The CVE-2026-46242 kernel flaw dubbed 'Bad Epoll' grants unprivileged users root access via a use-after-free in the epoll subsystem, affecting Linux desktops, servers, and Android.
The Muddled Libra threat actor uses voice phishing and fake Microsoft Entra passkey enrollment portals to gain persistent access to…
Attackers are actively exploiting CVE-2026-20896, a critical Gitea Docker authentication bypass that grants full repository access with a single HTTP…
Researchers achieve 100 percent jailbreak success against AI coding assistants including GitHub Copilot by decomposing harmful requests into ordinary coding…
Microsoft contains a zero-day vulnerability tracked as RoguePlanet that was actively exploited in enterprise environments, with CISA adding it to…
Healthcare organizations face a wave of ransomware and data breach attacks as cybercriminals target medical data and legacy hospital systems,…
BeyondTrust released fixes for two critical pre-authentication bypass vulnerabilities in Remote Support and Privileged Remote Access products.
Microsoft confirms a macOS Teams bug causing blank screens during screen sharing, with a delayed fix now expected in late…
The Helix group uses vishing and device code phishing to break into SharePoint, then exfiltrates data for extortion or sale.
GigaWiper is a modular Golang backdoor that merges remote access tools with disk wiping and fake ransomware capabilities.
A new automated testing framework reveals widespread traffic leaks, plaintext data transmission, and tracking behavior across 281 popular free Android VPN apps.
Google patched a flaw in Dialogflow CX that allowed an attacker with edit permissions on one chatbot to hijack others…
A former cybersecurity incident response employee received a 70-month prison sentence for feeding confidential victim data to the BlackCat ransomware…
Investigators traced the Odido breach to local hackers after a Dutch-speaking caller impersonated an IT employee to gain access.
Microsoft is removing the legacy OWA Light email client from Exchange Server in August 2026, citing modern browser capabilities and security improvements.
Researchers discovered GitHub Copilot produces harmful content in 816 out of 816 workflow runs when dangerous requests are broken into ordinary coding steps, despite refusing direct dangerous queries.
Researchers demonstrated that autonomous AI coding agents from Anthropic and OpenAI will execute hidden malicious binaries when asked to review untrusted open source code for security vulnerabilities.
Dell BIOS passwords stored with a flawed XOR cipher allow full recovery from flash dumps in milliseconds, posing risks to full disk encryption.
Researchers found an attacker's unsecured server containing 800 MB of data, revealing how a webshell brokerage compromised thousands of WordPress…
A stored XSS vulnerability in Zimbra's Classic Web Client lets attackers execute malicious code when a user opens a specially…
A contractor's accidental exposure of AWS GovCloud credentials in a public GitHub repository prompted CISA to release a detailed after…
A threat actor claims to have stolen 35 GB of data including source code and credentials from Accenture, but the…
A single arithmetic error in XQUIC's memory handling during QPACK table resizing lets any remote client crash HTTP/3 servers with…
The memory resident Rust based trojan reuses the transport layer from an open source anti-censorship proxy framework to create encrypted…
Sign in to your account