Skip to content
Security News, Assessments & Alerts Page 19

Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants

Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants

Ravie LakshmananJun 22, 2026AI Security / Vulnerability Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read… 

29-Year-Old Squid Proxy Bug ‘Squidbleed’ Can Leak Cleartext HTTP Requests

29-Year-Old Squid Proxy Bug ‘Squidbleed’ Can Leak Cleartext HTTP Requests

Swati KhandelwalJun 22, 2026Vulnerability / Server Security A heap over-read in the Squid web proxy can leak another user’s cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to… 

New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer

New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer

Ravie LakshmananJun 22, 2026Malvertising / Endpoint Security Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER. According to Elastic Security Labs, the… 

Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries

Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries

Swati KhandelwalJun 22, 2026Mobile Security / Open Source Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major device-maker app stores are in from… 

Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

Ravie LakshmananJun 22, 2026Cybersecurity / Hacking It’s Monday again. This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking for… 

Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices

Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices

Canada’s spy service got a judge’s permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets. The Federal Court released a public version of the ruling… 

AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network

AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network

Swati KhandelwalJun 22, 2026IoT Security / Vulnerability A new malware family is turning forgotten home routers into a distributed reconnaissance and proxy network, not the DDoS botnet these devices usually end up in. QiAnXin’s XLab calls it… 

INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific

INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific

Ravie LakshmananJun 22, 2026Cybercrime / Artificial Intelligence A new report from INTERPOL has revealed a “dramatic increase” in cybercrime in Asia and the South Pacific, fueled by rapid digitalization, internet penetration, new technologies, organized criminal… 

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Ravie LakshmananJun 20, 2026Vulnerability / Web Security Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that’s installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS score:…