Research
-
Researchers flag MCP design flaw that could enable remote code execution
Researchers said a design flaw in Anthropic’s Model Context Protocol could allow remote code execution across thousands of servers and packages, exposing sensitive data and widening AI supply chain risk.
-
Researchers flag ZionSiphon malware aimed at Israeli water systems
Researchers say ZionSiphon is a new malware sample aimed at Israeli water systems, with code for persistence, scanning and sabotage. The unfinished malware was first seen in the wild in June 2025.
-
Critical protobuf.js flaw enables JavaScript code execution
A critical flaw in protobuf.js can let attackers execute JavaScript code through malicious schemas, with a proof-of-concept now public. The issue affects versions 8.0.0 and 7.5.4 and earlier, and patched releases are available.
-
Mirai variant Nexcorium targets TBK DVRs and outdated TP-Link routers
Threat actors are exploiting flaws in TBK DVR devices and unsupported TP-Link routers to spread a Mirai variant called Nexcorium, according to a Fortinet technical analysis and a Unit 42 disclosure. The malware adds persistence, brute-force and DDoS functions.
-
Researchers spot PowMix botnet targeting Czech workers
Researchers said the PowMix botnet has targeted workers in the Czech Republic since at least December 2025. The malware uses phishing-style ZIP files, in-memory execution and jittered command traffic to avoid detection.
-
Obsidian plugin abuse delivers new Windows backdoor in targeted campaign
Attackers abused Obsidian community plugins to deploy a new Windows backdoor in a targeted campaign against finance and cryptocurrency users. The intrusion was blocked, but the method showed how trusted app features can be used for code execution.
-
Ukraine warns of campaign targeting clinics with malware that steals browser and WhatsApp data
Ukraine’s CERT-UA said a March to April 2026 campaign targeted clinics, hospitals and some government bodies with malware that could steal browser and WhatsApp data, using phishing emails, LNK files and HTA loaders.
-
Critical nginx-ui flaw under active exploitation, researchers say
A critical nginx-ui flaw tracked as CVE-2026-33032 is under active exploitation, with researchers warning that attackers can take over Nginx service on exposed systems in just two requests.
-
OpenAI launches GPT-5.4-Cyber for defensive security work
OpenAI launched GPT-5.4-Cyber for defensive security work and expanded its Trusted Access for Cyber program to thousands of defenders. The company said the rollout is meant to improve safeguards while limiting misuse.
-
Researchers link AI-driven Pushpaganda scam to Google Discover ad fraud
Researchers say a new ad fraud campaign used AI-generated content and Google Discover to push users toward notification-based scams. The operation, dubbed Pushpaganda, was tied to 113 domains and about 240 million bid requests in seven days.
