RECON

Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of downstream projects. When we shared one of these bugs with an affected vendor, strongSwan, the maintainer provided a model response for security vendors. The aes-js/pyaes maintainer, on the other hand, has taken a more… cavalier approach. Trail of Bits doesn’t usually make a point of publicly calling out ...

OpenAI for India expands AI access across the country—building local infrastructure, powering enterprises, and advancing workforce skills.

OpenAI and Paradigm introduce EVMbench, a benchmark evaluating AI agents’ ability to detect, patch, and exploit high-severity smart contract vulnerabilities.

MoltBot (now OpenClaw) is an open-source personal AI agent that runs locally and executes real tasks via Telegram and WhatsApp. Learn its architecture, features, renaming history, and setup guide.

Mandiant reveals campaign featuring exploit of a CVSS 10.0 CVE in Dell RecoverPoint for Virtual Machines

AIs like Grok and Microsoft Copilot can be exploited as covert C2 channels for malware communication

Investigating AI: Playwright-Test-Planner and Playwright-Test-Generator

Cryptojacking campaign used pirated software to deploy a persistent XMRig miner with stealth tactics

OSINT stands for open-source intelligence, and it refers to all publicly available information on the open internet which has been obtained without any special requirements (paywalls, invitations, etc.). The post OSINT: How to Find, Use, and Control Open-Source Intelligence appeared first on Black Hills Information Security, Inc. .

Ransomware surge in 2025 exposes mounting OT risk as industrial impacts outpace IT narratives    Industrial Cyber

Hackers Exploit QR Codes To Spread Phishing and Malware Across Mobile Phones    cyberpress.org