Security
Cursor vulnerable to “catastrophic budget drain:” vibe coder finds a way to spend $1 million
Developers without admin privileges or attackers with limited access can bankrupt smaller companies simply by raising Cursor and AWS Bedrock spending limits, a report by OX Security has revealed.
Read more about Cursor vulnerable to “catastrophic budget drain:” vibe coder finds a way to spend $1 million
Hackers say Volkswagen dealership’s client list is now for sale
Hackers claim to have breached a Volkswagen dealership. The client's data is allegedly up for sale.
Read more about Hackers say Volkswagen dealership’s client list is now for sale
Check Point links US cyberattacks to global crises in new clash warning
Cyberattacks against the United States are no longer isolated events that cause only temporary technical inconvenience. According to Check Point, a cybersecurity company, they’re now mostly coordinated campaigns aimed at weakening Washington.
Read more about Check Point links US cyberattacks to global crises in new clash warning
Infostealers on the rise: time to take action, Australia recommends
The Australian Cyber Security Centre (ACSC) has been tracking and monitoring an increase in activity related to information-stealing malware, also known as infostealers.
Read more about Infostealers on the rise: time to take action, Australia recommends
Compromised Next.js devices weaponized by attackers: thousands remain vulnerable
Security researchers warn that hundreds of already compromised Next.js devices are hitting honeypots, while tens of thousands of servers remain vulnerable to the critical React vulnerability.
Read more about Compromised Next.js devices weaponized by attackers: thousands remain vulnerable
Russian hackers claim looting of secret big tech hardware designs
Everest Ransomware claims to have stolen over 100,000 sensitive engineering files from Benchmark Electronics, potentially exposing the inner workings of some of the world’s most advanced technology manufacturers.
Read more about Russian hackers claim looting of secret big tech hardware designs
US military contractor breach expose employee data
MAG Aerospace, military contractor for the US military in intelligence, surveillance and reconnaissance, suffered a breach exposing its employee data.
Read more about US military contractor breach expose employee data
Attack on the home of Spam exposes details of thousands
A ransomware attack on Minnesota’s Mower County exposed tens of thousands of its residents, the local government organization revealed in a recent breach notice.
Read more about Attack on the home of Spam exposes details of thousands
New ranking reveals 2 hottest cybersecurity skills
Some companies have been forced to hire underqualified and inexperienced people to fill cybersecurity roles. That’s just how bad the situation with cybersecurity industry skills shortages is.
Read more about New ranking reveals 2 hottest cybersecurity skills
View an ad an you’re cooked: Intellexa planted spyware with zero clicks
If you think an adblocker is optional, think again. Simply loading a single advertisement on any legitimate website or app was enough to secretly plant Intellexa’s Predator, one of the most advanced commercial spyware tools, linked to human rights abuses across many countries.
Read more about View an ad an you’re cooked: Intellexa planted spyware with zero clicks
Vibe coding disaster: Gemini 3 Pro “absolutely devastated” after it wipes entire drive
An app developer from Greece used an AI agent, powered by Google’s Gemini 3 Pro, to develop an image selector app. Instead, the bot wiped the entire D drive, making it unrepairable. “I lost a lot, a lot of things,” the developer warns.
Read more about Vibe coding disaster: Gemini 3 Pro “absolutely devastated” after it wipes entire drive
New “GhostFrame” kit fuels 1M+ ultra‑stealth phishing attacks
A new phishing framework called GhostFrame, built around an ultra-stealthy iframe architecture, has been linked to more than one million attacks. But it’s different from most other phishing kits.
Read more about New “GhostFrame” kit fuels 1M+ ultra‑stealth phishing attacks
CISA advisory on China's BRICKSTORM malware: “Treat this threat with the seriousness it demands”
A new BRICKSTORM malware advisory released by CISA on Thursday aims to help organizations defend their systems against the backdoor APT – a stealthy, evasive cyberespionage threat already in use by PRC-backed nation-state attackers.
Read more about CISA advisory on China's BRICKSTORM malware: “Treat this threat with the seriousness it demands”
Despite Microsoft’s secret patch, LNK loophole remains viable for hackers to deliver malware
Hackers have been stuffing seemingly innocuous LNK files with malware, invisible to users, and Microsoft has been reluctant to plug this hole. In November, the tech company released a silent patch that does almost nothing to stop the attackers. A third-party service offers an alternative unofficial update.
Read more about Despite Microsoft’s secret patch, LNK loophole remains viable for hackers to deliver malware
Tehran-linked hackers attack Israel using malware inspired by retro game
Iranian nation-state hackers have been inspired by a legendary mobile phone time-killing mainstay, say security researchers, who spotted them downloading malware masquerading as the Snake video game.
Read more about Tehran-linked hackers attack Israel using malware inspired by retro game
“Worst case scenario” vulnerability found in React, Next.js
A critical security flaw has been discovered in React, one of the most widely used JavaScript libraries for building websites. The bug enables external attackers to run privileged, arbitrary code on servers without any authorization.
Read more about “Worst case scenario” vulnerability found in React, Next.js
CISA issues new guidance for secure AI deployment in critical operational technology (OT) systems
Critical infrastructure operators across the West were issued new guidance on Wednesday on how to securely integrate artificial intelligence into operational technology (OT) – all to help reduce the risk of targeted attacks.
Read more about CISA issues new guidance for secure AI deployment in critical operational technology (OT) systems
UK’s cyber tool blocks a billion clicks from landing on malicious sites
The UK online crime disruption tool prevented a billion visits to known malicious websites – a figure that’s 14 times larger than the country’s total population.
Read more about UK’s cyber tool blocks a billion clicks from landing on malicious sites
US AI giants face trillion-dollar dilemma as cheaper Chinese models take two of top five positions
DeepSeek is now more than twice as intelligent as it was when it was first released a year ago. While the new model is still slightly behind the best from Google, Anthropic, or OpenAI, it will complete the same job at least 22 times cheaper.
Read more about US AI giants face trillion-dollar dilemma as cheaper Chinese models take two of top five positions
Insuretech firm leaks millions of personal records, future travel data
Companjon, an insurance technology company, exposed an unprotected Kafka stream, leaking millions of logs, including travel itineraries, full names, emails, and other personally identifiable information.
Read more about Insuretech firm leaks millions of personal records, future travel data
