Chrome 149 Update Patches 28 Vulnerabilities

The browser refresh resolved critical and high-severity security defects, including a dozen use-after-free bugs. The post Chrome 149 Update Patches 28 Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Chrome 149 Update…

Anthropic Disputes Fable 5 AI Jailbreak

An AI hacker claims to have achieved a prompt-based jailbreak shortly after Fable 5’s launch, but Anthropic says it’s not a real jailbreak. The post Anthropic Disputes Fable 5 AI Jailbreak appeared first on SecurityWeek. This article has been indexed…

Hackers Use UAE-India Diplomatic Lure to Deliver SHEETCREEP RAT via Google Sheets

An active espionage campaign tracked as SHEETCREEP that leverages a UAE‑India diplomatic-themed ISO lure to deliver a compact C# remote access trojan (RAT) and uses Google Sheets as its command-and-control (C2) channel. The ISO, named UAE-India_Strategic_Partnership_Week.iso, contains a deceptively iconized…

Authorities Seize AudiA6 Crypto Laundering Service Used by Cybercriminal Gangs

Authorities have dismantled a major cryptocurrency laundering infrastructure known as “AudiA6,” disrupting a critical financial backbone used by ransomware gangs and cybercriminal networks to legitimize illicit proceeds. The coordinated international operation, supported by Europol and Eurojust, targeted a service believed…

Fortinet patches FortiSandbox, GitHub disables npm scripts, Nottingham University breach

Fortinet patches a new critical FortiSandbox flaw GitHub to disable npm install scripts by default to stop supply chain attacks Nottingham University announces data breach Get the show notes here: https://cisoseries.com/cybersecurity-news-fortinet-patches-fortisandbox-github-disables-npm-scripts-nottingham-university-breach/ Thanks to our episode sponsor, Doppel Social engineering attacks…

Check Point VPN Authentication Bypass (CVE-2026-50751): Client-Controlled IKEv1 Auth Flipped by Ransomware Affiliate

A CVSS 9.3 flaw in Check Point Remote Access VPN let unauthenticated attackers bypass certificate validation by supplying a crafted IKEv1 VendorID payload — exploited for 32 days before a patch, with one confirmed Qilin ransomware post-compromise chain. Check Point…

Researcher Uses AI to Hack Google, Earns $500,000 Bug Bounty

Researcher Arvin Shivram has earned $500,000 in bug bounties from Google’s Vulnerability Reward Program (VRP) by deploying an AI-powered fuzzing framework against Google’s internal API infrastructure, uncovering critical access-control flaws across multiple high-impact services in under 3 months. The research began after Shivram was…