AI Liability: Why Companies Must Own Their Agents' Actions
A German court ruled Google liable for AI search summaries, reigniting the carrier-vs-publisher debate and raising urgent questions about corporate accountabili
ThreatsThreat Intelligence Feed
-
-
Webinar: Stopping Account Takeovers With Behavioral AI
BleepingComputer hosts a July 8, 2026 webinar on account takeover threats and how behavioral AI can automate detection and response.
Guides -
Tata Electronics Confirms Cyberattack as World Leaks Group Publishes Data
Tata Electronics confirmed a cyberattack on parts of its IT infrastructure. The World Leaks group leaked alleged Apple manufacturing data stolen in the incident
Threats -
AryStinger Botnet Infects 4,000+ D-Link Routers Worldwide
The AryStinger botnet has compromised over 4,000 outdated routers, converting them into proxies for scanning, tunneling, and malicious traffic operations.
Tools -
AutoJack: How One Web Page Can Trigger RCE via AI Agent
Microsoft's AutoJack exploit chain turns an AI browsing agent into an RCE vector via an unauthenticated local WebSocket in AutoGen Studio.
VPN & Privacy -
Gentlemen Ransomware Deploys Multiple EDR Killers to Disable Defenses
The Gentlemen RaaS group maintains a suite of EDR-killing tools, led by GentleKiller, targeting over 400 processes across 48 security vendors.
Guides
Analysis & Guides
Guides
EvilTokens Phishing Kit Hijacks Microsoft 365 Without Stealing Passwords
EvilTokens abuses Microsoft's OAuth device code flow to compromise accounts without fake login pages or stolen passwords, bypassing 2FA entirely.
Tools
Sniper DZ PhaaS Platform Targets MENA Users via Facebook Scams
Group-IB researchers detail how Sniper DZ campaigns targeted MENA users through fake Facebook accounts, browser notification abuse, and traffic monetization sch
VPN & Privacy
400+ Arch Linux AUR Packages Hijacked to Deploy Credential Stealer
Attackers hijacked over 400 AUR packages to install a Rust-based credential stealer. Systems built from affected packages since June 11 should be treated as com
Guides
INTERPOL Operation Ramz Dismantles Sniper Dz Phishing-as-a-Service Platform
INTERPOL's Operation Ramz disrupted Sniper Dz, a decade-old PhaaS platform, resulting in 201 arrests across 13 MENA countries and the takedown of its infrastruc
VPN & Privacy
ServiceNow Flaw Exploited to Access Customer Instance Tables
ServiceNow patched a flaw on June 5, 2026 after threat actors exploited it to query instance tables across a subset of customers.
Threats
UNC5221 Spent 18 Months Undetected Before Deploying Three Backdoors
Chinese APT group UNC5221 used Brickstorm, Plenet, and AgentPSD to maintain access across a victim network and its MSP for over 18 months.
Threats
Your Smart TV's Idle Hours Are Selling Your Bandwidth
Free apps embed Bright Data's SDK to route web-scraping traffic through home IPs, including always-on smart TVs, with consent screens that don't match actual da
Threats
SolarWinds Serv-U Crash Flaw Now Under Active Exploitation
CISA added CVE-2026-28318, a DoS flaw in SolarWinds Serv-U, to its KEV catalog with a federal patch deadline of June 19, 2026.
VPN & Privacy
Why Children's Data Is a Long-Term Identity Risk
Children face the same identity and data risks as adults — often with higher stakes. Here's how to protect their digital lives early.