This newsletter is AI generated and may hallucinate sometimes 😊 Critical XSS Vulnerability Discovered in Angular i18n Module * A critical Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2026-24905 with a CVSS score of 9.0, has been identified in the Angular i18n internationalization module. * This flaw permits arbitrary JavaScript execution via specially
This newsletter is AI generated and may hallucinate sometimes 😊 Starkiller Phishing Suite Bypasses MFA with AiTM Reverse Proxy * The Starkiller phishing suite actively employs Adversary-in-the-Middle (AiTM) reverse proxy techniques to effectively bypass multi-factor authentication (MFA) protections. * This sophisticated campaign intercepts user credentials and authenticated session cookies, allowing attackers to hijack
This newsletter is AI generated and may hallucinate sometimes 😊 New Chrome Vulnerability Lets Malicious Extensions Escalate Privileges via Gemini Panel * A vulnerability in Chrome's Gemini AI panel allows malicious extensions to bypass security policies, leading to privilege escalation and unauthorized actions. * This flaw could enable attackers, via compromised
This newsletter is AI generated and may hallucinate sometimes 😊 Self-Spreading npm Malware Targets Developers via Discord and Private Packages * A new self-spreading npm malware, dubbed 'BiBi', infects development machines by modifying `~/.bashrc` or `~/.zshrc` to exfiltrate environment variables and credentials to Discord webhooks. * The malware propagates by automatically
This newsletter is AI generated and may hallucinate sometimes 😊 "ClawJacked" Flaw Hijacks Local OpenClaw AI Agents via WebSockets * Security researchers identified a "ClawJacked" vulnerability in local OpenClaw AI agents, enabling malicious websites to hijack these agents through WebSocket communication. * This flaw bypasses conventional browser same-origin policy
This newsletter is AI generated and may hallucinate sometimes 😊 The Brave Search API shows exponential growth, emerging as the best search tool to power AI apps * Brave Search API offers Zero Data Retention (ZDR) for user queries, enhancing privacy and compliance. * Provides 99.99% uptime, structured JSON, and an LLM
This newsletter is AI generated and may hallucinate sometimes 😊 Microsoft Purview DLP to Safeguard Sensitive Web Search in Microsoft 365 Copilot and Copilot Chat * Microsoft Purview Data Loss Prevention (DLP) is being extended to safeguard sensitive web searches within Microsoft 365 Copilot and Copilot Chat environments. * This feature will prevent
This newsletter is AI generated and may hallucinate sometimes 😊 Microsoft Edge Introduces Auto-Open Copilot Side Pane for Outlook Links * Microsoft Edge is rolling out a new feature that automatically opens the Copilot side pane when users click on links from Outlook. * This enhancement is designed to provide users with immediate
This newsletter is AI generated and may hallucinate sometimes 😊 * A critical "RoguePilot" flaw discovered in GitHub Codespaces allowed malicious code to bypass security boundaries and exploit GitHub Copilot's prompt processing capabilities. * This prompt injection vulnerability enabled the Copilot AI assistant to leak sensitive GITHUB_TOKEN values
This newsletter is AI generated and may hallucinate sometimes 😊 CISA Warns of Actively Exploited XSS and IDOR Flaws in Roundcube Webmail * CISA has issued a warning regarding multiple vulnerabilities, including XSS (CVE-2023-49103) and IDOR (CVE-2023-49104, CVE-2023-49105), in Roundcube Webmail that are being actively exploited. * The critical XSS vulnerability (CVE-2023-49103) allows
This newsletter is AI generated and may hallucinate sometimes 😊 * Google has released an emergency security update for its Chrome browser, addressing a critical zero-day vulnerability identified as CVE-2025-4552. * The vulnerability is categorized as a type confusion bug within the V8 JavaScript engine and is confirmed by Google to be under
This newsletter is AI generated and may hallucinate sometimes 😊 CISA Adds Actively Exploited Roundcube Webmail Flaws to KEV Catalog * The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two actively exploited vulnerabilities in Roundcube webmail, CVE-2023-5631 and CVE-2023-5632, to its Known Exploited Vulnerabilities (KEV) catalog due to active