ReversingLabs
OWASP GenAI Security Project ramps up guidance
With AI ramping up risk, OWASP stepped up its project to help AppSec teams get up to speed — and take action.
Real-time cybersecurity intelligence aggregated from 130+ sources
Last updated: Tue, 31 Mar 2026 14:57:44 GMT
With AI ramping up risk, OWASP stepped up its project to help AppSec teams get up to speed — and take action.
A site called Leak Bazaar pitches itself as something closer to a data-processing business than a typical hacking or ransomware-as-a-service operation.
A severe and sophisticated supply chain attack has struck the widely used Axios HTTP client on the npm registry, exposing millions of developers worldwide to a cross-platform remote access trojan (RAT...
Security researchers have disclosed two high-severity vulnerabilities in libpng, the widely deployed reference library used for processing Portable Network Graphics (PNG) image files. These critical f...
Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unaut...
The bug enables threat actors to send requests that disclose sensitive information and carries a severity score of 9.3 out of 10, indicating a critical risk.
OpenAI has patched vulnerability, which Check Point said was because of a DNS loophole
Hackers are increasingly turning legitimate Windows administration tools into stealthy weapons to disable antivirus and EDR before launching ransomware, making attacks faster, quieter, and harder to s...
TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ and Vect ransomware gangs
The Dutch Ministry of Finance has taken several critical internal systems offline following the discovery of unauthorized access to its Information and Communication Technology (ICT) infrastructure in...
The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack...
Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCr...
Google has officially moved its advanced ransomware detection and file restoration features for Google Drive out of beta, making them generally available to organizations and individual users worldwid...
2025–2026 年间,开发者社区和攻防圈陆续爆出多起“Claude Code 源码泄露”案例。这并不是一次官方披露的单一重大漏洞(如 Log4Shell 级别),而是一类典型的前端 + DevOps 配置失误,被 AI 编程 Agent 工具显著放大的供应链级信息泄露事件。结论:所谓“Claude Code 源码泄露”,本质不是 Claude 模型本身被攻破,而是开发者在使用 Claude C
Hackers are deploying a new Windows malware called ResokerRAT, a Telegram‑based Remote Access Trojan (RAT) that gives attackers stealthy remote control over infected systems. Instead of relying on a t...
NBA X 阿里云
Analysis from law firm Nockolds suggests non-cyber incidents are driving up employee data breaches
Apple has quietly rolled out a critical security feature in macOS Tahoe 26.4 that intercepts malicious commands before they execute in the Terminal application, directly targeting the growing threat o...
EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that industrialises Microsoft account takeover by abusing the OAuth device code flow rather than traditional credential phishing. The service...
CareCloud, Inc., a leading healthcare technology provider, has disclosed a significant cybersecurity incident after an unauthorized third party breached one of its Electronic Health Record (EHR) envir...
The National Cyber Security Centre wants UK firms to patch CVE-2025-53521
Security researchers at Calif have demonstrated how a simple conversational prompt to Claude AI was enough to uncover critical zero-day Remote Code Execution (RCE) vulnerabilities in two of the most w...
In case of a cyber incident, most organizations fear more of data loss (via exfiltration) than regular data encryption because they have a good backup policy in place. If exfiltration happened, it mea...
Cybercriminals are once again exploiting global tax seasons, abusing IRS and tax filing lures to deliver malware, remote monitoring and management (RMM) tools, and credential phishing in a wave of new...
Welcome to one of the most important topics in cybersecurity! SQL Injection is a vulnerability that has been around since the late 1990s…Continue reading on InfoSec Write-ups »
Notepad++, the widely used open-source text and code editor for Windows, has released version 8.9.3, a significant update that patches a tracked cURL security vulnerability, resolves multiple crash re...
I watched hundreds start the journey. Only a few made it to the other side.Continue reading on InfoSec Write-ups »
Industrial control systems run the backbone of our modern world — from power grids and water treatment plants to manufacturing floors and…Continue reading on InfoSec Write-ups »