vulnerability
open
6 articles
The page reports on two critical vulnerabilities actively exploited today: CVE-2022-0492, related to improper authentication in the Linux Kernel, and CVE-2025-48595, an integer overflow vulnerability in the Android Framework. Access to the detailed vulnerability report requires support from the reader, encouraging contributions via platforms like PayPal and…
Jun 2, 2026
—
Jun 3, 2026
vulnerability
open
5 articles
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the LiteSpeed cPanel Plugin flaw, identified as CVE-2026-48172, to its Known Exploited Vulnerabilities catalog. This critical vulnerability (CVSS score of 10.0) affects versions prior to 2.4.5 and allows privilege escalation to potentially root access. It originates from poor…
May 23, 2026
—
May 28, 2026
incident
open
12 articles
Moxa has issued a critical security advisory (MPSA-263140) concerning vulnerabilities in its Linux-based operating systems that allow local attackers to gain root privileges. The weaknesses are identified as 'Copy Fail' (CVE-2026-31431) and 'Dirty Frag' (CVE-2026-43284, CVE-2026-43500). The advisory underscores the risks in non-containerized…
May 1, 2026
—
May 27, 2026
vulnerability
open
6 articles
The Security Affairs newsletter Round 578, authored by Pierluigi Paganini, highlights significant Cybersecurity incidents and threats. Key points include a critical SQL injection flaw in Drupal (CVE-2026-9082) currently under attack, the rise of pure extortion in cybercrime over traditional ransomware, and arrests related to the Kimwolf botnet. The…
May 21, 2026
—
May 24, 2026
breach
open
2 articles
An international operation led by France and the Netherlands dismantled First VPN, a cybercriminal service used by ransomware operators. Bitdefender supported the investigation, helping to expose numerous individuals associated with cybercrime. The operation involved the dismantling of 33 servers and the seizure of primary domains, with the administrator…
May 21, 2026
—
May 21, 2026
vulnerability
open
12 articles
According to Siemens ProductCERT, a buffer overflow vulnerability in the User-ID Authentication Portal (Captive Portal) service of Palo Alto Networks PAN-OS software could allow an unauthenticated attacker to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by sending specially crafted packets. The following versions of…
May 6, 2026
—
May 19, 2026
incident
open
2 articles
INTERPOL has coordinated a first-of-its-kind cybercrime crackdown across the Middle East and North Africa that led to 201 arrests and the identification of an additional 382 suspects. The operation, run by 13 countries from October 2025 to February 2026, targeted phishing and malware infrastructure and aimed to prevent future losses while arresting…
May 18, 2026
—
May 18, 2026
vulnerability
open
3 articles
CVE-2026-42945 is a heap memory corruption issue in NGINX’s rewrite module (ngx_http_rewrite_module) that can lead to a heap-based buffer overflow during rewrite processing. The vulnerability is remotely reachable over HTTP and can be triggered without authentication when specific rewrite-rule patterns are present, making internet-facing NGINX reverse…
May 14, 2026
—
May 14, 2026
breach
open
2 articles
According to Check Point Research, on 4 May 2026 The Gentlemen RaaS administrator acknowledged the leak of an internal Rocket backend database, which exposed operational details about infrastructure, affiliates and victims. The published material includes chats and data showing 9 accounts and 8 unique TOX IDs linked to the operation, with the administrator…
May 11, 2026
—
May 13, 2026
vulnerability
open
2 articles
Cybersecurity researchers disclosed a critical out-of-bounds read vulnerability in Ollama, tracked as CVE-2026-7482 (CVSS score: 9.1) that could allow a remote, unauthenticated attacker to leak the entire Ollama process memory, potentially exposing environment variables, API keys, system prompts and user data. The flaw stems from Ollama’s use of the unsafe…
May 5, 2026
—
May 10, 2026
breach
open
5 articles
