run malicious code inside another process without raising alarms. The method exploits the Windows…...
New Claude Code Attack Allows Attackers to Take Full Control of Developers' Systems
3+ day, 1+ hour ago (646+ words) Researchers at Mozilla's Zero Day Investigative Network (0 DIN) have demonstrated a proof-of-concept attack that shows how a completely clean-looking Git Hub repository can trick AI-powered coding agents like Claude Code into silently opening a reverse shell on a developer's machine,…...
Critical Gemini CLI Vulnerability Lets Attackers Execute Arbitrary Code
3+ day, 2+ hour ago (475+ words) A critical security vulnerability in Google's Gemini CLI has been disclosed, allowing attackers to execute arbitrary code in certain CI/CD environments, particularly Git Hub Actions workflows. The issue, tracked as CVE-2026-12537, impacts multiple versions of the Gemini CLI and…...
LLM-Generated Mythic Agents Enable Disposable Red-Team Tooling From Prompt to Deployment
3+ day, 7+ hour ago (662+ words) Red teamers and offensive security researchers have entered a new era where AI can write functional attack tools from a single sentence. A concept known as "disposable tooling" is now taking shape, and the implications for defenders are real. At…...
Red Amon AI Tool that Chains Reconnaissance, Exploitation, and Post-exploitation
3+ day, 14+ hour ago (711+ words) A new open-source offensive security platform called Red Amon is redefining automated penetration testing by chaining reconnaissance, exploitation, post-exploitation, AI-driven triage, and automated code remediation all into a single end-to-end pipeline that culminates in a Git Hub pull request with…...
New Dirty Clone Linux Vulnerability Allows Attackers to Gain Root Access Via Cloned Packets
6+ day, 1+ hour ago (401+ words) A new Linux kernel local privilege escalation vulnerability, dubbed "Dirty Clone" (CVE-2026-43503), that allows unprivileged local users to gain full root access by manipulating cloned network packets through the XFRM/IPsec subsystem, all without leaving a trace in kernel logs…...
Critical python. org Vulnerability Allowed Attackers to Forge Admin-Level API Requests
6+ day, 7+ hour ago (245+ words) The vulnerability resided in python. org's release management API, where an attacker could supply an admin username paired with an arbitrary API key and have the request processed with full administrative privileges, a textbook authentication bypass. The flaw had silently…...