LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts

14/07/2026 0 Comments 0 tags

Cybersecurity researchers have flagged a previously undocumented Rust-based remote access trojan (RAT) codenamed LabubaRAT that masquerades as NVIDIA software to blend into target environments. “LabubaRAT creates a reusable foothold for

RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

14/07/2026 0 Comments 0 tags

Cybersecurity researchers have disclosed details of two access control-related flaws impacting the RabbitMQ message broker service that could allow attackers to leak OAuth client secrets, expose enterprise messaging infrastructure to

OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials

14/07/2026 0 Comments 0 tags

At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate

How Pentera Turns AI Security Workflows into Validation Engines

14/07/2026 0 Comments 0 tags

AI security agents are starting to influence real security decisions. They summarize findings, prioritize remediation, recommend next steps, and help teams move faster. But most still rely on fragmented risk

Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

14/07/2026 0 Comments 0 tags

Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the

11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

14/07/2026 0 Comments 0 tags

Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the modern firmware standard. “An

Grok Build Uploads Entire Git Repositories to xAI Storage, Not Just Files It Reads

14/07/2026 0 Comments 0 tags

xAI’s Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding

148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet

14/07/2026 0 Comments 0 tags

A campaign of 148 npm packages disguised as student web proxies turned visitors’ browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog.

U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

14/07/2026 0 Comments 0 tags

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors’ and other cybercriminals’ malicious activities, including ransomware

Microsoft Maps Year-Long ShinyHunters-Linked Salesforce Data Theft Across Three Paths

14/07/2026 0 Comments 0 tags

Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has