Breaking cybersecurity news, vulnerability disclosures, and industry updates.
Noma Labs discovered a critical flaw in Docker's Ask Gordon AI assistant allowing attackers to hijack AI reasoning through malicious image metadata, leading to remote code execution or data exfiltration.
NationStates shut down its site after a vulnerability reporter chained input sanitization flaws to achieve remote code execution, copying user emails, password hashes, and IP addresses.
Lotus Blossom APT compromised Notepad++'s hosting provider to intercept update traffic and deliver the Chrysalis backdoor to targeted government and financial organizations over a six-month period.
CVE-2026-22778, a critical RCE in vLLM versions 0.8.3-0.14.0, chains a PIL information leak with a JPEG2000 heap overflow to achieve code execution through a malicious video link.
CVE-2026-25253 (CVSS 8.8) allows attackers to steal authentication tokens and achieve RCE through a single malicious link via cross-site WebSocket hijacking—even on localhost-only OpenClaw instances.
Over 400 malicious OpenClaw AI agent skills on ClawHub deploy Atomic Stealer via ClickFix-style social engineering. The hightower6eu account alone published 314 malicious skills targeting crypto and developer credentials.
Microsoft will disable the 33-year-old NTLM authentication protocol by default in future Windows releases through a phased rollout: enhanced auditing now, Kerberos improvements in H2 2026, and disabled-by-default in future major releases.
JFrog discovered two sandbox escape flaws in n8n: CVE-2026-1470 (CVSS 9.9) bypasses JavaScript sandboxing via deprecated 'with' statement, and CVE-2026-0863 (CVSS 8.5) escapes Python restrictions via AttributeError.obj.
A phishing campaign uses clean PDF attachments hosted on Vercel to redirect victims to fake Dropbox login pages, bypassing email security by avoiding traditional malware or suspicious links.
CVE-2025-8088 (CVSS 8.8), a path traversal flaw abusing Windows Alternate Data Streams, continues to be exploited by Russian APTs, Chinese actors, and cybercriminals to achieve persistence via Startup folder drops.
A single threat actor is conducting automated attacks against exposed MongoDB instances, wiping databases and demanding 0.005 BTC per server, with 208,500 instances publicly exposed worldwide.
The European Union's AI Act marks one year of prohibited AI enforcement on February 2, 2026, triggering Article 112's mandated Commission review. High-risk AI rules take effect August 2027.