Author: Robert Timlick

  • Meta Blocks NSO Group’s New WhatsApp Phishing Attack, Files Contempt Order

    Meta Blocks NSO Group’s New WhatsApp Phishing Attack, Files Contempt Order

    Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group.

    In addition, the tech giant said it’s filing a federal court contempt order against the company for violating a permanent injunction that barred it from targeting WhatsApp and its users.

    “They tried to trick people into clicking on malicious links to drive them to external websites

  • Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups

    Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups

    Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol.

    The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of a logic flow weakness in certificate validation that allows an unauthenticated remote attacker to bypass user

  • AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload

    Phishing has always been a numbers game. AI has turned it into a volume machine.

    Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another link to inspect, and another alert that cannot be dismissed at a glance.

    As the queue grows, a credential theft attempt or malware delivery can easily

  • VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances

    A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems.

    The activity has been attributed by Volexity to a threat cluster it tracks as VerdantBamboo, which it said overlaps with hacking groups known as Clay Typhoon (Microsoft),

  • UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign

    Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026.

    The activity has been attributed by Google Mandiant and Google Threat Intelligence Group (GTIG) to a threat actor dubbed UNC3753, which is also known as

  • VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

    VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

    Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in an attempt to tackle software supply chain threats.

    “When automatic updates are enabled, new versions are auto-updated two hours after they are published, adding an extra layer of protection

  • New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

    New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

    OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks.

    The feature is primarily designed for people and organizations that handle sensitive data and require stricter protection guarantees. Lockdown Mode is available to logged-in users across Free, Go, Plus, and Pro, and

  • Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

    Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

    A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that relay web-scraping traffic for a data business Bright Data markets heavily to the AI industry.

    The company, the successor to Luminati, operates what it calls the largest residential proxy network in the world,

  • AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

    AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

    Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent.

    The same week, Google shipped Chrome 149 with patches for 429 security bugs, the most ever in a single release.

    Only the FFmpeg bugs were found by AI.

  • Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available

    Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation.

    The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types –

    On-Prem Deployment
    Cisco SD-WAN Cloud-Pro
    Cisco SD-WAN Cloud (Cisco Managed)
    Cisco SD-WAN for Government (FedRAMP)

    “A