MATLOCK.CA
8,560Articles
91Days
94Feeds
🚨
Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known Exploited Vulnerabilities catalog. The vulnerabilities CVE-2026-41091 allows for local privilege elevation (L…
KEVHELPNETSECURITY.COM — 21 May 2026
🚨
Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaignA self-propagating worm has compromised more than 170 npm and PyPI packages, defeating provenance attestation and breaching OpenAI and Mistral AI. Here is what you need to know. Key takeaways Mini Shai-Hulud is a self-propagating worm by TeamPCP that steals developer and cloud cr…
KEVTENABLE.COM — 21 May 2026
🐛
Microsoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fix
CSOONLINE.COM — 21 May 2026
🐛
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
THEHACKERNEWS.COM — 21 May 2026
🐛
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-32792 Packet of death with DNSCrypt
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-42959 Crash during DNSSEC validation of malicious content
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-44608 Use after free and crash under special conditions in RPZ code
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-43970 Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-41292 Long list of incoming EDNS options degrades performance
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-42534 Jostle logic bypass degrades resolution performance
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-40622 Another 'ghost domain names' attack variant
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service
MSRC.MICROSOFT.COM — 21 May 2026
🐛
CVE-2026-45736 ws: Uninitialized memory disclosure
MSRC.MICROSOFT.COM — 21 May 2026
🐛
Nine-Year-Old Kernel Flaw Puts Linux SSH Private Keys at Risk
GBHACKERS.COM — 21 May 2026
🐛
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
THEHACKERNEWS.COM — 21 May 2026
🐛
Critical Vulnerability in Cisco Secure Workload Threatens Enterprise API Security
GBHACKERS.COM — 21 May 2026
🐛
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
KEVTHEHACKERNEWS.COM — 21 May 2026
🐛
Microsoft Defender Zero-Day Vulnerabilities Actively Exploited in the Wild
KEVGBHACKERS.COM — 21 May 2026
🐛
CVE-2026-9082: Highly Critical SQL Injection Vulnerability in Drupal Core (SA-CORE-2026-004)
KEVTENABLE.COM — 21 May 2026
🐛
Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload
SECURITYAFFAIRS.COM — 21 May 2026
⚠️
New GhostTree Attack Causes EDR Tools to Hang, Leaving Files Unscanned
GBHACKERS.COM — 21 May 2026
⚠️
Claude Code Sandbox Flaw May Compromise User Secrets
GBHACKERS.COM — 21 May 2026
⚠️
Cyber threats push SMBs to spend more on security
HELPNETSECURITY.COM — 21 May 2026
⚠️
PoC Released for PinTheft Linux Flaw Enabling Root Privilege Escalation
GBHACKERS.COM — 21 May 2026
⚠️
WantToCry Ransomware Exploits SMB to Encrypt Remote Files
GBHACKERS.COM — 21 May 2026
⚠️
Windows93 / Myspace93 - 46,105 breached accounts
HAVEIBEENPWNED.COM — 21 May 2026
⚠️
The friendly skies aren’t friendly.
THECYBERWIRE.COM — 21 May 2026
⚠️
Why AI changed the threat model for travel technology
HELPNETSECURITY.COM — 21 May 2026
⚠️
AI red teaming agents change how LLMs get tested
HELPNETSECURITY.COM — 21 May 2026
⚠️
Follow the Crypto
THECYBERWIRE.COM — 21 May 2026
⚠️
Critical Drupal Vulnerability Could Leave Sites Open to Cyberattack
GBHACKERS.COM — 21 May 2026
⚠️
Mini Shai-Hulud Hits @antv npm Packages, Targets CI/CD Secrets
GBHACKERS.COM — 21 May 2026
⚠️
AI becoming an SOC imperative for curtailing emerging cyber threats
CSOONLINE.COM — 21 May 2026
⚠️
Terra adds continuous network exploitation validation to its platform
HELPNETSECURITY.COM — 21 May 2026
⚠️
Indian Student Data Weaponized in Phishing and Financial Fraud Campaigns
GBHACKERS.COM — 21 May 2026
⚠️
ASAPP expands adversarial testing for enterprise AI systems
HELPNETSECURITY.COM — 21 May 2026
⚠️
New NGINX 0-Day RCE “nginx-poolslip” Threatens Millions of Servers
GBHACKERS.COM — 21 May 2026
⚠️
Fake Invitation Phishing Campaign Steals Credentials From U.S. Organizations
GBHACKERS.COM — 21 May 2026
⚠️
A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale
WIRED.COM — 21 May 2026
⚠️
Microsoft releases open-source tools to operationalize AI agent safety
CSOONLINE.COM — 21 May 2026
⚠️
Apache OFBiz RCE Flaw Abuses Password-Change Restrictions for Authentication Bypass
GBHACKERS.COM — 21 May 2026
⚠️
Tenable One deepens third-party integrations with new Open Connector for unified risk visibility
TENABLE.COM — 21 May 2026
⚠️
Europol dismantles ‘First VPN’ service used by ransomware gangs
CYBERINSIDER.COM — 21 May 2026
⚠️
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
THEHACKERNEWS.COM — 21 May 2026
⚠️
Selective HTTP Proxying in Linux, (Thu, May 21st)
ISC.SANS.EDU — 21 May 2026
⚠️
Reducing Phish-Prone Rates Without Training Fatigue: A Practical Playbook for Traditional Organizations
KNOWBE4.COM — 21 May 2026
⚠️
Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
DARKREADING.COM — 21 May 2026
⚠️
Content Delivery Exploit Opens Websites to Brand Hijacking
DARKREADING.COM — 21 May 2026
⚠️
Q1 2026 Threat Landscape Report: Zero-clicks, geopolitical tensions, and some wins for law enforcement
RAPID7.COM — 21 May 2026
⚠️
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
THEHACKERNEWS.COM — 21 May 2026
⚠️
Cybersecurity’s Hidden Communication Risk
YOUTUBE.COM — 2026-05-21
⚠️
UK plans for cybercrime law reform would protect almost no one, experts warn
THERECORD.MEDIA — 21 May 2026
⚠️
Authorities dismantle First VPN, used by ransomware actors
HELPNETSECURITY.COM — 21 May 2026
⚠️
CISA asks cybersecurity community to alert it to vulnerability exploitation
KEVCYBERSECURITYDIVE.COM — 21 May 2026
⚠️
Attackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fix
SECURITYAFFAIRS.COM — 21 May 2026
📋
Google Chrome Security Flaws Could Let Attackers Execute Code Remotely
GBHACKERS.COM — 21 May 2026
📢
Mullvad confirms VPN fingerprinting flaw, says fix is on the way
CYBERINSIDER.COM — 21 May 2026
🔥
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
THEHACKERNEWS.COM — 21 May 2026
🔥
Dragonica Lunaris - 126,293 breached accounts
HAVEIBEENPWNED.COM — 21 May 2026
🔥
Grafana Labs Says Code Breach Stemmed from TanStack Attack
INFOSECURITY-MAGAZINE.COM — 21 May 2026
🔥
GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise
HELPNETSECURITY.COM — 21 May 2026
🔥
GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension
INFOSECURITY-MAGAZINE.COM — 21 May 2026
🔥
Grafana Labs links GitHub environment breach to TanStack npm supply chain attack
CYBERSECURITYDIVE.COM — 21 May 2026
🔥
Cybercriminal VPN Dismantled in Europol Crackdown
INFOSECURITY-MAGAZINE.COM — 21 May 2026
🕵️
ISC Stormcast For Thursday, May 21st, 2026 https://isc.sans.edu/podcastdetail/9940, (Thu, May 21st)
ISC.SANS.EDU — 21 May 2026
🕵️
Product showcase: Bitdefender Mobile Security for iOS protects privacy where scams begin
HELPNETSECURITY.COM — 21 May 2026
🕵️
Two U.S. Executives Plead Guilty in India-Based Tech Support Fraud Schemes
GBHACKERS.COM — 21 May 2026
🕵️
BadIIS Malware Hijacks IIS Servers to Redirect Users to Illicit Sites
GBHACKERS.COM — 21 May 2026
🕵️
Most dark web activity revolves around a handful of topics
HELPNETSECURITY.COM — 21 May 2026
🕵️
P2PInfect Botnet Targets Kubernetes via Exposed Redis
GBHACKERS.COM — 21 May 2026
🕵️
Riverbed introduces new Aternity tools for autonomous IT operations
HELPNETSECURITY.COM — 21 May 2026
🕵️
Forward launches Predict to test network changes before deployment
HELPNETSECURITY.COM — 21 May 2026
🕵️
CTERA brings AI insights and automation for unstructured data
HELPNETSECURITY.COM — 21 May 2026
🕵️
Virtru centers file collaboration around data-level protection
HELPNETSECURITY.COM — 21 May 2026
🕵️
Tenable Hexa AI automates remediation across attack surfaces
HELPNETSECURITY.COM — 21 May 2026
🕵️
TamperedChef Malware Hides in Signed Apps to Drop Stealers and RATs
GBHACKERS.COM — 21 May 2026
🕵️
Fake Microsoft Teams Downloads Spread ValleyRAT Malware
GBHACKERS.COM — 21 May 2026
🕵️
The readiness paradox: Why a false sense of cyber confidence is becoming a liability
CYBERSCOOP.COM — 21 May 2026
🕵️
Discord Enables End-to-End Encryption by Default Across Voice and Video Features
GBHACKERS.COM — 21 May 2026
🕵️
Fitbit Air vs Pixel Watch 4: Which Should You Wear at Night?
TECHREPUBLIC.COM — 21 May 2026
🕵️
Google Health 5.0 Brings New Fitbit App Design, AI Coach, and Android Widget
TECHREPUBLIC.COM — 21 May 2026
🕵️
Google Brings a Long-Missing Apple Feature to Android
TECHREPUBLIC.COM — 21 May 2026
🕵️
Permanent Jobs Fall in UK as Temporary Placements Rise: Report
TECHREPUBLIC.COM — 21 May 2026
🕵️
Historic SpaceX IPO Filing Reveals Starlink, AI, and Mars Ambitions
TECHREPUBLIC.COM — 21 May 2026
🕵️
Glucose Tracking Is Turning Into the Next Big Health Data Platform
TECHREPUBLIC.COM — 21 May 2026
🌐
Shifting Budget Dynamics for Identity Security and AI Agents
DARKREADING.COM — 21 May 2026
🌐
ASCII art in phishing emails | Kaspersky official blog
KASPERSKY.COM — 21 May 2026
🌐
Catch spyware in the act with Windows Webcam Monitoring
MALWAREBYTES.COM — 21 May 2026
🌐
Three-Quarters of Firms Knowingly Ship Vulnerable Code
INFOSECURITY-MAGAZINE.COM — 21 May 2026
🌐
AI Agents Are Shifting Identity Security Budget Dynamics
DARKREADING.COM — 21 May 2026
🎙️
Who’s responsible when AI starts making mistakes?
THECYBERWIRE.COM — 21 May 2026
📡
Scam ads, AI hallucinations, and legal implications.
THECYBERWIRE.COM — 21 May 2026
📡
The EU Is Going Through a Trump-Fueled Breakup With Big Tech
WIRED.COM — 21 May 2026
📡
Discord adds end-to-end encryption to voice and video calls by default
SECURITYAFFAIRS.COM — 21 May 2026
📡
When Identity is the Attack Path
THEHACKERNEWS.COM — 21 May 2026
📡
Researchers left AI agents alone in a virtual town and watched it all unravel
MALWAREBYTES.COM — 21 May 2026
📡
Scammers are abusing an internal Microsoft account to send spam links
TECHCRUNCH.COM — 21 May 2026
📡
TikTok, YouTube, and Roblox face scrutiny, but age gates won’t fix child safety
MALWAREBYTES.COM — 21 May 2026
📡
Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes
INFOSECURITY-MAGAZINE.COM — 21 May 2026
🐛
FreePBX Security Flaw Lets Attackers Access User Portals
GBHACKERS.COM — 20 May 2026
🐛
CVE Lite CLI: Open-source dependency vulnerability scanner
HELPNETSECURITY.COM — 20 May 2026
🐛
CVE-2026-43493 crypto: pcrypt - Fix handling of MAY_BACKLOG requests
MSRC.MICROSOFT.COM — 20 May 2026
🐛
CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node
MSRC.MICROSOFT.COM — 20 May 2026
🐛
CVE-2026-43492 lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()
MSRC.MICROSOFT.COM — 20 May 2026
🐛
Pardus Linux Vulnerability Lets Local Attackers Gain Silent Root Access
GBHACKERS.COM — 20 May 2026
🐛
DirtyDecrypt: PoC Released for yet another Linux flaw
SECURITYAFFAIRS.COM — 20 May 2026
🐛
Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)
HELPNETSECURITY.COM — 20 May 2026
🐛
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
THEHACKERNEWS.COM — 20 May 2026
🐛
Why some security fixes never reach your vulnerability dashboard
CSOONLINE.COM — 20 May 2026
🐛
How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)
SECURELIST.COM — 20 May 2026
🐛
Critical ExifTool Vulnerability Lets Hackers Compromise Macs via Malicious Images
GBHACKERS.COM — 20 May 2026
🐛
NVIDIA Triton Inference Server Flaw Raises Risk of Unauthorized Access
GBHACKERS.COM — 20 May 2026
🐛
Microsoft issues YellowKey mitigation, no patch yet
SECURITYAFFAIRS.COM — 20 May 2026
🐛
VU#980487: Local privilege escalation in Linux Kernel (Dirty Frag)
KB.CERT.ORG — 2026-05-20
🐛
Drupal admins rushing to patch maximum severity SQL injection vulnerability
CSOONLINE.COM — 20 May 2026
⚠️
Windows 11 BitLocker Zero-Day, TeamPCP Malware Leak, Iran Gas Station Hacks | Cybersecurity Today
CYBERSECURITYTODAY.LIBSYN.COM — 20 May 2026
⚠️
GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
THEHACKERNEWS.COM — 20 May 2026
⚠️
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
THEHACKERNEWS.COM — 20 May 2026
⚠️
PoC Exploit Released for DirtyDecrypt Linux Kernel Vulnerability
GBHACKERS.COM — 20 May 2026
⚠️
Hackers Exploit MSHTA to Deploy LummaStealer and Amatera Malware
GBHACKERS.COM — 20 May 2026
⚠️
GitHub Source Code Reportedly Compromised, TeamPCP Claims Breach
GBHACKERS.COM — 20 May 2026
⚠️
Risky Business #838 -- GitHub investigates possible breach
RISKY.BIZ — 20 May 2026
⚠️
New NGINX Vulnerability Exposes Servers to Malicious Code Execution
GBHACKERS.COM — 20 May 2026
⚠️
Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash
SECURITYAFFAIRS.COM — 20 May 2026
⚠️
Interpol's 'Operation Ramz' Pioneers Cross-Region Collabs in Middle East
DARKREADING.COM — 20 May 2026
⚠️
Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector
INFOSECURITY-MAGAZINE.COM — 20 May 2026
⚠️
TeamPCP GitHub Breach: Internal GitHub Repositories Allegedly Accessed
SOCRADAR.IO — 20 May 2026
⚠️
Shift to Prevention and Enforcement as We Repeat Security Mistakes With AI - Rob Allen - BSW #448
YOUTUBE.COM — 2026-05-20
⚠️
GitHub confirms internal repository theft as TeamPCP claims attack
CYBERINSIDER.COM — 20 May 2026
⚠️
TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
HELPNETSECURITY.COM — 20 May 2026
⚠️
SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain
CSOONLINE.COM — 20 May 2026
⚠️
ArmorCode gives security teams AI workers for exposure and remediation
HELPNETSECURITY.COM — 20 May 2026
⚠️
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
THEHACKERNEWS.COM — 20 May 2026
⚠️
Grafana GitHub Security Incident Reportedly Connected to TanStack npm Ransomware
GBHACKERS.COM — 20 May 2026
⚠️
Gremlin Stealer Hides C2 and Exfiltration Paths in Encrypted Resources
GBHACKERS.COM — 20 May 2026
⚠️
Old Breaches Resold as New Corporate Data Leaks
GBHACKERS.COM — 20 May 2026
⚠️
GitHub admits major source code leak after 3,800 internal repositories breached
CSOONLINE.COM — 20 May 2026
⚠️
Implement agentic AI in cybersecurity with Tenable Hexa AI: Reduce cyber risk at machine speed
TENABLE.COM — 20 May 2026
⚠️
Ukraine probes teen suspect in cyber theft scheme targeting California online shoppers
THERECORD.MEDIA — 20 May 2026
⚠️
Compromised coding tool helped hackers breach thousands of GitHub repositories
CYBERSECURITYDIVE.COM — 20 May 2026
⚠️
Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free
SECURITYAFFAIRS.COM — 20 May 2026
⚠️
Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control
DARKREADING.COM — 20 May 2026
⚠️
Verizon DBIR: Vulnerability exploitation is the dominant initial access vector
HELPNETSECURITY.COM — 20 May 2026
⚠️
NanoCo lands $12 million seed funding, launches enterprise assistant built on NanoClaw
HELPNETSECURITY.COM — 20 May 2026
⚠️
Operationalizing CTEM Faster: Build Surface Command Dashboards in Minutes
RAPID7.COM — 20 May 2026
⚠️
The cost of trusting the extension ecosystem.
