Linux Kernel Ptrace Flaw Lets Attackers Capture SSH Keys and Password Hashes
A race condition in the Linux kernel's ptrace logic allows local attackers to steal open file descriptors from privileged processes during shutdown.
The Latest
New Global Awards Program Seeks to Honor Unsung Cybersecurity Work
The Cybersecurity Stars Awards 2026 will recognize organizations and individuals making meaningful contributions to security innovation, execution, and real-world impact.
Claw Chain Attack Exploits OpenClaw Flaws for Data Theft and Persistence
Cyera researchers discovered four OpenClaw vulnerabilities that form an attack chain allowing data theft, privilege escalation, and persistent backdoor access.
JavaScript IPC Library Node ipc Used in Fresh Supply Chain Attack
Three newly published versions of the node-ipc npm package contain obfuscated malware that steals cloud credentials and exfiltrates data through…
Vercel Patches Dozen Flaws in Next.js and React Server Components
Vercel's security update for Next.js and React Server Components addresses over a dozen vulnerabilities, including denial of service, middleware bypass,…
PHP Image Functions Expose Servers to Memory Leaks via Crafted JPEGs
Attackers can leak heap memory or crash PHP servers by uploading specially crafted JPEG images to web applications that parse…
JDownloader Pirated by Attackers Who Poisoned Software Installers
A compromised CMS flaw allowed attackers to replace JDownloader installers with a Python based RAT targeting Windows and Linux users.
Android 16 Flaw Allows Apps to Leak IP Address Through VPN Protections
The Tiny UDP Cannon vulnerability in Android 16 lets apps with basic permissions leak traffic past the VPN by exploiting…
45 Day Assessment Reveals Hidden Risks in Trusted IT Tools
A 45 day assessment of internal tools reveals that trusted utilities like PowerShell and WMIC are used in 84% of…
Unsafe Class Loading in Amazon Redshift JDBC Driver Opens Door to Remote Code Execution
Attackers can exploit unsafe class loading in the Redshift JDBC driver by supplying a crafted database URL, leading to full…
TeamPCP Supply Chain Poisoning Targets TanStack npm Hits OpenAI Employee Devices
TeamPCP's TanStack npm supply chain attack compromised two OpenAI employee workstations, prompting certificate rotation and urgent macOS app update requirements.
Trusted Tool Turned Threat: HPE Agent Used in Stealth Attack Campaign
Attackers exploited a legitimate HPE monitoring tool for over 100 days, pushing malicious scripts through a trusted management channel without…
Stealthy OrBit Rootkit Steals Linux Login Credentials for Years
The OrBit rootkit, based on the open source Medusa project, has evaded detection for years by hooking over forty system…
Device Code Phishing Campaigns Exploit Microsoft Authentication Flow
Cybercriminals are using Microsoft's OAuth device authorization flow to steal authentication tokens through phishing campaigns that bypass traditional security tools.
Spotlight
Gunra Ransomware Matures Into Full Service Model With Global Reach
Gunra ransomware has grown from a regional threat into a global RaaS operation with 32 confirmed victims and no restrictions on affiliate targeting.
Critical cPanel Flaws Expose Hosting Servers to Remote Takeover
Administrators must urgently patch newly disclosed cPanel flaws that grant unauthenticated access to sensitive system resources across shared hosting environments.
OpenAI Employee Systems Breached Through TanStack Supply Chain Attack
OpenAI disclosed a supply chain breach affecting two employee devices via the TanStack attack, requiring macOS users to update ChatGPT Desktop and other apps before certificate revocation in June.
Massive Scan Reveals Deep Security Failures in Self-Hosted AI Infrastructure
A scan of a million self-hosted AI services found widespread misconfiguration, with many systems exposed without any authentication, leaving sensitive data and powerful models open to abuse.
Features
Malicious Updates to Node IPC Library Steal Developer Cloud Credentials
Three newly published versions of the Node IPC npm package contain a stealthy backdoor that exfiltrates developer credentials across 90…
Cisco SD-WAN Auth Bypass Under Active Attack as CISA Sets Remediation Deadline
CISA mandates federal agencies patch a critical Cisco SD WAN authentication bypass by May 17 as threat actors exploit the…
Self Hosted Next.js Apps at Risk as SSRF Flaw Exposes Internal Networks
Attackers can exploit a Server-Side Request Forgery flaw in self-hosted Next.js to bypass firewalls and steal IAM credentials and API…
TencShell Malware Framework Uses Tencent Style Traffic to Evade Detection
The TencShell framework repurposes open source Rshell code and uses Tencent style API traffic to hide its command and control…
Active Exploitation Reported for Microsoft Exchange Server Spoofing Flaw
Microsoft warns that attackers are exploiting a critical cross site scripting flaw in Exchange Server's Outlook Web Access to perform…
Secret Blizzard Upgrades Kazuar Into Modular Espionage Botnet
The malware has evolved from a standard backdoor into a modular ecosystem targeting government and diplomatic organizations across Europe and…