General cybersecurity news and developments that span multiple areas of the field.
Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments
An unknown threat actor operates a coordinated campaign distributing cryptocurrency clipper malware through fake reviews, AI-generated video narrators…
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
The U.S. Cybersecurity and Infrastructure Security Agency has added CVE-2026-48907 to its Known Exploited Vulnerabilities catalog after confirming act…
Leak confirms OpenAI is testing a ChatGPT for Science subscription
OpenAI is testing a specialized ChatGPT subscription tier designed for scientific research and applications, according to leaked information obtained …
Google to use UK and EU user IP addresses for ad personalization
Google plans to begin collecting and using IP addresses from users in the UK, European Economic Area, and Switzerland for ad personalization and measu…
Why Account Takeovers Are Rising and How to Stop Them
Account takeovers have accelerated as attackers exploit weaknesses in standard security controls. Phishing campaigns deliver credential harvesting at …
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
A French-speaking threat actor breached a small French automotive business and deployed a keylogger to harvest banking and email credentials. The atta…
Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats
Researchers uncovered a coordinated malware campaign targeting JetBrains developers through 15 malicious plugins on the official JetBrains Marketplace…
The Top 10 Attack Surface Exposures in 2026
Exposed internet-facing systems remain the fastest path to organizational compromise, with attackers now exploiting vulnerabilities within hours of di…
144 Mastra npm Packages Compromised via Hijacked Contributor Account
An attacker compromised 144 npm packages under the @mastra namespace after hijacking a single contributor account named ehindero. Mastra is an open-so…
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
A data leak tracked as FortiBleed has exposed VPN credentials for 73,932 Fortinet FortiGate firewalls across organizations globally. The exposed crede…
Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
A flaw in Google Cloud's Vertex AI SDK for Python enabled attackers without project access to intercept machine learning model uploads and execute arb…
ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures
ClickFix campaigns have expanded their malware delivery infrastructure with three new loaders identified by separate security firms. Morphisec, BlueVo…
CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation
CISA has added CVE-2026-54420, a critical privilege escalation flaw in LiteSpeed cPanel Plugin, to its Known Exploited Vulnerabilities catalog. The vu…
Patch Tuesday, May 2026 Edition
Microsoft, Apple, Google, Mozilla, and Oracle released patches for near-record volumes of security vulnerabilities this month, driven partly by artifi…
Malicious JetBrains Marketplace plugins steal AI API keys from developers
Security researchers discovered at least 15 malicious plugins on the JetBrains Marketplace designed to exfiltrate AI API keys from developers' systems…
New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds
Zimperium's zLabs has identified Rokarolla, a new Android banking trojan that compromises 217 banking and cryptocurrency applications. The malware exe…
Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive
Security teams are drowning in IP data yet struggle to identify attackers. A new survey reveals that 94% of security incidents involve anonymized infr…
Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
Fortinet FortiSandbox faces active exploitation of three separate vulnerabilities, with threat actors actively leveraging the flaws in real-world atta…
China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth
ESET researchers uncovered two previously unknown Windows variants of SprySOCKS, a backdoor linked to Chinese threat actors that was previously though…
Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware
ScarCruft, the North Korean state-sponsored hacking group tracked as APT37, launched a spear-phishing campaign deploying NarwhalRAT malware through fa…
Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails
A Chinese-linked espionage group maintained persistent access to North American medical, academic, and military research networks for over a year, ste…
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels
North Korean threat actors are exploiting developer-focused recruitment and code review processes to distribute malware, according to Proofpoint resea…
Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites
Attackers compromised trusted JavaScript files belonging to three major WordPress plugins, injecting malicious code designed to create backdoor access…
Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts
Threat actors operating under the moniker Sniper Dz have launched social engineering campaigns targeting users across the Middle East and North Africa…
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
