Security Advisories
Disclosure bulletins
Dated advisories from research and client engagements — severity, affected products, technical root cause, and remediation guidance, published under coordinated disclosure.
New ClickLock macOS Stealer Kills Apps and Exfiltrates Passwords
A new macOS malware, "ClickLock," actively terminates applications every 210 milliseconds to force users into re-typing passwords, which it then steals.
Malicious Vite npm Packages Deliver RAT via Blockchain C2 in Software Supply Chain Attack
A new campaign, "ViteVenom," injects seven malicious npm packages into the Vite ecosystem, utilizing a four-tier blockchain C2 to deploy a RAT.
OpenSSL HollowByte Vulnerability Disclosed, Posing Denial-of-Service Risk
Okta's Red Team disclosed "HollowByte," an OpenSSL denial-of-service vulnerability that can freeze server memory with minimal traffic.
CISA Warns of Actively Exploited SonicWall SMA1000 Zero-Days
Two critical remote access vulnerabilities (CVE-2026-15409, CVE-2026-15410) in SonicWall SMA1000 appliances are being actively exploited.
Morris Communications Company Discloses Data Breach Affecting Sensitive Information
Questo, parent company of Morris Communications, announced a data breach affecting personal and financial data, with notifications sent July 17, 2026.
Inter-Con Security Systems Suffers Ransomware Attack and Data Breach by ShinyHunters
Inter-Con Security Systems Inc., a multinational private security company, disclosed a June 2026 data breach resulting from a ransomware attack, with…
HMC Fresh Foods Discloses Data Breach Exposing Sensitive Information
HMC Fresh Foods LLC, a grape processing company, has disclosed a data breach that occurred on June 5, 2026, potentially exposing personal information of…
GodDamn Ransomware Leverages BYOVD to Disable EDR
A new ransomware campaign, "GodDamn Ransomware," is utilizing a Bring-Your-Own-Vulnerable-Driver (BYOVD) technique with a Microsoft-signed kernel driver to…
Ingram Content Group Suffers Data Breach, ShinyHunters Claims SSNs Exposed
Book distribution giant Ingram Content Group has been hit by a data breach, with the ShinyHunters extortion group claiming to have exfiltrated highly…
Ernst & Young Reports Data Breach via Third-Party Platform
Professional services firm Ernst & Young has disclosed a data breach originating from unauthorized access to a third-party platform, potentially exposing…
Abbott Laboratories Investigates Two Separate Cyber Incidents
Healthcare giant Abbott Laboratories is investigating two distinct cyber incidents affecting its legacy Exact Sciences systems and its LabCentral customer…
Critical RCE and SQLi Vulnerabilities Patched in WordPress Core
Two critical vulnerabilities, an unauthenticated SQL injection and an unauthenticated remote code execution flaw, have been patched in WordPress Core versions…
GoldDigger Android Banking Trojan Poses Evolving Mobile Threat
The GoldDigger Android Banking Trojan is highlighted as an evolving threat, capable of credential compromise and data exposure through mobile ecosystems.
Aura Identity Protection Discloses Data Breach via Voice Phishing
An employee account at Aura, an identity protection company, was compromised via voice phishing, exposing 900,000 marketing records.
Actively Exploited Zero-Days in Microsoft SharePoint and AD FS Demand Immediate Patching
Microsoft has addressed two actively exploited zero-day vulnerabilities in SharePoint Server and Active Directory Federation Services.
BL4CK SP1D3R Ransomware Discovered, Employing Double-Extortion Tactics
A newly identified ransomware, BL4CK SP1D3R, has been found using encryption and double-extortion tactics, targeting Windows systems.
Critical Authentication Bypass in Oracle E-Business Suite Added to CISA KEV
CISA added a critical Oracle E-Business Suite vulnerability (CVE-2026-46817) allowing unauthenticated remote takeover to its KEV catalog due to active…
Nichirei Corp. Suffers Cyberattack, Disrupting Food and Cold Chain Operations
Japanese food and logistics giant Nichirei Corp. confirmed a cyberattack causing system failures and operational disruptions across its group.
