Fake IT Helpdesk? Don’t Fall for It Threat group UNC6692 is conducting phishing campaigns by impersonating IT helpdesk staff. Attackers use convincing social engineering techniques, including emails and calls, to trick victims into revealing credentials or installing remote access tools. The campaign targets organisations globally and leverages trust in internal IT teams. Researchers warn that […]

Entra ID Slip-Up Could Hand Over the Keys Microsoft has patched a vulnerability in Entra ID that could allow privilege escalation through improper role assignment handling. The flaw enabled attackers to potentially gain elevated permissions by exploiting inconsistencies in role validation. While no widespread exploitation has been reported, the issue posed a significant risk in […]

AI Tool Trips Over Classic SQL Injection A SQL injection vulnerability (CVE-2026-42208) has been identified in LiteLLM, an AI model gateway. The flaw allows attackers to manipulate database queries via unsanitised inputs, potentially leading to data exposure or modification. The vulnerability affects deployments that expose certain endpoints without proper validation. Researchers warn that exploitation could […]

cPanel Flaw Opens the Door – No Password Required (Almost) A critical authentication vulnerability has been discovered in cPanel that could allow attackers to bypass login protections under certain conditions. The flaw impacts systems using specific authentication configurations and may enable unauthorised access without valid credentials. Security researchers highlighted that exploitation could lead to full […]

North Korea Goes AI: Phishing Just Got Smarter North Korean threat actors are increasingly leveraging AI tools to enhance cyberattacks. These include phishing campaigns, malware development, and social engineering efforts. AI enables more convincing lures and automated attack scaling. Researchers observed improved impersonation tactics and faster adaptation to defences. This marks a shift towards more […]

Gemini CLI Bug: A Perfect 10 (and Not in a Good Way) Google has patched a critical vulnerability (CVSS 10) in its Gemini CLI tool that allowed remote code execution in CI/CD environments. The flaw could be exploited via malicious inputs during automated workflows, enabling attackers to execute arbitrary commands. Given the widespread use of […]

Linux “Copy Fail” Bug: When Copy & Paste Goes Rogue A newly disclosed Linux vulnerability dubbed “Copy Fail” affects core file-copying mechanisms, potentially allowing attackers to escalate privileges or corrupt data. The flaw stems from improper handling of memory during file operations, particularly when copying between privileged and non-privileged contexts. Exploitation could lead to local […]

ChatGPT Patch Fixes Data Exposure Glitch (Yes, That’s Slightly Awkward) OpenAI has addressed a security flaw in ChatGPT that could allow limited exposure of user data under specific conditions. The issue stemmed from a vulnerability that could enable users to view fragments of other users’ conversations or sensitive information due to caching or processing anomalies. […]

When Your Dependencies Betray You: The Axios Supply Chain Attack A supply chain attack targeting the popular JavaScript library Axios has been identified, where attackers injected malicious code into compromised packages. The tampered versions enabled cross-site scripting (XSS) style attacks, potentially allowing credential theft, session hijacking, and data exfiltration from affected applications. The malicious packages […]