News

Cybersecurity
Trump Administration Lifts Claude Fable 5 Access Restrictions
The Trump administration reversed Commerce Department restrictions on Anthropic's Fable 5, restoring global access while Mythos 5 stays limited to vetted U.S. organizations.
Application Security
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
Sysdig identified JADEPUFFER, the first ransomware campaign run by an LLM autonomous agent exploiting CVE-2026-33017 in Langflow to complete full attack chains without human operators.
Application Security
CISA Adds SharePoint RCE CVE-2026-45659 to KEV Catalog
CISA confirmed active exploitation of CVE-2026-45659, a CVSS 8.8 SharePoint Server deserialization flaw enabling authenticated remote code execution in enterprise environments.
Application Security
Poisoned Email Turns Claude Desktop Into a Reverse Shell
Red teamers showed that email inbox prompt injection turns Claude Desktop into a reverse shell when MCP connectors with command execution are installed.
Application Security
Adobe’s Seven CVSS 10.0 Flaws Span ColdFusion and Campaign Classic
Adobe patched seven maximum-severity CVSS 10.0 vulnerabilities in ColdFusion and Campaign Classic, enabling unauthenticated code execution and privilege escalation.
Cybersecurity
Qilin Ransomware Claims Canadian Manufacturer Chamco Industries
Qilin listed Chamco Industries on its dark web extortion portal, threatening to leak stolen data in its latest attack on a Canadian manufacturing company.
Cybersecurity
FortiBleed True Scale: 430,000 Firewalls Targeted, INC and Lynx Linked
SOCRadar confirmed FortiBleed hit 430,000 FortiGate firewalls with sniffers on 19,000 devices, linking the operation to INC Ransom and Lynx ransomware groups.
Application Security
Unpatched Argo CD RCE Puts Kubernetes Clusters at Risk
Synacktiv disclosed an unpatched unauthenticated RCE in Argo CD's repo-server component that can lead to full Kubernetes cluster takeover with no fix currently available.
Application Security
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
Cato AI Labs disclosed CVE-2026-50548 and CVE-2026-50549 in Cursor IDE, CVSS 9.8 flaws enabling zero-click prompt injection to escape the sandbox and execute system commands.
Cybersecurity
ChocoPoC RAT Targets Security Researchers via Fake GitHub PoC Repos
ChocoPoC, a new remote access trojan, targets vulnerability researchers through trojanized proof-of-concept exploit repositories on GitHub, stealing credentials and establishing backdoors.