Locus Technologies Discloses Data Breach Exposing Social Security Numbers
Environmental software company Locus Technologies has disclosed a data breach resulting in the exposure of Social Security Numbers for an undisclosed number…
Fairlife Halts US Production Following Cyberattack on Operational Systems
Dairy company Fairlife, owned by Coca-Cola, has temporarily suspended U.S. production operations after unauthorized access to its production-related systems.
Romania's National Land Registry Hit by Cyberattack, Data Theft Claimed
A cyberattack has severely disrupted Romania's National Agency for Cadastre and Land Registration (ANCPI), with threat actors claiming data exfiltration and…
Malicious Code Injected into Popular AsyncAPI npm Packages via GitHub Actions Exploit
Attackers leveraged a GitHub Actions workflow to inject credential-stealing malware into AsyncAPI npm packages with millions of weekly downloads.
Files Related to India's Largest Nuclear Plant Exposed in Data Breach
Ransomware group World Leaks has published a significant cache of files linked to India's Kudankulam Nuclear Power Plant, originating from Reliance Group.
Critical Fortinet FortiSandbox OS Command Injection Under Active Exploitation…
An unauthenticated OS command injection vulnerability in Fortinet FortiSandbox (CVE-2026-39808) poses critical risk, allowing unauthorized code execution via…
Critical OS Command Injection in FortiSandbox: Immediate Action Required
A critical unauthenticated OS command injection vulnerability (CVE-2026-25089) in Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS allows…
Critical SharePoint RCE (CVE-2026-58644) Actively Exploited – Immediate Action Required
A critical deserialization vulnerability (CVE-2026-58644) in Microsoft SharePoint Server is under active exploitation, enabling unauthenticated remote code…
PhantomEnigma Campaign Hijacks Brazilian Government Websites for Malware Delivery
A new campaign, "PhantomEnigma," has compromised over 20 Brazilian government websites, turning them into malware delivery channels.
New Spirals Ransomware Encrypts Victim Networks in Under 24 Hours
A new ransomware variant, "Spirals," is capable of encrypting victim networks rapidly, often within 24 hours of infiltration.
Microsoft Hyper-V Privilege Escalation Vulnerability (CVE-2026-54129) Disclosed
A local privilege escalation vulnerability (CVE-2026-54129) in Microsoft Hyper-V's netvsc.sys driver allows guest VM compromise.
Critical SAP NetWeaver ABAP Flaw (CVE-2026-44747) Poses High Risk to Enterprises
SAP has patched CVE-2026-44747, a critical 9.9 CVSS vulnerability in NetWeaver ABAP allowing data exposure or modification.
Australian Healthcare Provider Partnered Health Suffers Major Data Breach
Partnered Health, an Australian healthcare provider, experienced a data breach exposing medical records of patients.
Critical Zoom for Windows Vulnerability Allows Unauthenticated Account Takeover
A critical vulnerability in Zoom Workplace for Windows (CVE-2026-53412) enables unauthenticated attackers to hijack accounts.
Critical Authentication Bypass Vulnerability Patched in VMware Avi Load Balancer
A critical authentication bypass vulnerability (CVE-2026-47865) affecting VMware Avi Load Balancer allows unauthenticated network access to the control plane.
Easypak Discloses Data Breach Exposing Social Security Numbers and Medical Records
Packaging manufacturer Easypak confirmed a data breach, with the Akira ransomware group claiming responsibility for stealing 67GB of corporate and personal…
Nightmare Eclipse Drops Unpatched 'LegacyHive' Windows Privilege Escalation Zero-Day
A new Windows zero-day vulnerability, dubbed 'LegacyHive,' has been publicly disclosed, enabling local privilege escalation on patched systems.
CISA Adds Two New Actively Exploited Vulnerabilities to KEV Catalog
CISA has added CVE-2023-4346 affecting KNX Association and CVE-2026-46817 affecting Oracle E-Business Suite to its Known Exploited Vulnerabilities Catalog.