THECYBERWIRE.COM — 20 May 2026
⚠️
GitHub Confirms Breach, 4K Internal Repos Stolen
DARKREADING.COM — 20 May 2026
⚠️
The AI Kill Switch Problem
YOUTUBE.COM — 2026-05-20
⚠️
PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch
SECURITYAFFAIRS.COM — 20 May 2026
⚠️
Fake Android Apps Commit Carrier Billing Fraud for Premium Svcs.
DARKREADING.COM — 20 May 2026
📋
Smashing Security podcast #468: High-speed train hacks and homicidal lawnmowers
GRAHAMCLULEY.COM — 20 May 2026
📢
Why Policy in Amazon Bedrock AgentCore chose Cedar for securing agentic workflows
AWS.AMAZON.COM — 20 May 2026
🔥
Microsoft disrupts malware code-signing service used by ransomware gangs
CSOONLINE.COM — 20 May 2026
🔥
What happens when your identity provider becomes the kill chain
HELPNETSECURITY.COM — 20 May 2026
🔥
FBI warns students and staff that ShinyHunters may come knocking after Canvas breach
BITDEFENDER.COM — 20 May 2026
🔥
A malicious VS code extension just breached GitHub ‘s internal repositories
SECURITYAFFAIRS.COM — 20 May 2026
🔥
Encryption Consulting launches CertSecure Manager v3.3 with zero-touch certificate renewals
HELPNETSECURITY.COM — 20 May 2026
🔥
GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension
INFOSECURITY-MAGAZINE.COM — 20 May 2026
🔥
Fox Tempest Linked to Malware-Signing Service Abusing Microsoft Artifact Signing
GBHACKERS.COM — 20 May 2026
🔥
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
THEHACKERNEWS.COM — 20 May 2026
🔥
Microsoft DurableTask Python Client Targeted in TeamPCP Cyberattack
GBHACKERS.COM — 20 May 2026
🔥
Customers say Trump Mobile is leaking their personal information
TECHCRUNCH.COM — 20 May 2026
🔥
GitHub says hackers stole data from thousands of internal repositories
TECHCRUNCH.COM — 20 May 2026
🔥
GitHub discloses breach of 3,800 internal code repositories.
THECYBERWIRE.COM — 20 May 2026
🔥
7-Eleven confirms breach after ShinyHunters claims
THERECORD.MEDIA — 20 May 2026
🔥
GitHub says internal repositories were impacted in poisoned VS Code extension attack
CYBERSCOOP.COM — 20 May 2026
🔥
7-Eleven hit by data breach
CYBERSECURITYDIVE.COM — 20 May 2026
🔥
Microsoft disrupts cybercrime operation that hid behind legitimate software
CYBERSECURITYDIVE.COM — 20 May 2026
🔥
Meet Rampart and Clarity, Microsoft’s new red team combo AI agents
CYBERSCOOP.COM — 20 May 2026
🔥
Processes and Culture Top Reasons Behind Data Breaches
DARKREADING.COM — 20 May 2026
🔥
Investigating unauthorized access to GitHub’s internal repositories
GITHUB.BLOG — 20 May 2026
🕵️
ISC Stormcast For Wednesday, May 20th, 2026 https://isc.sans.edu/podcastdetail/9938, (Wed, May 20th)
ISC.SANS.EDU — 20 May 2026
🕵️
7 hard truths security pros should know: 2026 DevOps Threats Report
HELPNETSECURITY.COM — 20 May 2026
🕵️
When your AI assistant has the keys to production
HELPNETSECURITY.COM — 20 May 2026
🕵️
Trapdoor Android Ad Fraud Ring Abuses 455 Apps for Fake Clicks
GBHACKERS.COM — 20 May 2026
🕵️
DevilNFC Malware Traps Android Users in NFC Relay Attacks
GBHACKERS.COM — 20 May 2026
🕵️
Mini Shai-Hulud Attack Hits npm Ecosystem, Compromising Over 600 Packages
GBHACKERS.COM — 20 May 2026
🕵️
Single-Letter Go Module Typosquat Drops DNS-Based Backdoor
GBHACKERS.COM — 20 May 2026
🕵️
Communicating cyber risk in dollars boards understand
HELPNETSECURITY.COM — 20 May 2026
🕵️
Void Botnet Leverages Ethereum for Resilient C2
GBHACKERS.COM — 20 May 2026
🕵️
Eviltokens: A Conversation with Huntress on an AI‑Enabled Device Code Phishing Campaign
THECYBERWIRE.COM — 20 May 2026
🕵️
GUEST ESSAY: AI can speed up communication, but it can also weaken human connection
LASTWATCHDOG.COM — 20 May 2026
🕵️
Darwinium updates mobile SDKs to detect remote access scam activity
HELPNETSECURITY.COM — 20 May 2026
🕵️
Fake Tax Assessment Pages Spread Windows Malware
GBHACKERS.COM — 20 May 2026
🕵️
Tracking TamperedChef Clusters via Certificate and Code Reuse
UNIT42.PALOALTONETWORKS.COM — 20 May 2026
🕵️
Trust3 AI focuses on AI agent risks with MCP Security layer
HELPNETSECURITY.COM — 20 May 2026
🕵️
GraphWorm Malware Abuses Microsoft OneDrive for Stealthy C2 Operations
GBHACKERS.COM — 20 May 2026
🕵️
China-Linked Webworm APT Evolves Tactics, Expands to European Targets
INFOSECURITY-MAGAZINE.COM — 20 May 2026
🕵️
FBI: $388 million lost in crypto ATM scams in 2026
HELPNETSECURITY.COM — 20 May 2026
🕵️
Novata uses AI to map risk across portfolios and supply chains
HELPNETSECURITY.COM — 20 May 2026
🕵️
On AI Security
SCHNEIER.COM — 2026-05-20
🕵️
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
THEHACKERNEWS.COM — 20 May 2026
🕵️
Report: Romance Scams Cost UK Victims £102 Million Last Year
KNOWBE4.COM — 20 May 2026
🕵️
They Put Industrial Systems On Wi-Fi
YOUTUBE.COM — 2026-05-20
🕵️
Block Everything By Default
YOUTUBE.COM — 2026-05-20
🕵️
How Can MSSPs Scale Threat Detection Without Burning Out Their Analysts?
ANY.RUN — 20 May 2026
🕵️
Same Problem, Different Angles: When Red Team and Blue Team Actually Talk to Each Other
BLACKHILLSINFOSEC.COM — 20 May 2026
🕵️
Tor launches crowdfunding campaign to support internet freedom projects
CYBERINSIDER.COM — 20 May 2026
🕵️
AI assistants can be hijacked and manipulated by inaudible sounds
CYBERINSIDER.COM — 20 May 2026
🕵️
Steam removes ‘Beyond The Dark’ horror game over malware reports
CYBERINSIDER.COM — 20 May 2026
🕵️
Webworm APT targets European government organizations with new backdoors
HELPNETSECURITY.COM — 20 May 2026
🌐
Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem
THEHACKERNEWS.COM — 20 May 2026
🌐
Malicious TV boxes: how a cheap “SuperBox” turns your home into a proxy node for cybercriminals | Kaspersky official blog
KASPERSKY.COM — 20 May 2026
🌐
Fake malware-signing service Fox Tempest dismantled by Microsoft
MALWAREBYTES.COM — 20 May 2026
🌐
Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users
INFOSECURITY-MAGAZINE.COM — 20 May 2026
🌐
Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem
INFOSECURITY-MAGAZINE.COM — 20 May 2026
🎙️
Building AI Content Systems That Actually Work with David Ebner of Content Workshop
THECYBERWIRE.COM — 20 May 2026
📡
Weekly Threat Bulletin – May 20th, 2026
F5.COM — 20 May 2026
📡
Data Brokers’ and AI Firms’ Opt-Out Forms Are Built to Fail, Report Finds
WIRED.COM — 20 May 2026
📡
Researchers Warn CypherLoc Scareware Has Targeted Millions of Users
INFOSECURITY-MAGAZINE.COM — 20 May 2026
📡
Firefox 151 packs big privacy upgrades into a small update
MALWAREBYTES.COM — 20 May 2026
📡
Agent AI is Coming. Are You Ready?
THEHACKERNEWS.COM — 20 May 2026
📡
AWS Security Hub Extended: Why enterprise security products should sell themselves
AWS.AMAZON.COM — 20 May 2026
📡
FTC warns 12 major tech firms of violating Take It Down Act
THERECORD.MEDIA — 20 May 2026
📡
Discord migrates all users to end-to-end encryption by default
THERECORD.MEDIA — 20 May 2026
📡
Texas, Florida top list of states reporting millions of dollars lost through crypto ATMs
THERECORD.MEDIA — 20 May 2026
📡
A New York Cop Got Injured at a Boxing Match. Now Madison Square Garden Is Banning His Lawyer
WIRED.COM — 20 May 2026
📡
Socket raises $60 million in Series C funding.
THECYBERWIRE.COM — 20 May 2026
📡
A Bipartisan Amendment Would End Police License Plate Tracking Nationwide
WIRED.COM — 20 May 2026
📡
Cyber Pros Can't Decide If AI Is a Good or a Bad Thing
DARKREADING.COM — 20 May 2026
🚨
Key findings from the Verizon DBIR 2026: Slower vulnerability remediation meets faster exploitationThe 2026 Verizon Data Breach Investigations Report (DBIR) reveals a troubling trend: vulnerability exploitation has surged to become the number one initial access vector while remediation rates have worsened. Key takeaways Vulnerability exploitation has surged to become the leadi…
KEVTENABLE.COM — 19 May 2026
🐛
Exchange Zero-Day Under Attack, Ransomware Gets Smarter, Fortinet Critical Flaws
KEVCYBERSECURITYTODAY.LIBSYN.COM — 19 May 2026
🐛
CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"
MSRC.MICROSOFT.COM — 19 May 2026
🐛
CVE-2026-31721 usb: gadget: f_hid: move list and spinlock inits from bind to alloc
MSRC.MICROSOFT.COM — 19 May 2026
🐛
CVE-2026-31704 ksmbd: use check_add_overflow() to prevent u16 DACL size overflow
MSRC.MICROSOFT.COM — 19 May 2026
🐛
CVE-2026-31702 f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()
MSRC.MICROSOFT.COM — 19 May 2026
🐛
CVE-2026-37458 Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.
MSRC.MICROSOFT.COM — 19 May 2026
🐛
CVE-2026-4873 connection reuse ignores TLS requirement
MSRC.MICROSOFT.COM — 19 May 2026
🐛
CVE-2026-6429 netrc credential leak with reused proxy connection
MSRC.MICROSOFT.COM — 19 May 2026
🐛
CVE-2026-5545 wrong reuse of HTTP Negotiate connection
MSRC.MICROSOFT.COM — 19 May 2026
🐛
CVE-2026-6253 proxy credentials leak over redirect-to proxy
MSRC.MICROSOFT.COM — 19 May 2026
🐛
CVE-2026-5773 wrong reuse of SMB connection
MSRC.MICROSOFT.COM — 19 May 2026
🐛
CVE-2026-37459 An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
MSRC.MICROSOFT.COM — 19 May 2026
🐛
CVE-2026-6276 stale custom cookie host causes cookie leak
MSRC.MICROSOFT.COM — 19 May 2026
🐛
CVE-2026-7168 cross-proxy Digest auth state leak
MSRC.MICROSOFT.COM — 19 May 2026
🐛
CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow
MSRC.MICROSOFT.COM — 19 May 2026
🐛
CVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruption
MSRC.MICROSOFT.COM — 19 May 2026
🐛
CVE-2025-0665 eventfd double close
MSRC.MICROSOFT.COM — 19 May 2026
🐛
Four-Faith Industrial Routers Targeted in Botnet Hijacking Campaign
GBHACKERS.COM — 19 May 2026
🐛
20-Year-Old PostgreSQL Flaw Gets Public PoC Exploit for Remote Code Execution
GBHACKERS.COM — 19 May 2026
🐛
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
THEHACKERNEWS.COM — 19 May 2026
🐛
macOS flaw allowed rogue apps to access chat and browser data
CYBERINSIDER.COM — 19 May 2026
🐛
Contractor’s public GitHub account exposed GovCloud and CISA credentials
CSOONLINE.COM — 19 May 2026
⚠️
CTT - 468,124 breached accounts
HAVEIBEENPWNED.COM — 19 May 2026
⚠️
GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
THEHACKERNEWS.COM — 19 May 2026
⚠️
CISA Admin Reportedly Exposes AWS GovCloud Credentials in Public GitHub Repository
GBHACKERS.COM — 19 May 2026
⚠️
SEPPmail Gateway Flaws Expose Organizations to RCE and Email Traffic Interception
GBHACKERS.COM — 19 May 2026
⚠️
Mythos Preview Automates PoC Exploit Creation for Vulnerability Research
GBHACKERS.COM — 19 May 2026
⚠️
Public Instagram posts provide raw material for AI phishing campaigns
HELPNETSECURITY.COM — 19 May 2026
⚠️
Earbud sensors can authenticate users by their heartbeat, study finds
HELPNETSECURITY.COM — 19 May 2026
⚠️
Compromised GitHub Action Steals Workflow Credentials
GBHACKERS.COM — 19 May 2026
⚠️
Hackers Exploit Entra ID Accounts to Steal Microsoft 365, Azure Data
GBHACKERS.COM — 19 May 2026
⚠️
Protecting the Neglected: Measuring County Cyber Risk with Dr. Ido Sivan Sevilla
THECYBERWIRE.COM — 19 May 2026
⚠️
iProov brings identity verification to video meetings to reduce fraud risks
HELPNETSECURITY.COM — 19 May 2026
⚠️
PostgreSQL Flaws Expose Databases to Remote Code Execution and SQL Injection
GBHACKERS.COM — 19 May 2026
⚠️
Shai-Hulud worm copycats emerge after source code leak
SECURITYAFFAIRS.COM — 19 May 2026
⚠️
7 tips for accelerating cyber incident recovery
CSOONLINE.COM — 19 May 2026
⚠️
Grafana Labs Confirms Hackers Stole Source Code
INFOSECURITY-MAGAZINE.COM — 19 May 2026
⚠️
SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access
THEHACKERNEWS.COM — 19 May 2026
⚠️
Operation Ramz Dismantles 53 Servers Used in Scam and Malware Campaigns
GBHACKERS.COM — 19 May 2026
⚠️
Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
THEHACKERNEWS.COM — 19 May 2026
⚠️
UAC-0184 Uses Bitsadmin and HTA Files to Deliver Gated Malware
GBHACKERS.COM — 19 May 2026
⚠️
AI Raises the Bar on Vulnerability Awareness and Secure-by-Design Software
INFOSECURITY-MAGAZINE.COM — 19 May 2026
⚠️
Phishing Campaign Exploits Google AppSheets to Target Facebook Accounts
KNOWBE4.COM — 19 May 2026
⚠️
Internet Explorer may be dead, but its ghost still runs malware
CSOONLINE.COM — 19 May 2026
⚠️
PureLogs infostealer is stealing credentials worldwide
HELPNETSECURITY.COM — 19 May 2026
⚠️
Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack
TECHCRUNCH.COM — 19 May 2026
⚠️
GitHub scales back bug bounties, reminds users security is their responsibility too
CSOONLINE.COM — 19 May 2026
⚠️
Mini Shai-Hulud returns, compromising hundreds of npm packages
CYBERSCOOP.COM — 19 May 2026
⚠️
Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN
CYBERSECURITYDIVE.COM — 19 May 2026
⚠️
Rapid7’s 2026 Global Cybersecurity Summit: Key Takeaways for Security Leaders
RAPID7.COM — 19 May 2026
⚠️
TP-Link, Photoshop, OpenVPN, Norton VPN vulnerabilities
TALOSINTELLIGENCE.COM — 19 May 2026
⚠️
Governing infrastructure as code using pattern-based policy as code
AWS.AMAZON.COM — 19 May 2026
⚠️
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
THEHACKERNEWS.COM — 19 May 2026
⚠️
Microsoft dismantled malware-signing network Fox Tempest
SECURITYAFFAIRS.COM — 19 May 2026
⚠️
News alert: Orchid Security study finds invisible identities now outnumber managed accounts
LASTWATCHDOG.COM — 19 May 2026
⚠️
AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks
CSOONLINE.COM — 19 May 2026
⚠️
Huawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network
THERECORD.MEDIA — 19 May 2026
⚠️
CISA secrets left sitting on GitHub.
