Using form hijacking to bypass CSP
In this post we’ll show you how to bypass CSP by using an often overlooked technique that can enable password theft in a seemingly secure…
Latest Cybersecurity News — Page 666
View all →
1-Click ZITADEL Vulnerability Could Allow Full System Takeover
A critical Cross-Site Scripting (XSS) vulnerability has been discovered in ZITADEL, a popular open-source identity and access management platform. Tracked as CVE-2026-29191 with a Critical…
Open-source tool Sage puts a security layer between AI agents and the OS
Autonomous AI agents running on developer workstations execute shell commands, fetch URLs, and write files with little or no inspection of what they are doing.…
Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement
New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini…
Ghanaian Man Pleads Guilty in U.S. Court for Romance Scams That Stole $100M – The Cyber Express
A Ghanaian national has pleaded guilty to his role in a large-scale cyber fraud scheme that used romance scams and business email compromise tactics to…
ClipXDaemon Malware, a Stealthy Cryptocurrency Clipboard Hijacker on Linux – The Cyber Express
Security researchers have identified a new Linux malware strain called ClipXDaemon, a stealthy threat designed to target cryptocurrency users by manipulating copied wallet addresses. Cyble’s Research & Intelligence Labs…
Recorded Future Expands Coverage of Scams and Financial Fraud with Money Mule Intelligence from CYBERA
Recorded Future is expanding its payment fraud prevention capabilities through a partnership with CYBERA, the industry leader in detecting and verifying data on scam-linked bank…
Reflecting on AI in 2025: Faster Attacks, Same Old Tradecraft
Background Reflecting on 2025, AI didn’t produce omnipotent, mind-bending offensive capabilities as many commentators heralded. The reality we observed was much more grounded. Adversaries leaned…
CISA Warns of macOS and iOS Vulnerabilities Exploited in Attacks
CISA Warns macOS and iOS Vulnerabilities Exploit The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding multiple Apple vulnerabilities currently facing…
Making desync attacks easy with TRACE
Have you ever found an HTTP desync vulnerability that seemed impossible to exploit due to its complicated constraints? In this blogpost we will explore a…
Nginx UI Vulnerabilities Let Attackers Download Full System Backups
A critical security flaw has been discovered in Nginx UI that allows unauthenticated threat actors to download and decrypt complete system backups. Tracked as CVE-2026-27944,…
Decoding silence: How deaf and hard-of-hearing pros are breaking into cybersecurity
Stu Hirst was already a CISO when he started to go deaf. It was 2023, and the hearing loss crept in over months, enough for…