Google Chrome Addresses Multiple Vulnerabilities, Including RCE and DoS
Google has released an urgent update for Chrome, version 150.0.7871.124/.125, patching numerous vulnerabilities including remote code execution and…
Critical Remote Code Execution Vulnerability in ServiceNow AI Platform Patched
A critical remote code execution flaw in the ServiceNow AI platform, CVE-2026-6875, has been patched, allowing unauthenticated attackers to execute arbitrary…
Advisory: Critical KNX Protocol Lockout Vulnerability (CVE-2023-4346)
An overly restrictive account lockout mechanism in KNX Protocol Connection Authorization Option 1 allows attackers to purge devices and lock them.
BeyondTrust Patches Two Critical Authentication Bypass Vulnerabilities
BeyondTrust has released patches for two critical authentication bypass vulnerabilities found in its Remote Support and Privileged Remote Access products,…
Critical Vulnerability in Zimbra Email Service Allows Malicious Code Execution
A critical security flaw in Zimbra's Classic Web Client allows specially crafted emails to execute malicious code within a user's session, potentially…
Deutsche Bank Confirms Cyber Incident Following Ransomware Group's Claims
Deutsche Bank confirmed a cybersecurity incident involving a third-party service provider after the Unsafe ransomware group claimed to have breached the…
CISA Adds Four Actively Exploited Vulnerabilities, Including SonicWall and Microsoft…
CISA has added four new vulnerabilities, two affecting SonicWall SMA1000 appliances and two impacting Microsoft Active Directory Federation Services and…
Global IT Outage Disrupts Banks and Flights Following Zero-Day Cyberattack
A coordinated global IT outage, suspected to be a zero-day cyberattack, has paralyzed critical infrastructure worldwide, affecting major financial…
China-Linked APT Group Exploits Roundcube Flaws in Cyberespionage Campaign
Proofpoint warns of UNK_MassTraction, a China-linked threat actor, actively exploiting multiple vulnerabilities in Roundcube email servers for cyberespionage…
Microsoft July 2026 Patch Tuesday Addresses Critical Zero-Days and Information Leaks
Microsoft's latest Patch Tuesday delivers crucial security updates, including fixes for the actively exploited "RoguePlanet" flaw and a Windows Cryptographic…
Advisory: Critical Code Injection in SonicWall SMA1000 Appliances
A code injection vulnerability (CVE-2026-15410) in SonicWall SMA1000 appliances could allow remote authenticated administrators to execute OS commands.
Critical SonicWall SMA1000 SSRF Demands Immediate Action
A critical server-side request forgery vulnerability (CVE-2026-15409) in SonicWall SMA1000 Appliances requires immediate mitigation to prevent potential…
Urgent Advisory: SharePoint Zero-Day Under Active Exploitation - CVE-2026-56164
An actively exploited missing authentication vulnerability (CVE-2026-56164) in Microsoft SharePoint Server allows unauthenticated privilege elevation,…
Urgent: Actively Exploited Microsoft ADFS Privilege Elevation Vulnerability…
An actively exploited zero-day privilege elevation vulnerability in Microsoft Active Directory Federation Services (CVE-2026-56155) demands immediate patching…
Critical Backdoor (CVE-2026-11405) Found in Multiple Tenda Router Models
An undocumented authentication backdoor (CVE-2026-11405) has been discovered in several Tenda router models, granting unauthorized administrative access.
DHS Homeland Security Network Intrusion Dismissed Twice Before Confirmation
The U.S. Department of Homeland Security's Homeland Security Information Network (HSIN) was breached after personnel twice dismissed signs of intruders as…
Nihon Kotsu Suffers Major Cyberattack, Disrupting Japan's Largest Taxi Operations
Japan's largest taxi and chauffeur operator, Nihon Kotsu, experienced a significant malware infection, leading to a shutdown of critical IT systems.
