Attackers systematically exploit AI branding in social engineering campaigns to manipulate employees — the attack vector is shifting from technical to behavioral vulnerabilities.
The Hades campaign exploits manipulated PyPI packages with automatically executing setup files to steal Bun login credentials in the Python supply chain.
JavaScript can reveal which applications and websites a user opens via SSD-timing side channels without requiring system privileges or browser extensions.
SolarWinds Serv-U is vulnerable to unauthenticated DoS attacks through CVE-2026-28318 (CVSS 7.5); CISA reports active exploitation and sets a deadline of June 19, 2026.
Locally deployed open-source language models enable autonomous attack worms when equipped with appropriate agent architectures, independent of paid frontier models.
Ubiquiti UniFi OS contains three maximum-severity vulnerabilities that, when combined, enable unauthenticated remote access and require immediate patching.