DHS Asks OpenAI To Share Information on ChatGPT Prompts Used By Users
The Department of Homeland Security (DHS) has issued the first known federal search warrant compelling OpenAI to disclose user data tied to ChatGPT prompts. The…
Category: CyberSecurityNews
Impacket Tool in Kali Repo Upgraded With New Attack Paths and Relay Tricks
The popular Impacket toolkit, a staple in penetration testing and now integrated into the Kali Linux repository, is set for a major upgrade. Maintained by…
Multiple Oracle VM VirtualBox Vulnerabilities Enables Complete Takeover Of VirtualBox
Oracle has disclosed multiple critical vulnerabilities in its Oracle VM VirtualBox virtualization software, potentially allowing attackers to achieve complete control over the VirtualBox environment. These…
TARmageddon Vulnerability In Rust Library Let Attackers Replace Config Files And Execute Remote Codes
A severe vulnerability in the async-tar Rust library and its popular forks, including the widely used tokio-tar. Dubbed TARmageddon and tracked as CVE-2025-62518, the bug…
Multiple BIND 9 DNS Vulnerabilities Enable Cache Poisoning and Denial Of Service Attacks
The Internet Systems Consortium (ISC) disclosed three high-severity vulnerabilities in BIND 9 on October 22, 2025, potentially allowing remote attackers to conduct cache poisoning attacks…
Hackers Weaponizing OAuth Applications for Persistent Cloud Access Even After Password Reset
Cloud account takeover attacks have evolved into a sophisticated threat as cybercriminals and state-sponsored actors increasingly weaponize OAuth applications to establish persistent access within compromised…
New PassiveNeuron Attacking Servers of High-Profile Organizations to Implant Malware
A sophisticated cyberespionage campaign dubbed PassiveNeuron has resurfaced with infections targeting government, financial, and industrial organizations across Asia, Africa, and Latin America. First detected in…
Here’s How to Solve It
QR codes used to be harmless, now they’re one of the sneakiest ways attackers slip past defenses. Quishing, or QR code phishing, hides malicious links inside innocent-looking images that…
Critical Vulnerability in MCP Server Platform Exposes 3,000 Servers and Thousands of API Keys
A critical vulnerability in Smithery.ai, a popular registry for Model Context Protocol (MCP) servers. This issue could have allowed attackers to steal from over 3,000…
Critical Argument Injection Vulnerability in Popular AI Agents Let Attackers Execute Remote Code
A critical argument injection flaw in three unnamed popular AI agent platforms enables attackers to bypass human approval safeguards and achieve remote code execution (RCE)…
Chinese Hackers Using ToolShell Vulnerability To Compromise Networks Of Government Agencies
China-based threat actors have exploited the critical ToolShell vulnerability in Microsoft SharePoint servers to infiltrate networks across multiple continents, targeting government agencies and critical infrastructure…
Decoding Microsoft 365 Audit Log Events Using Bitfield Mapping Technique
When users authenticate to Microsoft cloud services, their activities generate authentication events recorded across multiple logging systems. Microsoft Entra sign-in logs and Microsoft 365 audit…