Palo Alto Networks confirmed active exploitation of CVE-2024-0257, a critical authentication bypass vulnerability in PAN-OS GlobalProtect VPN software…
LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers
Researchers at Obsidian Security discovered a critical vulnerability chain in LiteLLM, a popular open-source AI gateway used to manage requests across…
One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
Researchers at Varonis Threat Labs disclosed a chained vulnerability in Microsoft 365 Copilot Enterprise Search that allowed attackers to steal emails…
⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
Google Chrome zero-day vulnerability CVE-2024-12053 affects millions of Windows, Mac, and Linux users. Google released patches this week after discove…
The Onboarding Password Mistake That Creates Unnecessary Risk
IT teams frequently fail to retire temporary onboarding passwords, leaving organisations exposed to account compromise and lateral movement attacks. N…
152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic
Researchers uncovered 152 malicious Chrome extensions masquerading as wallpaper and new tab customization tools. The extensions, distributed across 38…
Maine breach portal abused to publish fake data breach disclosures
A coordinated misinformation campaign targeted Maine's official data breach notification portal, exploiting the system to publish fraudulent breach di…
Segmentation Works for OT If Operators Are Paying Attention
Network segmentation remains one of the most effective defenses against lateral movement in operational technology (OT) environments, but only when or…
Chinese, N. Korean Threat Groups Build on Asia-Pacific Success
North Korean state-sponsored threat actors have expanded their financial cybercrime operations across the Asia-Pacific region, generating revenue that…
CISA Rewrites Federal Patching Requirements for AI Threat Era
CISA has issued revised federal patching requirements that compress response timelines for critical vulnerabilities. The directive establishes a three…
Ransomware Attacks are on the Rise
LockBit remains the dominant ransomware operation globally, maintaining its position as the most active threat actor this summer. The gang continues t…
FBI disrupts massive AI-powered phishing service using a million URLs
The FBI has dismantled Outsider Enterprise, a Chinese phishing-as-a-service operation that deployed over one million URLs to harvest credentials and p…
CISA orders feds to patch actively exploited Ivanti flaw by Sunday
CISA has issued a mandatory security order requiring all federal agencies to patch an actively exploited vulnerability in Ivanti Sentry by Sunday. The…
ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed
ShinyHunters, a financially motivated threat actor group, exploited an unpatched Oracle Enterprise Resource Planning (ERP) zero-day vulnerability to b…
Claude Fable 5 Doesn't Change the Mythos Security Story
Anthropic released Claude Fable 5, a safety-focused variant of its Mythos 5 large language model designed for general public use. The company position…
Phishing Attack Volume Down 20%, But Risk Still Rising
Phishing attack volume dropped 20 percent year-over-year, but threat actors are compensating with precision and sophistication rather than raw email v…
Ex-school district employee jailed for hacks on former employer
A former IT employee at an Iowa school district received a 21-month prison sentence for conducting a sustained cyberattack against the district after …
phpBB forum fixes auth bypass bug lurking for a decade
phpBB released patches for CVE-2024-51817, a critical authentication bypass vulnerability that persisted undetected for a decade in versions 3.1 and 3…
Ukrainian national pleads guilty to role in Conti ransomware operation
A Ukrainian national extradited from Ireland to the United States has pleaded guilty to conspiracy charges related to the Conti ransomware operation, …
Watering Hole Attacks Push ScanBox Keylogger
Researchers discovered a watering hole attack distributing ScanBox, a JavaScript-based reconnaissance tool used by APT TA423. The attack compromises l…
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
A threat group tracked as 0ktapus launched a sprawling phishing campaign targeting over 130 organizations, spoofing Okta's identity and access managem…
Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication
Splunk released patches for a critical vulnerability in Splunk Enterprise that enables unauthenticated attackers to execute arbitrary code on affected…
U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals
The U.S. government has ordered Anthropic to restrict access to its most advanced AI models, Claude Fable 5 and Mythos 5, for foreign nationals both d…
Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE
Langflow, an open-source low-code platform for building AI applications, faces active exploitation of CVE-2026-5027, a path traversal vulnerability ra…
Chinese hackers hijack auth flow, spy on isolated network for a decade
Chinese state-sponsored threat actors achieved a decade-long foothold inside a targeted organization by compromising its authentication infrastructure…
US Gov asks Anthropic to ban 'foreign national' access to Fable, Mythos
