Fake Anthropic Sites Deliver Fileless Infostealer to Claude Code Users

Fake Anthropic websites are being used to target Claude Code users with a fileless infostealer campaign that steals browser credentials and evades detection...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431: Detection & Defense Against iouring Bypass of...

I Can't Recognize (Yet): Delayed Rendering to Defeat Visual Phishing Detectors

Phishing webpages are continuously polluting the Web. Plenty of countermeasures have been proposed and the most advanced techniques leverage machine-learning methods that infer whether a webpage is benign or not by inspecting its visual representation. Yet, despite the demonstrated effectiveness ...

CVE-2026-0232 Cortex XDR Agent: Local Administrator can disable the agent on Windows

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection...

Highly Autonomous Cyber-Capable Agents: Anticipating Capabilities, Tactics, and Strategic Implications

This report introduces the concept of "Highly Autonomous Cyber-Capable Agents" HACCAs, AI systems capable of autonomously conducting multi-stage cyber campaigns at a level comparable to today's top criminal hacking groups or state-affiliated threat actors, and analyzes the security implications o...

Threat Actors Using AWS WorkMail in Phishing Campaigns

Introduction At Rapid7, we track a wide range of threats targeting cloud environments, where a frequent objective is hijacking victim infrastructure to host phishing or spam campaigns. Beyond the obvious security risks, this approach allows threat actors to offload their operational costs onto th...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix Netscaler_Application_Delivery_Controller

CTT-Citrix-RCE-v1.0---Convergent-Time-Theory-Enhanced-Exploit...

Real-World Adversarial Attacks on RF-Based Drone Detectors

Radio frequency RF based systems are increasingly used to detect drones by analyzing their RF signal patterns, converting them into spectrogram images which are processed by object detection models. Existing RF attacks against image based models alter digital features, making over-the-air OTA...

Hiding in the AI Traffic: Abusing MCP for LLM-Powered Agentic Red Teaming

Generative AI is reshaping offensive cybersecurity by enabling autonomous red team agents that can plan, execute, and adapt during penetration tests. However, existing approaches face trade-offs between generality and specialization, and practical deployments reveal challenges such as...

PT-2025-44225

Name of the Vulnerable Software and Affected Versions Supermicro BMC firmware versions affected versions not specified Description The Supermicro BMC firmware contains a flaw in its validation logic. An attacker can exploit this to update the system firmware with a specially crafted image...

CVE-2025-61303

Hatching Triage Sandbox Windows 10 build 2004 2025-08-14 and Windows 10 LTSC 20212025-08-14 contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sample to evade detection and cause denial-of-analysis. The vulnerability is triggered when a sample...

EUVD-2005-1498

Malware in sbrugna...

EUVD-2006-0845

Malware in sbrugna...

EUVD-2007-5686

Malware in sbrugna...

EUVD-2015-8840

Malware in sbrugna...

EUVD-2011-1933

Malware in sbrugna...

Automatic Red Teaming LLM-Based Agents with Model Context Protocol Tools

The remarkable capability of large language models LLMs has led to the wide application of LLM-based agents in various domains. To standardize interactions between LLM-based agents and their environments, model context protocol MCP tools have become the de facto standard and are now widely...

GHSA-8R4J-24QV-FMQ9 Picklescan has a missing detection when calling built-in python idlelib.calltip.Calltip

Summary Using idlelib.calltip.Calltip.fetchtip, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.calltip.Calltip.fetchtip function in reduce method The...

From Cracks to Crooks: YouTube As a Vector for Malware Distribution

With billions of users and an immense volume of daily uploads, YouTube has become an attractive target for cybercriminals aiming to leverage its vast audience. The platform's openness and trustworthiness provide an ideal environment for deceptive campaigns that can operate under the radar of...

New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code

Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to as Konfety that leverages the evil twin technique to enable ad fraud. The sneaky approach essentially involves a scenario wherein two variants of an application share the same package nam...