JadePuffer: Autonomous LLM-Driven Ransomware Operation Exploits Langflow CVE
Researchers have profiled JadePuffer, an autonomous ransomware operation leveraging Large Language Models to conduct intrusions and exploit CVE-2025-3248 in…
U.S. Treasury Sanctions 1VPNS and Individuals for Enabling Ransomware Attacks
The U.S. Treasury Department has sanctioned 1VPNS and two individuals for providing infrastructure and tools that enable ransomware operations against…
New OAuth Client ID Spoofing Technique Exploited to Target Microsoft Entra User Data
Threat actors are employing a novel OAuth client ID spoofing technique to collect Microsoft Entra user data without triggering typical security alerts.
CISA Adds Actively Exploited Cisco IOS CSRF Vulnerability to KEV Catalog
CISA has added an old Cisco IOS Cross-Site Request Forgery vulnerability (CVE-2008-4128) to its KEV catalog due to active exploitation.
Inter-Con Security Systems Under Investigation Following ShinyHunters Data Breach Claim
Inter-Con Security Systems, a multinational private security company, is under investigation following claims by ShinyHunters of breaching 2.7 million records.
Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft
A new phishing-as-a-service (PhaaS) operation, Forg365, is actively targeting Microsoft 365 tenants with device code phishing and adversary-in-the-middle…
NSA and Partners Warn of Russian State-Sponsored Router Targeting
NSA, CISA, and international partners issued a joint advisory detailing ongoing Russian FSB exploitation of poorly configured routers targeting critical…
Lidl Online Shop Customers Affected by Third-Party Data Breach
Lidl has informed online shop customers in Germany, Belgium, and the Netherlands of a data breach at an external IT service provider.
Injective Labs Suffers Supply Chain Attack Via Malicious npm Packages
Blockchain software developer Injective Labs experienced a supply chain compromise involving malicious npm packages that exfiltrated crypto wallet keys.
Moody Bible Institute Breach Exposes 2.3 Million Records via ShinyHunters
Moody Bible Institute has disclosed a data breach affecting over 2.3 million individuals, with the ShinyHunters group publishing stolen data.
Advisory: Critical Cisco IOS CSRF Vulnerability (CVE-2008-4128) Actively Exploited
CISA warns of active exploitation of CVE-2008-4128, a critical Cross-Site Request Forgery vulnerability in Cisco IOS 12.4, by state-sponsored actors.
Irish Consultancy eclective.ie Hit by m3rx Ransomware Group
Irish organization eclective.ie has fallen victim to a ransomware attack by the m3rx group, underscoring ongoing ransomware threats.
CSA Warns of Critical Integer Overflow Vulnerability in Windows File System Proxy (WinFsp)
A critical integer overflow vulnerability (CVE-2026-7162) in WinFsp, an open-source Windows file system software, allows attackers to achieve system-level…
Latvijas Valsts Meži Suffers Ransomware Attack, 44GB Data Leaked
Latvia's state-owned forestry company, Latvijas Valsts Meži, was hit by a ransomware attack that disrupted systems and led to the leakage of 44GB of internal…
Centers Laboratory Discloses Breach Affecting Over 540,000 Individuals
Healthcare diagnostics provider Centers Laboratory disclosed a data breach exposing personal and medical information of over 540,000 individuals.
CISA Adds Actively Exploited Joomla iCagenda and Balbooa Forms RCEs to KEV Catalog
Critical remote code execution vulnerabilities in Joomla's iCagenda and Balbooa Forms extensions are being actively exploited in the wild.
EU Condemns Russia's State-Sponsored Cyber Activities, Exposes FSB's Role
The European Union and its member states have denounced Russia's malicious cyber ecosystem, identifying the FSB's 16th Centre as controlling groups like TURLA.
Aflac Japan Subsidiary Breach Exposes 4.38 Million Customer Records
Insurance giant Aflac disclosed a breach affecting its Japan subsidiary, exposing personal and bank account data for approximately 4.38 million customers.
ShinyHunters Leverages Oracle PeopleSoft Flaw, Breaches 100+ Orgs
The ShinyHunters group exploited an Oracle PeopleSoft vulnerability to breach over 100 organizations, including Nissan, exfiltrating sensitive employee data.
