Tag: network
-
Prompt injection turned Google’s Antigravity file search into RCE
Google’s sandbox never got a chance: Antigravity’s Secure Mode, which is designed to restrict network access, prevent out-of-workspace writes, and ensure all command operations run strictly under a sandbox context, could not flag or quarantine this technique. This is because the find_my_name tool is called much before Secure Mode restrictions are evaluated.”The agent treats it…
-
Prompt injection turned Google’s Antigravity file search into RCE
Google’s sandbox never got a chance: Antigravity’s Secure Mode, which is designed to restrict network access, prevent out-of-workspace writes, and ensure all command operations run strictly under a sandbox context, could not flag or quarantine this technique. This is because the find_my_name tool is called much before Secure Mode restrictions are evaluated.”The agent treats it…
-
Prompt injection turned Google’s Antigravity file search into RCE
Google’s sandbox never got a chance: Antigravity’s Secure Mode, which is designed to restrict network access, prevent out-of-workspace writes, and ensure all command operations run strictly under a sandbox context, could not flag or quarantine this technique. This is because the find_my_name tool is called much before Secure Mode restrictions are evaluated.”The agent treats it…
-
Prompt injection turned Google’s Antigravity file search into RCE
Google’s sandbox never got a chance: Antigravity’s Secure Mode, which is designed to restrict network access, prevent out-of-workspace writes, and ensure all command operations run strictly under a sandbox context, could not flag or quarantine this technique. This is because the find_my_name tool is called much before Secure Mode restrictions are evaluated.”The agent treats it…
-
Grinex crypto exchange shuts down, blames Western agencies for $13.7M breach
Grinex exchange collapses after $13.7M breach, blames Western spies as Chainalysis flags possible exit scam and sanctions evasion network links claims. First seen on hackread.com Jump to article: hackread.com/grinex-crypto-exchange-shuts-down-west-agency-breach/
-
A single platform powers SIM farm proxy networks across 17 countries
Racks of phones and 4G modems, connected to carrier networks and rented out as commercial mobile proxy services, are operating across at least 94 locations in 17 countries. An … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/21/sim-farm-proxy-network-cybercrime/
-
CISA Alerts Defenders to Exploited Cisco Catalyst SD-WAN Manager Security Flaws
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to network defenders regarding the active exploitation of Cisco Catalyst SD-WAN Manager. On April 20, 2026, CISA officially added three distinct security flaws affecting the platform to its Known Exploited Vulnerabilities (KEV) catalog. Cisco Catalyst SD-WAN Manager is a critical administrative console used…
-
6,000+ Publicly Exposed Apache ActiveMQ Instances Found Vulnerable to CVE-2026-34197
Over 6,000 internet-facing Apache ActiveMQ servers are currently affected by a critical security flaw, leaving enterprise networks wide open to attack. The Shadowserver Foundation, a prominent nonprofit security research organization, reported finding exactly 6,364 vulnerable IP addresses during its daily network scans on April 19, 2026. This vulnerability, officially tracked as CVE-2026-34197, stems from an…
-
Gentlemen RaaS Hits Windows, Linux, and ESXi With New C-Based Locker
Gentlemen is a fast”‘growing ransomware”‘as”‘a”‘service (RaaS) operation now targeting Windows, Linux, NAS, BSD, and VMware ESXi with a new locker written in C for hypervisor environments. Its multi”‘platform design and strong defense”‘evasion features make it a high”‘impact threat to corporate networks worldwide. The Gentlemen RaaS emerged around mid”‘2025 and quickly built an affiliate ecosystem by…
-
Gentlemen RaaS Hits Windows, Linux, and ESXi With New C-Based Locker
Gentlemen is a fast”‘growing ransomware”‘as”‘a”‘service (RaaS) operation now targeting Windows, Linux, NAS, BSD, and VMware ESXi with a new locker written in C for hypervisor environments. Its multi”‘platform design and strong defense”‘evasion features make it a high”‘impact threat to corporate networks worldwide. The Gentlemen RaaS emerged around mid”‘2025 and quickly built an affiliate ecosystem by…
-
Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution
Google’s highest security setting for its agents runs command operations through a sandbox and throttles network access, but is still vulnerable to prompt injection. First seen on cyberscoop.com Jump to article: cyberscoop.com/google-antigravity-pillar-security-agent-sandbox-escape-remote-code-execution/
-
Bluesky blames app outage on ‘sophisticated’ DDoS attack
The decentralized social network said the incident began on April 15, when the company received reports of intermittent outages affecting the app. First seen on therecord.media Jump to article: therecord.media/bluesky-blames-app-outage-on-ddos
-
Network ‘background noise’ may predict the next big edge-device vulnerability
GreyNoise researchers spotted a consistent trend in forthcoming vulnerabilities affecting security tools, providing defenders an early-warning system for likely imminent attacks. First seen on cyberscoop.com Jump to article: cyberscoop.com/greynoise-traffic-surge-early-warning-system-network-edge-device-vulnerabilities/
-
ZionSiphon Hits Israeli Water Systems With OT Sabotage Malware
