ACE (the Alliance for Creativity and Entertainment) has dismantled AnimePlay — an Android APK-based piracy app run from Riau, Indonesia — by seizing its entire backend: 29 GitHub repositories with source code, servers, databases, advertising tools, 15 domains and the hosting environment. AnimePlay had operated since 2020, amassed more than 5 million registered users and […]
Ajax Amsterdam’s early-2026 breach exposed a systemic flaw in its ticketing app: a shared digital key allowed mass unauthorized access to personal data and, crucially, to operational controls — reassigning more than 42,000 season tickets and flipping over 538 active stadium bans were all possible, not just isolated data reads. Who this matters for now: […]
A recent campaign abuses TikTok for Business’ use of Google Single Sign-On and the platform’s permissive profile bio redirects to mount reverse-proxy AITM phishing that captures credentials and session cookies, then pivots into Google Ad Manager for large-scale ad fraud — all while evading two-factor protections with Cloudflare Turnstile–protected pages hosted on Google Storage. How […]
GitHub is rolling AI-powered security detections into the same workflow where developers review code, pairing those models with CodeQL static analysis to extend coverage into Shell/Bash, Dockerfiles, Terraform, PHP and other gaps in traditional scanning. The payoff is broader, earlier detection and faster remediation; the trade-off is additional governance and human review to catch AI […]
The resale of premium AI accounts for services such as ChatGPT, Claude, and Microsoft Copilot on Telegram groups and dark‑web forums is not a small credential-theft side market anymore; it is becoming foundational infrastructure for scalable AI-powered crime. That shift matters because it turns advanced model access into a commodity that non‑technical and semi‑skilled operators […]
CVE-2026-4681 is a critical remote-code-execution flaw in PTC Windchill PDMLink and FlexPLM tied to unsafe deserialization; independent detections show Indicators of Compromise (IOCs) consistent with active exploitation attempts, so organizations running affected versions should treat this as an incident in progress rather than a purely theoretical risk. Which deployments are at highest immediate risk The […]
The March 19 shutdown at the Dutch Ministry of Finance and a cluster of July outages across Curaçao, Aruba and the Joint Court of Justice show a single practical lesson: when governments share vendors, a single exploitable component can turn into a regional operational crisis. What stopped working and when On March 19 the Dutch […]
Varonis Systems has launched Varonis Atlas, an end-to-end AI security platform that combines continuous AI asset discovery, runtime protection, threat detection, and governance with the company’s data-sensitivity context. The product is pitched as more than a discovery or monitoring tool: Atlas aims to close blind spots from shadow AI through to live model interactions and […]
VoidStealer v2.0 demonstrates a concrete condition under which Chrome’s Application-Bound Encryption (ABE) can be bypassed: if the browser places the v20_master_key into user-mode registers during decryption, a debugger that sets hardware breakpoints can capture that key without SYSTEM privileges or code injection. How VoidStealer v2.0 captures the master key during Chrome startup The attack starts […]
The European Union has shifted from broad sanctions rhetoric to targeted measures aimed at private cyber contractors from China and Iran, with the explicit goal of degrading their ability to operate against European targets. Those measures—asset freezes, travel bans and prohibitions on EU financial support—apply now to 19 individuals and seven entities identified in recent […]
On March 11, 2026, an Iran-linked group calling itself Handala used compromised Microsoft Entra ID and Intune administrative access to remotely wipe more than 200,000 devices in 79 countries. The incident demonstrates a specific danger: legitimate MDM capabilities can be weaponized through stolen admin credentials, producing destruction without any endpoint malware. How a single admin […]
OpenAI’s recent agreement to allow its models inside classified Pentagon systems has already shifted the battlefield calculus: its conversational AI is slated to assist human analysts with targeting and integrate with drone‑defense platforms, a move linked to operations around Iran and raising concrete oversight questions. Authorization, deployments, and the Iran connection The Pentagon’s decision to […]
