Latest cybersecurity news.
Hacks, breaches, vulnerabilities, regulatory moves — tracked and contextualised for Indian security teams.
Second-Order Prompt Injection: How Attackers Hijack Multi-Agent Systems
A new attack class: feed a low-privilege agent a malformed request so it convinces a higher-privilege agent to act. Here is how it works.
Read morePrompt Injection Is Officially the #1 AI Risk — OWASP’s 2026 Agentic Top 10 Explained
OWASP keeps prompt injection at LLM01 and adds an Agentic Top 10 for 2026. A plain-English tour of the risks that matter.
Read moreAgentic AI Hits Production in 2026 — and MCP + A2A Just Rewrote the Threat Model
The Model Context Protocol and Agent-to-Agent orchestration turned AI from a chatbot into an autonomous operator. Your threat model has to follow.
Read moreGoogle API Keys Remain Active After Deletion
A security researcher discovered the API keys can still be used for 23 minutes after deletion, even though the cloud provider claims deletion is immediate.
Read moreFirst VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and d
Read moreGhostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine's National Security and Defense Council) has been observed using lures related to Prometheus, a Ukrainian online learning platform, t
Read moreMegalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using throwaway accounts and f
Read moreMaking Vulnerable Drivers Exploitable Without Hardware – The BYOVD Perspective
1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-orie
Read moreKimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks
The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf. In tandem, Jacob Butler (aka
Read moreDrupal Vulnerability in Hacker Crosshairs Shortly After Disclosure
Drupal is warning users that it has already seen attempts to exploit CVE-2026-9082 and security firms are seeing attacks against thousands of websites. The post Drupal Vulnerability in Hacker Crosshairs Shortly After Dis
Read moreIn Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking
Other noteworthy stories that might have slipped under the radar: CISA contractor exposes credentials, Mythos testing and new features, Huawei router flaw triggered telecom blackout. The post In Other News: Industrial Ro
Read moreCanadian Man Arrested for Operating Kimwolf Botnet
Jacob Butler, 23, has been arrested in Canada and US authorities are seeking his extradition on computer hacking charges. The post Canadian Man Arrested for Operating Kimwolf Botnet appeared first on SecurityWeek.
Read more