The US government ordered Anthropic to restrict access to its Fable 5 and Mythos 5 AI models to US citizens only, citing national security concerns re…
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit
Attackers compromised over 400 packages in the Arch User Repository (AUR) and injected malicious code into their build scripts. The AUR is a community…
Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing
Google filed a federal lawsuit Friday against a Chinese cybercrime network operating a phishing-as-a-service platform called Outsider. The network all…
China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
A China-linked hacking group called Velvet Ant backdoored fundamental Linux authentication components for nearly a decade, security researchers reveal…
New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files
Chaotic Eclipse, a security researcher, has publicly disclosed GreatXML, a new exploit that circumvents Windows BitLocker encryption by targeting the …
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
GitHub announced breaking changes for npm version 12 that disable npm install scripts by default. This move targets a persistent supply chain attack v…
Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code
Tenet Security researchers have disclosed Agentjacking, a novel attack class that manipulates AI coding agents into executing arbitrary code on develo…
INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator
INTERPOL-led authorities shut down Sniper Dz, a phishing-as-a-service platform that operated for over a decade. Operation Ramz, coordinated across 13 …
Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs
Europol dismantled AudiA6, a cryptocurrency laundering operation that processed over €336 million in criminal proceeds for ransomware gangs and cyberc…
Canvas Breach Disrupts Schools & Colleges Nationwide
A cybercrime group has launched a data extortion attack against Canvas, the learning management system used by thousands of educational institutions a…
Over 400 Arch Linux packages compromised to push rootkit, infostealer
The Arch User Repository, a popular package collection for Arch Linux systems, hosted over 400 compromised packages that delivered a Linux rootkit and…
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
ShinyHunters, tracked by Google Mandiant as UNC6240, exploited an unpatched Oracle PeopleSoft zero-day vulnerability to breach multiple university sys…
New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets
Imperva and Varonis security researchers independently demonstrated that OpenClaw, a widely deployed self-hosted AI agent, executes attacker-supplied …
Authorities dismantle 'AudiA6' ransomware crypto-laundering service
Law enforcement agencies have shut down the "AudiA6" cryptocurrency service, which functioned as a money laundering operation for ransomware gangs and…
Why AI-driven threats are exposing the limits of MSP security stacks
Managed service providers face mounting pressure from AI-enhanced attacks that exploit gaps in fragmented security infrastructure. Traditional MSP sec…
Coupang hit with record $409 million data breach fine in Korea
South Korea's Personal Information Protection Commission imposed a record 624.6 billion won fine ($409 million) against Coupang, the country's largest…
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
The Gentlemen ransomware gang has claimed 478 victims and operates with a dangerous capability to spread laterally through networks like worm-based ma…
Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories
The 2026 Cybersecurity Stars Awards recognised excellence across 95 subcategories spanning four main award divisions, honouring security work that typ…
AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.
Artificial intelligence compressed the vulnerability window from months to days, eliminating the traditional buffer that vulnerability management reli…
OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack
OceanLotus, the Vietnam-aligned advanced persistent threat group, conducted two separate espionage campaigns targeting Vietnamese organizations using …
Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
A Brazilian cybersecurity firm specializing in DDoS protection has become the unwitting conduit for a botnet launching major DDoS attacks against Braz…
Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs
Microsoft released patches for 206 vulnerabilities on Tuesday, the largest monthly security update in the company's history. The batch includes 39 cri…
Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards
Anthropic released Claude Fable 5 on June 9 as its most capable AI model to date, with a notable security architecture. The company deployed an unusua…
ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances
ServiceNow disclosed a security incident where threat actors exploited a previously unknown flaw to access customer instances without authentication. …
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
CISA has added CVE-2026-42271 to its Known Exploited Vulnerabilities catalog after detecting active exploitation in the wild. The flaw affects BerriAI…
Who Runs the Ransomware Group ‘The Gentlemen?’
