Skip to content
inionline.net
  • Managed IT Support Services
  • Contact Us
inionline.net
  • Blog

    ‘GitLost’ Flaw Leaks Private Data from GitHub’s Agentic Workflows

    The flaw allows an unauthenticated attacker to craft a GitHub Issue in an org’s public repository and then silently pull data from its private repos, too.

    Read More ‘GitLost’ Flaw Leaks Private Data from GitHub’s Agentic WorkflowsContinue

  • Blog

    Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data

    A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization’s private repositories, researchers at Noma Security have shown. The attacker needs only to open a normal-looking issue on a public repository, with no stolen credentials and no access to the organization. If that organization has given the agent read access…

    Read More Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo DataContinue

  • Blog

    Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker

    U.S. prosecutors linked an alleged Scattered Spider hacker to a break-in at a luxury jewelry retailer using a persistent Windows device ID, according to a newly unsealed federal complaint. Microsoft records tied that ID first to the account the attackers used to keep access during the May 2025 intrusion, then to online accounts prosecutors say…

    Read More Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider HackerContinue

  • Blog

    Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants

    Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer, an enterprise generative artificial intelligence (AI) platform, that could result in cross-tenant compromise. The one-click vulnerability has been codenamed WriteOut by the Sand Security Research team. “An outsider could go from having no access to taking over any Writer AI

    Read More Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across TenantsContinue

  • Blog

    What Changes When Your Software Supply Chain Includes AI Writing Your Code?

    Software supply chain security was hard enough. Then AI joined the build pipeline. For five years, “software supply chain security” meant one question: what’s in your code? Which open-source packages, which versions, which transitive dependencies three layers deep that nobody chose on purpose? SolarWinds, Log4Shell, and XZ Utils all taught the same lesson: the risk…

    Read More What Changes When Your Software Supply Chain Includes AI Writing Your Code?Continue

  • Blog

    Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

    A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign. The activity involves the exploitation of now-patched, critical security flaws in the open-source email solution, such as CVE-2024-42009 (CVSS score: 9.3), to siphon credentials,

    Read More Suspected China-Aligned Hackers Exploit Roundcube Flaws Against UniversitiesContinue

  • Blog

    CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

    Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices’ web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. “An attacker can exploit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process

    Read More CERT/CC Warns of Hidden Admin Backdoor in Tenda Router FirmwareContinue

  • Blog

    BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA

    BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices. The vulnerabilities are listed below – CVE-2026-40138 (CVSS score: 9.2) – A pre-authentication vulnerability exists in the

    Read More BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRAContinue

  • Blog

    ‘BusySnake’ Infostealer Slithers into Critical Infrastructure Networks

    A threat group researchers call “Armored Likho” has gained access to government agencies and electrical power entities in Russia, Brazil, and Kazakhstan.

    Read More ‘BusySnake’ Infostealer Slithers into Critical Infrastructure NetworksContinue

  • Blog

    CitrixBleed-ing Again? NetScaler Vulnerability Under Attack

    Attackers wasted little time targeting the latest memory disclosure flaw in Citrix’s NetScaler products, after researchers published a proof-of-concept exploit (PoC).

    Read More CitrixBleed-ing Again? NetScaler Vulnerability Under AttackContinue

Page navigation

1 2 3 … 515 Next PageNext
Facebook
Privacy Policy
Background by Vecteezy

Web Design 2024 SekuritasIT

Veteran Owned and Operated

Scroll to top
  • Managed IT Support Services
  • Contact Us