🔐 IT News Analyzer

// AI-powered news analysis

Latest Top 10 Articles

1
Agentic AI: The Weapon That No Longer Needs a Warrior

Agentic AI: The Weapon That No Longer Needs a Warrior

Every weapon begins as an extension of the hand that holds it. The spear lengthened the reach of the arm. The bow sent the point flying without the throw. The rifle placed a man's death a quarter mile beyond his sight, and the aircraft carried that death across oceans. At each turn, the distance between the warrior and the wound grew wider, and yet one thing never moved: a human chose the target, and a human struck the blow. For the entire history of conflict, the cyber realm included, the hand has remained on the weapon. Offensive AI is the moment the weapon learns to aim itself. For three years, artificial intelligence (AI) has been an extension of the pen. It drafted the phishing email, proposed the exploit, sketched the malicious function, and then, like every tool that came before it, handed the work back to a human to carry out. In 2023, I published a whitepaper at the SANS Technology Institute showing how a person of almost no skill could coax a chatbot into producing m...

Jun 23, 2026
3
Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The list of identified packages, is below - aes-decode-runner-pro (145 downloads) postcss-minify-selector (256 downloads) postcss-minify-selector-parser (615 downloads) All the packages were published over the past month by an npm user named " abdrizak " and continue to be available for download from npm as of writing.  "Aes-decode-runner-pro and postcss-minify-selector-parser both present themselves as layered AES/custom-codec packages and depend on the legitimate postcss-selector-parser," JFrog said in an analysis. "Postcss-minify-selector presents itself as a PostCSS selector minifier and depends on postcss-minify-selector-parser." As for "postcss-minify-selector-parser," the name is a reference to " postcss-selector-parser ," a widely used npm library with more than 1...

Jun 23, 2026
4
WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool

WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool

Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic Script (VBScript) files that lead to the installation of legitimate Remote Monitoring and Management (RMM) software. Per findings from Kaspersky, the active campaign is targeting users of WhatsApp Desktop and WhatsApp Web across Malaysia, Brazil, India, Mexico, Singapore, the U.K., Spain, Taiwan, Australia, Russia, and Vietnam. The highest concentration of victims has been reported in Malaysia. "The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment," security researcher Fareed Radzi said . "Once executed, the VBScript initiates a multi-stage infection chain that ultimately results in the installation of legitimate Remote Monitoring and Management (RMM) software, enabling remote access to the victim's system." It's suspected that the threat actor behind the operation ma...

Jun 23, 2026
5
OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws

OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws

OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative  the artificial intelligence (AI) company announced last month. Calling GPT‑5.5‑Cyber its "strongest model yet for finding and helping patch software vulnerabilities," OpenAI said the model can "sustain deeper analysis across large codebases" to identify security issues, validate them in a controlled environment, and develop and test patches. In tandem, the tech upstart is releasing an update to the Codex Security plugin⁠ to speed up the process of discovering and patching vulnerabilities in existing systems, alongside preventing new vulnerabilities from entering production codebases. "Developers can run deep scans or review recent changes, generate reports with severity, affected code locations, validation evidence, and remediation guidance, trace attack paths, build threat models, validate findings, and genera...

Jun 23, 2026
6
ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack

ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack

Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor code. "Attackers compromised the vendor's build and distribution pipeline, injecting backdoor code into Pro plugin releases distributed through official licensed update channels," Wordfence said in an analysis published last week. The incident affects the following plugins - Product Slider Pro for WooCommerce (versions before 3.5.4) Real Testimonials Pro (version 3.2.5) Smart Post Show Pro (versions before 4.0.2) As mentioned above, it's worth emphasizing that the compromise only affects Pro plugin builds distributed through the vendor's Easy Digital Downloads (EDD) infrastructure via account.shapedplugin[.]com. The free versions of the plugins on WordPress.org are not impacted. The supply chain compromise associated with Product Slider Pro for WooCommerce has...

Jun 22, 2026
8
29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests

29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests

A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Squid's default configuration. Researchers at Calif.io  disclosed it in June  and named it Squidbleed ( CVE-2026-47729 ), after Heartbleed, which leaked memory the same way. Squid describes this as an attack by a  trusted client : someone already permitted to use the proxy, not any random host on the internet. That matches Squid's usual home, shared networks like schools, offices, and public Wi-Fi. In those setups, the attacker is just another user of the same proxy. The leak also only reaches traffic that Squid can read. Normal HTTPS rides an opaque CONNECT tunnel, so Squid never sees inside it; the exposed traffic is cleartext HTTP, plus TLS-terminating setups where Squid decrypts and inspect...

Jun 22, 2026
9
Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants

Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants

Cybersecurity researchers have disclosed details of four vulnerabilities in Dify , an open-source agentic workflow platform with more than 146,000 GitHub stars , that could allow attackers to stealthily read artificial intelligence (AI) conversions from other customers' applications without requiring authentication. The vulnerabilities have been collectively codenamed DifyTap by Zafran Security. "Two were critical severity, two required no authentication, and three carried cross-tenant impact on Dify's multi-tenant cloud service, allowing one customer's data to be exposed to another," researchers Ido Shani and Gal Zaban said . The security defects could have allowed attackers to read private AI chats from other customers' applications, creating a covert exfiltration channel for every message and model response. They also made it possible to traverse Dify's internal Plugin Daemon API from unauthenticated requests and trigger cross-tenant internal ...

Jun 22, 2026
10
New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer

New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer

Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER . According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting point to distribute the malware. Evidence indicates that the threat actor is likely Russian-speaking and financially motivated, owing to the presence of explicit exclusions to prevent infecting machines located in the Commonwealth of Independent States (CIS) region. The campaign has been codenamed REF8372. "The loader uses several obfuscation layers (control-flow flattening, opaque predicates, mixed Boolean-Arithmetic), self-modifying decryption stubs, and abuses the Windows .reloc section to stage shellcode," researchers Daniel Stepanic and Jia Yu Chan said in a technical breakdown. The attack begins when unsuspecting users enter queries such as "lts version of node.js" on search engines like Google, red...

Jun 22, 2026