Bluekit phishing kit adopts browser-in-the-middle for login theft

The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week and ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
ITWeb Africa

How attackers exploit malicious, vulnerable software libraries to launch stealth attacks

Companies must be capable of detecting malicious DLLs and vulnerabilities in software libraries to prevent early-stage ...

New Apple Exploit Exposes Millions of iPhones Worldwide, No Software Fix Available

Researchers disclosed usbliter8, a SecureROM exploit affecting older Apple devices that can bypass boot protections with ...
techtimes

Ivanti Sentry Actively Exploited: CVSS 10.0 Flaw Backdoors Enterprise Mobile Gateways

Attackers have begun backdooring internet-exposed Ivanti Sentry appliances, the nonprofit security watchdog Shadowserver confirmed on June 11, 2026 — less than 48 hours after patches and a public ...
CSOonline

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java Spring ecosystem. Maintainers of Thymeleaf, a widely used template engine for ...
LinkedIn

Log4Shell (CVE-2021-44228): Four Lines of Code, Full Control of the Server

A few years have passed since Log4Shell was disclosed, but I keep returning to it. Not because it is old news. Because it is one of the clearest examples of how a single architectural decision can sit ...
acm.org

Guardians of the Agents

Agentic applications—AI systems empowered to take autonomous actions by calling external tools—are the current rage in software development. They promise efficiency, convenience, and reduced human ...
Security Boulevard

Shai-Hulud: The Second Coming

A significantly evolved version of the Shai-Hulud malware now tracked as Sha1-Hulud has been discovered with over 400 packages affected, now featuring persistent backdoor capabilities through ...
InfoQ

Building a RAG Application with Spring Boot, Spring AI, MongoDB Atlas Vector Search, and OpenAI

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
LinkedIn

Cracking the Code: How Attackers Exploit SHA1PRNG Weaknesses and Why DRBG algorithm is your Shield

SHA-1 turned 30 this year—and like many things from 1995, it belongs in a museum, not your production code. Yet programmers worldwide continue generating OTPs and security tokens with this vulnerable ...
Rest of World

AI scam factories force trafficked workers to defraud global victims

Young Indonesians applying for tech jobs via Facebook and Telegram are trafficked to scam farms. Scammers use deepfakes, voice clones, and other technologies to dupe victims around the world.