LinkedIn runs hidden JavaScript that checks for thousands of Chrome extensions inside users’ browsers, links those findings to identifiable LinkedIn profiles, and shares the results with third parties — a practice uncovered by Fairlinked e.V. in early 2026 that now sits at the intersection of GDPR Article 9 and the EU Digital Markets Act (DMA). […]
Between Nov 9 and Nov 25, 2023, Daniel Rhyne — a 57‑year‑old core infrastructure engineer — used legitimate administrator privileges and a hidden virtual machine on his company laptop to change passwords and schedule shutdowns that locked IT staff out of 254 Windows servers and 3,284 workstations. This was an insider sabotage operation that looked […]
In March 2026 an accidental release of 512,000 lines of Anthropic’s Claude Code source combined with concurrent InstallFix social‑engineering campaigns to create a single, practical threat: attackers now pair intimate knowledge of an AI agent’s internals with cloned install pages that convince developers to run one-line commands that deploy credential‑stealing malware. What the leak actually […]
CrystalRAT (aka CrystalX RAT) is being sold openly on Telegram as an easy-to-use malware package, but calling it merely “prankware” misses the point: it is a modular malware-as-a-service that combines full remote access, clipboard-based cryptocurrency theft, and nuisance/psychological disruption into a single commercially marketed toolkit. Why the “prank” label understates the risk Security vendors and […]
More than half of surveyed enterprises — 56% — reported at least one cyberattack that exploited VPN vulnerabilities in the past year, up from 45% the year before. With 91% of organizations saying VPNs weaken their security posture and 78% planning Zero Trust rollouts within 12 months, the industry is pivoting toward Zero Trust Network […]
Mercor’s recruiting platform was breached after attackers slipped malicious code into a published LiteLLM package, turning a widely reused open‑source proxy into a broad data exfiltration channel. The incident — detected and removed from distribution within hours but still exploited — exposed terabytes of sensitive material and has forced immediate, industry‑wide dependency audits and credential […]
AI agents aren’t just smarter chatbots; they operate with distinct identities and degrees of autonomy that let them act on infrastructure and data. That identity-plus-autonomy combo requires enterprises to move security from conversational filters to identity governance, least-privilege controls, and operational checkpoints. Three agent types and why identity changes the problem Enterprises now deploy three […]
CareCloud disclosed a March 16, 2026 intrusion that specifically hit its cloud-based EHR environment; the company said it contained the incident the same day, filed a Form 8‑K with the SEC, and is still investigating the scope of exposed patient records. Providers who run clinical workflows on that EHR face operational choices now — from […]
F5‘s BIG-IP Access Policy Manager vulnerability CVE-2025-53521—originally treated as a denial-of-service issue—was reclassified as an unauthenticated remote code execution (RCE) after March 2026 intelligence showed active exploitation. The change forced CISA into the Known Exploited Vulnerabilities (KEV) list and triggered federal patch mandates; organizations must treat this as an immediate compromise risk, not a mere […]
The key fact: Iran-linked hackers tied to the Handala Hack Team breached FBI Director Kash Patel’s personal Gmail, publishing photos and emails from 2010–2019 that contained no classified or agency files. That choice—targeting a private account rather than FBI systems—signals a deliberate trade-off: lower technical complexity in exchange for political and psychological effect. Who this […]
Infiniti Stealer is a recently documented macOS infostealer that relies on a fake CAPTCHA (the ClickFix technique) and a Nuitka-compiled Python payload to evade detection — it succeeds because it manipulates users, not by exploiting a software vulnerability. How the attack actually reaches a user In observed samples the initial lure is a Cloudflare-style CAPTCHA […]
On March 27, 2026 the Telnyx Python SDK on PyPI was backdoored by the actor known as TeamPCP using stolen maintainer credentials — not typosquatting. Malicious code landed only in telnyx/_client.py inside published releases 4.87.1 and 4.87.2 (no corresponding GitHub tags or releases), and the package’s ~700,000 monthly-download footprint made the trojanized SDK a high-value […]
