News & updates

Phishing Kit Exploits OAuth 2.0 Device Code Flow for Account Takeovers Phishing attacks have evolved significantly, with the recent emergence of the EvilTokens phishing kit demonstrating a sophisticated method of compromising Microsoft 365 accounts without needing to…

Vulnerability in Google Cloud Vertex AI SDK Enables Remote Code Execution A recently discovered vulnerability in the Google Cloud Vertex AI SDK for Python allows an attacker to hijack a user’s model upload and execute arbitrary code. This finding was reported by…

Malware Campaign Targeting Steam Workshop Users Two sentences: A significant malware campaign has been uncovered targeting users of the Steam Workshop, particularly focused on gamers in China and Russia. Attackers exploit the Wallpaper Engine app to disseminate…

The speed gap is a critical challenge for modern security operations Recent research from Unit 42 reveals a significant operational threat: the speed gap faced by security operations centers (SOCs) in responding to increasingly rapid cyberattacks. With adversaries…

OAuth Authorization Abuse: A Growing Threat Amidst AI Adoption The research presented by Netskope Threat Labs at Infosecurity Europe 2026 highlights the critical vulnerabilities associated with OAuth token misuse, exacerbated by the integration of AI agents in…

New Forensic Artifact Enhances User Intent Analysis in macOS The recent identification of a new forensic artifact, App.MenuItem, by Palo Alto Networks’ Unit 42 team, presents forensic examiners with a significant enhancement for analyzing user behavior in macOS Tahoe…

AI-Driven Vulnerabilities: A New Era in Cybersecurity Rapid advancements in artificial intelligence are outpacing traditional human capabilities for patching vulnerabilities, according to research published by Talos. AI models are now capable of autonomously…

OceanLotus Shifts Focus to Domestic Espionage and Targeted Supply-Chain Attacks TL;DR ESET Research reports a strategic realignment by the Vietnamese APT group OceanLotus, observable between 2024 and 2026, emphasizing domestic espionage alongside targeted cyber…

Exploiting Persistent Layers: Vulnerabilities in LangGraph Framework TL;DR Check Point Research has identified three vulnerabilities in LangGraph, an open-source framework for stateful AI agents. Two of these vulnerabilities could lead to remote code execution through…

Behavioral Integrity Verification Aims to Secure AI Agents AI agents are increasingly vulnerable due to their reliance on third-party skills that can run within privileged contexts. Palo Alto Networks highlights the emergence of Behavioral Integrity Verification…

Cyber Resilience in the Face of Increasing SMB Cyber Incidents TL;DR Many small and medium-sized businesses (SMBs) underestimate common cyber threats while overestimating the risk from emerging technologies like AI. A lack of basic cybersecurity measures remains a…

Zero Trust in the Age of AI: Addressing Emerging Risks The increasing use of AI agents within enterprises poses significant challenges for zero trust security models, as highlighted by Netskope’s recent research. Traditional zero trust architectures assume that all…