THECYBERWIRE.COM — 19 May 2026
⚠️
Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches
CYBERSCOOP.COM — 19 May 2026
⚠️
Windows Zero-Day Barrage Continues After Patch Tuesday
DARKREADING.COM — 19 May 2026
⚠️
AI Spam Is Breaking Bug Bounties
YOUTUBE.COM — 2026-05-19
⚠️
Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut
DARKREADING.COM — 19 May 2026
⚠️
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
CISECURITY.ORG — 19 May 2026
⚠️
SN 1079: Daybreak and Codename MDASH - Microsoft's Edge Password Blunder
TWIT.TV — 19 May 2026
📋
macOS Malware Abuses Fake Google Update for Persistence
GBHACKERS.COM — 19 May 2026
📋
Drupal is rolling out an emergency security update on May 20. You cannot miss it
SECURITYAFFAIRS.COM — 19 May 2026
📢
Cybersecurity jobs available right now: May 19, 2026
HELPNETSECURITY.COM — 19 May 2026
📢
AI infrastructure is cracking under sovereignty demands
HELPNETSECURITY.COM — 19 May 2026
📢
Kimsuky Uses LNK, JSE Lures to Target Recruiters, Crypto Users, Defense Officials
GBHACKERS.COM — 19 May 2026
📢
US cyber agency CISA exposed reams of passwords and cloud keys to the open web
TECHCRUNCH.COM — 19 May 2026
📢
CISA contractor exposed AWS GovCloud keys on GitHub.
THECYBERWIRE.COM — 19 May 2026
📢
CISA Exposes Secrets, Credentials in 'Private' Repo
DARKREADING.COM — 19 May 2026
📢
CISA credential leak raises alarms, and Capitol Hill demands answers
CYBERSCOOP.COM — 19 May 2026
🔥
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
THEHACKERNEWS.COM — 19 May 2026
🔥
Compromised Nx Console VS Code Extension Steals Developer and Cloud Secrets
GBHACKERS.COM — 19 May 2026
🔥
Mini Shai-Hulud Attack Hits @antv npm Packages
GBHACKERS.COM — 19 May 2026
🔥
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
THEHACKERNEWS.COM — 19 May 2026
🔥
Gentlemen Ransomware Targets Windows, Linux, NAS, BSD, and ESXi Systems
GBHACKERS.COM — 19 May 2026
🔥
Poland shifts away from Signal following cyberattacks on officials’ accounts
SECURITYAFFAIRS.COM — 19 May 2026
🔥
ShinyHunters Takes Responsibility for Attack on Learning Management Platform
GBHACKERS.COM — 19 May 2026
🔥
The New Phishing Click: How OAuth Consent Bypasses MFA
THEHACKERNEWS.COM — 19 May 2026
🔥
CyberheistNews Vol 16 #20 [Heads Up] Today You Have Only 60 Seconds to Stop That Breach. Are You Ready?
KNOWBE4.COM — 19 May 2026
🔥
Looking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber Evolution
DARKREADING.COM — 19 May 2026
🔥
Selector extends AI-driven observability into multi-cloud environments
HELPNETSECURITY.COM — 19 May 2026
🔥
When AI Starts Acting Malicious
YOUTUBE.COM — 2026-05-19
🔥
Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool
INFOSECURITY-MAGAZINE.COM — 19 May 2026
🔥
Microsoft disrupts cybercrime service that abused software verification systems en masse
CYBERSCOOP.COM — 19 May 2026
🔥
Biometrics, diagnoses, and bank details exposed in major healthcare breach
MALWAREBYTES.COM — 19 May 2026
🔥
Microsoft disrupts Fox Tempest malware-signing-as-a-service platform tied to ransomware gangs
THERECORD.MEDIA — 19 May 2026
🔥
CIRT insights: How to help prevent unauthorized account removals from AWS Organizations
AWS.AMAZON.COM — 19 May 2026
🕵️
ISC Stormcast For Tuesday, May 19th, 2026 https://isc.sans.edu/podcastdetail/9936, (Tue, May 19th)
ISC.SANS.EDU — 19 May 2026
🕵️
Microsoft to Retire Teams Together Mode to Improve Performance
GBHACKERS.COM — 19 May 2026
🕵️
JavaScript Malware Campaign Drops Crypto Clipper via PowerShell
GBHACKERS.COM — 19 May 2026
🕵️
Babel Street targets AI-driven threats with new agentic investigation capabilities
HELPNETSECURITY.COM — 19 May 2026
🕵️
Egnyte unveils Email Capture and AI features to unify fragmented data
HELPNETSECURITY.COM — 19 May 2026
🕵️
The State of AI & AppSec - Keith Hoodlet - ASW #383
YOUTUBE.COM — 2026-05-19
🕵️
Discord enables E2EE by default for all voice and video communications
CYBERINSIDER.COM — 19 May 2026
🕵️
Laurie Anderson Is Quoting Me
SCHNEIER.COM — 2026-05-19
🕵️
Microsoft Edge Enhances Security by Preventing Password Loading at Startup
GBHACKERS.COM — 19 May 2026
🕵️
Top 5 Phishing-Driven Social Engineering Attacks on Companies in 2026
ANY.RUN — 19 May 2026
🕵️
Anthropic Denies EU Access to Claude Mythos, ChatGPT 5.5 Comes to Rescue
TECHREPUBLIC.COM — 19 May 2026
🕵️
VoidStealer Malware Targets Chrome Data Despite Built-In Browser Protections
GBHACKERS.COM — 19 May 2026
🕵️
LaunchDarkly adds real-time controls for AI agents in production
HELPNETSECURITY.COM — 19 May 2026
🕵️
Canonical ships Ubuntu Core 26 with 15 years of security maintenance
HELPNETSECURITY.COM — 19 May 2026
🕵️
New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain
HELPNETSECURITY.COM — 19 May 2026
🕵️
The end of unencrypted Discord calls is here
HELPNETSECURITY.COM — 19 May 2026
🕵️
Microsoft’s legacy MSHTA tool heavily abused in malware attacks
CYBERINSIDER.COM — 19 May 2026
🕵️
Two-Thirds of Nonhuman Accounts Are Unseen and Unmanaged, According to Orchid Security’s Identity Gap Report
GBHACKERS.COM — 19 May 2026
🕵️
Warning: Phishing Attacks Are Abusing the Kuse AI App
KNOWBE4.COM — 19 May 2026
🕵️
Mozilla hardens Firefox against fingerprinting, adds one-click session wipe
CYBERINSIDER.COM — 19 May 2026
🕵️
Criminal IP Returns to Infosecurity Europe 2026 with Advanced AI-Driven TI & ASM
GBHACKERS.COM — 19 May 2026
🕵️
AI Isn’t Finding Novel Bugs
YOUTUBE.COM — 2026-05-19
🕵️
Microsoft Launches New Surface AI PCs for Business Buyers
TECHREPUBLIC.COM — 19 May 2026
🕵️
Anthropic Just Bought a Developer Tool Used by OpenAI, Google
TECHREPUBLIC.COM — 19 May 2026
🕵️
Agentic AI, Strong Racks, Weak Fabric: Inside Dell’s AI Bet
TECHREPUBLIC.COM — 19 May 2026
🕵️
Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft
TECHREPUBLIC.COM — 19 May 2026
🕵️
Apple’s Siri Could Get a Grammarly-Like AI Writing Tool at WWDC
TECHREPUBLIC.COM — 19 May 2026
🕵️
Apple Intelligence Powers New Accessibility Features for iPhone, Mac
TECHREPUBLIC.COM — 19 May 2026
🕵️
Microsoft Confirms Windows Update Bug Blocking Security Fixes
TECHREPUBLIC.COM — 19 May 2026
🕵️
My Mother the Car, AI Slop, Nginx, Polyscope, Drupal, , GitHub, Aaran Leyland - SWN #582
YOUTUBE.COM — 2026-05-19
🌐
From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat
TALOSINTELLIGENCE.COM — 19 May 2026
🌐
From Ivory Tower to Iron Curtain: The Academics Who Reshaped the CIA
THECYBERWIRE.COM — 19 May 2026
🌐
Stealer Spoofs Google, Microsoft &amp; Apple, Then Backdoors macOS
DARKREADING.COM — 19 May 2026
📡
Hackers Bypass Security Tools to Target Users Directly
INFOSECURITY-MAGAZINE.COM — 19 May 2026
📡
How to Make Apps and Websites Remove Your Nonconsensual Nudes
WIRED.COM — 19 May 2026
📡
Massive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspects
SECURITYAFFAIRS.COM — 19 May 2026
📡
YouTube wants your face to fight deepfakes
MALWAREBYTES.COM — 19 May 2026
📡
Agentic AI Accelerates Software Builds and Mobile App Attacks
INFOSECURITY-MAGAZINE.COM — 19 May 2026
📡
Facebook scam promises cheap Aldi meat boxes, steals payment info instead
MALWAREBYTES.COM — 19 May 2026
📡
Tools for spotting and disabling AI systems in an enterprise
KASPERSKY.COM — 19 May 2026
📡
Telecom sector launches its own private ISAC
CYBERSECURITYDIVE.COM — 19 May 2026
📡
UK regulator to require tech firms to tackle deepfakes, non-consensual intimate images
THERECORD.MEDIA — 19 May 2026
📡
Discord enables end-to-end encrypted voice and video calling for every user
TECHCRUNCH.COM — 19 May 2026
📡
From teen hacker to Iron Dome researcher, this founder raised $28M to fight AI phishing
TECHCRUNCH.COM — 19 May 2026
📡
Microsoft Exchange ProxyShell Scanning Doubles in April 2026 as Two Distinct Campaign Clusters Emerge
F5.COM — 19 May 2026
🐛
Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945
KEVSECURITYAFFAIRS.COM — 18 May 2026
🐛
Critical Marimo RCE Flaw Could Let Attackers Execute Malicious Code Remotely
GBHACKERS.COM — 18 May 2026
🐛
Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix
SECURITYAFFAIRS.COM — 18 May 2026
🐛
VU#777338: SGLang contains two remote code execution and one path traversal vulnerability
KEVKB.CERT.ORG — 2026-05-18
🐛
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
THEHACKERNEWS.COM — 18 May 2026
🐛
Critical NGINX Vulnerability Lets Hackers Launch Remote Code Execution Attacks
KEVGBHACKERS.COM — 18 May 2026
🐛
Gamaredon Deploys GammaDrop, GammaLoad in Phishing Campaigns
GBHACKERS.COM — 18 May 2026
🐛
‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploit
CSOONLINE.COM — 18 May 2026
🐛
Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945)
HELPNETSECURITY.COM — 18 May 2026
🐛
Microsoft Exchange Zero-Day Under Attack, No Patch Available
DARKREADING.COM — 18 May 2026
⚠️
The Boring Stuff is Dangerous Now
DARKREADING.COM — 18 May 2026
⚠️
When ransomware hits, confidence doesn’t restore endpoints
HELPNETSECURITY.COM — 18 May 2026
⚠️
Claude Code Vulnerability Allows Attackers to Run Commands Through Crafted Deeplinks
GBHACKERS.COM — 18 May 2026
⚠️
Former CISA nominee Sean Plankey named US CEO of defense startup
CYBERSCOOP.COM — 18 May 2026
⚠️
Crafted JPEGs Could Trigger PHP Memory Bugs for Exploitation
GBHACKERS.COM — 18 May 2026
⚠️
Researchers Build First Public Apple M5 macOS Kernel Exploit with Mythos Preview
GBHACKERS.COM — 18 May 2026
⚠️
Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets
GBHACKERS.COM — 18 May 2026
⚠️
Lyrie: Open-source autonomous pentesting agent
HELPNETSECURITY.COM — 18 May 2026
⚠️
AI shrinks vulnerability exploitation window to hours
HELPNETSECURITY.COM — 18 May 2026
⚠️
Critical FunnelKit Vulnerability Puts 40,000+ WooCommerce Sites at Risk
GBHACKERS.COM — 18 May 2026
⚠️
n8n Security Flaws Could Let Attackers Achieve Remote Code Execution
GBHACKERS.COM — 18 May 2026
⚠️
201 arrested in INTERPOL disruption of phishing and fraud networks
HELPNETSECURITY.COM — 18 May 2026
⚠️
Why the best security investment a board can make in 2026 isn’t another tool
CSOONLINE.COM — 18 May 2026
⚠️
AI coding is fueling a secrets-sprawl crisis few CISOs are containing
CSOONLINE.COM — 18 May 2026
⚠️
AI Has a data problem, cascading breaches, and the weekly news - Dimitri Sirota - ESW #459
YOUTUBE.COM — 2026-05-18
⚠️
Security Researchers Find 47 Zero-Days at Pwn2Own Berlin
INFOSECURITY-MAGAZINE.COM — 18 May 2026
⚠️
Attackers accessed, downloaded code from Grafana Labs’ GitHub
HELPNETSECURITY.COM — 18 May 2026
⚠️
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
THEHACKERNEWS.COM — 18 May 2026
⚠️
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
THEHACKERNEWS.COM — 18 May 2026
⚠️
Zero-Day Exploit Against Windows BitLocker
SCHNEIER.COM — 2026-05-18
⚠️
Gremlin Stealer Hides Payloads in .NET Resources to Evade Detection
GBHACKERS.COM — 18 May 2026
⚠️
New image-based prompt injection attack targets multimodal AI models
CSOONLINE.COM — 18 May 2026
⚠️
Open source tool maker Grafana Labs says hackers stole its code, refuses to pay ransom
TECHCRUNCH.COM — 18 May 2026
⚠️
AI Security Shifts To Data Control
YOUTUBE.COM — 2026-05-18
⚠️
ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed
SECURITYAFFAIRS.COM — 18 May 2026
⚠️
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
THEHACKERNEWS.COM — 18 May 2026
⚠️
Researchers craft a kernel exploit on Apple's M5 chips, with help from Mythos.
THECYBERWIRE.COM — 18 May 2026
⚠️
18th May – Threat Intelligence Report
RESEARCH.CHECKPOINT.COM — 18 May 2026
⚠️
MY TAKE: AI agents force a rethink of enterprise service lines as vendors move up the tech tack
LASTWATCHDOG.COM — 18 May 2026
⚠️
AI cyberattackers are getting better faster
CSOONLINE.COM — 18 May 2026
⚠️
Microsoft: Edge 148 will stop loading cleartext passwords in memory
CYBERINSIDER.COM — 18 May 2026
⚠️
AI is drowning software maintainers in junk security reports
HELPNETSECURITY.COM — 18 May 2026
⚠️
Game over for 74 suspected scammers after Dutch cops plastered their faces on billboards
HELPNETSECURITY.COM — 18 May 2026
⚠️
AI Ends Productivity Guesswork
YOUTUBE.COM — 2026-05-18
⚠️
Grafana confirms GitHub token breach cybercrime group claims the attack
SECURITYAFFAIRS.COM — 18 May 2026
⚠️
Microsoft May security patch fails for some due to boot partition size glitch
CSOONLINE.COM — 18 May 2026
⚠️
The M5 just met its memory problem.
