Salesforce has flagged a significant incident where applications published by Gainsight enabled unauthorized access to customer data via OAuth tokens. This article breaks down what happened, why third-party integrations are the new attack surface, and how defenders can respond immediately.
TikTok is rolling out an AI content control slider inside its Manage Topics settings, letting users reduce or increase how often AI-generated videos appear in their For You feed. Paired with stricter labeling rules and invisible watermarks for synthetic media, the change reshapes how users, creators and brands navigate AI on the platform.
GPT-5.1 Codex-Max can now code independently for hours inside terminals, IDEs and Windows environments. That jump from helper to autonomous coding agent dramatically changes the threat model, turning AI-generated patches, permissions and pipelines into first-class security concerns.
TamperedChef malware no longer hides only behind a rogue PDF editor. In its latest evolution, the campaign uses signed fake software installers, malvertising and SEO poisoning to deliver an obfuscated JavaScript backdoor via a dropped XML-scheduled task. Telemetry shows a strong footprint in the U.S. and heavy impact on healthcare, construction and manufacturing, where users often search online for product manuals and tools. This article unpacks the global infrastructure, shell-company certificates and execution chain so defenders can hunt and harden effectively.
Newly disclosed vulnerabilities in the Ollama framework allow attackers to execute arbitrary code by feeding the server malicious GGUF model files. This article explains how the mllama metadata parsing flaw works, why versions before 0.7.0 are at risk, and what AI security teams should do to harden their local LLM infrastructure against code execution attacks.
Remote work needs more than a VPN. This guide shows small businesses how to apply Zero Trust with “micro-segmentation lite”: verify each request with identity and device checks, publish apps through access proxies, and block lateral movement with simple zones. You’ll protect remote teams fast without heavy tooling.
Cloud Break research shows how attackers can silently take over IoT devices by impersonating them to cloud-managed firewalls and routers, abusing weak serial number–based identity and vendor control planes instead of firmware bugs. This article breaks down the attack path and maps practical defences for security teams running cloud-managed edge gear.
A new vulnerability in the W3 Total Cache WordPress plugin, tracked as CVE-2025-9501, lets unauthenticated attackers run PHP commands on the server by posting crafted comments. Because W3TC powers more than a million sites, this command injection bug creates an attractive path to remote code execution and full site takeover. This article explains how the flaw works, which versions are affected, and how to respond quickly without breaking performance.
Google’s push to adopt Rust across Android’s native-code stack has delivered remarkable results. Memory-safety bugs now account for less than 20 % of all platform vulnerabilities, and engineering teams are shipping faster with fewer rollbacks.
Reports suggest Apple is intensifying CEO succession planning as Tim Cook approaches a natural retirement window. This analysis looks at the Tim Cook retirement rumors, John Ternus’ rise as the likely successor and how a carefully staged transition could shape Apple’s next decade.