CVE-2026-12957 in Amazon Q is the third MCP auto-execution vulnerability in three AI coding tools. The pattern reveals a shared design failure, not just a single vendor mistake. Amazon Q’s MCP Flaw Is an Industry Warning: AI Tools Still Lack…
Category: EN
ToddyCat: your hidden email assistant. Part 2
An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications in Gmail. The attack targeted OAuth authorization tokens, allowing threat actors to gain access to Google services. This article has been…
The AI Token Costs That Can Break Cybersecurity
As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits. The post The AI Token Costs That Can Break Cybersecurity appeared first on SecurityWeek. This article has…
Boss Scam Uses DLL Sideloading to Hijack WhatsApp Web and Defraud Enterprises
The new “Boss Scam” is a sharp escalation in CEO fraud: attackers now combine impersonation, Windows DLL sideloading, and WhatsApp Web session theft to turn trusted executive channels into fraud infrastructure. The campaign was highlighted in advisories tied to India’s…
Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817
Attackers are exploiting a critical flaw in Oracle E-Business Suite, CVE-2026-46817, that allows remote, unauthenticated attackers to take over Oracle Payments. A critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, is being actively exploited in the wild, according to…
Nissan Employee Data Breached in Oracle PeopleSoft Hack
Only a handful of the 100 organizations targeted in the PeopleSoft campaign have been confirmed. The post Nissan Employee Data Breached in Oracle PeopleSoft Hack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth
A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037, carries a CVSS score of 9.8 according to ZDI.…
New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials
Convince an AI browser that it is playing a game, and it can hand over your login details. That is the finding behind BioShocking, a technique from security firm LayerX that tricked six AI browsers and assistants into copying a user’s…
UK Healthcare Sector Records Tenfold Increase in Cyber-Attacks
SonicWall records 264,000 events in first five months of 2026 as UK hospitals come under siege This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Healthcare Sector Records Tenfold Increase in Cyber-Attacks
TfL Hackers Were Known To Police For Years
Two young men who pleaded guilty to hacking Transport for London began offending as teenagers and committed numerous other offences This article has been indexed from Silicon UK Read the original article: TfL Hackers Were Known To Police For Years
Kali Linux 2026.2 Released With 9 New Tools and VM Boot Tweaking
Kali Linux team officially released Kali Linux 2026.2 right on schedule at the close of Q2 2026, delivering a compelling mix of desktop environment upgrades, infrastructure modernization, VM performance enhancements, and nine brand-new tools for penetration testers and security researchers.…
Critical SimpleHelp Vulnerability Exploited for Malware Delivery
The threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling. The post Critical SimpleHelp Vulnerability Exploited for Malware Delivery appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Critical…
Shadow AI Is Not a Tool Problem. It’s a Timing Problem.
Most AI policies are written in the future tense. Employees use AI in the present tense. That gap explains a lot about shadow AI. A governance committee may still be defining good AI use. Meanwhile, AI has already become part…
Kali Linux 2026.2 trims VM boot times, refreshes its desktops
Penetration testers who run Kali Linux inside virtual machines boot their systems faster after the 2026.2 release. The change comes from a decision about graphics firmware, the code that drives NVIDIA, AMD, and Intel GPUs. That firmware has grown large…
Over 300 UK Firms Hit by Ransomware in a Year
Report Fraud data reveals that more than half of 323 UK ransomware victims last year were SMEs This article has been indexed from www.infosecurity-magazine.com Read the original article: Over 300 UK Firms Hit by Ransomware in a Year
Australia To Double Penalty For Social Media Ban Failures
Australian government to boost maximum penalty for breaches of youth social media ban to A$99m, arguing firms not doing enough This article has been indexed from Silicon UK Read the original article: Australia To Double Penalty For Social Media Ban…
More NI Schools Warned After C2K Network Hack
Education Authority tells parents at 16 additional schools that personal data of children may have been stolen in C2K breach This article has been indexed from Silicon UK Read the original article: More NI Schools Warned After C2K Network Hack
ISA VDA 6.0.3 (part 4) — Information Security Sheet: IT Security / Cyber Security
This is the part 4 of the series about the TISAX label: TISAX getting started: A Deep Dive into the ISA Assessment Workbook (part 1). ISA VDA 6.0.3 (part 4) — Information Security Sheet: IT Security / Cyber Security Chapter…
OpenClaw for iOS: The viral open-source AI agent comes to iPhone and iPad
OpenClaw, a self-hosted personal AI assistant that connects to existing chat apps, is now available on iPhone, iPad and Apple Watch. The release brings chat, real-time voice conversations, approvals, device capabilities, and private automations to iOS. Connecting OpenClaw to iPhone…
Japan Hotel Industry Targeted With TONResolver RAT and Guest Complaint Phishing Emails
Japan’s hotel sector is the latest target of a sophisticated phishing and remote-access trojan (RAT) campaign that leverages guest-complaint lures and an unusual resilience mechanism: a TON blockchain–based dead-drop resolver. Beginning in late May 2026, attackers sent highly targeted emails…