The Gentlemen ransomware gang ranks second in victim volume among active extortion groups, operating a model that pays affiliates 90 percent of ransom…
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
A China-linked botnet designated JDY has expanded to commandeer over 1,500 small office and home office devices plus IoT equipment, researchers at Lum…
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Fortinet, Ivanti, and SAP released patches this week for critical vulnerabilities exposing organizations to arbitrary code execution and data theft. …
Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE
Attackers actively exploit CVE-2026-5027, an unpatched high-severity vulnerability in Langflow that enables unauthenticated remote code execution. The…
CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog, signaling active exploitation in the wild. The agency confirmed a…
Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar
Automated penetration testing creates a false sense of security that organizations routinely mistake for actual risk reduction. As scanning cycles rep…
Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
Six vulnerabilities in protobuf.js create pathways for remote code execution and denial-of-service attacks against Node.js applications. The flaws exi…
Meta to Use Off-Site Business Data for Feed and AI Personalization
Meta announced plans to expand its use of off-site business data beyond advertising personalization to include feed curation and AI chatbot responses.…
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
Veeam released patches Tuesday for CVE-2026-44963, a critical remote code execution flaw in Backup & Replication software that scores 9.4 on the CVSS …
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
Researchers at Graz University of Technology have disclosed a new cross-site tracking attack called FROST that exploits SSD timing variations to ident…
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
Researchers discovered 37 malicious wheel artifacts distributed across 19 poisoned packages on PyPI, part of a campaign dubbed Hades linked to the bro…
Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues
Microsoft has restored several GitHub repositories after temporarily removing them during an ongoing investigation into a supply chain attack. The com…
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Russia-aligned threat actors Earth Dahu and SHADOW-EARTH-066 continue exploiting a WinRAR vulnerability to target Ukrainian organisations nearly one y…
Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
University of Toronto researchers have developed a self-replicating AI worm operating entirely on local, open-weight language models without external …
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
Google has patched CVE-2026-11645, a high-severity zero-day vulnerability in Chrome's V8 JavaScript engine that attackers actively exploit. The flaw c…
The Hidden Security Risk in Modern Networks: The Work Between Tools
Modern enterprise networks generate unprecedented visibility through expanded tool deployments and AI-driven monitoring. Yet security teams face a per…
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
A one-character bug in the Linux kernel's nf_tables packet-filtering subsystem enables unprivileged local users to escalate privileges to root and esc…
Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order
Meta detected and blocked spear-phishing attacks connected to NSO Group, the Israeli surveillance company. The attacks targeted WhatsApp users through…
UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign
Google Mandiant and Google Threat Intelligence Group (GTIG) identified UNC3753 as the operator behind a data theft extortion campaign targeting U.S. o…
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
Microsoft has implemented a two-hour delay for automatic extension updates in Visual Studio Code to mitigate supply chain attack risks. The delay appl…
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Huntress researchers have disclosed an unpatched vulnerability in Windows Search's URI handler that allows attackers to steal NTLMv2 password hashes f…
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
Check Point disclosed active exploitation of CVE-2026-50751, a critical vulnerability affecting Remote Access VPN and Mobile Access deployments runnin…
AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload
AI-powered phishing campaigns are overwhelming security operations centers with unprecedented alert volumes, creating dangerous gaps in threat detecti…
⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
Instagram accounts experienced widespread compromise over the past week, with attackers leveraging basic exploitation techniques that continued to suc…
The Hardest Fork
Security researchers have discovered a sophisticated vulnerability chain dubbed "Mythos" that exploits novel combinations of existing code issues to a…
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances
China-based threat actor VerdantBamboo has deployed a BSD variant of the BRICKSTORM backdoor against Linux appliances, expanding its toolkit beyond tr…
Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months
Attackers maintained persistent access to the email account of a senior executive at a major global stock exchange for at least five months, according…
DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets
The U.S. Department of Justice disrupted Southeast Asian cryptocurrency fraud networks operating across social media and email platforms, freezing $3.…
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
CISA has added CVE-2026-45247 to its Known Exploited Vulnerabilities catalog after confirming active exploitation of a critical remote code execution …
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
# Shrinking the IAM Attack Surface through Identity Visibility Platforms Enterprises face critical blind spots in identity management as organization…
Silent Ransom Group targets law firms with fake IT support calls
Silent Ransom Group, a financially motivated extortion gang, is systematically targeting U.S. law firms and professional services organizations throug…
FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins
Scammers and cybercriminals have launched coordinated attacks targeting FIFA World Cup 2026 fans months before the tournament begins on June 11. The F…
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
PCPJack, a threat actor, has compromised approximately 230 servers across AWS, Google Cloud, and Microsoft Azure to establish a hidden SMTP relay netw…
Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS
