Aggregator

A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a "phishing relay" to distribute phishing emails with an aim to compromise Facebook accounts. The activity has been codenamed AccountDumpling by Guardio, with the scheme selling the stolen accounts back through an illicit storefront run by the threat actors. In all, roughly 30,000 Facebook accounts are

A vulnerability was found in collin80 Open-SAE-J1939 up to 2025-11-30. It has been declared as problematic. This affects the function SAE_J1939_Read_Binary_Data_Transfer_DM16 of the component CAN Frame Handler. Such manipulation leads to denial of service. This vulnerability is listed as CVE-2026-42467. The attack must be carried out from within the local network. There is no available exploit.

A vulnerability was found in openxc isotp-c up to 2021-08-09. It has been classified as problematic. Affected by this issue is some unknown functionality of the file openxc/isotp-c of the component ISO-TP Single Frame Handler. This manipulation causes out-of-bounds read. This vulnerability is tracked as CVE-2026-37535. The attack is only possible within the local network. No exploit exists.

French authorities have detained a 15-year-old suspected of selling data stolen in a cyberattack on France Titres (ANTS), the country's agency for issuing and managing administrative documents. [...]

AI models weight trust signals differently in cybersecurity. A comprehensive framework for building entity authority as a security vendor, covering third-party corroboration, author entities, community presence, research credibility, & authority flywheel that compounds citation share.

The post Building Entity Authority in Cybersecurity: The Trust Signals AI Models Actually Weight for Security Vendors appeared first on Security Boulevard.

Torrance, United States / California, May 1st, 2026, CyberNewswire Criminal IP partners with Securonix to integrate Criminal IP’s Threat Intelligence into ThreatQ, allowing organizations to incorporate external IP intelligence into their existing workflows, helping security teams accelerate analysis and response with more actionable context. Unlike traditional intelligence feeds, Criminal IP provides visibility into how assets […]

The post Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations appeared first on Cyber Security News.

A new campaign shows misconfigured Jenkins servers abused to deploy a DDoS botnet targeting gaming systems, with Valve Corporation infrastructure in focus.

Ваш разум прямо сейчас вырезал знакомую форму из случайного нейронного мусора.

This joint guidance is intended for organizations that are considering developing or deploying agentic AI systems. It outlines security considerations related to LLMs and AI and describes the key risks associated with agentic AI.

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Inflation Timeline’ appeared first on Security Boulevard.

The guidance warns that agents capable of taking real-world actions on networks are already inside critical infrastructure, and most organizations are granting them far more access than they can safely monitor or control.

The post US government, allies publish guidance on how to safely deploy AI agents appeared first on CyberScoop.

A vulnerability was found in ruvnet sublinear-time-solver 1.5.0 and classified as critical. Affected by this vulnerability is the function export_state of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. This vulnerability is identified as CVE-2026-7645. The attack can be executed remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1 and classified as critical. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. This vulnerability is referenced as CVE-2026-7644. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability, which was classified as problematic, was found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The identification of this vulnerability is CVE-2026-7643. The attack may be launched remotely. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #806895 / VDB-360757

For years, Identity and Access Management (IAM) and Privileged Access Management (PAM) have been treated as foundational and a solved security challenge. Organizations deployed vaults, enforced policies, and checked the compliance box for their privileged users.  Fast forward to today, and that model no longer holds up.    What’s emerging now is not an incremental shift, but a structural one. Identity is no longer centered on […]

The post Time to Rethink Privileged Access for Machines and AI Agents appeared first on 12Port.

The post Time to Rethink Privileged Access for Machines and AI Agents appeared first on Security Boulevard.

Submit #806851 / VDB-360756

Submit #806833 / VDB-360755

In Part 1 of this piece, I described what agentic AI attacks actually look like in practice; the digital factory model, where agents commit fraud, and the three properties that make agentic AI attackers categorically different from traditional bot tooling: autonomous iteration, session-to-session learning, and identity spoofing at the interaction layer. Now I want to … Continued

The post The Agentic AI Security Category Is Converging on the Wrong Answer appeared first on Security Boulevard.