Stay updated with the latest vulnerabilities, exploits, and threat intelligence curated for security professionals.
Researchers show the ChatGPT Atlas browser omnibox can be tricked by URL-like prompt injections that execute hidden commands or navigate to attacker sites β a serious AI-browser prompt-injection risk.
Read MoreβThe ransomware group Qilin (aka Agenda) is deploying a hybrid attack using a Linux payload on Windows systems and a Bring-Your-Own Vulnerable Driver (BYOVD) exploit chain, expanding beyond traditional ransomware tactics. 84 victims reported per month. :contentReference[oaicite:1]{index=1}
Read MoreβResearchers disclose a persistent memory injection exploit in the ChatGPT Atlas browser that uses CSRF to plant hidden instructions in the AI's memoryβallowing attackers to trigger malicious actions across sessions and devices.
Read MoreβMicrosoft released an out-of-band emergency update to patch CVE-2025-59287 in Windows Server Update Services (WSUS), a remote code execution vulnerability being exploited in the wild. Systems with WSUS enabled must patch immediately.
Read MoreβThe U.S. CISA has flagged a critical zero-day in Motex Lanscope Endpoint Manager, CVE-2025-61932 (CVSS 9.3+), enabling remote code execution via malformed packets. Patch by Nov 12 2025 or isolate systems.
Read MoreβMore than 250 e-commerce stores using Magento Open Source / Adobe Commerce were attacked within 24 hours after the disclosure of CVE-2025-54236, a critical improper-input-validation bug. Immediate patching advised.
Read Moreβ