mitm
-
The iOS LLM Security Gap: How 282 AI Apps are Leaking Critical API Credentials
As Large Language Models (LLMs) become deeply integrated into the mobile ecosystem, a new and systemic security vulnerability has emerged.…
Read More » -
27-Year Authentication Bypass and Kernel Heap Over-read Fixed in OpenBSD’s PPP Stack
A critical architectural flaw has been identified within the OpenBSD Point-to-Point Protocol (PPP) stack, specifically targeting the Password Authentication Protocol…
Read More » -
Critical Security Breach Alleged Against Tchap: French Government Communication Infrastructure Compromised
A significant cybersecurity incident has reportedly targeted Tchap, the sovereign, secure messaging platform utilized by French government agencies. Initial reports…
Read More » -
Critical Authentication Bypass in Check Point VPN: Exploitation of Deprecated IKEv1 Protocols
Check Point has issued an urgent advisory regarding the active, in-the-wild exploitation of a critical authentication bypass vulnerability, identified as…
Read More » -
Architectural Vulnerabilities in AI Tooling: Analyzing the Claude Code MCP Token Hijacking Chain
Recent security research has identified a sophisticated Man-in-the-Middle (MitM) attack vector targeting the Claude Code ecosystem. By exploiting the Model…
Read More » -
Infrastructure-Centric Espionage: China-Linked Actors Compromise Southeast Asian Edge Routers
A sophisticated espionage campaign, attributed to China-nexus threat actors, is currently targeting organizations across Southeast Asia. Unlike traditional attacks that…
Read More » -
PuTTY 0.84 Released: Patching ECDSA Verification, RSA KEX Double-Free, and Telnet State Flaws
The PuTTY project has officially rolled out version 0.84, a maintenance release designed to patch three distinct security vulnerabilities. While…
Read More » -
CVE-2026-46333: Race Condition Vulnerability in the Linux Kernel – ssh-keysign-pwn
A critical security flaw has been uncovered in the Linux kernel, a vulnerability researchers at Qualys have aptly named “ssh-keysign-pwn.”…
Read More » -
Critical Alert: CISA Flags Active Exploitation of Windows Shell Zero-Day (CVE-2026-32202)
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated its threat advisory status following the discovery of a high-impact zero-day…
Read More » -
Google Ads Weaponized for Crypto Theft
The traditional security perimeter is shifting. Malicious actors are increasingly bypassing technical firewalls by exploiting the one thing users trust…
Read More » -
Apache Log4j Flaw Enables Interception of Sensitive Logging Data
The Apache Software Foundation has released a critical security update for its widely used Log4j logging library. A newly discovered…
Read More » -
Notepad++ Flaw Allows Attackers to Hijack Update Traffic and Deploy Malware
A critical security flaw in the popular text editor Notepad++ has been addressed with the release of version 8.8.9, which…
Read More » -
Amazon Cloud Cam Flaw Allows Attackers to Intercept and Modify Network Traffic
A critical vulnerability (CVE-2025-6031) has been identified in Amazon Cloud Cam devices, which reached end-of-life (EOL) status in December 2022.…
Read More »