OpenAI - Disrupting Malicious Uses of Our Models

This is the February, 2026 report from OpenAI that discusses their work in disrupting malicious use of their models...

CVE-2026-1449 Hisense TransTech Smart Bus Management System TireMng.aspx Page_Load sql injection

A flaw has been found in Hisense TransTech Smart Bus Management System up to 20260113. Affected is the function PageLoad of the file YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx. Executing a manipulation of the argument key can lead to sql injection. It is possible to launch the attack...

INTERPOL Arrests 574 in Africa; Ukrainian Ransomware Affiliate Pleads Guilty

A law enforcement operation coordinated by INTERPOL has led to the recovery of $3 million and the arrest of 574 suspects by authorities from 19 countries, amidst a continued crackdown on cybercrime networks in Africa. The coordinated effort, named Operation Sentinel, took place between October 27...

Analysing Multidisciplinary Approaches to Fight Large-Scale Digital Influence Operations

Crime as a Service CaaS has evolved from isolated criminal incidents to a broad spectrum of illicit activities, including social media manipulation, foreign information manipulation and interference FIMI, and the sale of disinformation toolkits. This article analyses how threat actors exploit...

MAL-2025-186603 Malicious code in dog-process-file-file-moon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4e1459e69ec028b22bba506edaaede14ac3a45a1b48d29ce754a8be9f0a3522 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious Package

Overview request-sentry is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2024-40325

Malicious code in bioql PyPI...

EUVD-2025-15314

Malicious code in bioql PyPI...

CVE-2025-50077

...

A Common Pool of Privacy Problems: Legal and Technical Lessons from a Large-Scale Web-Scraped Machine Learning Dataset

We investigate the contents of web-scraped data for training AI systems, at sizes where human dataset curators and compilers no longer manually annotate every sample. Building off of prior privacy concerns in machine learning models, we ask: What are the legal privacy implications of web-scraped...

6 Tools for Tracking the Trump Administration’s Attacks on Civil Liberties

The White House has undertaken initiatives to crack down on immigration, suppress speech, and curtail US public health efforts. These online tools are tracking the rapidly changing US landscape...

CVE-2011-5298

Multiple cross-site request forgery CSRF vulnerabilities in Argyle Social 2011-04-26 allow remote attackers to hijack the authentication of administrators for requests that 1 modify credentials via the role parameter to users/create/, 2 modify rules via the terms field in streamfilterrule JSON da...

Mars: [XSS] Reflected XSS via POST request in (███████)

A reflected Cross-Site Scripting XSS vulnerability was identified in the celular parameter of a POST request to the homepage of a Mars-owned website. The vulnerability was classified as medium severity with a CVSS score of 6.2. The application failed to properly sanitize user input before renderi...

Qrator Labs Reports Mitigating Year’s Largest DDoS Attack to Date

Qrator Labs reports it mitigated a massive record 965 Gbps DDoS attack in April 2025, the largest incident…...

Cyber Signals Issue 9 | AI-powered deception: Emerging fraud threats and countermeasures

Introduction | Security snapshot | Threat briefing Defending against attacks | Expert profile Microsoft maintains a continuous effort to protect its platforms and customers from fraud and abuse. From blocking imposters on Microsoft Azure and adding anti-scam features to Microsoft Edge, to fightin...

CVE-2025-21579

...

“This fraud destroyed my life.” Man ends up with criminal record after ID was stolen

This is a sad story that illustrates how losing your ID can effectively ruin your life and reputation. 19-year-old dual German Tunisian national Rami Battikh travelled to the UK in 2019, bringing both his passport and his German national ID. When he returned to Germany, Rami noticed that his Germ...

Phishers Impersonating Police Arrested in Multi-Million Euro Scam

Summary: A massive phishing operation that targeted victims across Europe has been dismantled, thanks to a joint effort…...

Dark Web Hydra Market Mastermind Sentenced to Life by Russia

Stanislav Moiseyev, the organizer of the notorious Hydra Market, has been sentenced to life imprisonment by a Moscow court. Learn about the massive scale of this dark web marketplace and the international efforts to dismantle it...

Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

Zero-day vulnerabilities are more commonly used, according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023,...