Mac users searching for a trusted system optimization tool are being targeted in a new malware campaign that impersonates the popular macOS utility CleanMyMac. Security researchers warn that a...

Dutch intelligence agencies have issued a warning about an ongoing cyber campaign in which Russia-linked hackers are attempting to compromise accounts on popular encrypted messaging platforms....

Security researchers have uncovered a sophisticated mobile spyware campaign targeting Israeli users through fraudulent SMS messages impersonating Israel’s Home Front Command. The operation...

Cybersecurity researchers have uncovered a sophisticated phishing campaign that exploits a rarely monitored part of the internet’s core infrastructure. Threat actors are abusing the special-use…

This is Part 2 of my Pangle SDK research. Part 1 covered how I broke the encryption. This post covers what I found when I started comparing the decrypted data across apps.

In Part 1, I decrypted 694 Pangle SDK payloads and documented what ByteDance collects:…

An autonomous AI agent found a SQL injection in McKinsey's Lilli AI platform. What it extracted was worse than we expected.

Independent technical analysis of a Chrome extension compromise, fake update chain, and Windows-stage malware activity.

Monitor your Google Cloud API usage in real-time and auto-revoke keys before they breach your threshold.

Microsoft has released its March 2026 Patch Tuesday security updates addressing 79 vulnerabilities across its software ecosystem, including two publicly disclosed zero-day vulnerabilities. The…

Interactive map showing where Swiss municipalities host their official email. DNS analysis of all ~2,100 municipalities.

As part of our CVE monitoring, we came across GHSA-pcq9-mq6m-mvmp (CVE-2025-68402), an authentication bypass in FreshRSS, a self-hosted RSS aggregator. It ...

CVE-2026-28292 is a CVSS 9.8 remote code execution in simple-git (12.4M+ weekly npm downloads). A missing regex flag bypasses two prior CVE fixes (CVE-2022-25912, CVE-2022-25860). Full PoC, root cause analysis, and fix. Discovered by CodeAnt AI.

CVE-2026-26117 lets low-privileged users hijack Azure Arc, escalate to SYSTEM, and take over the machine’s cloud identity and RBAC access.

Summary UNISOC (Shanghai) Technologies Co., Ltd. is a top-three global fabless semiconductor company headquartered in Shanghai, specializing in 2G/3G/4G/5G mobile communication, IoT, and smart device chipsets. Formerly Spreadtrum, it serves major brands like…

Break your AI agents before someone else does. Security scanning for system prompts, MCP servers, and AI coding agents.

Posted by Sea_Warthog_4431 - 1 vote and 0 comments

All work and no tokens makes Claude a dull boy...