Security Bulletin

The company, one of four finalists in this year's Black Hat USA Startup Spotlight competition, uses multi-agent system to build AI Digital Employees.

The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.

A user-friendly PhaaS tool beats standard methods for detecting phishing attacks by live-proxying legitimate login sites.

Unprotected cloud data sends the wrong signal at a time when the emirate's trying to attract investors and establish itself as a global financial center.

Reused passwords, a lack of network segmentation, and poor sanitization processes make the Internet of Things' attack surfaces more dangerous.

Survey underscores the reality that scammers follow "scalable opportunities and low friction," rather than rich targets that tend to be better protected.

A convincing presale site for phony "Google Coin" features an AI assistant that engages victims with a slick sales pitch, funneling payment to attackers.

CVE-2026-2329 allows unauthenticated root-level access to SMB phone infrastructure, so attackers can intercept calls, commit toll fraud, and impersonate users.

How I realized what I was taught to about threat intelligence was missing something crucial.