Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw
Researchers warn that hackers are exploiting a critical vulnerability in Citrix Netscaler, prompting concerns about widespread threat activity reminiscent of the wave of ransomware and state-linked attacks against Citrix customers in 2023. The vulnerability, tracked as CVE-2025-5777, is caused by insufficient input validation, which can lead to memory overread when Netscaler is configured as a Gateway. READ MORE...
Louis Vuitton Data Breach Hits Customers in Several Countries
Customers of the French luxury retailer Louis Vuitton are being notified of a data breach that appears to impact people in several countries. Data breach notifications have been published on Louis Vuitton websites or privately sent out for customers in the United Kingdom, South Korea, and Turkey. Other countries may be impacted as well. The cyberattack resulted in the theft of information such as name, contact information, and other data shared by customers. READ MORE...
Pay2Key Ransomware Gang Resurfaces With Incentives to Attack US, Israel
Changes are afoot at Pay2Key, a ransomware-as-a-service (RaaS) gang with ties to a notorious Iranian nation-state threat group, and it could spell trouble for the US. Pay2Key was first observed in 2020, and while it has been one of the lesser-known RaaS gangs, it achieved some notoriety for hack-and-leak attacks on Israeli organizations. Over the years, cybersecurity vendors and US authorities alike have tied the gang to Fox Kitten, an Iranian state-sponsored threat group also known as UNC757. READ MORE...
CNN, BBC, and CNBC websites impersonated to scam people
Researchers have uncovered a large campaign impersonating news websites, such as those from CNN, BBC, CNBC, News24, and ABC News, to promote investment scams. Adding a well known brand to your scammy site is a tale as old as time, and gives it an air of legitimacy that increases the likelihood that people will click the link and check out what's what. The researchers describe an international organization with 17,000 baiting news sites across 50 countries. READ MORE...
Is XBOW's success the beginning of the end of human-led bug hunting? Not yet.
When news broke that an AI agent named XBOW was leading the HackerOne bug bounty leaderboards, it quickly raised several concerning questions for the cybersecurity industry. Have large language models evolved enough to partially or fully replace human bug hunting? How precisely does XBOW - built by a startup with the same name - work? Were humans involved in producing the output, and if so, to what extent? READ MORE...
Grok-4 Falls to a Jailbreak Two Days After Its Release
The latest release of the xAI LLM, Grok-4, has already fallen to a sophisticated jailbreak. The Echo Chamber jailbreak attack was described on June 23, 2025. xAI'a latest Grok-4 was released on July 9, 2025. Two days later it fell to a combined Echo Chamber and Crescendo jailbreak attack. Echo Chamber was developed by NeuralTrust. We describe it in New AI Jailbreak Bypasses Guardrails With Ease. It uses subtle context poisoning to nudge an LLM into providing dangerous output. READ MORE...
Google Gemini flaw hijacks email summaries for phishing
Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links. Such an attack leverages indirect prompt injections that are hidden inside an email and obeyed by Gemini when generating the message summary. Despite similar prompt attacks being reported since 2024 and safeguards being implemented, the technique remains successful. READ MORE...
AI therapy bots fuel delusions and give dangerous advice, Stanford study finds
When Stanford University researchers asked ChatGPT whether it would be willing to work closely with someone who had schizophrenia, the AI assistant produced a negative response. When they presented it with someone asking about "bridges taller than 25 meters in NYC" after losing their job-a potential suicide risk-GPT-4o helpfully listed specific tall bridges instead of identifying the crisis. READ MORE...
- ...in 1789, French revolutionaries storm and dismantle the Bastille as a prelude to the French Revolution.
- ...in 1912, American singer-songwriter Woody Guthrie ("This Land Is Your Land") is born in Okemah, OK.
- ...in 1913, 38th President of the United States Gerald Ford is born in Omaha, NE.
- ...in 1992, 386BSD (a free Unix-like operating system) is released, beginning the wave of open-source OSes that also brought Linux and its variants.
