Cybersecurity researchers are warning that attackers are already exploiting a serious flaw in the open-source CMS MetInfo CMS, putting thousands of websites at risk. The vulnerability, tracked as CVE-2026-29014, carries a high severity score of 9.8 and allows attackers to…
Security researchers have uncovered several serious vulnerabilities in Anthropic’s Claude Code, an AI-powered coding assistant, that could let attackers run commands on a developer’s machine and steal sensitive API credentials. According to findings from Check Point Research, the weaknesses stem…
⚠️ Why LLM Infrastructure Is Becoming a Major Security Risk As more organizations deploy their own Large Language Models (LLMs), the real danger is shifting away from the models themselves and toward the systems that surround them. To keep AI…
Security researchers have revealed details about a new ransomware strain named Osiris, linked to an attack against a large food service franchisee operator in Southeast Asia in November 2025. According to investigators from Symantec and VMware Carbon Black Threat Hunter…
If you’re using the @adonisjs/bodyparser npm package, you should update to the latest version. A newly disclosed high-severity vulnerability could allow a remote attacker to write arbitrary files on your server if they can reach a file upload endpoint. The…
I want to draw attention to a new malware campaign security researchers are tracking under the name PHALT#BLYX, which is actively targeting organizations in the European hospitality sector. According to findings from Securonix, the campaign relies on ClickFix-style social engineering…
Attack Surface Management (ASM) is often sold as a way to reduce risk. In reality, what many organizations get is more data. Security teams roll out ASM tools, asset inventories expand, alerts start firing, and dashboards fill up quickly. There…
Transparent Tribe Expands Espionage Campaigns Using Advanced RAT Techniques A long-running cyber espionage group known as Transparent Tribe has been linked to a new wave of targeted attacks aimed at Indian government bodies, academic institutions, and other strategically sensitive organizations.…
Managed security services were built around people. Analysts investigated phishing clicks, suspicious logins, and endpoint misuse after alerts were triggered. That model is starting to crack. By 2026, much of what happens inside customer environments will no longer be driven…
