Latest updates from the world of IT and cybersecurity
Search all news articles
A heap over-read vulnerability introduced in a 1997 FTP parser change allows a malicious co-user of a shared Squid proxy to read other users' cleartext HTTP requests, including authorization headers and session tokens.
Security researchers discovered multi-tenant isolation failures in the Dify AI platform that allowed attackers to read private conversations from other tenants, preview their uploaded documents, and reach internal APIs — threatening the privacy of over one million applications built on the platform.
A high-severity use-after-free vulnerability lurking in Samsung's KNOX security framework for eight years left Galaxy devices from the S9 through S25 series vulnerable to kernel-level attacks. The flaw has now been patched, but its longevity raises serious questions about security review processes in flagship device platforms.
The FortiBleed campaign's operators weaponize Fortinet's own built-in diagnostic command to run a custom Golang sniffer that intercepts 24 authentication protocols — turning compromised FortiGate devices into self-sustaining credential harvesting platforms feeding 650+ parallel pipelines.
A financially motivated Russian-speaking initial access broker behind the FortiBleed campaign has been systematically harvesting credentials from over 430,000 FortiGate firewalls worldwide since February 2026, amassing more than 110 million stolen credentials for sale on criminal markets.
GitHub released actions/checkout v7 on June 18, 2026, adding default protections that refuse to fetch fork PR code inside pull_request_target workflows — closing a widely misused CI/CD privilege escalation vector responsible for secrets theft at Nx, PostHog, TanStack, and others.
The Icarus extortion group compromised Klue, an AI-powered competitive intelligence platform, harvesting OAuth tokens to drain CRM data from hundreds of enterprise Salesforce environments — including LastPass, Huntress, HackerOne, and Recorded Future.
Elastic Security Labs has uncovered OXLOADER, a sophisticated new malware loader using malvertising via Google Ads to target developers searching for Node.js, ultimately deploying the CastleStealer information stealer with heavy obfuscation and anti-analysis techniques.
OpenAI has released GPT-5.5-Cyber, its most capable security model yet, as part of the Daybreak initiative — targeting real-world vulnerabilities in Chrome V8, Safari, Firefox, and critical open-source infrastructure like cURL and Python.