Cybersecurity researchers have discovered multiple vulnerabilities in ChatGPT that could allow hackers to steal private user data. These flaws were found in features that connect ChatGPT to other apps and services. Experts say the weaknesses expose how integrated AI systems can unintentionally leak sensitive information. The findings have raised serious concerns among privacy and security … Continued
In September 2025, cybersecurity company SonicWall discovered a serious breach involving its cloud backup service, MySonicWall. The company found that hackers had gained unauthorized access to backup files containing customers’ firewall configurations and settings. These files were stored in SonicWall’s cloud servers and were meant to help users easily restore their network setups if needed. … Continued
A mysterious new hacking group known as SmudgedSerpent has been found targeting U.S. policy experts and academics who focus on Iran-related issues. The campaign took place between June and August 2025, a period marked by increasing tension between Iran and Israel. Cybersecurity researchers believe this was a deliberate espionage attempt linked to the ongoing regional … Continued
The United States government has announced new sanctions against ten North Korean individuals and companies accused of laundering about $12.7 million through cryptocurrency and fraudulent IT-worker schemes. According to the U.S. Department of the Treasury, these funds came from cyber thefts and online fraud operations connected to North Korea’s state-controlled financial networks. In this action, … Continued
Ever activated a security header only to find your WordPress site suddenly breaking? That is often a misconfigured Content Security Policy (CSP), a powerful but tricky web security tool. It is a browser security feature that helps protect websites from common web attacks like cross-site scripting (XSS), clickjacking, and data injection. Example of a CSP … Continued
A new cyber espionage campaign known as Operation SkyCloak is targeting military and defense organizations in Russia and Belarus. Security researchers have discovered that the attackers are using phishing emails with fake military documents to deliver malicious files. The campaign appears to be focused on stealing sensitive information and maintaining long-term access to defense systems. … Continued
Google’s artificial intelligence system, called Big Sleep, has recently discovered five new security flaws in Apple’s WebKit engine. WebKit is the main technology that powers the Safari browser and several apps on Apple devices that display web content. These newly found flaws were serious and could be exploited by attackers if left unpatched. As soon … Continued
Researchers have discovered two new Android malware strains named BankBot-YNRK and DeliveryRAT that are actively stealing users’ financial and personal information. These trojans were found disguised as legitimate applications and are spreading through deceptive downloads and fake app packages targeting Android devices. BankBot-YNRK is a mobile banking trojan that hides inside apps pretending to be … Continued
Researchers have identified a new backdoor named HttpTroy used in a targeted cyberattack against a victim in South Korea. Security analysts link the campaign to the APT group Kimsuky, which has been associated with North Korea and known for focused espionage operations. The attackers delivered the malware through a realistic-looking VPN invoice. The invoice was … Continued
Application Security (AppSec) has become an essential part of modern software development. It ensures that applications stay secure during their design, build, and deployment phases. As DevOps pipelines speed up and cloud-native systems grow, organizations increasingly depend on Application Security Testing (AST) tools to find and fix vulnerabilities early in the lifecycle. A previous post, … Continued
