>samit_hota

Security Advisories

Disclosure bulletins

Dated advisories from research and client engagements — severity, affected products, technical root cause, and remediation guidance, published under coordinated disclosure.

SH-2026-159HighOpen

New ClickLock macOS Stealer Kills Apps and Exfiltrates Passwords

A new macOS malware, "ClickLock," actively terminates applications every 210 milliseconds to force users into re-typing passwords, which it then steals.

Jul 18, 2026
SH-2026-158HighOpen

Malicious Vite npm Packages Deliver RAT via Blockchain C2 in Software Supply Chain Attack

A new campaign, "ViteVenom," injects seven malicious npm packages into the Vite ecosystem, utilizing a four-tier blockchain C2 to deploy a RAT.

Jul 18, 2026
SH-2026-157HighResolved

OpenSSL HollowByte Vulnerability Disclosed, Posing Denial-of-Service Risk

Okta's Red Team disclosed "HollowByte," an OpenSSL denial-of-service vulnerability that can freeze server memory with minimal traffic.

Jul 18, 2026
SH-2026-156CriticalOpen

CISA Warns of Actively Exploited SonicWall SMA1000 Zero-Days

Two critical remote access vulnerabilities (CVE-2026-15409, CVE-2026-15410) in SonicWall SMA1000 appliances are being actively exploited.

Jul 18, 2026
SH-2026-155HighOpen

Morris Communications Company Discloses Data Breach Affecting Sensitive Information

Questo, parent company of Morris Communications, announced a data breach affecting personal and financial data, with notifications sent July 17, 2026.

Jul 18, 2026
SH-2026-154HighOpen

Inter-Con Security Systems Suffers Ransomware Attack and Data Breach by ShinyHunters

Inter-Con Security Systems Inc., a multinational private security company, disclosed a June 2026 data breach resulting from a ransomware attack, with…

Jul 18, 2026
SH-2026-153HighOpen

HMC Fresh Foods Discloses Data Breach Exposing Sensitive Information

HMC Fresh Foods LLC, a grape processing company, has disclosed a data breach that occurred on June 5, 2026, potentially exposing personal information of…

Jul 18, 2026
SH-2026-152CriticalOpen

GodDamn Ransomware Leverages BYOVD to Disable EDR

A new ransomware campaign, "GodDamn Ransomware," is utilizing a Bring-Your-Own-Vulnerable-Driver (BYOVD) technique with a Microsoft-signed kernel driver to…

Jul 18, 2026
SH-2026-151HighOpen

Ingram Content Group Suffers Data Breach, ShinyHunters Claims SSNs Exposed

Book distribution giant Ingram Content Group has been hit by a data breach, with the ShinyHunters extortion group claiming to have exfiltrated highly…

Jul 18, 2026
SH-2026-150HighOpen

Ernst & Young Reports Data Breach via Third-Party Platform

Professional services firm Ernst & Young has disclosed a data breach originating from unauthorized access to a third-party platform, potentially exposing…

Jul 18, 2026
SH-2026-149HighOpen

Abbott Laboratories Investigates Two Separate Cyber Incidents

Healthcare giant Abbott Laboratories is investigating two distinct cyber incidents affecting its legacy Exact Sciences systems and its LabCentral customer…

Jul 18, 2026
SH-2026-148CriticalResolved

Critical RCE and SQLi Vulnerabilities Patched in WordPress Core

Two critical vulnerabilities, an unauthenticated SQL injection and an unauthenticated remote code execution flaw, have been patched in WordPress Core versions…

Jul 18, 2026
SH-2026-147HighOpen

GoldDigger Android Banking Trojan Poses Evolving Mobile Threat

The GoldDigger Android Banking Trojan is highlighted as an evolving threat, capable of credential compromise and data exposure through mobile ecosystems.

Jul 17, 2026
SH-2026-146HighOpen

Aura Identity Protection Discloses Data Breach via Voice Phishing

An employee account at Aura, an identity protection company, was compromised via voice phishing, exposing 900,000 marketing records.

Jul 17, 2026
SH-2026-145CriticalMitigated

Actively Exploited Zero-Days in Microsoft SharePoint and AD FS Demand Immediate Patching

Microsoft has addressed two actively exploited zero-day vulnerabilities in SharePoint Server and Active Directory Federation Services.

Jul 17, 2026
SH-2026-144HighOpen

BL4CK SP1D3R Ransomware Discovered, Employing Double-Extortion Tactics

A newly identified ransomware, BL4CK SP1D3R, has been found using encryption and double-extortion tactics, targeting Windows systems.

Jul 17, 2026
SH-2026-143CriticalMitigated

Critical Authentication Bypass in Oracle E-Business Suite Added to CISA KEV

CISA added a critical Oracle E-Business Suite vulnerability (CVE-2026-46817) allowing unauthenticated remote takeover to its KEV catalog due to active…

Jul 17, 2026
SH-2026-142HighOpen

Nichirei Corp. Suffers Cyberattack, Disrupting Food and Cold Chain Operations

Japanese food and logistics giant Nichirei Corp. confirmed a cyberattack causing system failures and operational disruptions across its group.

