Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

Ravie LakshmananJun 01, 2026Cybersecurity / Hacking Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some “patched-ish” thing already getting chewed on in the wild, and…

Dragon Weave Hits Czech Republic & Taiwan

A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent. According to Seqrite Labs, targets of the campaign…

Why MSPs Are Moving Beyond vCISO Tools

Three years ago, the practical question for an MSP building a cybersecurity practice was which “vCISO platform” to buy. The term was good shorthand for the work at the time: assessments, advisory, reporting, maybe a…

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that’s targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named codexui-android, is advertised on GitHub and npm as…

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

Ravie LakshmananJun 01, 2026Vulnerability / Website Security, Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market,…

Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices

Ravie LakshmananMay 31, 2026IoT Security / Network Security Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks.…

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

Ravie LakshmananMay 30, 2026Vulnerability / Network Security Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked…

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant’s implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing…

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

Ravie LakshmananMay 29, 2026Vulnerability / Artificial Intelligence An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible…

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

Ravie LakshmananMay 29, 2026Cyber Espionage / Artificial Intelligence A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per…