RECON

DumpBrowserSecrets extracts saved passwords, cookies, OAuth tokens and autofill data from Chrome, Edge, Firefox, Opera and Vivaldi, bypassing App-Bound Encryption via Early Bird APC injection.

About Remote Code Execution – Windows Shell (CVE-2026-21510) vulnerability. A vulnerability from the February Microsoft Patch Tuesday. The Windows Shell is the primary interface through which users interact with the Windows operating system. It includes visible elements such as the Desktop, Taskbar, and the Start Menu. Protection Mechanism Failure (CWE-693) allows an attacker to execute […]

LLMs can turn CTI narratives into structured intelligence at scale, but speed-accuracy trade-offs demand careful design for operational defense workflows.

The top password statistics might surprise you. Learn how common poor password hygiene is, plus tips for protecting your precious credentials better.

Cloudflare’s new Web and API Vulnerability Scanner helps teams proactively find logic flaws. By using AI to build API call graphs, we identify vulnerabilities that standard defensive tools miss.

Overview Malformed ZIP headers can be used to obfuscate malicious content in ZIP files from antivirus detection tools. Despite the presence of malformed headers, custom extraction software can decompress the ZIP archive, allowing potentially malicious payloads to be recovered after successful antivirus evasion. After a review of the researcher's published PoC and further analysis of the case, we have determined that this issue does not meet the necessary criteria to be considered a vulnerabil...

OpenAI is acquiring Promptfoo, an AI security platform that helps enterprises identify and remediate vulnerabilities in AI systems during development.

Ten years since AlphaGo, we explore how it is catalyzing scientific discovery and paving a path to AGI.

FortiClient EMS 7.4.4 contains a pre-authentication SQL injection vulnerability (CVSS 9.1) in its multi-tenant site routing middleware. An unauthenticated attacker can inject arbitrary SQL by sending a crafted Site HTTP header to any pre-auth endpoint.

Huntress researchers uncover campaign exploiting vulnerabilities to steal data using Elastic Cloud as a data hub

Russian military hackers revive advanced malware to spy on Ukraine, researchers say    The Record from Recorded Future News

作者：Jai Minton, Ryan Dowd 原文链接：https://www.huntress.com/blog/openclaw-github-ghostsocks-infostealer/https://www.huntress.com/blog/openclaw-github-ghostsocks-infostealer 摘要 信息窃取型恶意软件是针对面向公众系统发起严重攻击的初始访问...

New UK Online Crime Centre will combine expertise from a range of sources to takedown online channels cyber-scammers rely on

At [un]prompted 2026, TrendAI™ demonstrated how documents can be used to exploit AI-driven KYC pipelines and introduced FENRIR, an automated system for discovering AI vulnerabilities at scale.

Iranian APT MuddyWater Uses Dindoor Malware to Target U.S. Networks    SOCRadar® Cyber Intelligence Inc.