2+ hour, 2+ min ago  (355+ words) In a recent security advisory, Cloudflare disclosed multiple HTTP request smuggling and cache poisoning vulnerabilities in its open-source Pingora framework. Cloudflare has explicitly confirmed that its own Content Delivery Network and customer traffic are completely safe. Because Cloudflare does not…...

3+ hour, 37+ min ago  (935+ words) Internally branded "GhostLoader," this threat combines polished social engineering, encrypted payload delivery, and long'term persistence to exfiltrate almost every valuable secret a developer holds " from SSH keys and cloud credentials to AI agent configs and live browser sessions. The package…...

1+ day, 12+ min ago  (268+ words) As a result, sensitive credentials and system settings are written directly into the client's logfile in plain text. Because INFO-level logging is frequently enabled by default in production systems, this flaw presents a substantial risk of data exposure to any…...

1+ day, 5+ hour ago  (679+ words) In its latest campaigns against Indian government bodies, embassies and regional targets, the group has shifted to an AI-driven development pipeline that produces a constant stream of disposable implants in multiple languages. The goal is less about technical elegance and…...

3+ day, 53+ min ago  (519+ words) Formerly known as Aardvark, the tool is now available in a research preview. It aims to eliminate the bottleneck of manual security reviews by combining state-of-the-art AI models with automated validation, enabling development teams to ship secure code faster while…...

4+ day, 3+ hour ago  (182+ words) Discovered through a coordinated disclosure process with the AISLE Research Team, these flaws pose a serious risk to cloud infrastructure. Developers rely heavily on AWS-LC as a general-purpose library to secure digital communications. Amazon strongly recommends that all customers upgrade…...

4+ day, 2+ hour ago  (411+ words) Security researchers have uncovered a significant vulnerability in Apache ActiveMQ, a popular open-source message broker used by enterprises to route data between applications. A successful attack against a message broker can halt critical internal communications and disrupt entire application ecosystems....

4+ day, 3+ hour ago  (576+ words) New Linux Rootkits Leverage Advanced eBPF and io_uring Techniques Linux rootkits have historically received less attention than their Windows counterparts, but the rapid adoption of Linux in cloud infrastructure, containers, and IoT devices has shifted the threat landscape. Attackers are constantly…...

4+ day, 23+ hour ago  (296+ words) CVE-2026-25611 is rooted in MongoDB's'OP_COMPRESSED wire protocol, a compression feature introduced in version 3.4 and enabled by default since version 3.6. The flaw is classified under'CWE-405 (Asymmetric Resource Consumption), carrying a CVSS 4.0 score of'8.7'and a CVSS 3.1 score of'7.5 (High). It affects…...

5+ day, 23+ hour ago  (632+ words) Iran'Linked "Dust Specter" APT Deploys AI'Aided Malware Against Iraqi Officials Iran'nexus APT group "Dust Specter" is targeting Iraqi government officials with AI'assisted custom .NET malware, using dual attack chains that blend DLL sideloading, in'memory PowerShell, and ClickFix'style lures. In January…...