Exposed Ollama APIs and a critical NVIDIA Container Toolkit flaw raise the stakes for AI infrastructure. Authenticate Ollama, close public 11434, and patch NCT to stop container escapes. Stream LLM and runtime logs off-box, rotate tokens, and validate least-privilege settings to keep model IP and GPU workers safe.
LandFall is a commercial-grade Android spyware that weaponized WhatsApp images to exploit a Samsung zero-day in the image pipeline. The payload rode malformed DNG files, then modified SELinux and deployed modules for full-device surveillance. Patch promptly and restrict media auto-download.
Researchers documented CVSS 8.9 command injection in three official Claude Desktop extensions Chrome, iMessage, and Apple Notes. Because those connectors built AppleScript commands with unescaped user input, prompt injection could pivot from web content to local shell execution on macOS. Anthropic patched the issues. This analysis explains the exploit chain, the fixes, and the validation steps security teams should run to keep MCP servers safe.
EndClient RAT arrives as a signed MSI named “StressClear.msi,” which abuses code-signing trust and SmartScreen gaps. The package decoys with a VeraPort component while an obfuscated AutoIt loader executes in memory, establishes the IoKlTr task, and opens a JSON-over-TCP C2. To reduce risk, restrict MSI installs, enforce SmartScreen blocking, instrument MSI→AutoIt lineage, and remove scheduled tasks used for persistence.
A new attack variant against Cisco Secure Firewall ASA/FTD can force unexpected reloads, dropping VPNs and disrupting edge traffic. Reduce exposure, apply fixed releases, and harden management access. Validate HA under load and stream telemetry off-box to preserve evidence while you monitor for recurrence.
API rate limiting protects capacity and user experience. This guide shows how to ship it correctly on NGINX: define limit_req zones, tune burst/nodelay, add per-IP and per-token limits, return proper 429s with Retry-After, and combine limit_conn for connection abuse. You’ll get production-ready snippets and a safe rollout plan.
Gootloader is active again. Attackers poison search results for legal templates, hide content with glyph-mapped fonts, and ship malformed ZIP files that drop JavaScript. The post-compromise tempo increases, so defenders must harden browsers, restrict scripts, and tune detections now.
Iran-aligned operators ran a precise phishing campaign against US policy experts. They impersonated scholars, redirected victims to prefilled Microsoft 365 pages, and, when blocked, installed remote-access tools. The goal: long-term visibility into policy drafts, research, and contacts—achieved through identity abuse, inbox rules, and pragmatic persistence.
A trivial surveillance password created an opening at one of the world’s most prominent institutions. Intruders gained awareness and timed their move because credential policy failed. This analysis delivers the signals, mitigations, and governance disciplines that stop repeats: rotation, MFA, segmentation, PAM for service accounts, and continuous validation for VMS and NVR stacks—without resorting to list spam or generic advice.
Criminal crews deploy legitimate RMM tools inside carriers and brokers, then hijack booking and dispatch to steal real freight. This body explains how access lands, which artifacts reveal the intrusion, and what controls stop RMM-driven cargo theft without breaking logistics operations or delaying shipments.