The AI security nightmare is here and it looks suspiciously like lobster

A hacker tricked a popular AI coding tool into installing OpenClaw — the viral, open-source AI agent OpenClaw that “actually ...
SecurityWeek

New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog

The cybersecurity of business is not the function of CISA. CISA’s remit is to raise the security of FECB agencies, and KEV is ...
Ars Technica

Why has Microsoft been routing example.com traffic to a company in Japan?

From the Department of Bizarre Anomalies: Microsoft has suppressed an unexplained anomaly on its network that was routing traffic destined to example.com—a domain reserved for testing purposes—to a ...
GitHub

Metasploit Exploit CVE Coverage

This repository provides a daily, automatically updated JSON dataset detailing which exploits within the Metasploit Framework are associated with specific Common Vulnerabilities and Exposures (CVE) ...
Bleeping Computer

Hackers exploit critical telnetd auth bypass flaw to get root

A coordinated campaign has been observed targeting a recently disclosed critical-severity vulnerability that has been present in the GNU InetUtils telnetd server for 11 years. The security issue is ...
Infosecurity-magazine.com

Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure

Cyber attackers continue to speed up vulnerability exploitation and last year 28.96% of known exploited vulnerabilities (KEVs) identified by VulnCheck were exploited before being publicly disclosed, ...
Bleeping Computer

Hackers exploit security testing apps to breach Fortune 500 firms

Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access to cloud ...