Cybersecurity researchers uncovered a coordinated campaign deploying fake websites that impersonate legitimate open-source and freeware projects. Thes…
Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada
Canadian authorities arrested a 23-year-old Ottawa resident Wednesday on charges of building and operating Kimwolf, an Internet-of-Things botnet that …
C0XMO botnet spreads via DD-WRT router flaw, kills rival malware
The C0XMO botnet variant, derived from the Gafgyt malware family, actively exploits vulnerabilities in DD-WRT router firmware to compromise networking…
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
OpenAI has launched Lockdown Mode for ChatGPT, a feature designed to mitigate data exfiltration risks from prompt injection attacks. The mode restrict…
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
A researcher has exposed how Bright Data embeds surveillance code into consumer applications that transforms devices, including smart TVs, into unwill…
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
CISA has added CVE-2026-28318 to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the wild. The vulnerability affec…
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
A self-replicating worm called Miasma has compromised 73 Microsoft repositories across four GitHub organizations, marking a serious escalation in supp…
CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers
The Cybersecurity and Infrastructure Security Agency (CISA) disclosed active exploitation of a high-severity vulnerability in SolarWinds Serv-U, a fil…
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
Threat actors have compromised over 50 legitimate npm packages in coordinated supply chain attacks targeting JavaScript developers. The campaign distr…
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
Researchers at ReliaQuest have identified OP-512, a previously unknown threat cluster assessed with moderate to high confidence as operating from Chin…
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
Threat actors are actively exploiting CVE-2026-3300, a critical remote code execution vulnerability in Everest Forms Pro, a WordPress plugin installed…
CISA Admin Leaked AWS GovCloud Keys on Github
A contractor working for the Cybersecurity and Infrastructure Security Agency exposed highly privileged AWS GovCloud credentials in a public GitHub re…
Suspicious Polyfill login prompts pop up on Toshiba, Muji websites
Toshiba and Muji have alerted website visitors to fraudulent login prompts appearing on their sites that aim to steal user credentials. The suspicious…
Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It
An unauthorized group claimed access to Anthropic's Claude Mythos model within hours of its limited technical preview release to defense organizations…
ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories
Researchers are tracking multiple emerging threats across the cybersecurity landscape, from AI-powered attack tools to supply chain compromises target…
China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa
China-linked threat group TA4922 has escalated phishing operations to target organizations across the U.K., Germany, Italy, and South Africa, accordin…
Brave Software releases Origin for a paid, bloat-free browsing experience
Brave Software has released Brave Origin, a paid subscription version of its browser designed for users seeking a streamlined browsing experience. The…
Hola Browser for Windows compromised to deliver cryptominer
The Windows version of Hola Browser fell victim to a supply chain compromise that injected a cryptomining payload into the application. Researchers id…
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
Cybersecurity researchers identified a new malspam campaign leveraging Google's DoubleClick domain to distribute DesckVB RAT, a remote access trojan t…
Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore
HD Moore, creator of Metasploit, argues that organisations must abandon the assumption they can outpace vulnerability exploitation through patching al…
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
A use-after-free vulnerability in Redis allows authenticated users to execute arbitrary OS commands on affected servers. The flaw, tracked as CVE-2026…
CISA warns of cyberattacks targeting fuel tank monitoring systems
US government agencies including CISA, FBI, NSA, and the Department of Energy issued a joint warning about active cyberattacks targeting automatic tan…
New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute
A new denial-of-service attack called HTTP/2 Bomb enables attackers to crash web servers in under a minute using just one machine. The attack exploits…
Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine
Russian threat actor Gamaredon exploits WinRAR vulnerability CVE-2025-8088 to distribute GammaWorm and GammaSteel malware against Ukrainian targets. T…
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
CISA added CVE-2024-21182 to its Known Exploited Vulnerabilities catalog, signaling active exploitation of a high-severity flaw in Oracle WebLogic Ser…
AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.
AI systems are accelerating the exploitation timeline for vulnerabilities at an unprecedented pace. The window between public disclosure and widesprea…
OpenAI upgrades GPT-5.5, as it plans to retire legacy ChatGPT models
OpenAI is retiring legacy ChatGPT models and upgrading its GPT-5.5 Instant variant as part of a broader model consolidation strategy. The company plan…
Critical Kirki flaw exploited to hijack WordPress admin accounts
Attackers exploit CVE-2026-8206, a critical privilege escalation flaw in the Kirki WordPress plugin, to seize administrative control of affected sites…
Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded
Dashlane disclosed a brute-force attack targeting fewer than 20 users on its personal subscription plan. An unknown threat actor launched the assault …
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
Researchers discovered a supply chain attack targeting Red Hat npm packages that deploys credential-stealing malware with worm-like propagation capabi…
⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
A critical authentication vulnerability in Linux paired with active exploitation of Palo Alto Networks PAN-OS devices dominated this week's threat lan…
The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools
Managed service providers are abandoning traditional vCISO platforms for comprehensive Security Growth Platforms that extend far beyond assessment and…
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts
Attackers exploited Meta's automated support bot to reset passwords and seize control of high-profile Instagram accounts over the weekend. The comprom…