PentestAgent, an open-source AI framework by Masic (GH05TCREW), now offers improved features like prebuilt attack playbooks and easy HexStrike integration. A researcher known as GH05TCREW released a tool on GitHub that uses large language models (LLMs) like Claude Sonnet or GPT-5 through LiteLLM for advanced black-box security evaluations. PentestAgent uses …
Read More »
Russia has attempted to completely block WhatsApp, according to the company. This is part of the government’s ongoing efforts to tighten internet control. A WhatsApp spokesperson said late Wednesday that the Russian authorities’ action was intended to “drive users to a state-owned surveillance app,” a reference to Russia’s own state-supported …
Read More »
The acting director of the Cybersecurity and Infrastructure Security Agency (CISA) uploaded sensitive contracting documents marked “for official use only” into the public version of ChatGPT last summer, triggering multiple automated security alerts designed to prevent data exfiltration from federal networks, four Department of Homeland Security (DHS) officials told Politico. …
Read More »
Fortinet customers are observing attackers exploiting a patch bypass for a previously fixed critical FortiGate authentication vulnerability (CVE-2025-59718) to hack patched firewalls. One affected admins said that Fortinet has allegedly confirmed that the latest FortiOS version (7.4.10) didn’t fully address this authentication bypass vulnerability, which should’ve been patched in early …
Read More »
A critical zero-day flaw in Cloudflare’s Web Application Firewall (WAF) let attackers evade security measures and access protected servers via a certificate validation path. Security researchers at FearsOff found that requests to the /.well-known/acme-challenge/ directory bypassed customer-configured WAF rules that blocked other traffic. The Automatic Certificate Management Environment (ACME) protocol …
Read More »
Three Senate Democrats urge Apple and Google to remove X and its chatbot Grok from their app stores due to the creation and distribution of explicit non-consensual images of women and children. Senators Ron Wyden from Oregon, Ed Markey from Massachusetts, and Ben Ray Luján from New Mexico called upon …
Read More »
Ransomware activity is rising in 2026, with 121 confirmed victims from 310 active groups. A few key players dominate the fragmented landscape, with Qilin and Lynx each having over 20 victims. Sinobi is also significant, while familiar groups like Play, Akira, and Direwolf continue their attacks. New groups such as …
Read More »
Meta’s WhatsApp is now silently fixing security issues that could reveal users’ operating system details to attackers. Privacy issues impact over 3 billion users, allowing attackers to gather information before launching malware attacks. Understanding the Fingerprinting Threat: Security researchers found that WhatsApp’s end-to-end encryption for multiple devices unintentionally exposes device …
Read More »
“Scattered Lapsus$ Hunters” claim to have hacked cybersecurity firm Resecurity and stolen data, but Resecurity says the hackers only accessed a decoy honeypot with fake information. Threat actors shared screenshots on Telegram showcasing the supposed breach, asserting they had stolen employee data, internal communications, threat intelligence reports, and client information. …
Read More »
Coupang, a South Korean e-commerce company, announced on Monday a 1.69 trillion won ($1.18 billion) compensation deal for 33.7 million affected accounts due to a major data leak, which upset users and lawmakers. Each customer will receive vouchers worth 50,000 won. Coupang founder Kim Bom apologized for last month’s data …
Read More »
InfoSecBulletin Cybersecurity for mankind