Ciphers Security Articles by: Team Ciphers Security
NHS England Orders GitHub Repos Private Over AI Vulnerability Analysis Fears
News

NHS England Orders GitHub Repos Private Over AI Vulnerability Analysis Fears

NHS England is close-sourcing hundreds of GitHub repositories by May 11, citing Anthropic Mythos AI's ability to find vulnerabilities at scale. Critics say

Read More
Microsoft Edge Loads All Saved Passwords into Cleartext Memory at Launch — Won't Fix
News

Microsoft Edge Loads All Saved Passwords into Cleartext Memory at Launch — Won’t Fix

A researcher found Microsoft Edge decrypts every saved password into process memory at startup and keeps them there. Microsoft says it's by design.

Read More
WhatsApp Patches CVE-2026-23863 File Spoofing and CVE-2026-23866 URL Scheme Flaw
News

WhatsApp Patches CVE-2026-23863 File Spoofing and CVE-2026-23866 URL Scheme Flaw

Meta patches two WhatsApp vulnerabilities: CVE-2026-23863 (file spoofing via NUL byte, CVSS 6.5) on Windows and CVE-2026-23866 (arbitrary URL scheme, CVSS 4.3) on

Read More
1 Million Exposed AI Services Scanned: LLM Security Is Worse Than Anything Before
News

1 Million Exposed AI Services Scanned: LLM Security Is Worse Than Anything Before

Researchers scanned 1 million exposed AI services in 2026 and found rampant misconfigurations: 31% of Ollama servers unauthenticated, 48% expose tool-calling APIs, MCP

Read More
ScarCruft Supply Chain Attack Deploys BirdCall Backdoor on Android and Windows
News

ScarCruft Supply Chain Attack Deploys BirdCall Backdoor on Android and Windows

North Korea's ScarCruft (APT37) compromised a gaming platform to deploy BirdCall malware on Android and Windows, targeting ethnic Koreans in China's Yanbian region.

Read More
CVE-2026-29014: MetInfo CMS PHP Injection Exploited in the Wild
News

CVE-2026-29014: MetInfo CMS PHP Injection Exploited in the Wild

CVE-2026-29014 is a CVSS 9.8 PHP code injection flaw in MetInfo CMS 7.9–8.1. Active exploitation surged May 1. Patch now or disable the

Read More
Vimeo Data Breach: ShinyHunters Steals 119,000 Users via Anodot Supply Chain
News

Vimeo Data Breach: ShinyHunters Steals 119,000 Users via Anodot Supply Chain

ShinyHunters breached Vimeo via analytics vendor Anodot, exposing 119,000 user emails. Credentials and payment data were not affected. Full breach details inside.

Read More
Bleeding Llama: CVE-2026-5757 Exposes 300,000 Ollama AI Servers, No Patch Available
News

Bleeding Llama: CVE-2026-5757 Exposes 300,000 Ollama AI Servers, No Patch Available

CVE-2026-5757 (Bleeding Llama) is a critical, unpatched heap memory leak in Ollama affecting 300,000 deployments. Attackers can exfiltrate API keys and private data

Read More
Apache MINA CVE-2026-42778 and CVE-2026-42779: Dual CVSS 9.8 RCE Patched
News

Apache MINA CVE-2026-42778 and CVE-2026-42779: Dual CVSS 9.8 RCE Patched

Apache MINA patches two CVSS 9.8 deserialization RCE flaws (CVE-2026-42778, CVE-2026-42779) plus Apache HTTP Server CVE-2026-23918. Upgrade now.

Read More
Karakurt Ransomware Negotiator Gets 8.5 Years for $56M Extortion Campaign
News

Karakurt Ransomware Negotiator Gets 8.5 Years for $56M Extortion Campaign

Deniss Zolotarjovs, a Karakurt ransomware negotiator, was sentenced to 102 months in US federal prison for extorting 54+ companies including a pediatric healthcare

Read More