The post highlights several vulnerabilities (CVEs) in AI agent frameworks such as LangChain and LlamaIndex, stemming from validation flaws. Attacks exploit discrepancies between string validation and their interpretation by the system (e.g., path traversal, SSRF). Examples include cases where regex-based checks or blocklists fail against unexpected encodings or DNS resolutions. The core issue is that validation does not occur in the same semantic space as execution.

Introduction: The Sound We Never Question Every time a photo is taken, a familiar “click” follows almost instantly. It is so deeply ingrained in daily life that most people never stop to question it. Whether it comes from a professional DSLR or a modern smartphone, that sound feels natural, expected, and even comforting. Yet in today’s world of fully digital sensors and silent electronics, the presence of a camera shutter sound is no longer a technical necessity.

The hacking group “ShinyHunters” said Tuesday that it had stolen data belonging to premium customers of the leading sex website Pornhub.

Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.

The cybersecurity landscape is evolving as phishing attacks increasingly move beyond traditional email vectors. According to recent research, one-third of phishing attacks now occur through non-email channels such as social media platforms, search engines, and messaging applications. This shift represents a significant challenge for security teams that have traditionally focused their anti-phishing efforts on email protection. LinkedIn has emerged as a particularly effective platform for attackers, with sophisticated spear-phishing campaigns targeting corporate executives. The platform's professional nature creates an environment of inherent trust, which attackers exploit by creating convincing fake profiles and leveraging LinkedIn's messaging system for initial contact. The richness of professional information available on LinkedIn enables highly targeted attacks that are more likely to succeed. Technically, this shift is driven by several factors. First, email security has improved significantly with widespread adoption of protocols like SPF, DKIM, and DMARC, making email-based phishing more difficult. Second, social media platforms often lack the same level of security scrutiny as corporate email systems. Third, the interconnected nature of professional networks on LinkedIn provides attackers with valuable reconnaissance data to craft convincing spear-phishing messages. For cybersecurity professionals, this trend necessitates a broader approach to phishing defense. Security awareness training must expand beyond email to cover social media platforms and other communication channels. Organizations should implement monitoring of corporate social media accounts for suspicious activity and educate executives about the risks of professional networking platforms. The rise of multi-channel phishing also highlights the need for more comprehensive threat intelligence that monitors various communication platforms. Security teams should consider implementing solutions that can detect phishing attempts across multiple channels and provide unified reporting. Additionally, organizations may need to revisit their acceptable use policies for professional networking sites to include specific security guidelines. This evolution in phishing tactics underscores the importance of a defense-in-depth strategy that addresses multiple attack vectors. As attackers continue to innovate and exploit new channels, cybersecurity professionals must adapt their strategies to protect against these emerging threats while maintaining business functionality on platforms like LinkedIn.

Introduction: A new social engineering campaign is targeting IT professionals through fake job interviews, demonstrating an alarming evolution in attack vectors. Hackers are posing as recruiters to build trust before delivering malicious code under the guise of technical assessments, bypassing traditional security awareness. This sophisticated approach exploits the job-seeking process to compromise systems through what appears to be legitimate interview tasks.

DanaBot returns after 6 months with a new Windows variant (v669), marking its comeback after being disrupted by Operation Endgame in May.

: Aleksei Volkov faces years in prison, may have been working with other crews

A new ICE proposal outlines a 24/7 transport operation run by armed contractors—turning Texas into the logistical backbone of an industrialized deportation machine.