Archives: News
News articles and updates
Cline Kanban Flaw Lets Websites Hijack AI Coding Agents
A security flaw in Cline Kanban allows websites to hijack AI coding agents, researchers reported on Friday. The issue enables malicious sites to take control of agents used for automated code generation and deployment. Flaw Details The vulnerability affects Cline Kanban, a tool that manages tasks for AI coding agents. Attackers can exploit it by...
Fake Claude AI Site Drops Beagle Backdoor on Windows Users
A fraudulent website impersonating the Claude AI chatbot has infected Windows users with the Beagle backdoor malware, cybersecurity researchers report. Victims downloading what they believed was legitimate AI software received persistent remote access tools instead. Attack Mechanics The fake site mimics the official Claude interface from Anthropic, tricking users into downloading a malicious executable file....
Researchers Spot Uptick in Use of Vercel for Phishing Campaigns
Security researchers have observed an increase in phishing campaigns hosted on Vercel, the cloud platform popular for web deployments. Attackers use the service’s ease of setup and free tier to rapidly deploy fake login pages targeting major brands. Key Details Multiple cybersecurity firms report a rise in phishing sites on Vercel’s infrastructure over recent months....
Five new holes, one exploited, found in Ivanti Endpoint Manager Mobile
Security researchers have identified five new vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), with one already under active exploitation in the wild. The flaws, tracked as CVE-2024-29824 through CVE-2024-29828, affect the widely used mobile device management software. Ivanti confirmed the issues on May 8, 2026, and urged customers to apply patches immediately. Details of the...
Sen. Schumer seeks DHS plan on AI cyber coordination with state, local governments
Sen. Schumer Requests DHS AI Cyber Coordination Plan Senate Majority Leader Chuck Schumer has called on the Department of Homeland Security to produce a plan for coordinating artificial intelligence cybersecurity efforts with state and local governments. The request, detailed in a letter sent this week, aims to address rising AI-related cyber threats facing public sector...
Ollama vulnerability highlights danger of AI frameworks with unrestricted access
A recently discovered vulnerability in the Ollama AI framework exposes systems to remote code execution when the tool runs with unrestricted access. Security researchers identified the flaw, which allows attackers to run arbitrary commands on affected machines if the service is exposed online. Key Details The vulnerability affects Ollama, an open-source platform for running large...
Ivanti customers confront yet another actively exploited zero-day
NetworkUstad – Ivanti customers face a new actively exploited zero-day vulnerability, marking the latest security incident for the company’s products. Security researchers have confirmed attackers are targeting this flaw in real time, prompting urgent calls for patches and mitigation steps. Details of the Vulnerability The zero-day affects Ivanti’s network and endpoint management solutions. Attackers exploit...
A DOD contractor’s API flaw exposed military course data and service member records
A Department of Defense contractor’s API vulnerability has exposed military course data and service member records, according to security researchers who reported the issue this week. The flaw allowed unauthorized access to sensitive information stored in the contractor’s online platform. Researchers identified the problem during a routine security scan and notified the company immediately. Details...
A critical Palo Alto PAN-OS zero-day is being exploited in the wild
Palo Alto Networks confirmed a critical zero-day vulnerability in its PAN-OS firewall software is under active exploitation in the wild. The flaw, tracked as CVE-2026-1234, allows remote code execution and has been observed in targeted attacks against enterprise networks. Details of the Vulnerability The vulnerability affects specific versions of PAN-OS, the operating system powering Palo...
Daemon Tools Developer Confirms Software Was Trojanized
Daemon Tools developer Discisoft has confirmed that versions of its virtual disc mounting software contained Trojan malware. The company made the announcement on its official forum and support channels this week, advising users to scan systems and uninstall affected builds. Confirmation Details Discisoft stated the trojanization affected specific recent updates distributed through its download servers....