Hackers can bypass Windows login, steal cryptographic keys, and hide inside some Dell laptops even after a full OS reinstall — “ReVault” flaws hit 100+ models. Sometimes, they don’t even need your password. Details →

🔥 Windows had a hole [CVE-2025-49760] in its core RPC system that let attackers pretend to be trusted services—like hijacking DNS, but inside your OS. The wild part? Even Windows Defender’s ID could be spoofed. Here’s how the EPM poisoning attack worked ↓

⚡ Lenovo webcams can be hacked into remote BadUSB weapons. Flawed firmware checks let attackers send or infect a camera to inject keystrokes, survive wipes, and spread to other hosts. Here’s how the “BadCam” exploit works →

🔥 GPT-5 jailbroken: “Echo Chamber” + storytelling tricked it into giving banned instructions. Related zero-click prompt injections can exfiltrate data from Google Drive, Jira, Microsoft Copilot Studio, and even hijack smart homes. Details →

🚨 14 new flaws in CyberArk & HashiCorp vaults can let hackers steal corporate secrets without a password — some bugs sat undetected for 9 years. Researchers warn attackers could chain them for full remote takeover. Full story →

🚨 Brazil hit by two cyber threats: 1️⃣ Hackers using AI-built fake gov sites to steal IDs + cash via PIX. 2️⃣ Efimer Trojan spreading via fake legal emails, torrents & WordPress hacks — swapping crypto wallets + stealing funds. How both attacks work →

Your pip install isn’t as safe as you think. From typo-squatting to CVE-packed base images, Python supply chain attacks are everywhere—and evolving fast. 🎥 Learn how to lock down your stack in 2025. Tools, tactics, and real-world examples: Watch the webinar →

🚨 Hackers can hijack Axis camera networks without logging in. A CVSS 9.0 flaw in Axis Device Manager & Camera Station enables pre-auth remote code execution—impacting 6,500+ servers, mostly in the U.S. Live feeds could be watched or shut down. Details →

🚨 Hackers are hijacking legit ad tools to push fake browser updates—spreading SocGholish malware linked to LockBit, Evil Corp & others. It’s a Malware-as-a-Service network selling your device as a doorway in. How it works →

🚨 11 malicious Go packages just found — infecting both Windows and Linux. They silently download payloads, hijack shells, and can steal browser data. Worse: they look legit, preying on confused devs importing from GitHub. Details devs need to see ↓

🚨 Microsoft just warned: CVE-2025-53786 lets hackers silently escalate privileges from on-prem Exchange to the cloud. No logs. No easy traces. Your hybrid setup could be a silent breach vector. Full details + fixes →

Microsoft just built an AI that reverse-engineers malware by itself. No hints. No human help — and 90%+ accuracy. It could change how threats are found—before they even spread. Here’s what Project Ire can do ↓

🚨 UPDATE: Google confirms it was hit in the Salesforce vishing attacks. Hackers accessed contact data for small biz clients in June—then vanished. Now? They're back, threatening victims with 72-hour bitcoin extortion demands, posing as ShinyHunters. Read ↓

🔥 AI just changed the rules of pen testing. Now you can say: "Check if leaked creds can access prod-finance." And in seconds, it attacks, adapts, and reports—no scripts, no guesswork. Vibe Red Teaming is here. Testing becomes a conversation. → Full vision from @PenteraSec's

🚨 Google just fixed 2 #Android bugs hackers were already using. One lets them hijack your phone through the graphics chip — no clicks needed. Spyware vendors may be behind it. PATCH your phones now →

🚨 Trend Micro flaw (CVE-2025-54948 and CVE-2025-54987) lets attackers run code before login. Two critical bugs (CVSS 9.4) are being exploited right now in Apex One on-prem. Admins, patch fast — remote code execution is on the table. Here’s what you need to know ↓

🚨 A high-severity flaw in Cursor AI (CVE-2025-54136) let attackers hijack trusted MCP configs—triggering remote code execution every time you opened the project. No re-prompt. No warning. Just silent compromise by modifying a config file you already trusted. Learn more →

🔐 AI logins are breaking trust—73% of users say one bad experience, and they’re gone. Want to keep them? Learn how top brands are using smart, secure CIAM to win loyalty in the AI era. Webinar spots are limited →

🚨 An AI-generated npm package just stole crypto from devs. "kodane/patch-manager" posed as a legit Node.js tool — but hid a stealth wallet drainer that hit 1,500+ downloads before takedown. Here’s what to know ↓

🚨 China-linked threat group hacked Southeast Asia telecoms — no data stolen, just full remote access to critical networks for 9 months. They used stealth malware, tunneled through mobile operators, and wiped their tracks. Here’s what we know ↓