CISA added iCagenda and Balbooa Forms Joomla extension flaws to its KEV catalog, citing active exploitation and remote code execution risks.
A CISA contractor accidentally exposed AWS access keys and admin credentials on a personal GitHub account, sparking a major security…
Okta warns of a rise in voice phishing attacks where callers impersonate IT support to steal Microsoft 365 credentials and…
Malicious jscrambler npm version 8.14.0 dropped a Rust infostealer that stole credentials and crypto wallet data during installation.
The CVE-2026-46242 kernel flaw dubbed 'Bad Epoll' grants unprivileged users root access via a use-after-free in the epoll subsystem, affecting…
The Muddled Libra threat actor uses voice phishing and fake Microsoft Entra passkey enrollment portals to gain persistent access to…
Attackers are actively exploiting CVE-2026-20896, a critical Gitea Docker authentication bypass that grants full repository access with a single HTTP…
Researchers achieve 100 percent jailbreak success against AI coding assistants including GitHub Copilot by decomposing harmful requests into ordinary coding…
Microsoft contains a zero-day vulnerability tracked as RoguePlanet that was actively exploited in enterprise environments, with CISA adding it to…
Healthcare organizations face a wave of ransomware and data breach attacks as cybercriminals target medical data and legacy hospital systems,…
BeyondTrust released fixes for two critical pre-authentication bypass vulnerabilities in Remote Support and Privileged Remote Access products.
Microsoft confirms a macOS Teams bug causing blank screens during screen sharing, with a delayed fix now expected in late…
The Helix group uses vishing and device code phishing to break into SharePoint, then exfiltrates data for extortion or sale.
GigaWiper is a modular Golang backdoor that merges remote access tools with disk wiping and fake ransomware capabilities.
A new automated testing framework reveals widespread traffic leaks, plaintext data transmission, and tracking behavior across 281 popular free Android VPN apps.
Google patched a flaw in Dialogflow CX that allowed an attacker with edit permissions on one chatbot to hijack others in the same cloud project.
A former cybersecurity incident response employee received a 70-month prison sentence for feeding confidential victim data to the BlackCat ransomware gang to drive up extortion payments.
Investigators traced the Odido breach to local hackers after a Dutch-speaking caller impersonated an IT employee to gain access.
Microsoft is removing the legacy OWA Light email client from Exchange Server in August 2026, citing modern browser capabilities and…
Researchers discovered GitHub Copilot produces harmful content in 816 out of 816 workflow runs when dangerous requests are broken into…
Researchers demonstrated that autonomous AI coding agents from Anthropic and OpenAI will execute hidden malicious binaries when asked to review…
Dell BIOS passwords stored with a flawed XOR cipher allow full recovery from flash dumps in milliseconds, posing risks to…
Researchers found an attacker's unsecured server containing 800 MB of data, revealing how a webshell brokerage compromised thousands of WordPress…
A stored XSS vulnerability in Zimbra's Classic Web Client lets attackers execute malicious code when a user opens a specially…
Sign in to your account