Jul 17, 2026
SH-2026-141HighOpen

Locus Technologies Discloses Data Breach Exposing Social Security Numbers

Environmental software company Locus Technologies has disclosed a data breach resulting in the exposure of Social Security Numbers for an undisclosed number…

Jul 17, 2026
SH-2026-140HighOpen

Fairlife Halts US Production Following Cyberattack on Operational Systems

Dairy company Fairlife, owned by Coca-Cola, has temporarily suspended U.S. production operations after unauthorized access to its production-related systems.

Jul 17, 2026
SH-2026-139HighOpen

Romania's National Land Registry Hit by Cyberattack, Data Theft Claimed

A cyberattack has severely disrupted Romania's National Agency for Cadastre and Land Registration (ANCPI), with threat actors claiming data exfiltration and…

Jul 17, 2026
SH-2026-138CriticalMitigated

Malicious Code Injected into Popular AsyncAPI npm Packages via GitHub Actions Exploit

Attackers leveraged a GitHub Actions workflow to inject credential-stealing malware into AsyncAPI npm packages with millions of weekly downloads.

Jul 17, 2026
SH-2026-137CriticalOpen

Files Related to India's Largest Nuclear Plant Exposed in Data Breach

Ransomware group World Leaks has published a significant cache of files linked to India's Kudankulam Nuclear Power Plant, originating from Reliance Group.

Jul 17, 2026
SH-2026-136CriticalOpen

Critical Fortinet FortiSandbox OS Command Injection Under Active Exploitation…

An unauthenticated OS command injection vulnerability in Fortinet FortiSandbox (CVE-2026-39808) poses critical risk, allowing unauthorized code execution via…

Jul 17, 2026CVSS 9.8
SH-2026-135CriticalOpen

Critical OS Command Injection in FortiSandbox: Immediate Action Required

A critical unauthenticated OS command injection vulnerability (CVE-2026-25089) in Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS allows…

Jul 17, 2026CVSS 9.8
SH-2026-134CriticalOpen

Critical SharePoint RCE (CVE-2026-58644) Actively Exploited – Immediate Action Required

A critical deserialization vulnerability (CVE-2026-58644) in Microsoft SharePoint Server is under active exploitation, enabling unauthenticated remote code…

Jul 16, 2026CVSS 9.8
SH-2026-133HighOpen

PhantomEnigma Campaign Hijacks Brazilian Government Websites for Malware Delivery

A new campaign, "PhantomEnigma," has compromised over 20 Brazilian government websites, turning them into malware delivery channels.

Jul 16, 2026
SH-2026-132HighOpen

New Spirals Ransomware Encrypts Victim Networks in Under 24 Hours

A new ransomware variant, "Spirals," is capable of encrypting victim networks rapidly, often within 24 hours of infiltration.

Jul 16, 2026
SH-2026-131HighMitigated

Microsoft Hyper-V Privilege Escalation Vulnerability (CVE-2026-54129) Disclosed

A local privilege escalation vulnerability (CVE-2026-54129) in Microsoft Hyper-V's netvsc.sys driver allows guest VM compromise.

Jul 16, 2026
SH-2026-130CriticalMitigated

Critical SAP NetWeaver ABAP Flaw (CVE-2026-44747) Poses High Risk to Enterprises

SAP has patched CVE-2026-44747, a critical 9.9 CVSS vulnerability in NetWeaver ABAP allowing data exposure or modification.

Jul 16, 2026
SH-2026-129HighOpen

Australian Healthcare Provider Partnered Health Suffers Major Data Breach

Partnered Health, an Australian healthcare provider, experienced a data breach exposing medical records of patients.

Jul 16, 2026
SH-2026-128CriticalMitigated

Critical Zoom for Windows Vulnerability Allows Unauthenticated Account Takeover

A critical vulnerability in Zoom Workplace for Windows (CVE-2026-53412) enables unauthenticated attackers to hijack accounts.

Jul 16, 2026
SH-2026-127CriticalResolved

Critical Authentication Bypass Vulnerability Patched in VMware Avi Load Balancer

A critical authentication bypass vulnerability (CVE-2026-47865) affecting VMware Avi Load Balancer allows unauthenticated network access to the control plane.

Jul 16, 2026
SH-2026-126HighOpen

Easypak Discloses Data Breach Exposing Social Security Numbers and Medical Records

Packaging manufacturer Easypak confirmed a data breach, with the Akira ransomware group claiming responsibility for stealing 67GB of corporate and personal…

Jul 16, 2026
SH-2026-125HighOpen

Nightmare Eclipse Drops Unpatched 'LegacyHive' Windows Privilege Escalation Zero-Day

A new Windows zero-day vulnerability, dubbed 'LegacyHive,' has been publicly disclosed, enabling local privilege escalation on patched systems.

Jul 16, 2026
SH-2026-124HighOpen

CISA Adds Two New Actively Exploited Vulnerabilities to KEV Catalog

CISA has added CVE-2023-4346 affecting KNX Association and CVE-2026-46817 affecting Oracle E-Business Suite to its Known Exploited Vulnerabilities Catalog.

Jul 16, 2026
SH-2026-123HighResolved

Google Chrome Addresses Multiple Vulnerabilities, Including RCE and DoS

Google has released an urgent update for Chrome, version 150.0.7871.124/.125, patching numerous vulnerabilities including remote code execution and…

Jul 16, 2026
SH-2026-122CriticalMitigated

Critical Remote Code Execution Vulnerability in ServiceNow AI Platform Patched

A critical remote code execution flaw in the ServiceNow AI platform, CVE-2026-6875, has been patched, allowing unauthenticated attackers to execute arbitrary…

Jul 16, 2026
SH-2026-121HighOpen

Advisory: Critical KNX Protocol Lockout Vulnerability (CVE-2023-4346)

An overly restrictive account lockout mechanism in KNX Protocol Connection Authorization Option 1 allows attackers to purge devices and lock them.

Jul 15, 2026CVSS 7.5
SH-2026-120CriticalResolved

BeyondTrust Patches Two Critical Authentication Bypass Vulnerabilities

BeyondTrust has released patches for two critical authentication bypass vulnerabilities found in its Remote Support and Privileged Remote Access products,…

Jul 15, 2026
SH-2026-119CriticalOpen

Critical Vulnerability in Zimbra Email Service Allows Malicious Code Execution

A critical security flaw in Zimbra's Classic Web Client allows specially crafted emails to execute malicious code within a user's session, potentially…

Jul 15, 2026
SH-2026-118HighOpen

Deutsche Bank Confirms Cyber Incident Following Ransomware Group's Claims

Deutsche Bank confirmed a cybersecurity incident involving a third-party service provider after the Unsafe ransomware group claimed to have breached the…

Jul 15, 2026
SH-2026-117CriticalOpen

CISA Adds Four Actively Exploited Vulnerabilities, Including SonicWall and Microsoft…

CISA has added four new vulnerabilities, two affecting SonicWall SMA1000 appliances and two impacting Microsoft Active Directory Federation Services and…

Jul 15, 2026
SH-2026-116CriticalOpen

Global IT Outage Disrupts Banks and Flights Following Zero-Day Cyberattack

A coordinated global IT outage, suspected to be a zero-day cyberattack, has paralyzed critical infrastructure worldwide, affecting major financial…

Jul 15, 2026
SH-2026-115HighOpen

China-Linked APT Group Exploits Roundcube Flaws in Cyberespionage Campaign

Proofpoint warns of UNK_MassTraction, a China-linked threat actor, actively exploiting multiple vulnerabilities in Roundcube email servers for cyberespionage…

Jul 15, 2026
SH-2026-114CriticalMitigated

Microsoft July 2026 Patch Tuesday Addresses Critical Zero-Days and Information Leaks

Microsoft's latest Patch Tuesday delivers crucial security updates, including fixes for the actively exploited "RoguePlanet" flaw and a Windows Cryptographic…

Jul 15, 2026
SH-2026-113HighOpen

Advisory: Critical Code Injection in SonicWall SMA1000 Appliances

A code injection vulnerability (CVE-2026-15410) in SonicWall SMA1000 appliances could allow remote authenticated administrators to execute OS commands.

Jul 15, 2026CVSS 7.2
SH-2026-112CriticalOpen

Critical SonicWall SMA1000 SSRF Demands Immediate Action

A critical server-side request forgery vulnerability (CVE-2026-15409) in SonicWall SMA1000 Appliances requires immediate mitigation to prevent potential…

Jul 15, 2026CVSS 10.0
SH-2026-111MediumOpen

Urgent Advisory: SharePoint Zero-Day Under Active Exploitation - CVE-2026-56164

An actively exploited missing authentication vulnerability (CVE-2026-56164) in Microsoft SharePoint Server allows unauthenticated privilege elevation,…

Jul 15, 2026CVSS 5.3
SH-2026-110HighOpen

Urgent: Actively Exploited Microsoft ADFS Privilege Elevation Vulnerability…

An actively exploited zero-day privilege elevation vulnerability in Microsoft Active Directory Federation Services (CVE-2026-56155) demands immediate patching…

Jul 14, 2026CVSS 7.8
SH-2026-109CriticalOpen

Critical Backdoor (CVE-2026-11405) Found in Multiple Tenda Router Models

An undocumented authentication backdoor (CVE-2026-11405) has been discovered in several Tenda router models, granting unauthorized administrative access.

Jul 14, 2026
SH-2026-108HighOpen

DHS Homeland Security Network Intrusion Dismissed Twice Before Confirmation

The U.S. Department of Homeland Security's Homeland Security Information Network (HSIN) was breached after personnel twice dismissed signs of intruders as…

Jul 14, 2026
SH-2026-107HighOpen

Nihon Kotsu Suffers Major Cyberattack, Disrupting Japan's Largest Taxi Operations

Japan's largest taxi and chauffeur operator, Nihon Kotsu, experienced a significant malware infection, leading to a shutdown of critical IT systems.

Jul 14, 2026
SH-2026-106CriticalOpen

JadePuffer: Autonomous LLM-Driven Ransomware Operation Exploits Langflow CVE

Researchers have profiled JadePuffer, an autonomous ransomware operation leveraging Large Language Models to conduct intrusions and exploit CVE-2025-3248 in…

Jul 14, 2026
SH-2026-105InformationalOpen

U.S. Treasury Sanctions 1VPNS and Individuals for Enabling Ransomware Attacks

The U.S. Treasury Department has sanctioned 1VPNS and two individuals for providing infrastructure and tools that enable ransomware operations against…

Jul 14, 2026
SH-2026-104HighOpen

New OAuth Client ID Spoofing Technique Exploited to Target Microsoft Entra User Data

Threat actors are employing a novel OAuth client ID spoofing technique to collect Microsoft Entra user data without triggering typical security alerts.

Jul 14, 2026
SH-2026-103CriticalOpen

CISA Adds Actively Exploited Cisco IOS CSRF Vulnerability to KEV Catalog

CISA has added an old Cisco IOS Cross-Site Request Forgery vulnerability (CVE-2008-4128) to its KEV catalog due to active exploitation.

Jul 14, 2026
SH-2026-102HighOpen

Inter-Con Security Systems Under Investigation Following ShinyHunters Data Breach Claim

Inter-Con Security Systems, a multinational private security company, is under investigation following claims by ShinyHunters of breaching 2.7 million records.

Jul 14, 2026
SH-2026-101HighOpen

Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft

A new phishing-as-a-service (PhaaS) operation, Forg365, is actively targeting Microsoft 365 tenants with device code phishing and adversary-in-the-middle…

Jul 14, 2026
SH-2026-100HighOpen

NSA and Partners Warn of Russian State-Sponsored Router Targeting

NSA, CISA, and international partners issued a joint advisory detailing ongoing Russian FSB exploitation of poorly configured routers targeting critical…

Jul 14, 2026
SH-2026-099MediumOpen

Lidl Online Shop Customers Affected by Third-Party Data Breach

Lidl has informed online shop customers in Germany, Belgium, and the Netherlands of a data breach at an external IT service provider.

Jul 14, 2026
SH-2026-098CriticalOpen

Injective Labs Suffers Supply Chain Attack Via Malicious npm Packages

Blockchain software developer Injective Labs experienced a supply chain compromise involving malicious npm packages that exfiltrated crypto wallet keys.

Jul 14, 2026
SH-2026-097HighOpen

Moody Bible Institute Breach Exposes 2.3 Million Records via ShinyHunters

Moody Bible Institute has disclosed a data breach affecting over 2.3 million individuals, with the ShinyHunters group publishing stolen data.

Jul 14, 2026
SH-2026-096MediumOpen

Advisory: Critical Cisco IOS CSRF Vulnerability (CVE-2008-4128) Actively Exploited

CISA warns of active exploitation of CVE-2008-4128, a critical Cross-Site Request Forgery vulnerability in Cisco IOS 12.4, by state-sponsored actors.

Jul 13, 2026CVSS 4.3
SH-2026-095HighOpen

Irish Consultancy eclective.ie Hit by m3rx Ransomware Group

Irish organization eclective.ie has fallen victim to a ransomware attack by the m3rx group, underscoring ongoing ransomware threats.

Jul 13, 2026
SH-2026-094HighMitigated

CSA Warns of Critical Integer Overflow Vulnerability in Windows File System Proxy (WinFsp)

A critical integer overflow vulnerability (CVE-2026-7162) in WinFsp, an open-source Windows file system software, allows attackers to achieve system-level…

Jul 13, 2026
SH-2026-093CriticalOpen

Latvijas Valsts Meži Suffers Ransomware Attack, 44GB Data Leaked

Latvia's state-owned forestry company, Latvijas Valsts Meži, was hit by a ransomware attack that disrupted systems and led to the leakage of 44GB of internal…

Jul 13, 2026
SH-2026-092HighOpen

Centers Laboratory Discloses Breach Affecting Over 540,000 Individuals

Healthcare diagnostics provider Centers Laboratory disclosed a data breach exposing personal and medical information of over 540,000 individuals.

Jul 13, 2026
SH-2026-091CriticalOpen

CISA Adds Actively Exploited Joomla iCagenda and Balbooa Forms RCEs to KEV Catalog

Critical remote code execution vulnerabilities in Joomla's iCagenda and Balbooa Forms extensions are being actively exploited in the wild.

Jul 13, 2026
SH-2026-086CriticalOpen

EU Condemns Russia's State-Sponsored Cyber Activities, Exposes FSB's Role

The European Union and its member states have denounced Russia's malicious cyber ecosystem, identifying the FSB's 16th Centre as controlling groups like TURLA.

Jul 13, 2026
SH-2026-085HighOpen

Aflac Japan Subsidiary Breach Exposes 4.38 Million Customer Records

Insurance giant Aflac disclosed a breach affecting its Japan subsidiary, exposing personal and bank account data for approximately 4.38 million customers.

Jul 13, 2026
SH-2026-084CriticalOpen

ShinyHunters Leverages Oracle PeopleSoft Flaw, Breaches 100+ Orgs

The ShinyHunters group exploited an Oracle PeopleSoft vulnerability to breach over 100 organizations, including Nissan, exfiltrating sensitive employee data.

Jul 13, 2026
SH-2026-083HighMitigated

CISA Adds Actively Exploited SharePoint RCE (CVE-2026-45659) to KEV Catalog

CISA has added a high-severity remote code execution vulnerability in Microsoft SharePoint Server to its KEV catalog due to active exploitation.

Jul 13, 2026
SH-2026-082CriticalOpen

Critical Citrix NetScaler Flaw CVE-2026-8451 Actively Exploited

A critical memory overread vulnerability in Citrix NetScaler ADC and Gateway appliances, similar to CitrixBleed, is being actively exploited.

Jul 13, 2026
SH-2026-081HighOpen

Critical Unauthenticated SQL Injection Vulnerability Found in Jinher OA

Jinher OA version 1.0 contains an unauthenticated SQL injection vulnerability (CVE-2026-15517) allowing remote arbitrary SQL command execution.

Jul 13, 2026
SH-2026-080CriticalOpen

Accenture Faces Data Breach: 35GB of Source Code Allegedly Stolen

A threat actor claims to have breached Accenture, exfiltrating over 35GB of source codes.

Jul 13, 2026
SH-2026-079HighOpen

Eureka Construction INC Hit by Titan Ransomware Group

US-based Eureka Construction INC suffers a ransomware attack by the Titan group, leading to a data breach.

Jul 13, 2026
SH-2026-078HighOpen

Allied Plumbing & Heating Hit by Qilin Ransomware Group

Allied Plumbing & Heating, a New Hampshire-based organization, has fallen victim to a ransomware attack orchestrated by the Qilin group.

Jul 12, 2026
SH-2026-077HighOpen

CISA Adds Langflow Authorization Bypass (CVE-2026-55255) to KEV Catalog

CISA has added an actively exploited Langflow Authorization Bypass vulnerability, CVE-2026-55255, to its Known Exploited Vulnerabilities Catalog.

Jul 12, 2026
SH-2026-076CriticalOpen

Critical Adobe ColdFusion Vulnerability (CVE-2026-48282) Actively Exploited In The Wild

A critical vulnerability, CVE-2026-48282, in Adobe ColdFusion is being actively exploited in attacks, allowing remote code execution.

Jul 12, 2026
SH-2026-075CriticalOpen

JadePuffer Identified as First Agentic Ransomware Driven by Large Language Model

The Sysdig Threat Research Team has uncovered JadePuffer, the first documented instance of agentic ransomware, fully automating attacks using an LLM.

Jul 12, 2026
SH-2026-074HighOpen

Rockstar Games Suffers Data Breach Affecting Corporate Assets via Third-Party

Rockstar Games confirmed a data breach affecting corporate assets, with ShinyHunters claiming responsibility and seeking a ransom.

Jul 12, 2026
SH-2026-073CriticalMitigated

DarkSword iOS Spyware Actively Deployed Against Hundreds of Millions of Devices

A sophisticated iOS spyware named DarkSword has been found in active deployment, targeting hundreds of millions of iOS devices globally.

Jul 12, 2026
SH-2026-072HighOpen

Eleveo Call Recording Software Vulnerabilities Allow Improper Authorization

Multiple improper authorization vulnerabilities (CVE-2026-15474, CVE-2026-15472) in Eleveo Call Recording Software 9.7.0 allow remote attacks.

Jul 12, 2026
SH-2026-071HighResolved

Zimbra Collaboration Suite Patches Stored XSS Vulnerability

Zimbra has released a patch for its Collaboration Suite (ZCS) 10.1.19 to address a stored cross-site scripting (XSS) vulnerability in the Classic Web Client.

Jul 12, 2026
SH-2026-070CriticalOpen

OpenClaw AI Assistant Vulnerabilities Enable Remote Code Execution via WhatsApp

Multiple high-severity flaws in the OpenClaw AI coding assistant allow remote code execution through specially crafted WhatsApp messages.

Jul 12, 2026
SH-2026-069HighOpen

Conduent Data Breach Exposes Health and Personal Information of Millions

A significant data breach at Conduent has exposed the personal health information of over 25 million individuals in Texas and Oregon.

Jul 12, 2026
SH-2026-068CriticalMitigated

Dell BIOS Flaw (CVE-2026-40639) Exposes Admin Passwords

A critical vulnerability in Dell BIOS allows attackers to recover administrator and user passwords from SPI flash in milliseconds due to a broken encryption…

Jul 12, 2026
SH-2026-067HighOpen

Exposed Hacker Server Reveals WP SHELLSTORM Backdooring Thousands of WordPress Sites

An exposed cybercrime server linked to WP SHELLSTORM has revealed the compromise of thousands of WordPress sites through outdated plugins and injected…

Jul 11, 2026
SH-2026-066CriticalMitigated

Malicious JScrambler npm Package Release Drops Rust Infostealer During Install

Version 8.14.0 of the JScrambler npm package was compromised to silently deploy a native Rust-based infostealer during installation across Windows, macOS, and…

Jul 11, 2026
SH-2026-065HighOpen

Sophos Flags New Vect-TeamPCP Cybercriminal Alliance for Ransomware Attacks

Sophos X-Ops has uncovered a new alliance between the ransomware group Vect and cybercriminal outfit TeamPCP, combining their expertise for efficient…

Jul 11, 2026
SH-2026-064HighOpen

Exposed Hacker Server Reveals WP SHELLSTORM Backdooring Thousands of WordPress Sites

An exposed cybercrime server linked to WP SHELLSTORM has revealed the compromise of thousands of WordPress sites through outdated plugins and injected…

Jul 11, 2026
SH-2026-063HighOpen

WeedHack Malware Offered as Service, Targets Minecraft Users with Info-Stealing…

A new malware-as-a-service, "WeedHack," is being distributed disguised as Minecraft clients or mods to steal system information, passwords, and other…

Jul 11, 2026
SH-2026-062CriticalOpen

Critical Authentication Bypass Actively Exploited in Gitea Docker Image

Attackers are leveraging a critical authentication bypass vulnerability within the official Gitea Docker image to hijack instances and impersonate users.

Jul 11, 2026
SH-2026-061CriticalResolved

Critical Linux Kernel FUSE Page Cache Overflow (CVE-2026-31694) Enables Root Access

A critical local privilege escalation (LPE) vulnerability in the Linux kernel's FUSE subsystem allows unprivileged local attackers to gain root privileges.

Jul 11, 2026
SH-2026-060HighOpen

Novo Nordisk Confirms Breach, AI/ML Asset Theft Claimed by FulcrumSec

Novo Nordisk confirmed a breach and data exfiltration, with FulcrumSec claiming theft of proprietary AI models and research assets.

Jul 11, 2026
SH-2026-059CriticalOpen

Critical Unauthenticated RCE (CVE-2026-46817) in Oracle EBS Payments Actively Exploited

A critical unauthenticated Remote Code Execution (RCE) vulnerability in Oracle E-Business Suite Payments module is under active exploitation.

Jul 11, 2026
SH-2026-058HighOpen

U.S. DHS Homeland Security Information Network (HSIN) Compromised

The U.S. Department of Homeland Security's HSIN, a platform for interagency coordination, was compromised by an unidentified threat actor.

Jul 11, 2026
SH-2026-057HighOpen

Instructure Suffers Data Breach by ShinyHunters, Affecting Millions of Users

Edtech giant Instructure, behind the Canvas LMS, experienced a data breach with ShinyHunters accessing user data and defacing pages.

Jul 11, 2026
SH-2026-056HighOpen

CISA Adds Actively Exploited iCagenda and Balbooa Forms Vulnerabilities to KEV Catalog

CISA has added two new unrestricted file upload vulnerabilities in iCagenda and Balbooa Forms to its Known Exploited Vulnerabilities Catalog due to active…

Jul 11, 2026
SH-2026-055HighOpen

SR Bancorp Vendor Mercadien Suffers Data Breach Exposing Somerset Regal Bank Customer Data

SR Bancorp's vendor, Mercadien, P.C. CPAs, experienced a data breach exposing sensitive Somerset Regal Bank customer information including SSNs and account…

Jul 11, 2026
SH-2026-054HighOpen

Argentine Football Association Suffers Database Breach Triggered by Infostealer Malware

The Argentine Football Association experienced a significant cyberattack leading to database leaks and unauthorized communications, likely due to infostealer…

Jul 11, 2026
SH-2026-053HighOpen

Frontier Airlines Discloses Data Breach Exposing Customer Social Security Numbers

Frontier Airlines confirmed a data breach on or about July 9, 2026, affecting customers with potentially exposed Social Security numbers.

Jul 11, 2026
SH-2026-052CriticalOpen

Progress Software Urges ShareFile Customers to Shut Down Storage Zone Controllers Over…

Progress Software issued an urgent advisory for ShareFile customers to shut down on-premises Storage Zone Controllers due to a credible security threat.

Jul 11, 2026
SH-2026-051HighResolved

CISA Discloses Internal AWS GovCloud Credential Leak and Lack of Incident Response Plan

CISA revealed a contractor exposed AWS GovCloud credentials on GitHub, highlighting the agency's unpreparedness with its own incident response playbook.

Jul 11, 2026
SH-2026-050CriticalOpen

Six U-Boot Signature Verification Flaws Expose Embedded Devices to Stealthy Firmware…

Binarly researchers disclosed six vulnerabilities in the U-Boot bootloader, including arbitrary code execution flaws that could enable stealthy firmware…

Jul 11, 2026
SH-2026-049HighOpen

Django GeoDjango SQL Injection (CVE-2026-1207) Under Active Exploitation

A high-severity SQL injection vulnerability (CVE-2026-1207) in Django's GeoDjango GIS module is now actively exploited, affecting applications with a PostGIS…

Jul 11, 2026
SH-2026-048CriticalOpen

Oracle PeopleSoft Zero-Day (CVE-2026-35273) Actively Exploited, NAIC Affected

A new zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft is under active exploitation, affecting approximately 100 organizations, including NAIC.

Jul 11, 2026
SH-2026-047CriticalOpen

Nitrogen Ransomware Group Targets Foxconn North America, Exfiltrates 8TB of Data

The Nitrogen ransomware group claims to have stolen 8 terabytes of sensitive engineering documents and client schematics from Foxconn's North America…

Jul 11, 2026
SH-2026-046HighOpen

Medtronic Notifies Millions of Individuals Impacted by ShinyHunters Data Breach

Medical device giant Medtronic confirms a data breach impacting nearly 4 million individuals, with personal and health information exposed.