ZionSiphon is a newly analyzed Operational Technology (OT) malware strain designed to target Israeli water treatment and desalination facilities, with a clear emphasis on sabotage rather than simple IT disruption. Darktrace’s investigation found that ZionSiphon restricts itself to hardcoded IPv4 ranges that map to Israeli network space, such as 2.52.0.02.55.255.255, 79.176.0.079.191.255.255, and 212.150.0.0212.150.255.255. The malware…
-
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
Threat actors are exploiting security flaws in TBK DVR and end”‘of”‘life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42.The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability affecting…
-
Man who hacked US Supreme Court filing system sentenced to probation
Nicholas Moore hacked into three U.S. government networks using stolen credentials, and then bragged about it and posted victims’ personal data on Instagram under the handle @ihackedthegovernment. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/17/man-who-hacked-us-supreme-court-filing-system-sentenced-to-probation/
-
prompted 2026 The Al Security Larsen Effect: How To Stop The Feedback Loop
Author, Creator & Presenter: Maxim Kovalsky, Managing Director, Al Security CoE, Consortium Networks Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-the-al-security-larsen-effect-how-to-stop-the-feedback-loop/
-
Industrial Systems Hit by New Email-Worm Threat Wave
Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
-
Industrial Systems Hit by New Email-Worm Threat Wave
Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
-
Industrial Systems Hit by New Email-Worm Threat Wave
Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
-
OpenAI Extends GPT-5.4-Cyber Access to Trusted Organizations Worldwide
OpenAI has announced the expansion of its >>Trusted Access for Cyber<< program, granting worldwide security organizations access to its advanced GPT-5.4-Cyber model. The initiative operates on a foundational premise: cutting-edge cyber capabilities must reach network defenders on a broad scale while maintaining strict trust, validation, and safety safeguards. By sharing these tools with a diverse…
-
Apple AirTag tracking can be misled by replayed Bluetooth signals
Apple’s AirTag is designed to help users track lost items by relying on a vast network of nearby Apple devices. New research shows that this same system can be manipulated to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/17/apple-airtag-relay-attack-location/
-
How the enterprise supply chain has created a global attack surface
For years, organisations have treated cyber security as something that happens within their own walls. Protect the network, secure the endpoints, monitor the environment. Job done. Security was architected like a moat and castle, but today the model is no longer effective. Today, the real exposure sits outside the organisation. It sits in third parties,…
-
How the enterprise supply chain has created a global attack surface
For years, organisations have treated cyber security as something that happens within their own walls. Protect the network, secure the endpoints, monitor the environment. Job done. Security was architected like a moat and castle, but today the model is no longer effective. Today, the real exposure sits outside the organisation. It sits in third parties,…
-
Only 16% of Businesses are Fully Compliant with NIS2 Despite 2024 Compliance Deadline
New research from CyberSmart has revealed that, despite a compliance deadline that has now passed, only 16% of businesses required to comply with the EU’s Network and Information Security Directive 2 (NIS2) are confident that they are fully compliant. Worryingly, 11% of respondents were unsure what NIS2 is, despite falling within its scope. The CyberSmart…
-
Beating the Mythos clock: Using Tenable Hexa AI custom agents for automated patching
Tags: ai, business, cvss, cyberattack, data, exploit, LLM, mitigation, network, remote-code-execution, risk, strategy, supply-chain, threat, tool, update, vulnerability, vulnerability-managementSee how Tenable Hexa AI custom agents empower you to counter machine-speed threats by automating vulnerability remediation. Learn how the Model Context Protocol (MCP) automates execution of risk-driven patching workflows, shifting your strategy from reactive tracking to continuous exposure management. Key takeaways Even in previews, powerful AI models like Claude Mythos show us how quickly…
-
Critical Cisco ISE Flaws Let Remote Attackers Execute Malicious Code
Networking giant Cisco has issued an urgent security advisory warning of two newly discovered vulnerabilities impacting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). Cisco Identity Services Engine (ISE) is a widely deployed security policy management platform that provides secure access to enterprise network resources. The most severe of these new flaws…
-
RCE by design: MCP architectural choice haunts AI agent ecosystem
sh, bash, powershell, curl, rm, and other high-risk binaries, they added.The core issue is that there’s currently no check in place to verify that a STDIO command is intended to initialize an MCP server rather than perform a malicious task. Furthermore, the researchers observed that even if the sent command fails to start the server,…
-
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
Cybersecurity researchers have warned of an active malicious campaign that’s targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025.”PowMix employs randomized command-and-control (C2) beaconing intervals, rather than persistent connection to the C2 server, to evade the network signature detections,” Cisco Talos First seen on thehackernews.com…