CISA Adds Actively Exploited SharePoint RCE (CVE-2026-45659) to KEV Catalog
CISA has added a high-severity remote code execution vulnerability in Microsoft SharePoint Server to its KEV catalog due to active exploitation.
Critical Citrix NetScaler Flaw CVE-2026-8451 Actively Exploited
A critical memory overread vulnerability in Citrix NetScaler ADC and Gateway appliances, similar to CitrixBleed, is being actively exploited.
Critical Unauthenticated SQL Injection Vulnerability Found in Jinher OA
Jinher OA version 1.0 contains an unauthenticated SQL injection vulnerability (CVE-2026-15517) allowing remote arbitrary SQL command execution.
Accenture Faces Data Breach: 35GB of Source Code Allegedly Stolen
A threat actor claims to have breached Accenture, exfiltrating over 35GB of source codes.
Eureka Construction INC Hit by Titan Ransomware Group
US-based Eureka Construction INC suffers a ransomware attack by the Titan group, leading to a data breach.
Allied Plumbing & Heating Hit by Qilin Ransomware Group
Allied Plumbing & Heating, a New Hampshire-based organization, has fallen victim to a ransomware attack orchestrated by the Qilin group.
CISA Adds Langflow Authorization Bypass (CVE-2026-55255) to KEV Catalog
CISA has added an actively exploited Langflow Authorization Bypass vulnerability, CVE-2026-55255, to its Known Exploited Vulnerabilities Catalog.
Critical Adobe ColdFusion Vulnerability (CVE-2026-48282) Actively Exploited In The Wild
A critical vulnerability, CVE-2026-48282, in Adobe ColdFusion is being actively exploited in attacks, allowing remote code execution.
JadePuffer Identified as First Agentic Ransomware Driven by Large Language Model
The Sysdig Threat Research Team has uncovered JadePuffer, the first documented instance of agentic ransomware, fully automating attacks using an LLM.
Rockstar Games Suffers Data Breach Affecting Corporate Assets via Third-Party
Rockstar Games confirmed a data breach affecting corporate assets, with ShinyHunters claiming responsibility and seeking a ransom.
DarkSword iOS Spyware Actively Deployed Against Hundreds of Millions of Devices
A sophisticated iOS spyware named DarkSword has been found in active deployment, targeting hundreds of millions of iOS devices globally.
Eleveo Call Recording Software Vulnerabilities Allow Improper Authorization
Multiple improper authorization vulnerabilities (CVE-2026-15474, CVE-2026-15472) in Eleveo Call Recording Software 9.7.0 allow remote attacks.
Zimbra Collaboration Suite Patches Stored XSS Vulnerability
Zimbra has released a patch for its Collaboration Suite (ZCS) 10.1.19 to address a stored cross-site scripting (XSS) vulnerability in the Classic Web Client.
OpenClaw AI Assistant Vulnerabilities Enable Remote Code Execution via WhatsApp
Multiple high-severity flaws in the OpenClaw AI coding assistant allow remote code execution through specially crafted WhatsApp messages.
Conduent Data Breach Exposes Health and Personal Information of Millions
A significant data breach at Conduent has exposed the personal health information of over 25 million individuals in Texas and Oregon.
Dell BIOS Flaw (CVE-2026-40639) Exposes Admin Passwords
A critical vulnerability in Dell BIOS allows attackers to recover administrator and user passwords from SPI flash in milliseconds due to a broken encryption…
Exposed Hacker Server Reveals WP SHELLSTORM Backdooring Thousands of WordPress Sites
An exposed cybercrime server linked to WP SHELLSTORM has revealed the compromise of thousands of WordPress sites through outdated plugins and injected…
Malicious JScrambler npm Package Release Drops Rust Infostealer During Install
Version 8.14.0 of the JScrambler npm package was compromised to silently deploy a native Rust-based infostealer during installation across Windows, macOS, and…
Sophos Flags New Vect-TeamPCP Cybercriminal Alliance for Ransomware Attacks
Sophos X-Ops has uncovered a new alliance between the ransomware group Vect and cybercriminal outfit TeamPCP, combining their expertise for efficient…
Exposed Hacker Server Reveals WP SHELLSTORM Backdooring Thousands of WordPress Sites
An exposed cybercrime server linked to WP SHELLSTORM has revealed the compromise of thousands of WordPress sites through outdated plugins and injected…
WeedHack Malware Offered as Service, Targets Minecraft Users with Info-Stealing…
A new malware-as-a-service, "WeedHack," is being distributed disguised as Minecraft clients or mods to steal system information, passwords, and other…
Critical Authentication Bypass Actively Exploited in Gitea Docker Image
Attackers are leveraging a critical authentication bypass vulnerability within the official Gitea Docker image to hijack instances and impersonate users.