THECYBERWIRE.COM — 18 May 2026
⚠️
AI might cut false positives, but it won’t stop the slop
CYBERSCOOP.COM — 18 May 2026
⚠️
Shai-Hulud Worm Clones Spread After Code Release
DARKREADING.COM — 18 May 2026
⚠️
Multiple Vulnerabilities in NGINX Could Allow for Remote Code Execution
CISECURITY.ORG — 18 May 2026
📢
Can Laws Stop Deepfakes? South Korea Aims to Find Out
DARKREADING.COM — 18 May 2026
📢
Microsoft Acknowledges Windows 11 Update Failure Linked to Error 0x800f0922
GBHACKERS.COM — 18 May 2026
📢
NCSC Publishes Guidance on Securing Agentic AI Use
INFOSECURITY-MAGAZINE.COM — 18 May 2026
📢
CISA Admin Leaked AWS GovCloud Keys on Github
KREBSONSECURITY.COM — 18 May 2026
🔥
Weekly Update 504
TROYHUNT.COM — 18 May 2026
🔥
Grafana Labs Confirms Security Incident Involving GitHub Codebase Access
GBHACKERS.COM — 18 May 2026
🔥
Hackers Abuse Cloudflare Storage to Exfiltrate Network Files
GBHACKERS.COM — 18 May 2026
🔥
Paper Werewolf APT Spreads EchoGather RAT via Fake Adobe Installer
GBHACKERS.COM — 18 May 2026
🔥
The Canvas breach proved that prevention is no longer enough
CYBERSCOOP.COM — 18 May 2026
🔥
NYC Health and Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million people
TECHCRUNCH.COM — 18 May 2026
🔥
Fuel Tank Breaches Expand Scope of Iran's Cyber Offensive
DARKREADING.COM — 18 May 2026
🔥
Grafana refuses to pay ransom after codebase theft
THERECORD.MEDIA — 18 May 2026
🔥
More than 200 arrested in cyber raids aimed at Middle East scam networks
THERECORD.MEDIA — 18 May 2026
🔥
Addi - 34,532,941 breached accounts
HAVEIBEENPWNED.COM — 18 May 2026
🕵️
Product showcase: McAfee + ChatGPT integration turns doubt into a scam check
HELPNETSECURITY.COM — 18 May 2026
🕵️
Linux Torvalds Warns AI Bug Report Spam Is Disrupting Linux Security Discussions
GBHACKERS.COM — 18 May 2026
🕵️
1 Million WordPress Websites Exposed by Avada Builder Security Vulnerabilities
GBHACKERS.COM — 18 May 2026
🕵️
The AI backdoor your security stack is not built to see
HELPNETSECURITY.COM — 18 May 2026
🕵️
Fast16 Malware Sabotages Nuclear Test Simulations by Altering Data
GBHACKERS.COM — 18 May 2026
🕵️
Hackers Hide PureLogs Infostealer in PawsRunner Loader
GBHACKERS.COM — 18 May 2026
🕵️
OtterCookie Malware Steals Dev Secrets, SSH Keys, Cloud Credentials, and Tokens
GBHACKERS.COM — 18 May 2026
🕵️
ANY.RUN Turns 10: Special Offers for Stronger Security Operations
ANY.RUN — 18 May 2026
🕵️
Signal begins testing automatic key verification for encrypted chats
CYBERINSIDER.COM — 18 May 2026
🕵️
How a government contest launched a revolution in AI-based bug hunting
CYBERSECURITYDIVE.COM — 18 May 2026
🕵️
SmartBear expands ReadyAPI with AI-powered API testing capabilities
HELPNETSECURITY.COM — 18 May 2026
🕵️
What Is an Al Agent in Cybersecurity?
KNOWBE4.COM — 18 May 2026
🕵️
Grafana Labs says hacker gained access to codebase through leaked token
CYBERSECURITYDIVE.COM — 18 May 2026
🕵️
7 Hidden iPhone Features That Actually Make a Difference
TECHREPUBLIC.COM — 18 May 2026
🕵️
Fitbit Bug Leaves Pixel Watch Users Missing Sleep Data Again
TECHREPUBLIC.COM — 18 May 2026
🕵️
Windows 11 Start Menu, Taskbar Are Getting More Customization
TECHREPUBLIC.COM — 18 May 2026
🕵️
Mozilla calls on UK to exclude VPNs from age verification rules
CYBERINSIDER.COM — 18 May 2026
🕵️
Apple’s Siri Revamp May Add Auto-Deleting Chats
TECHREPUBLIC.COM — 18 May 2026
🕵️
Banned Nvidia AI Chips Keep Reaching China Despite US Crackdown
TECHREPUBLIC.COM — 18 May 2026
🕵️
Apple’s Fall Lineup Could Include Foldable iPhone, New Macs
TECHREPUBLIC.COM — 18 May 2026
🕵️
Interpol leads cybercrime crackdown across 13 countries in Middle East, North Africa
CYBERSCOOP.COM — 18 May 2026
🕵️
Poland urges officials to ditch Signal for state-run messaging apps
CYBERINSIDER.COM — 18 May 2026
🕵️
TeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th)
ISC.SANS.EDU — 18 May 2026
🕵️
FTC: Americans Lost $2.1 Billion to Social Media Scams Last Year
KNOWBE4.COM — 18 May 2026
🌐
A week in security (May 11 &#8211; May 17)
MALWAREBYTES.COM — 18 May 2026
🌐
Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations
THEHACKERNEWS.COM — 18 May 2026
🌐
Developer Workstations Are Now Part of the Software Supply Chain
THEHACKERNEWS.COM — 18 May 2026
🌐
IT threat evolution in Q1 2026. Mobile statistics
SECURELIST.COM — 18 May 2026
🌐
IT threat evolution in Q1 2026. Non-mobile statistics
SECURELIST.COM — 18 May 2026
📰
N2K CyberWire's T-Minus returns with focus on the critical intersection of space and cybersecurity
THECYBERWIRE.COM — 18 May 2026
🎙️
AI is distorting the Holocaust (Lock and Code S07E10)
MALWAREBYTES.COM — 18 May 2026
📡
Bank of England, FCA and Treasury Raise Alarm Over Frontier AI
INFOSECURITY-MAGAZINE.COM — 18 May 2026
📡
An ICE Firearms Trainer Was Involved in At Least 4 Deadly Shootings
WIRED.COM — 18 May 2026
📡
Microsoft is changing Edge’s plaintext password behavior
MALWAREBYTES.COM — 18 May 2026
📡
How to Reduce Phishing Exposure Before It Turns into Business Disruption
THEHACKERNEWS.COM — 18 May 2026
📡
Interpol Launches Sweeping Cybercrime Crackdown in MENA Region
INFOSECURITY-MAGAZINE.COM — 18 May 2026
📡
The Infosecurity Europe Cyber Startup Competition: Meet the Finalists
INFOSECURITY-MAGAZINE.COM — 18 May 2026
📡
Public Amazon bucket leaks sensitive guest data from Japanese hotel platform Tabiq
SECURITYAFFAIRS.COM — 18 May 2026
📡
B1ack’s Stash Releases 4.6 Million Stolen Credit Cards for Free
SOCRADAR.IO — 18 May 2026
📡
Experts warn of privacy risks as AI firms looks to connect to financial accounts
THERECORD.MEDIA — 18 May 2026
📡
INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests
THEHACKERNEWS.COM — 18 May 2026
📡
'Claw Chain' Vulnerabilities Threaten OpenClaw Deployments
DARKREADING.COM — 18 May 2026
🐛
CVE-2026-46483 Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag
MSRC.MICROSOFT.COM — 17 May 2026
🐛
CVE-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks
MSRC.MICROSOFT.COM — 17 May 2026
🐛
CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects
MSRC.MICROSOFT.COM — 17 May 2026
🐛
CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address
MSRC.MICROSOFT.COM — 17 May 2026
🐛
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
KEVTHEHACKERNEWS.COM — 17 May 2026
🐛
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97
SECURITYAFFAIRS.COM — 17 May 2026
⚠️
Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total
SECURITYAFFAIRS.COM — 17 May 2026
⚠️
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
THEHACKERNEWS.COM — 17 May 2026
⚠️
Week in review: Cisco patches SD-WAN 0-day, unpatched Microsoft Exchange Server flaw exploited
HELPNETSECURITY.COM — 17 May 2026
⚠️
GitHub Actions Cache Poisoning is eating open source
PROGRAMMING.DEV — 17 May 2026
⚠️
Pwn2Own Berlin 2026 concludes with $1.29 million paid for 47 zero-days
CYBERINSIDER.COM — 17 May 2026
⚠️
Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION
SECURITYAFFAIRS.COM — 17 May 2026
⚠️
Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores
KEVSECURITYAFFAIRS.COM — 17 May 2026
⚠️
iodéOS review: Privacy-focused Android that doesn’t get in your way
CYBERINSIDER.COM — 17 May 2026
⚠️
Debian 13.5 point release lands with security fixes, bug patches
HELPNETSECURITY.COM — 17 May 2026
🎙️
From cyberspace to space-cyber.
THECYBERWIRE.COM — 17 May 2026
🚨
U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-202…
KEVSECURITYAFFAIRS.COM — 16 May 2026
🐛
CVE-2026-44673 libyang: lyb_read_string() integer overflow → heap buffer overflow
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-6478 PostgreSQL discloses MD5-hashed passwords via covert timing channel
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-6473 PostgreSQL server undersizes allocations, via integer wraparound
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-6638 PostgreSQL REFRESH PUBLICATION allows SQL injection via table name
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-6637 PostgreSQL refint allows stack buffer overflow and SQL injection
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-40460 NGINX ngx_quic_module vulnerability
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-42934 NGINX ngx_http_charset_module vulnerability
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-44431 urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-43490 ksmbd: validate inherited ACE SID length
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-6475 PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-6474 PostgreSQL timeofday() can disclose portions of server memory
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-6472 PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-6479 PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-40701 NGINX ngx_http_ssl_module vulnerability
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-42945 NGINX ngx_http_rewrite_module vulnerability
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-46333 ptrace: slightly saner 'get_dumpable()' logic
MSRC.MICROSOFT.COM — 16 May 2026
🐛
Linux “ssh-keysign-pwn” Flaw Exposing Critical Authentication Files
GBHACKERS.COM — 16 May 2026
⚠️
Inside CIRA: How Canada's .ca Registry Became a Global DNS & Cybersecurity Force
CYBERSECURITYTODAY.LIBSYN.COM — 16 May 2026
⚠️
JDownloader Website Hack Exposes Windows and Linux Users to Malicious Installers
GBHACKERS.COM — 16 May 2026
⚠️
OpenAI and others deal with fallout from TanStack supply-chain attack.
THECYBERWIRE.COM — 16 May 2026
⚠️
OpenAI hit by supply chain attack linked to malicious TanStack packages
SECURITYAFFAIRS.COM — 16 May 2026
⚠️
AI Broke Patch Management
YOUTUBE.COM — 2026-05-16
⚠️
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
THEHACKERNEWS.COM — 16 May 2026
🔥
Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording
WIRED.COM — 16 May 2026
🔥
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution
SECURITYAFFAIRS.COM — 16 May 2026
🕵️
Friday Squid Blogging: Bigfin Squid
SCHNEIER.COM — 2026-05-16
🕵️
Scam papers served.
THECYBERWIRE.COM — 16 May 2026
🚨
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access ExploitsThe U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remedi…
KEVTHEHACKERNEWS.COM — 15 May 2026
🚨
Cisco warns of an actively exploited SD-WAN flaw with max severityCisco has disclosed a max-severity authentication bypass vulnerability affecting its Catalyst SD-WAN Controller and Catalyst SD-WAN Manager platforms, warning that the flaw has already been found to be exploited in the wild. The disclosure follows an earlier authentication bypass…
KEVCSOONLINE.COM — 15 May 2026
🚨
CVE-2026-20182: Cisco Catalyst SD-WAN Auth Bypass Added to CISA KEVCVE-2026-20182: Cisco Catalyst SD-WAN Auth Bypass Added to CISA KEV Cisco has disclosed CVE-2026-20182, a critical authentication bypass affecting Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage). The flaw is in the peering a…
KEVSOCRADAR.IO — 15 May 2026
🐛
Palo Alto Firewalls Hit by Zero-Day Allowing Arbitrary Code Execution as Root
GBHACKERS.COM — 15 May 2026
🐛
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
THEHACKERNEWS.COM — 15 May 2026
🐛
Next.js Security Flaw Leaks Cloud Credentials, API Keys, and Admin Interfaces
GBHACKERS.COM — 15 May 2026
🐛
CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
MSRC.MICROSOFT.COM — 15 May 2026
🐛
CVE-2026-4893 CVE-2026-4893
MSRC.MICROSOFT.COM — 15 May 2026
🐛
CVE-2026-2291 CVE-2026-2291
MSRC.MICROSOFT.COM — 15 May 2026
🐛
CVE-2026-5172 CVE-2026-5172
MSRC.MICROSOFT.COM — 15 May 2026
🐛
CVE-2026-4890 CVE-2026-4890
MSRC.MICROSOFT.COM — 15 May 2026
🐛
CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling
MSRC.MICROSOFT.COM — 15 May 2026
🐛
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command
MSRC.MICROSOFT.COM — 15 May 2026
🐛
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
MSRC.MICROSOFT.COM — 15 May 2026
🐛
CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
MSRC.MICROSOFT.COM — 15 May 2026
🐛
CVE-2026-8295 Integer overflow in simdjson
MSRC.MICROSOFT.COM — 15 May 2026
🐛
CVE-2026-4891 CVE-2026-4891
MSRC.MICROSOFT.COM — 15 May 2026
🐛
CVE-2026-4892 CVE-2026-4892
MSRC.MICROSOFT.COM — 15 May 2026
🐛
CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username
MSRC.MICROSOFT.COM — 15 May 2026
🐛
CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS
MSRC.MICROSOFT.COM — 15 May 2026
🐛
CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
MSRC.MICROSOFT.COM — 15 May 2026
🐛
Cisco Catalyst SD-WAN Controller Flaw Under Active Exploitation for Admin Access
KEVGBHACKERS.COM — 15 May 2026
🐛
Amazon Redshift JDBC Driver Flaws Expose Systems to RCE Attacks
GBHACKERS.COM — 15 May 2026
🐛
Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)
HELPNETSECURITY.COM — 15 May 2026
🐛
PraisonAI Vulnerability Actively Exploited Within Hours of Being Made Public
KEVGBHACKERS.COM — 15 May 2026
🐛
VMware Fusion Flaw Could Allow Attackers to Gain Root Privileges
GBHACKERS.COM — 15 May 2026
🐛
Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)
KEVHELPNETSECURITY.COM — 15 May 2026
🐛
CVE-2026-40379 Azure Entra ID Spoofing Vulnerability
MSRC.MICROSOFT.COM — 15 May 2026
🐛
CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day
SECURITYAFFAIRS.COM — 15 May 2026
🐛
Exchange Server zero-day vulnerability can be triggered by opening a malicious email
KEVCSOONLINE.COM — 15 May 2026
🐛
Metasploit Wrap-Up 05/15/2026
RAPID7.COM — 15 May 2026
⚠️
How a Google API Key Became an $8,000 AI Bill, Meta Scam Ads Lawsuit, and 73-Second Cyber Attacks
CYBERSECURITYTODAY.LIBSYN.COM — 15 May 2026
⚠️
The AI oversight paradox: Is the investment worth the cost of watching it?
HELPNETSECURITY.COM — 15 May 2026
⚠️
Hackers Exploit Scheduled Tasks for Persistence in FrostyNeighbor Attacks
GBHACKERS.COM — 15 May 2026
⚠️
Dell SupportAssist Update Forces Windows Systems Into BSOD Loop
GBHACKERS.COM — 15 May 2026
⚠️
Soap Box: Where does AI fit into cloud security?
