Chrome Unveils Plan For Quantum-Safe HTTPS Certificates
Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS - Read more
Understanding IAM for Managed AWS MCP Servers
As AI agents become part of your development workflows on Amazon Web Services (AWS), you want them to work with your existing...
NCSC: No increase in cyber threat from Iran, but be prepared
While cyber threat levels remain stable following the outbreak of war in the Middle East at the weekend, at-risk organisations in the UK should...
Sim Studio AI – Unauthenticated OAuth Token Theft
Sim Studio AI - Unauthenticated OAuth Token Theft The `/api/auth/oauth/token` endpoint contains a code path that bypasses all authorization checks when provided with `credentialAccountUserId`...
Sim Studio AI – MongoDB SSRF and Arbitrary Document Deletion
Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion The MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or...
Gradio – Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret
Gradio - Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret Gradio applications running outside of Hugging Face Spaces automatically enable "mocked"...
Lovora – 495,556 breached accounts
In February 2026, the couples and relationship app Lovora allegedly suffered a data breach that exposed 496k unique email addresses. The data also included...
Quitbro – 22,874 breached accounts
In February 2026, the porn addiction app Quitbro allegedly suffered a data breach that exposed 23k unique email addresses. The data also included users’...
KomikoAI – 1,060,191 breached accounts
In February, the AI-powered comic generation platform KomikoAI suffered a data breach. The incident exposed 1M unique email addresses along with names, user posts...
Latest article
Looking at the SmarterMail API Vulnerability CVE-2026-24423
Sensor Intel Series: February 2026 CVE Trends - Read more
Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk
A security flaw in the Ally WordPress plugin used on more than 400,000 sites could allow attackers to extract sensitive data without logging in.
The...
Medical giant Stryker crippled after Iranian hackers remotely wipe computers
A major cyberattack on US medical supplies giant Stryker has resulted in thousands of devices being remotely wiped, after a...
This one’s for you, Mom
Welcome to this week’s edition of the Threat Source newsletter. I am the product of a single parent, my mom, who along with my grandparents...
