Microsoft has introduced a new security architecture to safeguard autonomous AI agents on Windows, unveiling the Microsoft Execution Containers (MXC) SDK at Build 2026. The move reflects a growing industry concern: as AI agents evolve from passive assistants into autonomous…
Tag: EN
AI-Generated Malware Powers New Armored Likho APT Campaign
Armored Likho APT uses AI-generated malware, phishing, and BusySnake Stealer to target governments and power grids in Russia, Kazakhstan, and Brazil. Kaspersky’s threat research team has documented a previously unknown APT group they’re calling Armored Likho, also tracked under the…
PHP PDO Emulated Prepares Expose pdo_pgsql to NULL Pointer Dereference Crash
A recent security audit of PHP’s PDO ecosystem uncovered a denial-of-service vector in the pdo_pgsql driver that can crash PHP processes when emulated prepared statements are enabled. PDO’s parser assumes a valid zend_string and dereferences it, triggering a NULL pointer…
16-Year-Old Januscape KVM Escape Vulnerability Lets Attackers Compromise Linux Hosts
A newly disclosed vulnerability in the Linux kernel, tracked as CVE-2026-53359 and named “Januscape,” reveals a 16-year-old flaw in KVM/x86 virtualization. This vulnerability allows guest virtual machines (VMs) to escape to the host under specific conditions, raising significant concerns for…
Data Protection with Foresight: Why G DATA Relies on External Support from Bitkom Consult
Data protection has long been more than just a legal obligation. In the age of AI, cloud technologies, and increasingly strict regulatory requirements, it is becoming a decisive success factor for companies. In this interview, Andreas Lüning, Executive Board Member…
16-Year-Old Linux KVM Vulnerability Allows Malicious Guest to Corrupt Host Kernel Memory
A newly disclosed Linux Kernel-based Virtual Machine (KVM) vulnerability, tracked as CVE-2026-53359 and dubbed “Januscape,” exposes a critical flaw that allows a malicious guest to corrupt host kernel memory, breaking the fundamental isolation guarantees of virtualization. The issue, which remained…
Tenda Authentication Backdoor Grants Attackers Full Administrative Access
A newly disclosed vulnerability in Tenda network devices exposes a critical authentication backdoor that allows attackers to gain full administrative access without valid credentials. The flaw affects multiple firmware versions across several Tenda router models, including the FH1201, W15E, AC10,…
Hackers Exploit Maximum Severity Adobe ColdFusion Flaw
Threat actors are exploiting an Adobe ColdFusion vulnerability which has a CVSS score of 10.0 This article has been indexed from www.infosecurity-magazine.com Read the original article: Hackers Exploit Maximum Severity Adobe ColdFusion Flaw
Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks
Januscape: A 16-year-old Linux KVM flaw lets cloud VM tenants crash hosts and potentially escape guests. It affects Intel and AMD systems. Security researcher Hyunwoo Kim has published details of a use-after-free vulnerability in Linux’s KVM hypervisor that allows code…
CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices’ web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. “An attacker can…
India tax RAT, prompt injection crypto scam, France pushes quantum-safe
Suspected China-Nexus hackers use fake Indian tax filing utility to deploy DcRAT Prompt injection attacks trick AI Agents into making crypto payments France to stop certifying products without quantum-safe encryption Get the show notes here: https://cisoseries.com/cybersecurity-news-india-tax-rat-prompt-injection-crypto-scam-france-pushes-quantum-safe/ Thanks to our episode…
Fake Interview Phishing Campaign Impersonates Top Brands to Steal Gmail Credentials
A sophisticated interview-themed phishing campaign that impersonates major global brands to harvest Gmail credentials. Attackers pose as recruiters offering marketing roles at well-known companies, leveraging personalized targeting and a layered redirection chain that uses legitimate platforms to mask malicious intent.…
Windows Device Identifier Feature Leads to Arrest of Scattered Spider Hacking Group Member
A persistent Microsoft device identifier was used to unravel the anonymity of an alleged Scattered Spider operator, according to a federal superseding complaint filed in the Northern District of Illinois. Peter Stokes, 19, a dual U.S.–Estonian citizen who allegedly used…
Critical BeyondTrust Flaws Let Attackers Bypass Access Controls and Gain Unauthorized Access
BeyondTrust has disclosed multiple critical and high-severity vulnerabilities affecting its Remote Support (RS) and Privileged Remote Access (PRA) solutions, potentially allowing attackers to bypass access controls and gain unauthorized access to sensitive systems. The issues are tracked under Advisory ID…
Researchers make the case for a cybersecurity AI scientist
Autonomous AI agents have started doing real security work. Language-model agents probe software for flaws, run penetration tests, and chain together attack steps that once needed a human operator. Research about security has stayed slower and more manual, built around…
Hackers Abuse Cross-Tenant Teams Chat to Deliver EtherRAT Through Malicious MSI Loader
A coordinated social-engineering campaign observed in late June 2026 combined email phishing with an abused Microsoft Teams cross‑tenant chat to deliver a sophisticated EtherRAT implant via a malicious MSI loader. Initial access began with a targeted email masquerading as internal…
Windows Device ID Helped Authorities Track Scattered Spider Hacking Group Member
Authorities used a persistent Windows Global Device ID, along with VPN telemetry and cloud service records, to connect the infrastructure used in a major extortion attack to a 19-year-old member of the Scattered Spider group, Peter Stokes. In a superseding…
Review: Building Machine Learning Systems with a Feature Store
Many people come to machine learning by training a model on a tidy dataset, and then meet a harder problem: making that model work for real users, on fresh data, every day. Jim Dowling’s O’Reilly book, Building Machine Learning Systems…
BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA
BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices. The vulnerabilities are listed below –…
EU Top Court Dismisses Google Appeal Over Record €4.1bn Fine
European Court of Justice throws out appeal over EU fine penalising Google’s deals to promote its own services on its Android platform This article has been indexed from Silicon UK Read the original article: EU Top Court Dismisses Google Appeal…