RISKY.BIZ — 15 May 2026
⚠️
TeamPCP Hackers Exploit CI/CD Pipelines to Steal Cloud Credentials
GBHACKERS.COM — 15 May 2026
⚠️
Pwn2Own Berlin 2026, Day One: $523,000 paid out, AI products fall
SECURITYAFFAIRS.COM — 15 May 2026
⚠️
Multiple cPanel Vulnerabilities Could Lead to Sensitive Resource Exposure
GBHACKERS.COM — 15 May 2026
⚠️
China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer
INFOSECURITY-MAGAZINE.COM — 15 May 2026
⚠️
Researchers uncover YellowKey and GreenPlasma Windows Zero-Days
SECURITYAFFAIRS.COM — 15 May 2026
⚠️
Microsoft Edge, Windows 11, and LiteLLM Fall to Exploits at Pwn2Own Berlin 2026
GBHACKERS.COM — 15 May 2026
⚠️
EU’s Cyber Resiliency Act will put IT leaders to the test
KEVCSOONLINE.COM — 15 May 2026
⚠️
The economics of ransomware 3.0
CSOONLINE.COM — 15 May 2026
⚠️
Rocky Linux launches opt-in security repository for urgent fixes
HELPNETSECURITY.COM — 15 May 2026
⚠️
Microsoft Warns HPE Operations Agent Abused in Malware-Free Attacks
GBHACKERS.COM — 15 May 2026
⚠️
Autonomous systems are finally working. Security is next
CSOONLINE.COM — 15 May 2026
⚠️
Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
UNIT42.PALOALTONETWORKS.COM — 15 May 2026
⚠️
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
THEHACKERNEWS.COM — 15 May 2026
⚠️
Akamai to acquire LayerX for $205 million
HELPNETSECURITY.COM — 15 May 2026
⚠️
Shai-Hulud Worm Steals Dev Secrets Across npm, GitHub, AWS & Kubernetes
GBHACKERS.COM — 15 May 2026
⚠️
Google Project Zero Details Pixel 10 Zero-Click Exploit Chain
GBHACKERS.COM — 15 May 2026
⚠️
Hackers Exploit OAuth Device Flow to Steal Microsoft 365 Tokens
GBHACKERS.COM — 15 May 2026
⚠️
Microsoft Reports Severe Zero-Day Flaw in On-Prem Exchange Servers
INFOSECURITY-MAGAZINE.COM — 15 May 2026
⚠️
Redesigning Security Culture for the Agentic Age
KNOWBE4.COM — 15 May 2026
⚠️
CISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by Sunday
THERECORD.MEDIA — 15 May 2026
⚠️
Researchers claim the first macOS kernel exploit on Apple M5 chips
CYBERINSIDER.COM — 15 May 2026
⚠️
Hack One, Own Every Mower
YOUTUBE.COM — 2026-05-15
⚠️
Cisco zero-day under ongoing attack by persistent threat group
CYBERSCOOP.COM — 15 May 2026
⚠️
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
THEHACKERNEWS.COM — 15 May 2026
⚠️
US orders travelers on Air Force One to throw away gifts, pins, and burner phones after China trip
TECHCRUNCH.COM — 15 May 2026
⚠️
OpenAI impacted by TanStack supply-chain attack.
THECYBERWIRE.COM — 15 May 2026
⚠️
Attackers exploit critical flaw in Cisco Catalyst SD-WAN Controller
CYBERSECURITYDIVE.COM — 15 May 2026
⚠️
Mullvad VPN exit IP patterns could enable user fingerprinting
CYBERINSIDER.COM — 15 May 2026
⚠️
Here’s how the FTC plans to enforce the Take It Down Act
CYBERSCOOP.COM — 15 May 2026
⚠️
A Vulnerability in Microsoft Exchange Server Could Allow for Arbitrary Code Execution
CISECURITY.ORG — 15 May 2026
⚠️
One email could be all it takes.
THECYBERWIRE.COM — 15 May 2026
⚠️
Microsoft Exchange zero-day chain nets DEVCORE $200K at Pwn2Own
CYBERINSIDER.COM — 15 May 2026
⚠️
Expired domain leads to supply chain attack on node-ipc npm package
CSOONLINE.COM — 15 May 2026
⚠️
Cisco, Canvas, Microsoft, Exchange 0-Days, NPM Backdoors, GPT-5.5 and more... - SWN #581
YOUTUBE.COM — 2026-05-15
⚠️
Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K
SECURITYAFFAIRS.COM — 15 May 2026
📋
Google Patches 79 Chrome Security Vulnerabilities, 14 Rated Critical
GBHACKERS.COM — 15 May 2026
📢
Signal threatens to leave Canada over proposed lawful access bill
CYBERINSIDER.COM — 15 May 2026
📢
What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface
THEHACKERNEWS.COM — 15 May 2026
📢
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
THEHACKERNEWS.COM — 15 May 2026
🔥
Taiwan Incident Highlights Cybersecurity Gaps in Rail Systems
DARKREADING.COM — 15 May 2026
🔥
Windows 11 and NVIDIA hacked on the first day of Pwn2Own Berlin 2026
CYBERINSIDER.COM — 15 May 2026
🔥
OpenAI confirms exposure in recent ‘Shai-Hulud’ supply-chain attack
CYBERINSIDER.COM — 15 May 2026
🔥
Inside The Gentlemen Ransomware Leak: When the Hunter Becomes the Hunted
SOCRADAR.IO — 15 May 2026
🔥
Gunra Ransomware Expands RaaS After Conti Locker Shift
GBHACKERS.COM — 15 May 2026
🔥
Attackers replaced JDownloader installer downloads with malware
MALWAREBYTES.COM — 15 May 2026
🔥
More than $10 million stolen from crypto platform THORChain
THERECORD.MEDIA — 15 May 2026
🔥
Your NPM Package Is Stealing Secrets
YOUTUBE.COM — 2026-05-15
🕵️
New infosec products of the week: May 15, 2026
HELPNETSECURITY.COM — 15 May 2026
🕵️
ISC Stormcast For Friday, May 15th, 2026 https://isc.sans.edu/podcastdetail/9934, (Fri, May 15th)
ISC.SANS.EDU — 15 May 2026
🕵️
Popular node-ipc npm Library Hit by Supply Chain Attack, Impacting 822K Weekly Downloads
GBHACKERS.COM — 15 May 2026
🕵️
Deepfake detection is losing ground to generative models
HELPNETSECURITY.COM — 15 May 2026
🕵️
Zombie linkages are keeping expired domains trusted for years
HELPNETSECURITY.COM — 15 May 2026
🕵️
Microsoft Exposes Kazuar Malware’s Modular P2P Botnet Architecture
GBHACKERS.COM — 15 May 2026
🕵️
Keycard helps developers secure autonomous AI agents with scoped access
HELPNETSECURITY.COM — 15 May 2026
🕵️
Tycoon 2FA Operators Use OAuth Device Code Phishing to Bypass MFA
GBHACKERS.COM — 15 May 2026
🕵️
OrBit Rootkit Targets Linux to Steal SSH and Sudo Credentials
GBHACKERS.COM — 15 May 2026
🕵️
Thieves unlock stolen iPhones using cheap tools sold on Telegram
HELPNETSECURITY.COM — 15 May 2026
🕵️
Bypassing On-Camera Age-Verification Checks
SCHNEIER.COM — 2026-05-15
🕵️
Ghostwriter group resumes attacks on Ukrainian Government targets
SECURITYAFFAIRS.COM — 15 May 2026
🕵️
Google lets Workspace admins apply one policy across all SAML apps
HELPNETSECURITY.COM — 15 May 2026
🕵️
Traffic-Themed SMS Phishing Targets Users Around the World
KNOWBE4.COM — 15 May 2026
🕵️
Raising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty program
GITHUB.BLOG — 15 May 2026
🕵️
Figure Humanoid Robots Sort Packages Non-Stop in 24/7 Demo
TECHREPUBLIC.COM — 15 May 2026
🕵️
Google’s Default 15GB Free Storage Is Ending for Some New Accounts
TECHREPUBLIC.COM — 15 May 2026
🕵️
MSPs need AI to fight AI-fueled cyberthreats: Guardz
CYBERSECURITYDIVE.COM — 15 May 2026
🕵️
Why Integrate Threat Intelligence Feeds into Email Security?
KNOWBE4.COM — 15 May 2026
🕵️
US Approves Nvidia H200 Sales to China, But Shipments Remain Stalled
TECHREPUBLIC.COM — 15 May 2026
🕵️
New Windows Update May Undo Bad Driver Updates on Its Own
TECHREPUBLIC.COM — 15 May 2026
🕵️
Apple and OpenAI’s ChatGPT Deal Reportedly Risks Legal Clash
TECHREPUBLIC.COM — 15 May 2026
🕵️
OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack
TECHREPUBLIC.COM — 15 May 2026
🕵️
Colorado governor commutes prison sentence for election denier Tina Peters
CYBERSCOOP.COM — 15 May 2026
🌐
&#x5b;Guest Diary&#x5d; New Malware Libraries means New Signatures, (Fri, May 15th)
ISC.SANS.EDU — 15 May 2026
📡
Strong Stack. Strong Team. Real Security Resilience.
HUNTRESS.COM — 2026-05-15
📡
Cyber Pioneers Ponder Past as Prologue
DARKREADING.COM — 15 May 2026
📡
Meta’s confusing new approach to chat privacy
MALWAREBYTES.COM — 15 May 2026
📡
Gremlin Stealer Evolves into Modular Threat with Advanced Evasion Capabilities
INFOSECURITY-MAGAZINE.COM — 15 May 2026
📡
The AWS AI Security Framework: Securing AI with the right controls, at the right layers, at the right phases
AWS.AMAZON.COM — 15 May 2026
📡
A hotel check-in system left a million passports and driver’s licenses open for anyone to see
TECHCRUNCH.COM — 15 May 2026
🚨
Fragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalationA new Linux kernel local privilege escalation exploit with a public proof-of-concept targets the same subsystem as Dirty Frag but requires a separate patch. Key Takeaways CVE-2026-46300 (Fragnesia) is the latest high severity local privilege escalation vulnerability in the Linux …
KEVTENABLE.COM — 14 May 2026
🚨
U.S. CISA adds a flaw in Cisco Catalyst SD-WAN  to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Cisco Catalyst SD-WAN, tracked as CVE-2026-20182 …
KEVSECURITYAFFAIRS.COM — 14 May 2026
🚨
Frequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182)Multiple critical authentication bypass vulnerabilities in Cisco Catalyst SD-WAN Controller and Manager are under active exploitation by multiple threat clusters, including CVE-2026-20182, which has been exploited as a zero-day by a sophisticated threat actor. Key Takeaways CVE-2…
KEVTENABLE.COM — 14 May 2026
🐛
New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
THEHACKERNEWS.COM — 14 May 2026
🐛
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
THEHACKERNEWS.COM — 14 May 2026
🐛
Langflow CVE-2026-33017 Exploited to Steal AWS Keys, Deploy NATS Worker
KEVGBHACKERS.COM — 14 May 2026
🐛
MongoDB Security Flaw Enables Arbitrary Code Execution on Vulnerable Systems
GBHACKERS.COM — 14 May 2026
🐛
Critical Exim Mailer Flaw Enables Remote Code Execution Attacks
GBHACKERS.COM — 14 May 2026
🐛
PraisonAI vulnerability gets scanned within 4 hours of disclosure
CSOONLINE.COM — 14 May 2026
🐛
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
THEHACKERNEWS.COM — 14 May 2026
🐛
Windows DNS Client Security Flaw Exposes Systems to Remote Code Execution
GBHACKERS.COM — 14 May 2026
🐛
CVE-2026-42945: NGINX Rewrite Heap Overflow Enables Remote DoS & Potential RCE
SOCRADAR.IO — 14 May 2026
🐛
Critical WordPress Plugin Flaw Allows Unauthorized Access to Websites
GBHACKERS.COM — 14 May 2026
🐛
NGINX Rift: an 18-year-old flaw in the world’s most deployed web server just came to light
SECURITYAFFAIRS.COM — 14 May 2026
🐛
Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300)
HELPNETSECURITY.COM — 14 May 2026
🐛
CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability
MSRC.MICROSOFT.COM — 14 May 2026
🐛
CVE-2026-41615 Microsoft Authenticator Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 May 2026
🐛
Broadcom releases VMware Fusion security update for root access bug
SECURITYAFFAIRS.COM — 14 May 2026
🐛
CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)
RAPID7.COM — 14 May 2026
🐛
The Dark Side of Efficiency: When Network Controllers Become "God Mode" for Attackers
KEVRAPID7.COM — 14 May 2026
🐛
Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities
TALOSINTELLIGENCE.COM — 14 May 2026
🐛
Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
KEVTHEHACKERNEWS.COM — 14 May 2026
🐛
Linux Kernel bug Fragnesia allows local root access attacks
SECURITYAFFAIRS.COM — 14 May 2026
🐛
CVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OS
KEVRAPID7.COM — 14 May 2026
🐛
Meet Fragnesia, the third Linux kernel vulnerability in a month
CSOONLINE.COM — 14 May 2026
🐛
AI agent finds 18-year-old remote code execution flaw in Nginx
CSOONLINE.COM — 14 May 2026
⚠️
Amazon Quick Security Flaw Allowed Restricted Users to Access AI Chat Agents
GBHACKERS.COM — 14 May 2026
⚠️
GitLab Security Flaw Allows Cross-Site Scripting and Unauthenticated DoS
GBHACKERS.COM — 14 May 2026
⚠️
Hackers Hijack HWMonitor to Sideload Malicious DLL
GBHACKERS.COM — 14 May 2026
⚠️
PoC Released for 18-Year-Old NGINX Flaw Allowing Remote Code Execution
GBHACKERS.COM — 14 May 2026
⚠️
Packagist Warns: Update Composer Now After GitHub Actions Token Leak
GBHACKERS.COM — 14 May 2026
⚠️
New Exim BDAT GnuTLS Vulnerability Enables Code Execution Attacks
GBHACKERS.COM — 14 May 2026
⚠️
Gentlemen RaaS Exploits Fortinet and Cisco Edge Devices for Initial Access
GBHACKERS.COM — 14 May 2026
⚠️
Abrigo - 711,099 breached accounts
HAVEIBEENPWNED.COM — 14 May 2026
⚠️
What CISOs need to land a board role
CSOONLINE.COM — 14 May 2026
⚠️
Deepfake sextortion forces schools to remove student photos from websites
MALWAREBYTES.COM — 14 May 2026
⚠️
My relationship status is “compromised.”
THECYBERWIRE.COM — 14 May 2026
⚠️
CERN’s open source KiCad library gives the world 17,000 circuit board components
HELPNETSECURITY.COM — 14 May 2026
⚠️
Over 70% of organizations hit by identity breaches
HELPNETSECURITY.COM — 14 May 2026
⚠️
Machine identities outnumber humans 109 to 1
HELPNETSECURITY.COM — 14 May 2026
⚠️
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
THEHACKERNEWS.COM — 14 May 2026
⚠️
Microsoft turns Copilot Studio into an AI agent control center
HELPNETSECURITY.COM — 14 May 2026
⚠️
New Malware Framework Enables Screen Control and UAC Bypass
GBHACKERS.COM — 14 May 2026
⚠️
Canon MailSuite Security Flaw Allows Attackers to Execute Code Remotely
GBHACKERS.COM — 14 May 2026
⚠️
How AI Hallucinations Are Creating Real Security Risks
THEHACKERNEWS.COM — 14 May 2026
⚠️
Chinese APT Exploits Microsoft Exchange to Breach Energy Sector Network
GBHACKERS.COM — 14 May 2026
⚠️
TeamPCP, BreachForums Launch $1K Supply-Chain Attack Contest
GBHACKERS.COM — 14 May 2026
⚠️
FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses
CSOONLINE.COM — 14 May 2026
⚠️
Frontier AI models reap rapid discovery of security vulnerabilities
CYBERSECURITYDIVE.COM — 14 May 2026
⚠️
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
THEHACKERNEWS.COM — 14 May 2026
⚠️
The time of much patching is coming
TALOSINTELLIGENCE.COM — 14 May 2026
⚠️
ODNI taps officials to coordinate response to foreign election threats
THERECORD.MEDIA — 14 May 2026
⚠️
Regional routing for AWS access portals: Implementing custom vanity domains for IAM Identity Center
AWS.AMAZON.COM — 14 May 2026
⚠️
The era of AI-powered attacks is here.
THECYBERWIRE.COM — 14 May 2026
⚠️
Google announces hackers are using AI to create zero days.
THECYBERWIRE.COM — 14 May 2026
⚠️
OpenAI asks macOS users to update after TanStack npm supply chain attack
THERECORD.MEDIA — 14 May 2026
⚠️
Maximum Severity Cisco SD-WAN Bug Exploited in the Wild
KEVDARKREADING.COM — 14 May 2026
⚠️
You're not going to patch your way out of this - PSW #926
YOUTUBE.COM — 2026-05-14
⚠️
Bring out your dead: How agentic AI for cybersecurity helps you rid your cloud of forgotten, risky assets
TENABLE.COM — 14 May 2026
⚠️
AI Just Hacked Hardware
YOUTUBE.COM — 2026-05-14
📢
The Human Side of Threat Intelligence
THECYBERWIRE.COM — 14 May 2026
📢
Sony's failed attempt to stop piracy.
