Critical, make-me-super-user SAP S/4HANA bug under active exploitation Summary A critical code-injection vulnerability in SAP S/4HANA (CVE-2025-42957) with a 9.9 severity rating is being actively exploited, researchers warn. The flaw,…
How Has IoT Security Changed Over the Past 5 Years? Summary IoT adoption has grown across industries, but security improvements have been uneven. The article highlights modest progress driven by…
Proof-of-Concept in 15 Minutes? AI Turbocharges Exploitation Summary An Israeli duo of independent cybersecurity researchers built an automated pipeline, dubbed Auto Exploit, that leverages large language models (Anthropic’s Claude-sonnet-4.0 among…
Secretive MaaS Group ‘TAG-150’ Develops Novel ‘CastleRAT’ Summary Researchers have mapped an emerging malware-as-a-service (MaaS) operation labelled TAG-150 that builds on a widely distributed loader (CastleLoader) and a MaaS platform…
Proof-of-Concept in 15 Minutes? AI Turbocharges Exploitation Summary An AI-driven offensive research pipeline, dubbed Auto Exploit, used an LLM (Anthropic’s Claude-sonnet-4.0), CVE advisories and open-source patches to generate vulnerable test…
Critical SAP S/4HANA Vulnerability Under Attack, Patch Now Summary A critical code-injection flaw (CVE-2025-42957) in SAP S/4HANA — scored 9.9 CVSS — is being exploited in the wild. The vulnerability…
Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python Summary Recorded Future and journalists report that the TAG-150 crime crew has released CastleRAT in…
Scammers Are Using Grok to Spread Malicious Links on X Summary Bad actors on X (formerly Twitter) are exploiting X’s native AI assistant, Grok, to amplify malicious links in paid…
Proof-of-Concept in 15 Minutes? AI Turbocharges Exploitation Summary An AI-driven offensive research pipeline built by two independent Israeli security researchers — dubbed Auto Exploit — used an LLM (Anthropic’s Claude-sonnet-4.0)…
The crazy, true story behind the first AI-powered ransomware Summary NYU engineers developed a proof-of-concept called Ransomware 3.0 that uses large language models to automate multiple phases of a ransomware…
