Security Articles

41 min read

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

A zero-click XSS prompt injection vulnerability in Anthropic's Claude Chrome Extension allowed any website to silently hijack the AI assistant.

91 min read

Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception

This article draws parallels between art forgery and modern cyberattacks to explain how attackers use mimicry to evade detection, and how Network Detection and Response (NDR) can expose them.

91 min read

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

This week's ThreatsDay Bulletin covers multiple emerging cybersecurity threats and defensive developments.

91 min read

[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks

This webinar focuses on validating security defenses against real attacks rather than assuming existing tools are effective.

21 min read

Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks

The Coruna iOS exploit kit shares the same kernel exploit code as the 2023 Operation Triangulation campaign, confirming a common author and ongoing development.

81 min read

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

A new payment skimmer leveraging WebRTC data channels has been discovered targeting e-commerce sites, effectively bypassing Content Security Policy controls.

Grafana

15 min read

Grafana security release: Critical and high severity security fixes for CVE-2026-27876 and CVE-2026-27880

Grafana has released critical and high severity security patches for CVE-2026-27876 and CVE-2026-27880 across multiple versions.

121 min read

LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace

Russian law enforcement arrested the alleged administrator of LeakBase, a major stolen credential marketplace dismantled earlier in March 2026.

01 min read

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

GlassWorm is an advanced malware campaign that delivers a multi-stage data theft framework and RAT through poisoned packages on npm, PyPI, GitHub, and Open VSX.

11 min read

The Kill Chain Is Obsolete When Your AI Agent Is the Threat

This article explains how compromised AI agents render the traditional cyber kill chain obsolete, as agents already possess the access and permissions that attackers would otherwise need to earn.

21 min read

Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks

A Russian national was sentenced to two years in prison for co-managing the TA551 botnet used in ransomware attacks against U.S.

11 min read