THECYBERWIRE.COM — 14 May 2026
📢
HYCU aiR detects insider risk and AI activity from backups
HELPNETSECURITY.COM — 14 May 2026
📢
Pentagon cyber official calls advanced AI ‘revolutionary warfare’
CYBERSCOOP.COM — 14 May 2026
🔥
Welcoming the Bahamian Government to Have I Been Pwned
TROYHUNT.COM — 14 May 2026
🔥
When ransomware gets physical: cybercriminals turn to threats of violence
BITDEFENDER.COM — 14 May 2026
🔥
FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign
SECURITYAFFAIRS.COM — 14 May 2026
🔥
Nitrogen Ransomware claims massive data theft from Foxconn
SECURITYAFFAIRS.COM — 14 May 2026
🔥
BreachForums & TeamPCP Promote Supply Chain Competition as Cybercrime Gets Gamified
SOCRADAR.IO — 14 May 2026
🔥
Microsoft Research: AI Can Generate Realistic Command-Line and Process Telemetry
GBHACKERS.COM — 14 May 2026
🔥
LATAM Under Siege: Agent Tesla’s 18-Month Credential Theft Campaign Against Chilean Enterprises
ANY.RUN — 14 May 2026
🔥
Foxconn Attack Highlights Manufacturing's Cyber Crisis
DARKREADING.COM — 14 May 2026
🔥
Top 5 Surface Web Hacker Forums in 2026
SOCRADAR.IO — 14 May 2026
🔥
Sandworm Hackers Shift From IT Breaches to Critical OT Targets
GBHACKERS.COM — 14 May 2026
🔥
LABScon25 Replay | Breach Alpha: Trading on Cyber Fallout
SENTINELONE.COM — 14 May 2026
🔥
When Nobody Reports the Threat
YOUTUBE.COM — 2026-05-14
🔥
Major tech manufacturer Foxconn confirms cyberattack hit North American factories
CYBERSCOOP.COM — 14 May 2026
🔥
West Pharmaceutical starts restoring operations after ransomware attack
CYBERSECURITYDIVE.COM — 14 May 2026
🔥
Fighting AI-Assisted Ransomware Threats
KNOWBE4.COM — 14 May 2026
🕵️
ISC Stormcast For Thursday, May 14th, 2026 https://isc.sans.edu/podcastdetail/9932, (Thu, May 14th)
ISC.SANS.EDU — 14 May 2026
🕵️
Lyrie.ai Unveils Open Standard for Agent Security and Joins Anthropic’s Cyber Verification Program
GBHACKERS.COM — 14 May 2026
🕵️
Russian official admits VPNs cannot be fully blocked without breaking the internet
CYBERINSIDER.COM — 14 May 2026
🕵️
Texas sues Netflix for profiling children and selling data to advertisers
CYBERINSIDER.COM — 14 May 2026
🕵️
AI cyber capability is speeding past earlier projections
HELPNETSECURITY.COM — 14 May 2026
🕵️
Vector embedding security gap exposes enterprise AI pipelines
HELPNETSECURITY.COM — 14 May 2026
🕵️
Closing the AI governance gap in your enterprise
HELPNETSECURITY.COM — 14 May 2026
🕵️
170 npm Packages Hijacked to Steal GitHub, AWS & Kubernetes Secrets
GBHACKERS.COM — 14 May 2026
🕵️
Microsoft’s WinUI agent plugin trims token use by over 70% during development
HELPNETSECURITY.COM — 14 May 2026
🕵️
How Dangerous Is Anthropic’s Mythos AI?
SCHNEIER.COM — 2026-05-14
🕵️
Kimsuky targets organizations with PebbleDash-based tools
SECURELIST.COM — 14 May 2026
🕵️
Cofense adds AI-powered campaign detection to stop phishing attacks
HELPNETSECURITY.COM — 14 May 2026
🕵️
Warning: Netflix Phishing Scams Can Lead to Serious Consequences
KNOWBE4.COM — 14 May 2026
🕵️
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
THEHACKERNEWS.COM — 14 May 2026
🕵️
A spyware investigator exposed Russian government hackers trying to hijack Signal accounts
TECHCRUNCH.COM — 14 May 2026
🕵️
Mustang Panda Linked to Updated FDMTP Backdoor in Asia-Pacific Espionage Campaign
INFOSECURITY-MAGAZINE.COM — 14 May 2026
🕵️
Apple’s iPhone Privacy Feature Expands to More Users Worldwide
TECHREPUBLIC.COM — 14 May 2026
🕵️
Jeff Bezos’ Blue Origin May Need Outside Cash to Catch SpaceX
TECHREPUBLIC.COM — 14 May 2026
🕵️
LinkedIn Cuts Jobs Despite Revenue Growth as Tech Layoffs Keep Spreading
TECHREPUBLIC.COM — 14 May 2026
🕵️
Upcoming Speaking Engagements
SCHNEIER.COM — 2026-05-14
🕵️
Phishing Attacks Begin Targeting the 2026 FIFA World Cup
KNOWBE4.COM — 14 May 2026
🕵️
More money is going to physical security, but it’s often CISOs that oversee it: EY
CYBERSECURITYDIVE.COM — 14 May 2026
🕵️
Microsoft: Russian hackers evolved Kazuar malware into stealthy P2P botnet
CYBERINSIDER.COM — 14 May 2026
🕵️
'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine
DARKREADING.COM — 14 May 2026
🕵️
Trump’s China Summit Turns Into a Big Tech Power Play
TECHREPUBLIC.COM — 14 May 2026
🕵️
Top New Features in Android 17 You’ll Notice This Year
TECHREPUBLIC.COM — 14 May 2026
🕵️
Microsoft Retires ‘Copilot Mode’ as Edge Gets Built-In AI Tools
TECHREPUBLIC.COM — 14 May 2026
🕵️
Kevin O’Leary’s ‘Wonder Valley’ Data Center Advances as Job Estimates Shift
KEVTECHREPUBLIC.COM — 14 May 2026
🕵️
White House cyber official: identity security matters more than ever in the age of AI
CYBERSCOOP.COM — 14 May 2026
🕵️
SecurityScorecard Snags Driftnet to Level Up Threat Intelligence
DARKREADING.COM — 14 May 2026
🌐
Why Malwarebytes blocks some Yahoo Mail redirects
MALWAREBYTES.COM — 14 May 2026
🌐
Google Launches Android Spyware Forensics Tool for High-Risk Users
INFOSECURITY-MAGAZINE.COM — 14 May 2026
🌐
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
THEHACKERNEWS.COM — 14 May 2026
📰
Daily Briefing for 05.14.26
THECYBERWIRE.COM — 14 May 2026
📡
Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)
ISC.SANS.EDU — 14 May 2026
📡
Most Organizations Now Use AI Agents for Sensitive Security Tasks
INFOSECURITY-MAGAZINE.COM — 14 May 2026
📡
ICO Publishes Five-Step Plan to Counter Emerging AI-Powered Attacks
INFOSECURITY-MAGAZINE.COM — 14 May 2026
📡
Your iPhone Gets Stolen. Then the Hacking Begins
WIRED.COM — 14 May 2026
📡
New Fragnesia Flaw Hands Linux Local Users Root Access
INFOSECURITY-MAGAZINE.COM — 14 May 2026
📡
AI Drives Cybersecurity Investments, Widening 'Valley of Death'
DARKREADING.COM — 14 May 2026
📡
Cisco cuts nearly 4,000 jobs to spend more on AI, reports ‘record quarterly revenue’
TECHCRUNCH.COM — 14 May 2026
📡
OpenAI says hackers stole some data after latest code security issue
TECHCRUNCH.COM — 14 May 2026
📡
Automating post-quantum cryptography readiness using AWS Config
AWS.AMAZON.COM — 14 May 2026
📡
Suspected Dream Market kingpin arrested after gold bars sent to his home address
BITDEFENDER.COM — 14 May 2026
📡
13 Cybersecurity Frameworks for 2026 and How to Choose | Huntress
HUNTRESS.COM — 2026-05-14
🐛
May Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANA
CSOONLINE.COM — 13 May 2026
🐛
Patch Tuesday - May 2026
RAPID7.COM — 13 May 2026
🐛
CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro
MSRC.MICROSOFT.COM — 13 May 2026
🐛
CVE-2026-43896 jq: Stack Overflow in Recursive Object Merge
MSRC.MICROSOFT.COM — 13 May 2026
🐛
CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts
MSRC.MICROSOFT.COM — 13 May 2026
🐛
CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains
MSRC.MICROSOFT.COM — 13 May 2026
🐛
CVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -f
MSRC.MICROSOFT.COM — 13 May 2026
🐛
CVE-2026-31767 drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode
MSRC.MICROSOFT.COM — 13 May 2026
🐛
CVE-2026-43249 9p/xen: protect xen_9pfs_front_free against concurrent calls
MSRC.MICROSOFT.COM — 13 May 2026
🐛
CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences
MSRC.MICROSOFT.COM — 13 May 2026
🐛
CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash
MSRC.MICROSOFT.COM — 13 May 2026
🐛
CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)
MSRC.MICROSOFT.COM — 13 May 2026
🐛
Critical Fortinet vulnerabilities fixed in FortiSandbox and FortiAuthenticator
SECURITYAFFAIRS.COM — 13 May 2026
🐛
Microsoft’s agentic security system found four critical Windows RCE flaws
HELPNETSECURITY.COM — 13 May 2026
🐛
Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs
CSOONLINE.COM — 13 May 2026
🐛
Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations
SECURITYAFFAIRS.COM — 13 May 2026
🐛
When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise
RAPID7.COM — 13 May 2026
🐛
Fortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandbox
KEVCSOONLINE.COM — 13 May 2026
⚠️
Canvas Breach 'Deal' With ShinyHunters, AI Zero-Day Warning, Checkmarx Hit Again
CYBERSECURITYTODAY.LIBSYN.COM — 13 May 2026
⚠️
Researchers open-source a Wi-Fi cyber range for security training
HELPNETSECURITY.COM — 13 May 2026
⚠️
Risky Business #837 -- GitHub Actions footgun claims TanStack
RISKY.BIZ — 13 May 2026
⚠️
Sandyaa: Open-source autonomous security bug hunter
HELPNETSECURITY.COM — 13 May 2026
⚠️
ClickFix Evolves Using Decade-Old Open-Source Python SOCKS5 Proxy
GBHACKERS.COM — 13 May 2026
⚠️
2026 CSO Award winners showcase business-enabling cyber innovation
KEVCSOONLINE.COM — 13 May 2026
⚠️
Google entdeckt erstmals KI-basierten Zero-Day-Exploit
CSOONLINE.COM — 13 May 2026
⚠️
NetSPI AI-powered Continuous Pentesting identifies high-impact vulnerabilities
HELPNETSECURITY.COM — 13 May 2026
⚠️
Report: 4 in 10 UK Businesses Were Breached by Phishing Last Year
KNOWBE4.COM — 13 May 2026
⚠️
CISA’s AI SBOM guidance pushes software supply-chain oversight into new territory
CSOONLINE.COM — 13 May 2026
⚠️
Breaking things to keep them safe with Philippe Laulheret
TALOSINTELLIGENCE.COM — 13 May 2026
⚠️
ClickFix finds a backup plan in PySoxy proxy chains
CSOONLINE.COM — 13 May 2026
⚠️
May 2026 Patch Tuesday: no zero-days but plenty to fix
MALWAREBYTES.COM — 13 May 2026
⚠️
KDE gets over €1 million investment to strengthen security and core infrastructure
HELPNETSECURITY.COM — 13 May 2026
⚠️
May 2026 Patch Tuesday: 137 Vulnerabilities, No Zero-Days
KEVSOCRADAR.IO — 13 May 2026
⚠️
Most Remediation Programs Never Confirm the Fix Actually Worked
THEHACKERNEWS.COM — 13 May 2026
⚠️
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
THEHACKERNEWS.COM — 13 May 2026
⚠️
Palo Alto bets on identity security for autonomous AI with Idira launch
CSOONLINE.COM — 13 May 2026
⚠️
Securing data centers in the agentic AI era
TENABLE.COM — 13 May 2026
⚠️
Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes hold
THERECORD.MEDIA — 13 May 2026
⚠️
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
THEHACKERNEWS.COM — 13 May 2026
⚠️
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
THEHACKERNEWS.COM — 13 May 2026
⚠️
What happens when China’s AI catches up to Mythos?
CSOONLINE.COM — 13 May 2026
⚠️
How to Identify and Exploit New Vulnerabilities
BLACKHILLSINFOSEC.COM — 13 May 2026
⚠️
Rapid7 Partner Academy: Driving Impact with Gold Stevie Award-Winning Partner Services Certifications
RAPID7.COM — 13 May 2026
⚠️
Microsoft Teams Vulnerability Allows Hackers to Perform Spoofing Attacks
GBHACKERS.COM — 13 May 2026
⚠️
Patch Tuesday notes: Microsoft patches over a hundred flaws, none of which are zero-days.
THECYBERWIRE.COM — 13 May 2026
⚠️
Viral ‘RuView’ GitHub project uses Wi-Fi to track movement through walls
CYBERINSIDER.COM — 13 May 2026
⚠️
Microsoft’s Patch Tuesday Update Targets 120 Security Flaws
TECHREPUBLIC.COM — 13 May 2026
⚠️
Exaforce raises $125 million in Series B funding.
THECYBERWIRE.COM — 13 May 2026
⚠️
Dark Reading Celebrates 20 Years as a Leading Authority on Cybersecurity, Highlighting the People, Events, Ideas, and Technologies Shaping the Modern Risk Landscape
DARKREADING.COM — 13 May 2026
⚠️
Tables Turn on 'The Gentlemen' RaaS Gang With Data Leak
DARKREADING.COM — 13 May 2026
⚠️
Fired employee sought AI help to hide deletion of hosting firm’s customer data
CSOONLINE.COM — 13 May 2026
📋
Microsoft Fixes 17 Critical Flaws in May Patch Tuesday
INFOSECURITY-MAGAZINE.COM — 13 May 2026
📋
Microsoft Releases Cumulative Update for Windows 11, Version 25H2 and 24H2
GBHACKERS.COM — 13 May 2026
📋
Google Launches New Android Security Features to Fight Scams, Theft
TECHREPUBLIC.COM — 13 May 2026
📋
Microsoft Patch Tuesday for May 2026 fix 138 bugs, some of them are alarming
SECURITYAFFAIRS.COM — 13 May 2026
📋
Every layer needs a patch now.
