‘Silent’ Google API key change exposed Gemini AI data
Google Cloud API keys, normally used as simple billing identifiers for APIs such as Maps or YouTube, could be scraped from websites to give access to private Gemini AI project data, researchers from Truffle Security recently discovered. According to a Common Crawl scan of websites carried out by the company in November, there were 2,863...
Metasploit Wrap-Up 02/27/2026
No Prob-ollamaThis release brings some serious firepower with multiple new exploit modules and critical vulnerability support! The standout additions are the Ollama path traversal RCE (CVE-2024-37032), a sophisticated exploit chaining arbitrary file writes into unauthenticated root RCE, and the Grandstream GXP1600 stack overflow (CVE-2026-2329), which targets VoIP devices with accompanying credential harvesting and SIP interception post-modules. The BeyondTrust PRA/RS module...
Researchers Uncover Aeternum C2 Infrastructure with Advanced Persistence and Network Evasion Features
For years, taking down a botnet meant finding its command-and-control (C2) server, seizing the domain, and watching the network go dark. Law enforcement used this method to dismantle major operations like Emotet, TrickBot, and QakBot. A newly discovered botnet loader called Aeternum C2 has been built specifically to close that door, storing all of its instructions not on...
5 Nations Alert: Critical Cisco Bug Used in Global Espionage Campaign
Hackers exploited a critical Cisco SD-WAN flaw, prompting a rare joint warning from the US, UK, Australia, Canada, and New Zealand.
The post 5 Nations Alert: Critical Cisco Bug Used in Global Espionage Campaign appeared first on TechRepublic. - Read more
CVE-2026-21518 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Download links fixed - Read more
North Korea’s APT37 Expands Toolkit to Breach Air-Gapped Networks
The security researchers from Zscaler ThreatLabz have also discovered five new tools deployed by the North Korean hacking group - Read more
Millions at Risk as Android Mental Health Apps Expose Sensitive Data
Oversecured flagged 1,575 flaws in 10 Android health apps with 14.7M installs, putting chats, CBT notes, and mood logs at risk, per BleepingComputer.
The post Millions at Risk as Android Mental Health Apps Expose Sensitive Data appeared first on TechRepublic. - Read more
UK Vulnerability Monitoring Service Cuts Unresolved Security Flaws by 75%
The UK government says its new Vulnerability Monitoring Service has cut unresolved security flaws by 75% and reduced cyber-attack fix times from nearly two months to just over a week - Read more
Europe’s ManoMano Hit: 38M Customer Records Compromised in Vendor Breach
ManoMano is notifying 38 million customers after a third-party customer service breach exposed personal data, highlighting growing supply chain security risks.
The post Europe’s ManoMano Hit: 38M Customer Records Compromised in Vendor Breach appeared first on TechRepublic. - Read more
Hook, line, and vault: A technical deep dive into the 1Phish kit
We analyze the evolution of the 1Phish phishing kit from a basic credential harvester into an MFA-aware, multi-stage phishing kit targeting 1Password users. - Read more
Latest article
Threat tactic spotlight: Subdomain takeover
In this blog post you’ll learn how to detect and prevent subdomain takeover – a tactic where threat actors exploit dangling DNS records to...
The Half-Life of Threat Intelligence: When Does an IOC Stop Being Useful?
The concept of the IOC — the Indicator of Compromise — sits at the operational heart of modern threat detection. Block the IP. Flag...
Best Prime Day Tech Deals: Apple, Bose, Garmin, and More
Shop early Amazon Prime Day tech deals on earbuds, mice, routers, doorbells, headphones, smartwatches, Android phones, and fitness watches.
The post Best Prime Day Tech...
SprySOCKS Backdoor Expands From Linux to Windows
China-linked SprySOCKS backdoor gains stealthy Windows variants and 30-plus C2 commands - Read more
