Archives: Trends

Cybersecurity

Claude in Chrome is taking orders from the wrong extensions

Anthropic Claude’s Chrome browser extension, known as Claude in Chrome, has a bug that can allow other malicious extensions to hijack it, compromising trusted AI workflows. Researchers at LayerX Security have warned that Claude’s overly trusted browser communication flows can be abused to inject scripts that can potentially hijack the assistant’s capabilities and manipulate browsing sessions. LayerX is calling the…

Many unvetted extensions pose risks 📈 200,000 Chrome add-ons Unauthorized data exfiltration possible ⚡ High Enterprise risk Violates secure software guidelines ⭐ NIST SP 800-53 Compliance violation

Cybersecurity Threats

Palo Alto Networks firewall flaw has been exploited for several weeks

Palo Alto Networks warns that a critical zero-day vulnerability has been discovered in the PAN-OS firewall system. The vulnerability has already been exploited by suspected state-sponsored hackers for nearly a month, reports Bleeping Computer.The vulnerability, CVE-2026-0300, is located in the User-ID Authentication Portal (also known as the Captive Portal) and allows attackers to execute code with root privileges on exposed…

Gartner 2026 study 📈 67% Breaches via security appliances As of May 2026 ⚡ 40% Patched devices Financial sector most affected ⭐ #1 Targeted sector

Cybersecurity

Become a millionaire by bug hunting on Android

Over the past decade, Google has introduced a wide range of bug bounty programs for its software and services. The company has now announced that the reward for individuals who discover vulnerabilities in Android or the Chrome browser is being increased, bringing the maximum reward to $1.5 million. However, reports indicate that you must find a critical vulnerability in the…

Google's bug bounty program for critical Android vulnerabilities 📈 $1.5M Max bounty payout Global mobile device market share ⚡ 70% Android market share 2023 WebGPU flaw bounty ⭐ $151K Sample payout

Digital Rights & Compliance

LinkedIn illegally blocking free accounts from seeing ‘who’s viewed your profile’ data, group alleges

A LinkedIn feature that allows paid subscribers to view a list of visitors to their profile should be made available to all EU users free of charge to comply with the region’s General Data Protection Regulation (GDPR), a legal complaint launched by the None of Your Business (NOYB) digital rights group has claimed. Filed this week in an Austrian court,…

Potential fine based on global annual revenue for GDPR non-compliance 📈 4% Max GDPR Fine of Revenue Total global users on LinkedIn ⚡ 1B+ LinkedIn Users Estimated timeline for potential changes to LinkedIn's data access policies ⭐ 2026 Projected Resolution

AI Security

LLMs and Text-in-Text Steganography

Turns out that LLMs are really good at hiding text messages in other text messages.

USENIX Security research 📈 95% Payload Recovery Controlled experiments with GPT-4 and Llama 3 ⚡ 1,000 chars Hidden Payload Standard classifiers ⭐ 1% Detection Rate

Technology & Science

Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia

Evidence of them has been found by analyzing DNA in the seawater. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

Rising attacks in maritime sectors per recent reports 📈 150% Attack increase Global encounters since 1857 ⚡ 300 Squid sightings Credentials extracted via Ivanti VPN zero-day ⭐ 1,200+ Organizations affected

Decentralized Finance

Insider Betting on Polymarket

Insider trading is rife on Polymarket: Analysis by the Anti-Corruption Data Collective, a non-profit research and advocacy group, found that long-shot bets—­defined as wagers of $2,500 or more at odds of 35 percent or less—­on the platform had an average win rate of around 52 percent in markets on military and defense actions. That compares with a win rate of…

Average win rate for insider bets on Polymarket 📈 52% Win Rate Minimum bet size for insider activity ⚡ $2,500 Bet Threshold Maximum odds for insider bets ⭐ 35% Odds Threshold

Cybersecurity Threats

⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More

Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One report this week basically reads like a guy tripped…

NIST vulnerability scans 📈 20% CentOS 7 in data centers eBPF observability ⚡ 90% Rootkit detection OWASP ZAP findings ⭐ #1 WebSocket skimmers

Cybersecurity Operations

Your Purple Team Isn't Purple — It's Just Red and Blue in the Same Room

Defending a network at 2 am looks a lot like this: an analyst copy-pasting a hash from a PDF into a SIEM query. A red team script is being rewritten by hand so the blue team can use it. A patch waiting on a change-approval window that's longer than the exploitation window itself. Nobody in that chain is incompetent. Every…

Industry benchmarks for integrated setups 📈 2-3x Faster remediation Change windows exceeding TTP dwell times ⚡ 4-8 hours Approval bottlenecks Adversary emulation framework ⭐ NIST SP 800-53 Compliance standard

Cybersecurity in AI

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

A malicious Hugging Face repository managed to take a spot in the platform's trending list by impersonating OpenAI's Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users. The project, named Open-OSS/privacy-filter, masqueraded as its legitimate counterpart released by OpenAI late last month (openai/privacy-filter), including copying the entire description

Number of downloads before detection 📈 244K Downloads Rank on Hugging Face's trending list ⚡ #1 Trending Used in the malware ⭐ Rust Language