THECYBERWIRE.COM — 13 May 2026
📢
Versa CSPM brings continuous visibility to cloud risk and compliance exposure
HELPNETSECURITY.COM — 13 May 2026
📢
Apricorn hardens ASK3 encrypted USB drive for extreme conditions
HELPNETSECURITY.COM — 13 May 2026
📢
Signal responds to phishing attacks with new in-app security warnings
HELPNETSECURITY.COM — 13 May 2026
📢
Navigating the Cybersecurity Landscape in India Empowering Human and AI Agents
KNOWBE4.COM — 13 May 2026
📢
PCI PIN and P2PE compliance packages for AWS Payment Cryptography are now available
AWS.AMAZON.COM — 13 May 2026
📢
Introducing the updated AWS User Guide to Governance, Risk, and Compliance for Responsible AI Adoption
AWS.AMAZON.COM — 13 May 2026
📢
Checkbox Assessments Aren't Fit to Measure to Risk
DARKREADING.COM — 13 May 2026
🔥
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
THEHACKERNEWS.COM — 13 May 2026
🔥
Ransomware Gangs Use BYOVD and EDR Killers to Disable Security Tools
GBHACKERS.COM — 13 May 2026
🔥
Infostealer Malware Fuels Corporate Breaches From Personal Devices
GBHACKERS.COM — 13 May 2026
🔥
Q1 2026 Ransomware Attacks Hits 2,122 Orgs Amid Fewer, More Impactful Groups
GBHACKERS.COM — 13 May 2026
🔥
Canada Life - 237,810 breached accounts
HAVEIBEENPWNED.COM — 13 May 2026
🔥
Optimize Legal Operations as the CISO Role Changes to Address Skills Gaps and AI - BSW #447
YOUTUBE.COM — 2026-05-13
🔥
New SOC-Ready Reporting for Faster Triage, Escalation, and Incident Response with ANY.RUN
ANY.RUN — 13 May 2026
🔥
Instructure settles with hackers following massive student data theft
SECURITYAFFAIRS.COM — 13 May 2026
🔥
Ransomware: Over Half of CISOs Would Consider Paying Ransom to Hackers
INFOSECURITY-MAGAZINE.COM — 13 May 2026
🔥
Canvas owner reaches ‘agreement’ with threat actors after data breach
CYBERSECURITYDIVE.COM — 13 May 2026
🔥
Thus Spoke…The Gentlemen
RESEARCH.CHECKPOINT.COM — 13 May 2026
🔥
Tuskira’s Kairo exposes hidden AI-driven breach paths
HELPNETSECURITY.COM — 13 May 2026
🔥
US lawmakers demand answers from Instructure after Canvas data breaches
TECHCRUNCH.COM — 13 May 2026
🔥
The Real Work Starts After Breach
YOUTUBE.COM — 2026-05-13
🔥
Canvas Owner Reaches Agreement With Cybercriminals After Ransomware Attack
INFOSECURITY-MAGAZINE.COM — 13 May 2026
🔥
Ransomware hackers claim breach at Foxconn, a major electronics manufacturer for Apple, Google, and Nvidia
TECHCRUNCH.COM — 13 May 2026
🔥
Hackers Claim 11M Files Stolen From Foxconn, Supplier to Apple and Nvidia
TECHREPUBLIC.COM — 13 May 2026
🔥
Canvas Breach Hackers Reach Deal After Claiming 275M Records Stolen
TECHREPUBLIC.COM — 13 May 2026
🔥
Google Enhances Android Mobile Security with New AI-powered Protections
GBHACKERS.COM — 13 May 2026
🔥
Foxconn confirms cyberattack affecting some North American facilities
CYBERSECURITYDIVE.COM — 13 May 2026
🔥
Student Messages Were the Real Target
YOUTUBE.COM — 2026-05-13
🔥
OpenLoop Health confirms January 2026 Data breach affecting 716,000
SECURITYAFFAIRS.COM — 13 May 2026
🔥
Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities
GRAHAMCLULEY.COM — 13 May 2026
🕵️
ISC Stormcast For Wednesday, May 13th, 2026 https://isc.sans.edu/podcastdetail/9930, (Wed, May 13th)
ISC.SANS.EDU — 13 May 2026
🕵️
Android pushes new scam, theft, and AI protections in 2026 update wave
HELPNETSECURITY.COM — 13 May 2026
🕵️
The hidden risk of non-human identities in AI adoption
HELPNETSECURITY.COM — 13 May 2026
🕵️
Fake FinalShell and Xshell Sites Push Kong RAT Malware
GBHACKERS.COM — 13 May 2026
🕵️
Proton Pass rated “well above par” in independent security audit
CYBERINSIDER.COM — 13 May 2026
🕵️
OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities
SCHNEIER.COM — 2026-05-13
🕵️
LW ROUNDTABLE: Microsoft Edge normalizes credential exposure — security pros push back
LASTWATCHDOG.COM — 13 May 2026
🕵️
Android adds ‘Intrusion Logging’ system to detect spyware attacks
CYBERINSIDER.COM — 13 May 2026
🕵️
AI Agents Generate Custom Hacking Tools on the Fly
DARKREADING.COM — 13 May 2026
🕵️
China's 'FamousSparrow' APT Nests in South Caucasus Energy Firm
DARKREADING.COM — 13 May 2026
🕵️
The Rise of Cyber Threats and AI in the Philippines: A New Era Beyond Legacy Security
KNOWBE4.COM — 13 May 2026
🕵️
Daybreak is OpenAI’s answer to the AI arms race in cybersecurity
CYBERSCOOP.COM — 13 May 2026
🕵️
OpenAI launches Daybreak to combat cyber threats
CYBERSECURITYDIVE.COM — 13 May 2026
🕵️
WhatsApp adds Incognito Chat for private Meta AI conversations
HELPNETSECURITY.COM — 13 May 2026
🕵️
Weaponized AI: The new frontier of fraud and identity spoofing
CYBERSCOOP.COM — 13 May 2026
🕵️
Google Introduces Googlebook, a Gemini-First Laptop Platform
TECHREPUBLIC.COM — 13 May 2026
🕵️
TIOBE Index for May 2026: R Ascends as Statistical Tools Consolidate
TECHREPUBLIC.COM — 13 May 2026
🕵️
DOJ releases legal rationale for nationwide voter data collection
CYBERSCOOP.COM — 13 May 2026
🕵️
WhatsApp launches “Incognito Chat” for private AI conversations
CYBERINSIDER.COM — 13 May 2026
🕵️
AI Won’t Invent the Future
YOUTUBE.COM — 2026-05-13
🕵️
Attackers Weaponize RubyGems for Data Dead Drops
DARKREADING.COM — 13 May 2026
🕵️
Researchers say AI just broke every benchmark for autonomous cyber capability
CYBERSCOOP.COM — 13 May 2026
🕵️
Closed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risks
CYBERSCOOP.COM — 13 May 2026
🌐
Android Adds Intrusion Logging for Sophisticated Spyware Forensics
THEHACKERNEWS.COM — 13 May 2026
🌐
Global Cyber Agencies Issue New SBOMs for AI Guidance to Tackle AI Supply Chain Risks
INFOSECURITY-MAGAZINE.COM — 13 May 2026
🌐
This is what some the world’s largest banks of malware look like stacked as hard drives
TECHCRUNCH.COM — 13 May 2026
📰
[Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It)
THEHACKERNEWS.COM — 13 May 2026
📰
UK moves to shield security researchers in cybercrime law overhaul
THERECORD.MEDIA — 13 May 2026
🎙️
Cyber Creator Tyler Ramsbey Shares How to Grow an Audience & Community in Cyber
THECYBERWIRE.COM — 13 May 2026
📡
Weekly Threat Bulletin – May 13th, 2026
F5.COM — 13 May 2026
📡
Proxying the Unproxyable&#x3f; Sending EXE traffic to a Proxy, (Wed, May 13th)
ISC.SANS.EDU — 13 May 2026
📡
&#x5b;GUEST DIARY&#x5d; Tearing apart website fraud to see how it works., (Wed, May 13th)
ISC.SANS.EDU — 13 May 2026
📡
UK Cybersecurity Market Expands to £14.7bn with Strong Growth in AI Security Firms
INFOSECURITY-MAGAZINE.COM — 13 May 2026
📡
Dark Web Profile: Keymous+
SOCRADAR.IO — 13 May 2026
📡
Texas sued Netflix over claims it secretly collected and sold users’ data
MALWAREBYTES.COM — 13 May 2026
📡
Avada Builder Flaws Expose One Million WordPress Sites
INFOSECURITY-MAGAZINE.COM — 13 May 2026
📡
WhatsApp Adds Meta AI Chats That Are Built to Be Fully Private
WIRED.COM — 13 May 2026
📡
European Commission head pushes creation of new law delaying teens’ social media access
THERECORD.MEDIA — 13 May 2026
📡
Alleged Dream Market admin arrested in Germany after US indictment
THERECORD.MEDIA — 13 May 2026
📡
DHS Plans Experiment Running ‘Reconnaissance’ Drones Along the US-Canada Border
WIRED.COM — 13 May 2026
📡
Detecting and preventing crypto mining in your AWS environment
AWS.AMAZON.COM — 13 May 2026
🚨
Why patching SLAs should be the floor, not the strategyI’ve been a CISO for two separate companies, know several CISOs personally, and interact with many others through various cybersecurity forums. We all have one thing in common. We can tell you our patching SLA numbers off the top of our heads. Ninety-five percent of criticals clo…
KEVCSOONLINE.COM — 12 May 2026
🚨
How Rapid7 is bringing Cyber GRC closer to security operationsSabeen Malik is VP, Global Government Affairs and Public Policy at Rapid7. ⠀ Security teams need a better way to connect what they detect, what they fix, and what they can prove. The pace of modern security operations no longer works in defenders’ favor. IBM’s Cost of a Data Brea…
KEVRAPID7.COM — 12 May 2026
🐛
Linux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patched
CSOONLINE.COM — 12 May 2026
🐛
BitUnlocker Downgrade Attack Bypasses Windows 11 Disk Encryption in Minutes
GBHACKERS.COM — 12 May 2026
🐛
CVE-2026-43500 rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
MSRC.MICROSOFT.COM — 12 May 2026
🐛
Cline AI Agent Flaw Allows Attackers to Launch RCE Attacks
GBHACKERS.COM — 12 May 2026
🐛
cPanel flaw exposes enterprises to hosting supply-chain risks
CSOONLINE.COM — 12 May 2026
🐛
Copy.Fail Linux Vulnerability
SCHNEIER.COM — 2026-05-12
🐛
Attackers exploit cPanel CVE-2026-41940 to deploy Filemanager Backdoor
SECURITYAFFAIRS.COM — 12 May 2026
🐛
JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413)
HELPNETSECURITY.COM — 12 May 2026
🐛
Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940)
HELPNETSECURITY.COM — 12 May 2026
🐛
CVE-2026-32204 Azure Monitor Agent Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-32177 .NET Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-33834 Windows Event Logging Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-33839 Win32k Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-33840 Win32k Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-33841 Windows Kernel Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-34329 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-34330 Win32k Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-34331 Win32k Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-34333 Windows Win32k Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-34342 Windows Print Spooler Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-34343 Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-34344 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-34345 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-34347 Windows Win32k Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-34350 Windows Storport Miniport Driver Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-34351 Windows TCP/IP Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-35415 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-35416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-35417 Windows Win32k Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-35418 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-35419 Windows DWM Core Library Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-35420 Windows Kernel Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-35421 Windows GDI Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-35422 Windows TCP/IP Driver Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-35423 Windows 11 Telnet Client Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-35424 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-35433 .NET Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-35438 Windows Admin Center Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-35439 Microsoft SharePoint Server Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-35440 Microsoft Word Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40360 Microsoft Excel Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40363 Microsoft Office Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40364 Microsoft Word Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40366 Microsoft Word Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40368 Microsoft SharePoint Server Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40374 Microsoft Power Automate Desktop Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40377 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40380 Windows Volume Manager Extension Driver Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40399 Windows TCP/IP Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40405 Windows TCP/IP Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40406 Windows TCP/IP Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40408 Windows WAN ARP Driver Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40410 Windows SMB Client Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40414 Windows TCP/IP Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40415 Windows TCP/IP Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40417 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40421 Microsoft Word Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-41089 Windows Netlogon Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-41094 Microsoft Data Formulator Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-41095 Data Deduplication Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-41096 Windows DNS Client Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-41100 Microsoft 365 Copilot for Android Spoofing Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-41101 Microsoft Word for Android Spoofing Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-41102 Microsoft PowerPoint for Android Spoofing Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-41610 Visual Studio Code Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-41611 Visual Studio Code Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-41612 Visual Studio Code Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-41614 M365 Copilot for Desktop Spoofing Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-32170 Windows Rich Text Edit Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-32185 Microsoft Teams Spoofing Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-42831 Microsoft Office Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-32175 .NET Core Tampering Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-42825 Windows Telephony Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-42896 Windows DWM Core Library Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-42899 ASP.NET Core Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-33110 Microsoft SharePoint Server Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-33112 Microsoft SharePoint Server Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-33833 Azure Machine Learning Notebook Spoofing Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-33835 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-33837 Windows TCP/IP Local Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-33838 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-34332 Windows Kernel-Mode Driver Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-34334 Windows TCP/IP Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-34336 Windows DWM Core Library Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-34337 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-34338 Windows Telephony Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-34339 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-34340 Windows Projected File System Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-34341 Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40357 Microsoft SharePoint Server Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40358 Microsoft Office Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40359 Microsoft Excel Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40361 Microsoft Word Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40362 Microsoft Excel Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40365 Microsoft SharePoint Server Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40370 SQL Server Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40369 Windows Kernel Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40382 Windows Telephony Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-32209 Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40398 Windows Remote Desktop Services Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40401 Windows TCP/IP Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40402 Windows Hyper-V Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40403 Windows Graphics Component Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40413 Windows TCP/IP Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40418 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40420 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-41097 Secure Boot Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-41103 Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-41613 Visual Studio Code Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-42823 Azure Logic Apps Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-42830 Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-42832 Microsoft Office Spoofing Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2025-54518 AMD: CVE-2025-54518 CPU OP Cache Corruption
MSRC.MICROSOFT.COM — 12 May 2026
🐛
CVE-2026-42893 Microsoft Outlook for iOS Tampering Vulnerability
MSRC.MICROSOFT.COM — 12 May 2026
🐛
Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)
KEVTENABLE.COM — 12 May 2026
🐛
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
THEHACKERNEWS.COM — 12 May 2026
🐛
Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days
KEVHELPNETSECURITY.COM — 12 May 2026
⚠️
Google Warns Hackers Are Using AI to Build Working Zero-Day Exploits
GBHACKERS.COM — 12 May 2026
⚠️
HEIDI: Free IDE security plugin for open-source vulnerability checks
HELPNETSECURITY.COM — 12 May 2026
⚠️
Magecart Hackers Exploit Google Tag Manager to Inject Credit Card Skimmers
GBHACKERS.COM — 12 May 2026
⚠️
OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
THEHACKERNEWS.COM — 12 May 2026
⚠️
OpenAI Daybreak Automates Vulnerability Detection and Patching
GBHACKERS.COM — 12 May 2026
⚠️
Claude Chrome Extension Flaw Lets Malicious Add-Ons Steal Gmail and Drive Data
GBHACKERS.COM — 12 May 2026
⚠️
OpenAI’s Daybreak uses Codex Security to identify risky attack paths
HELPNETSECURITY.COM — 12 May 2026
⚠️
CISOs step into the AI spotlight
CSOONLINE.COM — 12 May 2026
⚠️
Why Basic Security Practices Still Work - Rob Allen - ASW #382
YOUTUBE.COM — 2026-05-12
⚠️
Developer workstations are the new beachhead
CSOONLINE.COM — 12 May 2026
⚠️
WannaCry, the ransomware attack that changed the history of cybersecurity
SECURITYAFFAIRS.COM — 12 May 2026
⚠️
Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root
HELPNETSECURITY.COM — 12 May 2026
⚠️
Škoda confirms unauthorized access to its online shop
HELPNETSECURITY.COM — 12 May 2026
⚠️
Open WebUI File Upload Vulnerability Enables 1-Click RCE Attack
GBHACKERS.COM — 12 May 2026
⚠️
Fake Claude Code takes the IElevator to your browser secrets
CSOONLINE.COM — 12 May 2026
⚠️
Go fuzzing was missing half the toolkit. We forked the toolchain to fix it.