On 8 May 2026, RansomHouse claimed responsibility for the Trellix breach, adding the security firm to its Tor data leak site and publishing screenshots they allegedly show access to internal Trellix systems. The article notes that in early May Trellix disclosed unauthorized access to part of its source code repository and that the company began an…
May 2, 2026
—
May 8, 2026
vulnerability
open
5 articles
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. The affected CVE is CVE-2026-42208, described as a BerriAI LiteLLM SQL Injection Vulnerability. This vulnerability is highlighted as a frequent attack vector used by malicious cyber actors and poses significant risks to the…
Apr 29, 2026
—
May 8, 2026
vulnerability
open
2 articles
SecurityWeek’s In Other News round-up highlights a 23-year-old student detained in Taiwan for allegedly infiltrating the high-speed rail network and transmitting fake General Alarm signals, alongside the rise of PamDOORa, a PAM-based Linux backdoor marketed by a threat actor known as ‘darkworm’ that provides persistent SSH access while harvesting plaintext…
May 8, 2026
—
May 8, 2026
breach
open
8 articles
The Cybersecurity Reading List for the week of 2026-05-04 highlights a mix of official reports, agency guidance and research reflecting a broad threat landscape. Notable items include FBI/IC3 reporting a surge in cyber-enabled strategic cargo theft, and UK NCSC sharing fresh advice for defending against China-linked covert networks as PRC activity evolves.…
Apr 29, 2026
—
May 7, 2026
incident
open
2 articles
According to Kaspersky, Daemon Tools, a widely used app for mounting disk images, was backdoored in a monthlong supply-chain compromise that began on 8 April 2026 and remained active as of the time of reporting. Installers signed by the developer’s official certificate and downloaded from its website infected Daemon Tools executables, with the malware…
May 5, 2026
—
May 5, 2026
incident
open
2 articles
Two critical-severity flaws are being exploited in MetInfo and Weaver E-cology to execute arbitrary code remotely without authentication. In MetInfo, tracked as CVE-2026-29014 with a CVSS of 9.8, the issue arises from an unauthenticated PHP code injection path that accepts user input and allows remote code execution. On Weaver E-cology, CVE-2026-22679…
May 5, 2026
—
May 5, 2026
breach
closed
4 articles
Two US cybersecurity professionals have been sentenced to prison over their roles in ransomware attacks, with Ryan Goldberg of Georgia and Kevin Martin of Texas each receiving a four-year term after pleading guilty to conspiracy to obstruct or affect interstate commerce by extortion. A third participant, Angelo Martino of Florida, also pleaded guilty and…
Apr 21, 2026
—
May 1, 2026
incident
closed
4 articles
According to CISA, Windows Shell and ConnectWise ScreenConnect flaws have been added to the Known Exploited Vulnerabilities (KEV) catalog. The entries include CVE-2024-1708, a ConnectWise ScreenConnect Path Traversal Vulnerability (CVSS 8.4) affecting versions 23.9.7 and earlier, and CVE-2026-32202, a Microsoft Windows Protection Mechanism Failure…
Apr 28, 2026
—
Apr 29, 2026
vulnerability
closed
2 articles
A Mirai botnet is actively exploiting a command injection flaw, tracked as CVE-2025-29635, in discontinued D-Link DIR-823X series routers, according to Akamai. The vulnerability allows attackers to inject commands because an attacker-controlled value is copied without proper validation, affecting firmware versions 240126 and 24082. Exploitation began about…
Apr 22, 2026
—
Apr 22, 2026
incident
closed
2 articles
Cybersecurity researchers have identified BRIDGE:BREAK, a set of 22 vulnerabilities across Lantronix and Silex serial-to-IP converters, which could allow attackers to hijack devices and tamper with data exchanged by them. The flaws affect as many as eight security weaknesses in Lantronix EDS3000PS and EDS5000 Series and 14 in Silex SD330-AC, with potential…
Apr 20, 2026
—
Apr 21, 2026
vulnerability
closed
2 articles
