The Weapon That No Longer Needs a Warrior
Every weapon begins as an extension of the hand that holds it. The spear lengthened the reach of the arm. The bow sent the point flying without the throw. The rifle placed a man’s death…
Every weapon begins as an extension of the hand that holds it. The spear lengthened the reach of the arm. The bow sent the point flying without the throw. The rifle placed a man’s death…
Ravie LakshmananJun 23, 2026Supply Chain Attack / Developer Security Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The list of identified packages,…
Ravie LakshmananJun 23, 2026Malware / Social Engineering Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic Script (VBScript) files that lead to the installation of legitimate Remote Monitoring and Management (RMM)…
OpenAI on Monday said it’s releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative, the artificial intelligence (AI) company announced last month. Calling GPT‑5.5‑Cyber its “strongest model…
Ravie LakshmananJun 22, 2026Supply Chain Attack / Malware Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor…
Ravie LakshmananJun 22, 2026AI Security / Vulnerability Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read…
Swati KhandelwalJun 22, 2026Vulnerability / Server Security A heap over-read in the Squid web proxy can leak another user’s cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to…
Ravie LakshmananJun 22, 2026Malvertising / Endpoint Security Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER. According to Elastic Security Labs, the…
Swati KhandelwalJun 22, 2026Mobile Security / Open Source Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major device-maker app stores are in from…
Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for – how attackers are circumventing AI security programs by using…