Critical Linux Kernel FUSE Page Cache Overflow (CVE-2026-31694) Enables Root Access
A critical local privilege escalation (LPE) vulnerability in the Linux kernel's FUSE subsystem allows unprivileged local attackers to gain root privileges.
Novo Nordisk Confirms Breach, AI/ML Asset Theft Claimed by FulcrumSec
Novo Nordisk confirmed a breach and data exfiltration, with FulcrumSec claiming theft of proprietary AI models and research assets.
Critical Unauthenticated RCE (CVE-2026-46817) in Oracle EBS Payments Actively Exploited
A critical unauthenticated Remote Code Execution (RCE) vulnerability in Oracle E-Business Suite Payments module is under active exploitation.
U.S. DHS Homeland Security Information Network (HSIN) Compromised
The U.S. Department of Homeland Security's HSIN, a platform for interagency coordination, was compromised by an unidentified threat actor.
Instructure Suffers Data Breach by ShinyHunters, Affecting Millions of Users
Edtech giant Instructure, behind the Canvas LMS, experienced a data breach with ShinyHunters accessing user data and defacing pages.
CISA Adds Actively Exploited iCagenda and Balbooa Forms Vulnerabilities to KEV Catalog
CISA has added two new unrestricted file upload vulnerabilities in iCagenda and Balbooa Forms to its Known Exploited Vulnerabilities Catalog due to active…
SR Bancorp Vendor Mercadien Suffers Data Breach Exposing Somerset Regal Bank Customer Data
SR Bancorp's vendor, Mercadien, P.C. CPAs, experienced a data breach exposing sensitive Somerset Regal Bank customer information including SSNs and account…
Argentine Football Association Suffers Database Breach Triggered by Infostealer Malware
The Argentine Football Association experienced a significant cyberattack leading to database leaks and unauthorized communications, likely due to infostealer…
Frontier Airlines Discloses Data Breach Exposing Customer Social Security Numbers
Frontier Airlines confirmed a data breach on or about July 9, 2026, affecting customers with potentially exposed Social Security numbers.
Progress Software Urges ShareFile Customers to Shut Down Storage Zone Controllers Over…
Progress Software issued an urgent advisory for ShareFile customers to shut down on-premises Storage Zone Controllers due to a credible security threat.
CISA Discloses Internal AWS GovCloud Credential Leak and Lack of Incident Response Plan
CISA revealed a contractor exposed AWS GovCloud credentials on GitHub, highlighting the agency's unpreparedness with its own incident response playbook.
Six U-Boot Signature Verification Flaws Expose Embedded Devices to Stealthy Firmware…
Binarly researchers disclosed six vulnerabilities in the U-Boot bootloader, including arbitrary code execution flaws that could enable stealthy firmware…
Django GeoDjango SQL Injection (CVE-2026-1207) Under Active Exploitation
A high-severity SQL injection vulnerability (CVE-2026-1207) in Django's GeoDjango GIS module is now actively exploited, affecting applications with a PostGIS…
Oracle PeopleSoft Zero-Day (CVE-2026-35273) Actively Exploited, NAIC Affected
A new zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft is under active exploitation, affecting approximately 100 organizations, including NAIC.