CVE-2023-33538 has been under attack for over a year in outdated TP-Link routers, but exploitation remains unsuccessful, according to security researchers. Hackers targeted the flaw, a command injection in the /userRpm/WlanNetworkRpm endpoint affecting models including TL-TL-WR940N v2/v4, TL-WR740N v1/v2, and TL-WR841N v8/v10, with CISA adding the issue to…
Apr 20, 2026
—
Apr 20, 2026
vulnerability
closed
2 articles
Microsoft has issued Patch Tuesday updates fixing 165 vulnerabilities, including a SharePoint zero-day that has been exploited in the wild. The exploited SharePoint Server vulnerability is tracked as CVE-2026-32201 and is described as a spoofing issue with a CVSS score of 6.5, according to Microsoft. Improper input validation in Microsoft Office SharePoint…
Apr 14, 2026
—
Apr 14, 2026
incident
closed
2 articles
According to Citizen Lab, the Webloc surveillance tool tracked up to 500 million devices globally by tapping into advertising data to support law enforcement investigations in the United States, Hungary, and El Salvador. Developed by Cobwebs Technologies and now sold by Penlink, Webloc is used by agencies including ICE, the military, and various police…
Apr 11, 2026
—
Apr 13, 2026
vulnerability
closed
3 articles
Attackers are actively exploiting a critical Flowise vulnerability, tracked as CVE-2025-59528, which enables remote code execution and full system takeover by abusing poor validation of user-supplied JavaScript. The flaw allows arbitrary JavaScript to be executed on Flowise servers through the CustomMCP node, because the convertToValidJSONString function…
Apr 7, 2026
—
Apr 7, 2026
vulnerability
closed
3 articles
According to Talos, a threat actor tracked as UAT-10608 exploited vulnerable Next[.]js applications to compromise systems and exfiltrate credentials at scale, leveraging automated scanning to target Next[.]js deployments affected by CVE-2025-55182 (CVSS 10) a critical React vulnerability known as React2Shell. Following initial access, the operation used…
Mar 6, 2026
—
Apr 3, 2026
vulnerability
closed
4 articles
CVE-2026-20093 is described as a critical authentication bypass flaw in Cisco IMC that could allow an unauthenticated remote attacker to bypass authentication and gain full administrative access to UCS servers. The vulnerability carries a CVSS score of 9.8 and stems from improper input validation in the password change functionality of IMC, enabling an…
Apr 2, 2026
—
Apr 3, 2026
vulnerability
closed
4 articles
according to Known Exploited Vulnerabilities Catalog, the entry for TrueConf is CVE-2026-3502, described as a Client Download of Code Without Integrity Check Vulnerability. An attacker who can influence the update delivery path can substitute a tampered update payload, potentially leading to arbitrary code execution in the context of the updating process or…
Mar 31, 2026
—
Apr 2, 2026
vulnerability
closed
7 articles
Google patched CVE-2026-5281, a high-severity use-after-free vulnerability in Dawn, Chromium’s WebGPU implementation, and it has confirmed exploitation in the wild. The NVD wording outlines that a remote attacker who had already compromised the renderer process could execute arbitrary code via a crafted HTML page. Chrome fixed the flaw in stable desktop…
Apr 1, 2026
—
Apr 2, 2026
campaign
closed
2 articles
Threat actor UAC-0255 impersonated CERT-UA in a phishing campaign to spread the AGEWHEEZE remote access tool, sending emails to about 1 million users. The messages urged recipients to download a password-protected archive from Files[.]fm and install a fake “specialized software” that would give attackers control over infected systems. AGEWHEEZE offers…
Apr 1, 2026
—
Apr 2, 2026
vulnerability
closed
2 articles
Apple has expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to more devices to protect users from the DarkSword exploit kit, according to Infosecurity Magazine. The update allows devices still running iOS 18 to receive security patches without upgrading to the latest operating system, and Apple broadened access on 1 April to help more users receive…
Apr 2, 2026
—
Apr 2, 2026
incident
closed
2 articles
