Vulnerability

2 minute read

Russian Forest Blizzard Hackers Hijack Home Routers for Global Spying

Microsoft Threat Intelligence reveals how Russian hacking group Forest Blizzard uses home routers for DNS hijacking and spying.

byDeeba Ahmed

April 8, 2026

GrafanaGhost Vulnerability Allows Silent Data Theft via AI Injection

4 minute read

Security

GrafanaGhost Vulnerability Allows Data Theft via AI Injection

GrafanaGhost is a critical vulnerability in Grafana’s AI components that uses indirect prompt injection and protocol-relative URL bypasses to exfiltrate data.

byDeeba Ahmed

April 7, 2026

AI Firm Mercor Confirms Breach as Hackers Claim 4TB of Stolen Data

3 minute read

Data Breaches

AI Firm Mercor Confirms Breach as Hackers Claim 4TB of Stolen Data

AI firm Mercor confirms a breach linked to a LiteLLM supply chain attack, as hackers claim to have stolen 4TB of sensitive data and internal systems.

byDeeba Ahmed

April 3, 2026

ImageMagick Zero-Day Alert: Massive Security Flaw Leaves Millions of Servers and WordPress Sites Vulnerable

2 minute read

Security

ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers

New research from Octagon Networks reveals a critical zero-day ImageMagick vulnerability that allows Remote Code Execution (RCE) via simple image uploads affecting Ubuntu, Amazon Linux, and WordPress. This magic byte shift bypasses even the most secure policies.

byDeeba Ahmed

April 1, 2026

Critical F5 BIG-IP Flaw Upgraded to 9.8 RCE, Exploited in the Wild

3 minute read

Security

Critical F5 BIG-IP Flaw Upgraded to 9.8 RCE, Exploited in the Wild

F5 BIG-IP APM flaw CVE-2025-53521 escalates to critical 9.8 RCE, actively exploited. Patch now, check IoCs, and secure vulnerable systems immediately.

byDeeba Ahmed

March 31, 2026

OpenAI Codex Vulnerability Allowed Attackers to Steal GitHub Tokens

2 minute read

Security

OpenAI Codex Vulnerability Allowed Attackers to Steal GitHub Tokens

OpenAI Codex vulnerability allowed attackers to steal GitHub tokens via malicious branch names using hidden Unicode command injection flaw.

byDeeba Ahmed

March 30, 2026

15-Year-Old strongSwan Flaw Lets Attackers Crash VPNs via Integer Underflow

2 minute read

Security
VPN

15-Year-Old strongSwan Flaw Lets Attackers Crash VPNs via Integer Underflow

15-year-old strongSwan flaw allows attackers to crash VPNs via integer underflow bug, affecting EAP-TTLS plugin and multiple versions worldwide.

byDeeba Ahmed

March 30, 2026

Google Sets 2029 Deadline as Quantum Computers Threaten Encryption

3 minute read

Security

Google Sets 2029 Deadline as Quantum Computers Threaten Encryption

Google fast-tracks post-quantum cryptography with a 2029 deadline as researchers warn quantum computers could break current encryption sooner than expected.

byDeeba Ahmed

March 27, 2026

Study: “Claudy Day” Flaws Allow Data Theft via Fake Claude AI Ads

3 minute read

“Claudy Day” Flaws Allow Data Theft via Fake Claude AI Ads, Report

Researchers detail “Claudy Day” flaws in Claude AI that could enable data theft using fake Google Ads, hidden…

byDeeba Ahmed

March 18, 2026

3 minute read

Researchers Find Data Leak Risk in AWS Bedrock AI Code Interpreter

AWS Bedrock AI tool flaw allows data leaks via DNS queries in AgentCore Code Interpreter sandbox, exposing sensitive cloud data, researchers warn.

byDeeba Ahmed

March 16, 2026

The Latest

Russian Forest Blizzard Hackers Hijack Home Routers for Global Spying

New ClickFix Attack Uses Node.js Malware via Tor to Steal Crypto

Hackers Pose as Non-Profit Developers to Deploy Monero Mining Malware

GrafanaGhost Vulnerability Allows Data Theft via AI Injection

Vulnerability

Russian Forest Blizzard Hackers Hijack Home Routers for Global Spying

GrafanaGhost Vulnerability Allows Data Theft via AI Injection

AI Firm Mercor Confirms Breach as Hackers Claim 4TB of Stolen Data

ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers

Critical F5 BIG-IP Flaw Upgraded to 9.8 RCE, Exploited in the Wild

OpenAI Codex Vulnerability Allowed Attackers to Steal GitHub Tokens

15-Year-Old strongSwan Flaw Lets Attackers Crash VPNs via Integer Underflow

Google Sets 2029 Deadline as Quantum Computers Threaten Encryption

“Claudy Day” Flaws Allow Data Theft via Fake Claude AI Ads, Report

Researchers Find Data Leak Risk in AWS Bedrock AI Code Interpreter

AI Future: The Leading International AI and Web3 Forum to Take Place in April

Cybersecurity Firm TAC Security Hits 10,000 Clients, Enters Top 5 in Global VM & AppSec

2026 Cybersecurity Excellence Awards Winners Announced during RSA Conference as AI Security Dominates

Gcore Radar report reveals 150% surge in DDoS attacks year-on-year

SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft