The News.
Daily intel.
Daily breach reporting, CVE disclosures, malware analyses, and threat campaigns. Yesterday's incidents, this morning's coverage — written by practitioners for the analysts and defenders who need it first.
CVE-2026-0257: Palo Alto GlobalProtect Auth Bypass Exploited in Wild
CVE-2026-0257 auth bypass in Palo Alto GlobalProtect is actively exploited. CISA KEV listed, patch by June 19. Affects PAN-OS 10.2 through 12.1.
CVE-2026-39987 Marimo RCE: LLM Agent Steals Database in 58 Minutes
CVE-2026-39987 (CVSS 9.3 Critical) in Marimo Python notebooks was weaponized by an LLM agent that pivoted from unauthenticated shell to full database dump…
The Com: Cybercrime Subculture Linking DDoS, Violence, and Child Exploitation
The Com is a decentralized cybercrime subculture of 11–25-year-olds using DDoS, SIM swaps, sextortion, and real-world violence.
Malicious Sicoob NuGet Steals Bank Certs; 14 npm Packages Hit CI/CD
Malicious Sicoob.Sdk NuGet package (v2.0.0–2.0.4) steals PFX banking certificates. Simultaneously, 14 npm packages by 'vpmdhaj' harvest AWS and CI/CD…
GreyVibe: Russia Uses ChatGPT and Gemini to Launch AI-Powered Cyberattacks
WithSecure exposes GreyVibe, a Russia-nexus cluster using ChatGPT and Gemini to craft phishing lures and develop malware targeting Ukraine.
Charter Communications Breach: ShinyHunters Steals 4.9M Accounts
ShinyHunters hacked Charter Communications via voice phishing on April 1, 2026, stealing 4.9 million customer records now listed on Have I Been Pwned.
2,000 Vibe-Coded Apps Expose Corporate Data: Security Tools Miss Them All
RedAccess found 380K+ vibe-coded apps publicly accessible; 5,000 leak sensitive data. Endpoint agents, DLP, and CASB all fail to detect AI-built shadow IT.
Chrome DBSC Now Protects All Users Against Session Cookie Theft
Google's Device Bound Session Credentials (DBSC) now protects all Chrome users from infostealer session cookie theft by binding sessions to hardware TPM…
ChatGPT Prompt Injection Turns Web Pages Into Phishing Payloads
Unpatched ChatGPT prompt injection lets attackers hijack AI responses, inject phishing URLs, and bypass all desktop defenses with a QR code pivot to…