WhatsApp says it alerted about 200 users who were tricked into installing a bogus iOS version of WhatsApp that was infected with spyware. According to La Repubblica and ANSA, the vast majority of the targets are located in Italy, and the attackers used social engineering to persuade users to install the malicious app. All affected users have been logged out…
Apr 2, 2026
—
Apr 2, 2026
campaign
closed
2 articles
Microsoft researchers found a campaign that abuses WhatsApp attachments to sneak a script onto Windows machines, which will lead to the attacker gaining remote control, according to Microsoft. The attack chain starts with a WhatsApp attachment that looks harmless but is actually a .vbs file that Windows can execute; when run, it copies built‑in Windows…
Apr 1, 2026
—
Apr 1, 2026
vulnerability
closed
3 articles
Google has attributed the Axios npm supply chain compromise to a North Korean threat group tracked as UNC1069, in a move described as identifying the attackers as financially motivated. According to Google Threat Intelligence Group, UNC1069 has been active since at least 2018, with WAVESHAPER.V2 and related infrastructure cited as links to the group’s…
Apr 1, 2026
—
Apr 1, 2026
vulnerability
closed
8 articles
CVE-2025-53521 is a vulnerability in F5 BIG-IP Access Policy Manager (APM) that was reclassified in 2026 from a denial-of-service issue to an unauthenticated remote code execution (RCE) vulnerability. The flaw is actively exploited, with exploitation occurring in vulnerable BIG-IP versions and CISA listing it in its Known Exploited Vulnerabilities catalog.…
Mar 27, 2026
—
Apr 1, 2026
campaign
closed
2 articles
Threat actors hijacked the Axios npm package, introducing malicious versions of plain-crypto-js as a dependency to spread remote access Trojans (RATs), according to researchers at OpenSourceMalware. With access to the maintainer Jason Saayman’s account, the attackers published versions v1.14.1 and v0.30.4 featuring plain-crypto-js, and changed Saayman’s…
Mar 31, 2026
—
Apr 1, 2026
breach
closed
2 articles
Between late February and March 2026, threat group TeamPCP conducted a multi-stage supply chain campaign targeting trusted security tools, including Aqua Security Trivy, Checkmarx KICS and the LiteLLM gateway, with the operation expanding to the Telnyx Python SDK. According to Unit 42, the attackers injected malicious infostealer payloads into GitHub…
Mar 30, 2026
—
Mar 31, 2026
incident
closed
2 articles
Elastic Security Labs reports a supply chain compromise of the axios npm package, one of the JavaScript ecosystem’s most depended-upon libraries, which at discovery had about 100 million weekly downloads. The attacker gained control of the maintainer account jasonsaayman and published two malicious versions, axios@1.14.1 and axios@0.30.4, meaning a fresh…
Mar 31, 2026
—
Mar 31, 2026
vulnerability
closed
4 articles
Threat actors have started exploiting a critical-severity vulnerability in Fortinet FortiClient EMS, tracked as CVE-2026-21643, which is described as a pre-authentication SQL injection that can be exploited remotely via crafted HTTP requests. FortiClient EMS version 7.4.4 is affected, and a patch to 7.4.5 was released in early February, with Fortinet noting…
Feb 9, 2026
—
Mar 31, 2026
vulnerability
closed
11 articles
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Citrix NetScaler flaw, tracked as CVE-2026-3055, to its Known Exploited Vulnerabilities (KEV) catalog, with a CVSS score of 9.3. In March, Citrix issued security updates for two NetScaler vulnerabilities, including CVE-2026-3055, which allows unauthenticated attackers to leak…
Mar 24, 2026
—
Mar 31, 2026
incident
closed
1 article
Axios has suffered a supply chain attack after two newly published versions of its npm package introduced a malicious dependency, plain-crypto-js version 4.2.1, as a fake runtime dependency. According to StepSecurity, the versions 1.14.1 and 0.30.4 were published using the compromised npm credentials of the primary Axios maintainer, “jasonsaayman,” enabling…
Mar 31, 2026
—
Mar 31, 2026