Free, offline-first GRC engine. Generate gap analysis for ISO 27001, NIST CSF 2.0, and CIS v8 instantly.

Posted by Consistent-Ruin1868 - 0 votes and 1 comment

Eight outlets reported signs of LLM-assisted code in the DarkSword iOS exploit kit. None wrote the standalone analysis. This is that piece. A deep dive into Lookout's findings, prior art, and what it means for mobile threat landscape.

A high-severity configuration loading order defect (`CVE-2026-33068`, CVSS v4.0 7.7 HIGH) in Anthropic's Claude Code CLI tool allows a malicious repository to bypass the workspace trust confirmation dialog.

Break your AI agents before someone else does. Security scanning for system prompts, MCP servers, and AI coding agents.

Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.

A critical security control bypass in the ONNX (Open Neural Network Exchange) Python library allows the `onnx.hub.load()` function's `silent=True` parameter to suppress all trust verification warnings and user confirmation prompts, enabling silent loading…

RAXE Research Radar Issue #2: 7 papers reviewed. The agent skill supply chain is broken — and automated scanners cannot tell you how.

Attackers compromised the upstream distribution mechanism for EmEditor, a widely used Windows text editor. Instead of delivering malware through phishing or...

Russian phishers steal Signal & WhatsApp accounts with fake support chats—no code crack needed, just human trust.

CVE-2026-33017 (CVSS 9.3) is an unauthenticated RCE in Langflow exploited within 20 hours of disclosure. Attackers harvested OpenAI, Anthropic, and AWS keys from live instances.

Ordinary content — including art — changes what AI systems decide, and the humans working with those systems have no way to see it happening.

Pump.co's full production environment file was publicly exposed for 5 months. They silently fixed it and never responded to the disclosure.

Posted by si9int - 1 vote and 0 comments

Introduction
Hello, I’m RyotaK
(@ryotkak
), a security engineer at GMO Flatt Security Inc.
A while ago, I participated in the Google Cloud VRP bugSWAT,
a live hacking event organized by Google.
During this event, I discovered a remote command execution…

Run the full OpenClaw security audit: 10 actionable steps covering CVE-2026-25253, skill vetting, network exposure, and auth hardening. Check yours today.

Track all XIoT vulnerabilities disclosed by Team82, the industry’s best cybersecurity vulnerability and threat research team. Team82 finds software and firmware vulnerabilities before threat actors can exploit them.

Human thought is still evolving to handle the digital world. We act instinctively when we should act deliberately — and under pressure, we rarely consider all the options available to us. This article examines how we think under stress and outlines practical…