Attackers are hijacking exposed ComfyUI servers into crypto mining and proxy botnets.
Scanners exploit unauthenticated setups via custom nodes, run code, and install persistent malware. Infected systems mine crypto and resist removal.
Scanners exploit unauthenticated setups via custom nodes, run code, and install persistent malware. Infected systems mine crypto and resist removal.
Flowise has a CVSS 10.0 RCE flaw (CVE-2025-59528) now under active attack.
A bug in MCP config lets attackers run JavaScript with full system access using just an API token. Over 12,000 exposed instances raise risk.
A bug in MCP config lets attackers run JavaScript with full system access using just an API token. Over 12,000 exposed instances raise risk.
US agencies warn of cyber intrusions targeting industrial systems
According to Politico, hackers are exploiting vulnerabilities in industrial control systems—particularly PLCs—impacting critical infrastructure like water and energy. Rockwell Automation devices are among those targeted.
According to Politico, hackers are exploiting vulnerabilities in industrial control systems—particularly PLCs—impacting critical infrastructure like water and energy. Rockwell Automation devices are among those targeted.
German authorities report increased activity by APT28, exploiting vulnerable TP-Link routers to spy on military, government, and critical infrastructure targets. The group has previously targeted German institutions.
Surge in AI-driven cyberattacks targeting the UAE
The United Arab Emirates has reported a significant rise in cyberattacks, escalating alongside regional tensions. A large portion of these attacks are carried out using AI-powered tools.
The attacks include phishing campaigns, vulnerability reconnaissance, and malware development, with hundreds of thousands of incidents recorded daily.
The United Arab Emirates has reported a significant rise in cyberattacks, escalating alongside regional tensions. A large portion of these attacks are carried out using AI-powered tools.
The attacks include phishing campaigns, vulnerability reconnaissance, and malware development, with hundreds of thousands of incidents recorded daily.
APT28 is targeting Ukraine and allied supply chains using a confirmed zero-day (CVE-2026-21513) and PRISMEX malware.
It also exploits CVE-2026-21509, with LNK delivery possibly chaining both flaws to enable theft and file-wiping.
It also exploits CVE-2026-21509, with LNK delivery possibly chaining both flaws to enable theft and file-wiping.
Docker fixes AuthZ bypass bug that created containers with excessive privileges.
The Russian military is once again hacking home and small office routers in widespread operations that send unwitting users to sites that harvest passwords and credential tokens for use in espionage campaigns.
An estimated 18,000 to 40,000 consumer routers, mostly those made by MikroTik and TP-Link, located in 120 countries, were wrangled into infrastructure belonging to APT28, an advanced threat group that’s part of Russia’s military intelligence agency known as the GRU.
An estimated 18,000 to 40,000 consumer routers, mostly those made by MikroTik and TP-Link, located in 120 countries, were wrangled into infrastructure belonging to APT28, an advanced threat group that’s part of Russia’s military intelligence agency known as the GRU.
N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust.
ShinyHunters claims breach of Israeli firm Anodot (recently acquired by Glassbox), alleging access to customer Snowflake tokens via internal network compromise.
Group says multiple clients impacted with data theft + extortion.
Snowflake confirms anomalous activity tied to a third-party integration.
Group says multiple clients impacted with data theft + extortion.
Snowflake confirms anomalous activity tied to a third-party integration.