Threat actor abuse of AI accelerates from tool to cyberattack surface

For the last year, one word has represented the conversation living at the intersection of AI and cybersecurity: speed. Speed matters, but it’s not the most important shift we are observing across the threat landscape today. Now, threat actors from nation states to cybercrime groups are embedding...

CVE-2026-5199

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

Ransomware in 2025: Blending in is the strategy

Ransomware attacks aren't smash-and-grab anymore. They're built on access that already looks legitimate -- closer to positioning chess pieces than breaking the door down. That's the big trend that comes through in the ransomware data from the Talos 2025 Year in Review. Once attackers have initial...

An Empirical Comparison of Security and Privacy Characteristics of Android Messaging Apps

Mobile messaging apps are a fundamental communication infrastructure, used by billions of people every day to share information, including sensitive data. Security and Privacy are thus critical concerns for such applications. Although the cryptographic protocols prevalent in messaging apps are...

ANT-2026-P2DWB2SK · mastodon · Signature-bypass

signature-bypass high GHSA-chgx-jx3p-rf73 Severity Claude high · Security research firm high · Maintainer unknown Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Doyensec. ANT-2026-P2DWB2SK: LD-Signature bypass via...

CERTFR-2026-ACT-013

creationtimestamp| type| source ---|---|--- 2026-03-30 14:17:53+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mibu44vvge2o 2026-03-30 14:18:00+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/116318553525388674 2026-03-31 05:40:09+00:00| seen|...

CVE-2026-31893

creationtimestamp| type| source ---|---|--- 2026-03-30 13:23:42+00:00| seen| https://infosec.exchange/users/raptor/statuses/116318340503071355 2026-03-30 13:23:52+00:00| seen| https://bsky.app/profile/raptor.infosec.exchange.ap.brid.gy/post/3mibr3ebgghd2 2026-03-30 21:27:43+00:00| seen|...

Malicious code in f0-state-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 989b5f62777b6b7fbd236eb28a54b0e42ba48548dc0a49919c5f311c1f1c7072 The package f0-state-manager was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in dial-app-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9efdd5b481d49a0d9ac535aedde75dbf5638bd85e7efe9c536d2938c57142799 The package dial-app-version was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2286 Malicious code in sn3akysnak3-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21fa246103030890351ed5948825f415a78600c6aacb5187dbd840518f744d92 The package sn3akysnak3-test was found to contain malicious code. Source: ossf-package-analysis...

EUVD-2026-16785

Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch prior to 4.4.15, an attacker that knows of a quote before it has reached a server can prevent it from being correctly processed on that server. The...

Malicious code in monolith-twirp-loops-core (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8d4a98f58930eb7f736a5c69a6cf5de5b6dd033785255d4d55ae1da5a5866629 The OpenSSF Package Analysis project identified 'monolith-twirp-loops-core' @ 1.0.2 rubygems as malicious. It is considered malicious because: -...

MAL-2026-2261 Malicious code in monolith-twirp-pullsd-repositories (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1c34eecc811d04d6583504ad631024a727df5e2107a1025a2786bf8a56a59d3a The OpenSSF Package Analysis project identified 'monolith-twirp-pullsd-repositories' @ 1.0.10 rubygems as malicious. It is considered malicious...

CVE-2025-12805

creationtimestamp| type| source ---|---|--- 2026-03-26 22:21:39+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhynbhwrsw2j 2026-03-26 22:22:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhyncg4j2v2s 2026-03-26 22:48:16+00:00| seen|...

MAL-2026-2243 Malicious code in browserstack-electron-forge-include-package-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e23283b4b946444b885ae39acf12ae0ca55ddd864863df70b0fcf84f5c5c57b3 The package browserstack-electron-forge-include-package-plugin was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-30891

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a user could access another user's private activity due to insufficient authorization checks in the user actions endpoint. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a pat...

CVE-2026-20988

Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability...

CVE-2026-20990

Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege...

CVE-2026-24987

Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...

CVE-2026-24987 WordPress WP System Log plugin <= 1.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...