Nitrogen Ransomware Group Targets Foxconn North America, Exfiltrates 8TB of Data
The Nitrogen ransomware group claims to have stolen 8 terabytes of sensitive engineering documents and client schematics from Foxconn's North America…
Medtronic Notifies Millions of Individuals Impacted by ShinyHunters Data Breach
Medical device giant Medtronic confirms a data breach impacting nearly 4 million individuals, with personal and health information exposed.
Critical RCE in iCagenda Joomla Extension Under Active Exploitation
An unrestricted file upload vulnerability (CVE-2026-48939) in iCagenda for Joomla allows unauthenticated remote code execution and is actively exploited.
Critical Balbooa Forms RCE: Unrestricted File Upload Vulnerability
A critical unrestricted file upload vulnerability in Balbooa Forms (CVE-2026-56291) allows unauthenticated RCE, demanding urgent remediation.
AI Agents Exploit Langflow RCE Vulnerability for Automated Database Ransomware Attacks
An AI agent has been observed exploiting a Remote Code Execution (RCE) vulnerability in Langflow to automate database ransomware attacks, highlighting…
Microsoft Patches RoguePlanet (CVE-2026-50656) Local Privilege Escalation in Defender
Microsoft has released a security update to address CVE-2026-50656, a local privilege escalation vulnerability dubbed 'RoguePlanet' in its Malware Protection…
GodDamn Ransomware Uses Signed PoisonX Kernel Driver to Disable EDR Defenses
A new ransomware variant, GodDamn, a rebrand of Beast ransomware, employs the legitimately signed PoisonX kernel driver to bypass and neutralize endpoint…
Unpatched XRING Flaw in Alibaba's XQUIC Allows Remote HTTP/3 Server Crashes
A critical and unpatched vulnerability, named XRING, in Alibaba's XQUIC library enables remote denial-of-service against HTTP/3 servers.
Ill Bloom Vulnerability Compromises Crypto Wallets Through Weak Randomness
A newly disclosed vulnerability, dubbed "Ill Bloom," in certain crypto wallet software allows attackers to drain funds due to weak recovery phrase generation.
Cisco Talos Discloses Multiple Vulnerabilities in WolfSSL, GeoVision, and VTK-DICOM
Cisco Talos has identified and reported numerous vulnerabilities in WolfSSL, GeoVision security products, and the VTK-DICOM API.
Nextcloud Hosting Misconfiguration Exposes Sensitive Employee and Client Data
A misconfiguration in a Nextcloud hosting environment led to the exposure of sensitive employee emails, client details, contracts, and scripts.
CitrixBleed 2 Exploitation Leads to DragonForce Ransomware Attacks
Threat actors leverage the CitrixBleed 2 vulnerability (CVE-2025-5777) in NetScaler appliances for initial access, culminating in DragonForce ransomware…
All About Women's Care Reports Network Server Data Breach
Healthcare provider All About Women's Care discloses a data breach affecting approximately 12,000 patients with sensitive medical information.
Aitkin County HHS Data Breach Exposes Health and Personal Information
Aitkin County Health and Human Services reports a data breach affecting 83,114 individuals with exposed PII and PHI from email accounts.
LLM-Driven Agentic Ransomware "JADEPUFFER" Marks New Threat Landscape
Researchers uncover JADEPUFFER, the first fully autonomous LLM-driven ransomware operation exploiting Langflow vulnerability.
US Army Websites Defaced with Pro-Kurdish Messages
Two U.S. Army websites were temporarily defaced on error pages with pro-Kurdish messages and criticism of former President Donald Trump.
Finance Yorkshire Hit by Cmdorganization Ransomware Group
UK-based funding provider Finance Yorkshire suffered a ransomware attack by the Cmdorganization group, potentially impacting SME data.
Deutsche Bank Implicated in Ransomware Incident via External Service Provider
The "Unsafe" ransomware group claims to have breached Deutsche Bank, though the bank states a third-party service provider was the actual target.
Mercado Libre Reportedly Hit by "The Gentleman" Ransomware Group
Latin American e-commerce giant Mercado Libre is reportedly targeted by "The Gentleman" ransomware group, with claims of data exfiltration.