Jul 11, 2026
SH-2026-040CriticalOpen

Critical RCE in iCagenda Joomla Extension Under Active Exploitation

An unrestricted file upload vulnerability (CVE-2026-48939) in iCagenda for Joomla allows unauthenticated remote code execution and is actively exploited.

Jul 11, 2026CVSS 9.8
SH-2026-039CriticalOpen

Critical Balbooa Forms RCE: Unrestricted File Upload Vulnerability

A critical unrestricted file upload vulnerability in Balbooa Forms (CVE-2026-56291) allows unauthenticated RCE, demanding urgent remediation.

Jul 11, 2026CVSS 9.8
SH-2026-038CriticalOpen

AI Agents Exploit Langflow RCE Vulnerability for Automated Database Ransomware Attacks

An AI agent has been observed exploiting a Remote Code Execution (RCE) vulnerability in Langflow to automate database ransomware attacks, highlighting…

Jul 10, 2026
SH-2026-037HighResolved

Microsoft Patches RoguePlanet (CVE-2026-50656) Local Privilege Escalation in Defender

Microsoft has released a security update to address CVE-2026-50656, a local privilege escalation vulnerability dubbed 'RoguePlanet' in its Malware Protection…

Jul 10, 2026
SH-2026-036CriticalOpen

GodDamn Ransomware Uses Signed PoisonX Kernel Driver to Disable EDR Defenses

A new ransomware variant, GodDamn, a rebrand of Beast ransomware, employs the legitimately signed PoisonX kernel driver to bypass and neutralize endpoint…

Jul 10, 2026
SH-2026-035CriticalOpen

Unpatched XRING Flaw in Alibaba's XQUIC Allows Remote HTTP/3 Server Crashes

A critical and unpatched vulnerability, named XRING, in Alibaba's XQUIC library enables remote denial-of-service against HTTP/3 servers.

Jul 10, 2026
SH-2026-034CriticalOpen

Ill Bloom Vulnerability Compromises Crypto Wallets Through Weak Randomness

A newly disclosed vulnerability, dubbed "Ill Bloom," in certain crypto wallet software allows attackers to drain funds due to weak recovery phrase generation.

Jul 10, 2026
SH-2026-033HighResolved

Cisco Talos Discloses Multiple Vulnerabilities in WolfSSL, GeoVision, and VTK-DICOM

Cisco Talos has identified and reported numerous vulnerabilities in WolfSSL, GeoVision security products, and the VTK-DICOM API.

Jul 10, 2026
SH-2026-032HighMitigated

Nextcloud Hosting Misconfiguration Exposes Sensitive Employee and Client Data

A misconfiguration in a Nextcloud hosting environment led to the exposure of sensitive employee emails, client details, contracts, and scripts.

Jul 10, 2026
SH-2026-031CriticalOpen

CitrixBleed 2 Exploitation Leads to DragonForce Ransomware Attacks

Threat actors leverage the CitrixBleed 2 vulnerability (CVE-2025-5777) in NetScaler appliances for initial access, culminating in DragonForce ransomware…

Jul 10, 2026
SH-2026-030HighOpen

All About Women's Care Reports Network Server Data Breach

Healthcare provider All About Women's Care discloses a data breach affecting approximately 12,000 patients with sensitive medical information.

Jul 10, 2026
SH-2026-029HighOpen

Aitkin County HHS Data Breach Exposes Health and Personal Information

Aitkin County Health and Human Services reports a data breach affecting 83,114 individuals with exposed PII and PHI from email accounts.

Jul 10, 2026
SH-2026-028CriticalOpen

LLM-Driven Agentic Ransomware "JADEPUFFER" Marks New Threat Landscape

Researchers uncover JADEPUFFER, the first fully autonomous LLM-driven ransomware operation exploiting Langflow vulnerability.

Jul 10, 2026
SH-2026-027LowResolved

US Army Websites Defaced with Pro-Kurdish Messages

Two U.S. Army websites were temporarily defaced on error pages with pro-Kurdish messages and criticism of former President Donald Trump.

Jul 10, 2026
SH-2026-026HighOpen

Finance Yorkshire Hit by Cmdorganization Ransomware Group

UK-based funding provider Finance Yorkshire suffered a ransomware attack by the Cmdorganization group, potentially impacting SME data.

Jul 10, 2026
SH-2026-025HighOpen

Deutsche Bank Implicated in Ransomware Incident via External Service Provider

The "Unsafe" ransomware group claims to have breached Deutsche Bank, though the bank states a third-party service provider was the actual target.

Jul 10, 2026
SH-2026-024HighOpen

Mercado Libre Reportedly Hit by "The Gentleman" Ransomware Group

Latin American e-commerce giant Mercado Libre is reportedly targeted by "The Gentleman" ransomware group, with claims of data exfiltration.

Jul 10, 2026
SH-2026-023CriticalOpen

CISA Warns of Active Exploitation in Adobe ColdFusion and Joomla Page Builders

CISA added critical vulnerabilities in Adobe ColdFusion, Joomlack Page Builder, and JoomShaper SP Page Builder to its KEV Catalog, citing active exploitation.

