Research
-
Researchers find HTTP/2 flaw that can trigger rapid denial of service on major servers
Researchers say a new HTTP/2 denial-of-service flaw can hit major web servers, including NGINX, Apache HTTPD and Microsoft IIS. The issue can rapidly exhaust memory and may be difficult to block in default configurations.
-
WeedHack malware campaign infects more than 116,000 Minecraft systems
A malware campaign called WeedHack has infected more than 116,000 Minecraft systems since January, using fake mods and clients promoted through YouTube and search poisoning to steal credentials and other data.
-
Malicious npm package targets OpenAI Codex users and steals authentication tokens
Researchers say a malicious npm package and related Android apps targeted OpenAI Codex users, stealing local authentication tokens and sending them to an attacker-controlled server, with the package drawing more than 29,000 weekly downloads.
-
ChatGPhish flaw can turn ChatGPT summaries into phishing lures
Researchers disclosed ChatGPhish, a ChatGPT flaw that can render malicious links, images and QR codes inside summaries of web pages. The technique may leak browser details and create a new phishing surface during normal browsing.
-
Attackers use AI agent after Marimo flaw to raid internal database
An unknown threat actor used an LLM agent after exploiting a Marimo vulnerability to steal cloud credentials, retrieve an SSH key and exfiltrate an internal PostgreSQL database, according to a technical analysis from Sysdig.
-
GREYVIBE campaign targets Ukraine with phishing, fake sites and AI tools
GREYVIBE has targeted Ukraine-linked entities since at least August 2025 using phishing, fake CAPTCHA pages and fraudulent websites, while a WithSecure analysis says the group appears to have used AI tools to speed malware development.
-
Malicious NuGet package poses as Sicoob SDK to steal banking credentials
A malicious NuGet package posing as a Sicoob SDK stole banking credentials and certificate data from developers before being blocked, according to a technical analysis. Researchers said the package could expose payment-related API responses too.
-
Fake LinkedIn emails abuse Adobe service in phishing campaign
A phishing campaign is using fake LinkedIn business emails and Adobe Target to hide credential theft, with attackers disguising HTML attachments as PDFs and redirecting victims to a real LinkedIn page after login.
-
Kimsuky uses fake Webex pages and HTTPSpy in South Korea attacks
Kimsuky targeted South Korean military and corporate entities in March and April 2026 with fake security pages, counterfeit Webex lures and a new HTTPSpy malware variant, according to technical analyses from ENKI and Kaspersky.
-
Microsoft urges coordinated disclosure after public zero-day releases
Microsoft said public disclosure of six Windows zero-days without prior notice put customers at risk, after exploit details surfaced over the past month and three of the flaws were later used in active attacks.