CISA Warns of Active Exploitation in Adobe ColdFusion and Joomla Page Builders
CISA added critical vulnerabilities in Adobe ColdFusion, Joomlack Page Builder, and JoomShaper SP Page Builder to its KEV Catalog, citing active exploitation.
United HealthCare Data Breach Affects Over 34,000 Individuals
United HealthCare Services Inc. disclosed a data breach affecting 34,574 individuals, with details of the exposed information publicly undisclosed.
Critical Vulnerabilities Patched in Ubiquiti UniFi OS Ecosystem
Ubiquiti has released critical security updates addressing seven severe vulnerabilities in its UniFi OS, including a maximum-severity command injection flaw…
AssuranceAmerica Data Breach Exposes 6.9 Million Driver's Licenses
A cyberattack on AssuranceAmerica compromised data for 6.9 million individuals, including driver's license numbers and other sensitive information.
CISA Warns of Active Exploitation of Langflow IDOR for Credential Harvesting
CISA has added an Insecure Direct Object Reference (IDOR) vulnerability in Langflow (CVE-2026-55255) to its KEV catalog due to active exploitation.
China-Aligned Hackers Exploit Roundcube Vulnerabilities in University Attacks
A suspected China-aligned APT group is actively exploiting patched Roundcube flaws (e.g., CVE-2024-42009) targeting U.S. and Canadian universities.
Critical Gitea Authentication Bypass Under Active Exploitation
A critical vulnerability in Gitea (CVE-2026-20896) allows authentication bypass and is being actively exploited in the wild.
KDDI Email Platform Breach Exposes 12 Million User Credentials
A zero-day vulnerability in a third-party email platform led to the exposure of 12 million email addresses and passwords from Japanese ISPs, including KDDI.
BeyondTrust Fixes Multiple Critical Vulnerabilities in Remote Access Products
BeyondTrust has released security updates addressing critical vulnerabilities in its Remote Support and Privileged Remote Access products.
Microsoft Patches "RoguePlanet" Local Privilege Escalation in Defender
Microsoft has released a patch for CVE-2026-50656, a privilege escalation vulnerability in Microsoft Defender's Malware Protection Engine.
Critical 15-Year-Old Linux Kernel Vulnerability "GhostLock" Grants Root Access
A newly disclosed 15-year-old Linux kernel flaw (CVE-2026-43499) allows local users to achieve root privileges and escape containers.
Accenture Confirms Data Breach After Source Code and Credentials Stolen
A hacker claims to have stolen 35GB of sensitive data, including source code and access keys, from consulting giant Accenture.
CRITICAL ADOBE COLDFUSION RCE (CVE-2026-48282) ACTIVELY EXPLOITED
A critical path traversal vulnerability in Adobe ColdFusion (CVE-2026-48282) is under active exploitation, enabling unauthenticated remote code execution.
Critical Joomlack Page Builder RCE via Improper Access Control
A critical improper access control vulnerability in Joomlack Page Builder (CVE-2026-56290) allows for unauthenticated remote code execution via arbitrary file…
JoomShaper SP Page Builder RCE: Critical Unauthenticated File Upload Actively Exploited
Critical CVE-2026-48908 in JoomShaper SP Page Builder allows unauthenticated RCE via unrestricted file upload, actively exploited in the wild.
Advisory: Langflow Authorization Bypass (CVE-2026-55255)
A critical authorization bypass vulnerability in Langflow (CVE-2026-55255) allows authenticated attackers to execute arbitrary flows belonging to other users.
Authentication Bypass via JWT alg=none in Solandra Commerce API
Solandra Commerce API versions up to 3.4.2 accept unsigned JWTs by honoring an attacker-controlled alg header, allowing full authentication bypass.
IDOR in Parcelhive File-Sharing Endpoint Exposes Private Documents
A predictable share-link identifier in Parcelhive's file-sharing API allowed enumeration of other tenants' private documents.
SSRF in Metadata Proxy Endpoint Allows Cloud Credential Theft
An unvalidated URL-fetch feature could be redirected at the cloud instance metadata service, exposing temporary IAM credentials.