Jul 10, 2026
SH-2026-022MediumOpen

United HealthCare Data Breach Affects Over 34,000 Individuals

United HealthCare Services Inc. disclosed a data breach affecting 34,574 individuals, with details of the exposed information publicly undisclosed.

Jul 9, 2026
SH-2026-021CriticalMitigated

Critical Vulnerabilities Patched in Ubiquiti UniFi OS Ecosystem

Ubiquiti has released critical security updates addressing seven severe vulnerabilities in its UniFi OS, including a maximum-severity command injection flaw…

Jul 9, 2026
SH-2026-020HighOpen

AssuranceAmerica Data Breach Exposes 6.9 Million Driver's Licenses

A cyberattack on AssuranceAmerica compromised data for 6.9 million individuals, including driver's license numbers and other sensitive information.

Jul 9, 2026
SH-2026-019HighOpen

CISA Warns of Active Exploitation of Langflow IDOR for Credential Harvesting

CISA has added an Insecure Direct Object Reference (IDOR) vulnerability in Langflow (CVE-2026-55255) to its KEV catalog due to active exploitation.

Jul 9, 2026
SH-2026-018HighOpen

China-Aligned Hackers Exploit Roundcube Vulnerabilities in University Attacks

A suspected China-aligned APT group is actively exploiting patched Roundcube flaws (e.g., CVE-2024-42009) targeting U.S. and Canadian universities.

Jul 9, 2026
SH-2026-017CriticalOpen

Critical Gitea Authentication Bypass Under Active Exploitation

A critical vulnerability in Gitea (CVE-2026-20896) allows authentication bypass and is being actively exploited in the wild.

Jul 9, 2026
SH-2026-010HighOpen

KDDI Email Platform Breach Exposes 12 Million User Credentials

A zero-day vulnerability in a third-party email platform led to the exposure of 12 million email addresses and passwords from Japanese ISPs, including KDDI.

Jul 9, 2026
SH-2026-009CriticalResolved

BeyondTrust Fixes Multiple Critical Vulnerabilities in Remote Access Products

BeyondTrust has released security updates addressing critical vulnerabilities in its Remote Support and Privileged Remote Access products.

Jul 9, 2026
SH-2026-008HighResolved

Microsoft Patches "RoguePlanet" Local Privilege Escalation in Defender

Microsoft has released a patch for CVE-2026-50656, a privilege escalation vulnerability in Microsoft Defender's Malware Protection Engine.

Jul 9, 2026
SH-2026-007CriticalOpen

Critical 15-Year-Old Linux Kernel Vulnerability "GhostLock" Grants Root Access

A newly disclosed 15-year-old Linux kernel flaw (CVE-2026-43499) allows local users to achieve root privileges and escape containers.

Jul 9, 2026
SH-2026-006HighMitigated

Accenture Confirms Data Breach After Source Code and Credentials Stolen

A hacker claims to have stolen 35GB of sensitive data, including source code and access keys, from consulting giant Accenture.

Jul 9, 2026
SH-2026-005CriticalOpen

CRITICAL ADOBE COLDFUSION RCE (CVE-2026-48282) ACTIVELY EXPLOITED

A critical path traversal vulnerability in Adobe ColdFusion (CVE-2026-48282) is under active exploitation, enabling unauthenticated remote code execution.

Jul 9, 2026CVSS 10.0
SH-2026-004CriticalOpen

Critical Joomlack Page Builder RCE via Improper Access Control

A critical improper access control vulnerability in Joomlack Page Builder (CVE-2026-56290) allows for unauthenticated remote code execution via arbitrary file…

Jul 9, 2026CVSS 9.8
SH-2026-002CriticalOpen

JoomShaper SP Page Builder RCE: Critical Unauthenticated File Upload Actively Exploited

Critical CVE-2026-48908 in JoomShaper SP Page Builder allows unauthenticated RCE via unrestricted file upload, actively exploited in the wild.

Jul 9, 2026CVSS 9.8
SH-2026-003HighOpen

Advisory: Langflow Authorization Bypass (CVE-2026-55255)

A critical authorization bypass vulnerability in Langflow (CVE-2026-55255) allows authenticated attackers to execute arbitrary flows belonging to other users.

Jul 9, 2026CVSS 8.4
SH-2026-001CriticalMitigated

Authentication Bypass via JWT alg=none in Solandra Commerce API

Solandra Commerce API versions up to 3.4.2 accept unsigned JWTs by honoring an attacker-controlled alg header, allowing full authentication bypass.

Jun 18, 2026CVSS 9.1
SH-2025-014HighResolved

IDOR in Parcelhive File-Sharing Endpoint Exposes Private Documents

A predictable share-link identifier in Parcelhive's file-sharing API allowed enumeration of other tenants' private documents.

Nov 4, 2025CVSS 7.5
SH-2025-009MediumMitigated

SSRF in Metadata Proxy Endpoint Allows Cloud Credential Theft

An unvalidated URL-fetch feature could be redirected at the cloud instance metadata service, exposing temporary IAM credentials.

Aug 22, 2025CVSS 6.8