Codex drops an HTTP/2 Bomb This article has been indexed from www.theregister.com – Articles Read the original article: OpenAI’s agent chained decade-old DoS attacks to crash web servers in seconds
Tag: EN
Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us
A surge in real-world attacks against agentic AI systems is reshaping how we think about risk. Based on 12 months of red teaming, this update introduces seven new failure modes, from supply chain compromise to goal hijacking, and the practical…
Gain visibility into DDoS attacks with flow logs in AWS Shield Advanced
Reconstructing distributed denial of service (DDoS) attack traffic used to mean combining data from multiple sources after the fact. AWS Shield Advanced attack flow logs change that—they capture traffic metadata during attacks so you can pinpoint sources, verify mitigations, and…
Gartner SRM 2026 Signals a Cybersecurity Shift From Prevention to Resilience
Gartner SRM 2026 put resilience, identity, and AI agent governance at the center of cybersecurity strategy as prevention loses ground. The post Gartner SRM 2026 Signals a Cybersecurity Shift From Prevention to Resilience appeared first on TechRepublic. This article has…
Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS
TL;DR: CVE-2026-49975, dubbed the “HTTP/2 Bomb,” is a critical remote Denial-of-Service (DoS) vulnerability affecting default HTTP/2 configurations of major web servers including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. Discovered by security firm Calif using OpenAI’s Codex, the…
Cybercriminals Shift From Fake Login Pages to Infostealer Malware in Phishing Attacks
Phishing attacks have always been one of the most common ways cybercriminals steal personal and business data. But something has quietly changed about how these attacks work. Instead of tricking people into typing passwords on fake websites, attackers are now…
Anthropic’s Claude Oceanus-v1-p Opens to Red Team Testing, but Distribution is Compromised
A next-generation Anthropic model has surfaced in restricted testing channels, but early distribution was already compromised before the evaluation formally began. References to claude-oceanus-v1-p began circulating among researchers on June 3, 2026, after the model identifier appeared inside Anthropic’s Claude…
CISA Warns of critical Magento Cache Warmer RCE flaw Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical remote code execution vulnerability affecting the Mirasvit Full Page Cache Warmer extension for Magento, tracked as CVE-2026-45247. The flaw, stemming from insecure deserialization of…
Stock Exchange Executive’s Outlook Account Targeted to Exfiltrate Credentials
A senior executive at a major global stock exchange had their Microsoft Outlook account silently compromised for five straight months, with attackers carefully siphoning emails in small batches to avoid detection. The intrusion ran from October 2025 through at least…
Reporting from Vegas: Networking, AI, and good boys
Joe’s on-the-ground report from Cisco Live U.S. is here, complete with therapy dog pictures and tips on handling conference overstimulation. This article has been indexed from Cisco Talos Blog Read the original article: Reporting from Vegas: Networking, AI, and good…
Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones
Code reviewed by WIRED uncovered an unreleased face-recognition system embedded in Meta’s smart glasses platform. It’s designed to identify people via biometric data stored on users’ phones. This article has been indexed from Security Latest Read the original article: Meta…
iFood Confirms Data Breach Affecting 1.2 Million Users in Brazil
iFood confirms a data breach affecting 1.2 million customers in Brazil, while hackers on BreachForums claim the actual theft is much larger. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original…
Malicious WhatsApp, Slack Alerts Could Have Exposed Millions of Android Users
SafeBreach found a now-fixed Gemini Android flaw that let malicious WhatsApp and Slack alerts manipulate AI responses and tools. The post Malicious WhatsApp, Slack Alerts Could Have Exposed Millions of Android Users appeared first on TechRepublic. This article has been…
US Firms Try DeepSeek as Silicon Valley AI Costs Rise
US firms are testing China’s DeepSeek as Silicon Valley AI costs rise, raising questions about savings, data residency, and risk. The post US Firms Try DeepSeek as Silicon Valley AI Costs Rise appeared first on TechRepublic. This article has been…
Microsoft 365 Android Apps Had a Token Flaw IT Teams Should Check Now
A debug flag left active in six Microsoft 365 Android apps allowed another installed app on the same device to request account tokens without user interaction. The post Microsoft 365 Android Apps Had a Token Flaw IT Teams Should Check…
U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Mirasvit Full Page Cache Warmer flaw, tracked as CVE-2026-45247 (CVSS ver 4.0…
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public.…
Researchers Show How Android Notifications Could Be Used to Manipulate Google Gemini
Security researchers have disclosed a now-remediated flaw that could have allowed specially crafted notifications from common messaging and social networking applications to influence the behavior of Google Gemini on Android devices. The research was conducted by SafeBreach researcher Or…
Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts This article has been indexed from www.infosecurity-magazine.com Read the original article: Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
CISA chief says Trump AI executive order implementation will start soon
The agency, depleted after several rounds of cuts imposed by the White House, insists it can handle its new AI security responsibilities. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: CISA chief says…