TRAILOFBITS.COM — 12 May 2026
⚠️
Attackers Combine ClickFix With PySoxy Proxying to Maintain Persistence
INFOSECURITY-MAGAZINE.COM — 12 May 2026
⚠️
Citrix moves secure access to a flexible, credit-based consumption model
HELPNETSECURITY.COM — 12 May 2026
⚠️
Top 10 Deep & Dark Web Forums
SOCRADAR.IO — 12 May 2026
⚠️
Zoom Rooms and Workplace Flaws Expose Users to Elevated Access Attacks
GBHACKERS.COM — 12 May 2026
⚠️
Threat Actors Abuse Vercel AI Tools to Mass-Produce Realistic Phishing Sites
GBHACKERS.COM — 12 May 2026
⚠️
SAP Releases Patch for Critical SQL Injection Flaw in S/4HANA
GBHACKERS.COM — 12 May 2026
⚠️
OpenAI introduces Daybreak cyber platform, takes on Anthropic Mythos
CSOONLINE.COM — 12 May 2026
⚠️
Google Says Hackers Used AI to Build Zero-Day Exploit
TECHREPUBLIC.COM — 12 May 2026
⚠️
Exaforce raises $125M Series B to build AI for catching and stopping cyberattacks as they happen
TECHCRUNCH.COM — 12 May 2026
⚠️
The world’s most “Dangerous” AI, Anthropic’s Mythos, found only one flaw in curl
SECURITYAFFAIRS.COM — 12 May 2026
⚠️
Mullvad shares workaround for Android 16 VPN leak that remains unfixed
CYBERINSIDER.COM — 12 May 2026
⚠️
Exaforce raises $125 million to respond to AI-powered attacks
HELPNETSECURITY.COM — 12 May 2026
⚠️
Amazon Quick authorization bypass let users reach blocked AI chat agents
HELPNETSECURITY.COM — 12 May 2026
⚠️
Google launches new Android security feature to help uncover spyware attacks
TECHCRUNCH.COM — 12 May 2026
⚠️
Mistral AI SDK, TanStack Router hit in npm software supply chain attack
CSOONLINE.COM — 12 May 2026
⚠️
Critical Patches Issued for Microsoft Products, May 12, 2026
CISECURITY.ORG — 12 May 2026
⚠️
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
CISECURITY.ORG — 12 May 2026
⚠️
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
CISECURITY.ORG — 12 May 2026
⚠️
Stop Chasing Individual CVEs
YOUTUBE.COM — 2026-05-12
⚠️
Windows 11 security update fixes critical Bing and Azure flaws
KEVCYBERINSIDER.COM — 12 May 2026
⚠️
Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution
CISECURITY.ORG — 12 May 2026
⚠️
Hackers accessed BWH Hotels reservation system for months
SECURITYAFFAIRS.COM — 12 May 2026
⚠️
AWS Security Agent full repository code scanning feature now available in preview
AWS.AMAZON.COM — 12 May 2026
⚠️
‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
CYBERSCOOP.COM — 12 May 2026
⚠️
It's Patch Tuesday for Microsoft and Not a Zero-Day In Sight
DARKREADING.COM — 12 May 2026
⚠️
AI-Written Exploits Are Here
YOUTUBE.COM — 2026-05-12
⚠️
SN 1078: DigiCert does it right - Hugging Face Under Fire
TWIT.TV — 12 May 2026
📋
Microsoft May 2026 Patch Tuesday, (Tue, May 12th)
ISC.SANS.EDU — 12 May 2026
📋
iOS 26.5 Updates RCS Messaging, Apple Maps, and iPhone Wallpapers
TECHREPUBLIC.COM — 12 May 2026
📋
Patch Tuesday, May 2026 Edition
KREBSONSECURITY.COM — 12 May 2026
📋
Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities
TALOSINTELLIGENCE.COM — 12 May 2026
📋
Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical
CYBERSCOOP.COM — 12 May 2026
📢
Navigating Human and Agentic Risks for Financial Institutions in the APJ Region
KNOWBE4.COM — 12 May 2026
📢
Major world economies spell out key elements of AI ‘ingredients list’
CYBERSCOOP.COM — 12 May 2026
🔥
Checkmarx Jenkins AST Plugin Compromised in KICS Supply Chain Attack
GBHACKERS.COM — 12 May 2026
🔥
84 npm Packages Linked to TanStack Hit by Supply-Chain Breach
GBHACKERS.COM — 12 May 2026
🔥
Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
THEHACKERNEWS.COM — 12 May 2026
🔥
State of ransomware in 2026
SECURELIST.COM — 12 May 2026
🔥
Microsoft Warns: MistralAI PyPI Package Compromised with Malware
GBHACKERS.COM — 12 May 2026
🔥
Stolen Canvas data was “returned” after hacker agreement, Instructure says
MALWAREBYTES.COM — 12 May 2026
🔥
South Staffordshire Water Fined £1m After Data Breach
INFOSECURITY-MAGAZINE.COM — 12 May 2026
🔥
Cushman & Wakefield - 310,431 breached accounts
HAVEIBEENPWNED.COM — 12 May 2026
🔥
State-sponsored actors, better known as the friends you don’t want
TALOSINTELLIGENCE.COM — 12 May 2026
🔥
New ‘Shai-Hulud’ attack breached hundreds of npm and PyPI packages
CYBERINSIDER.COM — 12 May 2026
🔥
Hackers Hijack Microsoft Teams Accounts to Spread ModeloRAT Malware
GBHACKERS.COM — 12 May 2026
🔥
ANY.RUN & Elastic Security: Bring Threat Intelligence into Detection and Investigation Workflows
ANY.RUN — 12 May 2026
🔥
Cushman and Wakefield Confirms Data Breach Impacting Over 310,000 Accounts
GBHACKERS.COM — 12 May 2026
🔥
Instructure strikes deal with hackers who breached it twice
TECHCRUNCH.COM — 12 May 2026
🔥
Instructure pays ransom after Canvas incident as Congress announces investigation
THERECORD.MEDIA — 12 May 2026
🔥
Canvas owner reaches agreement with ShinyHunters, says user data was deleted
CYBERINSIDER.COM — 12 May 2026
🔥
Instructure took a risky approach to recover stolen Canvas data
HELPNETSECURITY.COM — 12 May 2026
🔥
Identity takes center stage as a leading factor in enterprise cyberattacks
CYBERSECURITYDIVE.COM — 12 May 2026
🔥
Hugging Face Packages Weaponized With a Single File Tweak
DARKREADING.COM — 12 May 2026
🔥
Report: Most Phishing Attacks Abuse Trusted Services
KNOWBE4.COM — 12 May 2026
🔥
West Pharmaceutical warns of ransomware attack impacting business operations
THERECORD.MEDIA — 12 May 2026
🔥
Foxconn confirms cyberattack impacting North American factories
THERECORD.MEDIA — 12 May 2026
🔥
Foxconn Ransomware Attack Shows Nothing Is Safe Forever
WIRED.COM — 12 May 2026
🕵️
ISC Stormcast For Tuesday, May 12th, 2026 https://isc.sans.edu/podcastdetail/9928, (Tue, May 12th)
ISC.SANS.EDU — 12 May 2026
🕵️
The hidden smart fridge risks that emerge years after purchase
HELPNETSECURITY.COM — 12 May 2026
🕵️
Cybersecurity jobs available right now: May 12, 2026
HELPNETSECURITY.COM — 12 May 2026
🕵️
TrickMo Android Malware Targets Banking, Wallet, and Authenticator Apps
GBHACKERS.COM — 12 May 2026
🕵️
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
THEHACKERNEWS.COM — 12 May 2026
🕵️
Fake TronLink Chrome Extension Steals Crypto Wallet Credentials
GBHACKERS.COM — 12 May 2026
🕵️
North Korea Hackers Abuse Git Hooks to Deploy Cross-Platform Malware
GBHACKERS.COM — 12 May 2026
🕵️
AI is separating the companies built to scale from the ones built to sell
CYBERSCOOP.COM — 12 May 2026
🕵️
The Civil War Spies and Saboteurs Across the Canadian Border
THECYBERWIRE.COM — 12 May 2026
🕵️
Signal rolls out new protections against impersonation attacks
CYBERINSIDER.COM — 12 May 2026
🕵️
Vidar Stealer Campaign Evades EDR to Steal Credentials
GBHACKERS.COM — 12 May 2026
🕵️
AI and an absent government: Takeaways from RSAC 2026
CYBERSECURITYDIVE.COM — 12 May 2026
🕵️
CyberheistNews Vol 16 #19 Crafty Criminals Continue to Pose as Help Desks in Social Engineering Attacks
KNOWBE4.COM — 12 May 2026
🕵️
General Motors to pay $12.75 million over driver data sales
HELPNETSECURITY.COM — 12 May 2026
🕵️
Download: The IT and security field guide to AI adoption
HELPNETSECURITY.COM — 12 May 2026
🕵️
AI Can’t Detect Malicious Intent
YOUTUBE.COM — 2026-05-12
🕵️
This Samsung 4TB Portable SSD Moves Files at 2,000 MB/s For $1K
TECHREPUBLIC.COM — 12 May 2026
🕵️
Veeam Intelligent ResOps unifies data context and recovery
HELPNETSECURITY.COM — 12 May 2026
🕵️
FIRESIDE CHAT: Cyber insurers deepen SMB security role as supply chain attacks spread
LASTWATCHDOG.COM — 12 May 2026
🕵️
ThreatDown ITDR prevents credential-based attacks
HELPNETSECURITY.COM — 12 May 2026
🕵️
SAP unveils Autonomous Enterprise for AI-driven business operations
HELPNETSECURITY.COM — 12 May 2026
🕵️
Google and Amnesty International teamed up to make it harder for spyware vendors to hide
CYBERSCOOP.COM — 12 May 2026
🕵️
Over 1 Million Baby Monitors, Security Cameras Exposed Through Meari Flaws
TECHREPUBLIC.COM — 12 May 2026
🕵️
Samsung Galaxy Watch Glucose Tracking: What Works Now and What Doesn’t
TECHREPUBLIC.COM — 12 May 2026
🕵️
6 Best ChatGPT Photo Editing Trends in 2026 (With Prompts to Try)
TECHREPUBLIC.COM — 12 May 2026
🕵️
Tomato, JDownloader, TempPCP, Bad Vibes, Dirty Frag, Giedi Prime, Aaran Leyland - SWN #580
YOUTUBE.COM — 2026-05-12
🕵️
Fedora Hummingbird brings the container security model to a Linux host OS
HELPNETSECURITY.COM — 12 May 2026
🌐
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
THEHACKERNEWS.COM — 12 May 2026
🌐
Android banking Trojan TrickMo evolves using TON network for C2
SECURITYAFFAIRS.COM — 12 May 2026
🌐
Malicious Hugging Face Repository Typosquats OpenAI
INFOSECURITY-MAGAZINE.COM — 12 May 2026
🌐
Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help
THEHACKERNEWS.COM — 12 May 2026
🌐
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
THEHACKERNEWS.COM — 12 May 2026
🌐
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
THEHACKERNEWS.COM — 12 May 2026
🌐
Instructure strikes a deal with ShinyHunters.
THECYBERWIRE.COM — 12 May 2026
🌐
China’s hackers aren’t invincible.
THECYBERWIRE.COM — 12 May 2026
🎙️
Inside the Media Mind of Shaun Waterman: Freelancer
THECYBERWIRE.COM — 12 May 2026
📡
Elastic Security MCP App: Interactive security operations inside your AI Tools
ELASTIC.CO — 12 May 2026
📡
iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android
THEHACKERNEWS.COM — 12 May 2026
📡
1 in 8 employees have sold company logins or know someone who has
MALWAREBYTES.COM — 12 May 2026
📡
Why Agentic AI Is Security's Next Blind Spot
THEHACKERNEWS.COM — 12 May 2026
📡
10 Best Dark / Deep Web Browsers for Anonymity
SOCRADAR.IO — 12 May 2026
📡
End‑to‑End Encrypted RCS Messaging Arrives Across iPhone and Android
INFOSECURITY-MAGAZINE.COM — 12 May 2026
📡
20 Leaders Who Built the CISO Era: 2 Decades of Change
DARKREADING.COM — 12 May 2026
📡
Mini Shai-Hulud Hits TanStack npm Packages
INFOSECURITY-MAGAZINE.COM — 12 May 2026
📡
Enabling AI sovereignty on AWS
AWS.AMAZON.COM — 12 May 2026
📡
OpenAI Launches 'Daybreak' to Help Build Secure By Design Software
INFOSECURITY-MAGAZINE.COM — 12 May 2026
📡
U.S. bank disclose security lapse after sharing customer data with AI app
TECHCRUNCH.COM — 12 May 2026
📡
Fake Claude search results lure Mac users into ClickFix attack
MALWAREBYTES.COM — 12 May 2026
📡
European countries are exporting surveillance tech to countries with poor human rights records, report says
THERECORD.MEDIA — 12 May 2026
📡
Guardrail Technologies launches Traffic Light for Code & AI™; first security technology to verify & secure AI code and the people creating it
CYBERSECURITYDIVE.COM — 12 May 2026
📡
Twin brothers wipe 96 gov't databases minutes after being fired
ARSTECHNICA.COM — 12 May 2026
📡
Congressman launches inquiry into how food retailers use surveillance pricing
THERECORD.MEDIA — 12 May 2026
📡
Iran Is Using Tiny ‘Mosquito’ Boats to Shut Down the Strait of Hormuz
WIRED.COM — 12 May 2026
📡
LLMjacking: what these attacks are, and how to protect AI servers
KASPERSKY.COM — 12 May 2026
🚨
U.S. CISA adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in BerriAI LiteLLM, tracked as CVE-2026-42208 (CVSS score …
KEVSECURITYAFFAIRS.COM — 11 May 2026
🐛
CVE-2026-31706 ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-31723 usb: gadget: f_subset: Fix net_device lifecycle with device_move
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-31724 usb: gadget: f_eem: Fix net_device lifecycle with device_move
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43036 net: use skb_header_pointer() for TCPv4 GSO frag_off check
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-31707 ksmbd: validate response sizes in ipc_validate_msg()
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43042 mpls: add seqcount to protect the platform_label{,s} pair
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-31771 Bluetooth: hci_event: move wake reason storage into validated event handlers
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43052 wifi: mac80211: check tdls flag in ieee80211_tdls_oper
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-31709 smb: client: validate the whole DACL before rewriting it in cifsacl
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43010 bpf: Reject sleepable kprobe_multi programs at attach time
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43474 fs: init flags_valid before calling vfs_fileattr_get
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2025-71302 drm/panthor: fix for dma-fence safe access rules
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43309 md raid: fix hang when stopping arrays with metadata through dm-raid
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43320 drm/amd/display: Fix dsc eDP issue
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43300 drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43306 bpf: crypto: Use the correct destructor kfunc type
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisition
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43319 spi: spidev: fix lock inversion between spi_lock and buf_lock
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43344 perf/x86/intel/uncore: Fix die ID init and look up bugs
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43305 drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43310 media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43400 drm/amdgpu: add upper bound check on user inputs in signal ioctl
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43292 mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43398 drm/amdgpu: add upper bound check on user inputs in wait ioctl
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43311 soc/tegra: pmc: Fix unsafe generic_handle_irq() call
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43421 usb: gadget: f_ncm: Fix net_device lifecycle with device_move
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authentication
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-45186
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-7568 Signed integer overflow in metaphone()
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43053 xfs: close crash window in attr dabtree inactivation
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43048 HID: core: Mitigate potential OOB by removing bogus memset()
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-31777 ALSA: ctxfi: Check the error for index mapping
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-31722 usb: gadget: f_rndis: Fix net_device lifecycle with device_move
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-31725 usb: gadget: f_ecm: Fix net_device lifecycle with device_move
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43049 HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-31712 ksmbd: require minimum ACE size in smb_check_perm_dacl()
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43019 Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-31729 usb: typec: ucsi: validate connector number in ucsi_notify_common()
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43009 bpf: Fix incorrect pruning due to atomic fetch precision tracking
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-31715 f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43338 btrfs: reserve enough transaction items for qgroup ioctls
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43318 drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43416 powerpc, perf: Check that current->mm is alive before getting user callchain
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43284 xfrm: esp: avoid in-place decrypt on shared skb frags
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2025-71299 spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43317 most: core: fix leak on early registration failure
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43321 bpf: Properly mark live registers for indirect jumps
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43456 bonding: fix type confusion in bond_setup_by_slave()
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43298 drm/amdgpu: Skip vcn poison irq release on VF
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43299 btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure()
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43294 drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-43353 i3c: mipi-i3c-hci: Fix race in DMA ring dequeue
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-42257 net-imap: Command Injection via "raw" arguments to multiple commands
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-42258 net-imap: Command Injection via unvalidated Symbol inputs
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-6722 Use-After-Free in SOAP using Apache map
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-6735 XSS within PHP-FPM status endpoint
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value>
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2025-21723 scsi: mpi3mr: Fix possible crash when setting up bsg fails
MSRC.MICROSOFT.COM — 11 May 2026
🐛
CVE-2025-21714 RDMA/mlx5: Fix implicit ODP use after free
MSRC.MICROSOFT.COM — 11 May 2026
🐛
PoC Exploit Released for Android Zero-Click Flaw Enabling Remote Shell Access
GBHACKERS.COM — 11 May 2026
🐛
1,800+ MCP servers exposed without authentication: How zero trust can secure the AI agent revolution
CSOONLINE.COM — 11 May 2026
🐛
The impact of Mythos and Florida Man, confidence gaps, phishing, & AI adoption - Erich... - ESW #458
YOUTUBE.COM — 2026-05-11
🐛
cPanel and WHM Servers Targeted in Attacks Exploiting CVE-2026-41940
GBHACKERS.COM — 11 May 2026
🐛
New ‘Dirty Frag’ exploit targets Linux kernel for root access
KEVCSOONLINE.COM — 11 May 2026
🐛
Linux developers weigh emergency “killswitch” for vulnerable kernel functions
HELPNETSECURITY.COM — 11 May 2026
🐛
VU#937808: Casdoor contains Arbitrary File Write vulnerability
KB.CERT.ORG — 2026-05-11
🐛
VU#471747: dnsmasq contains several vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation
KB.CERT.ORG — 2026-05-11
🐛
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
THEHACKERNEWS.COM — 11 May 2026
⚠️
Canvas Breach Exposes 275M Accounts | AI Targets Water Systems | GM OnStar Settlement
CYBERSECURITYTODAY.LIBSYN.COM — 11 May 2026
⚠️
New cPanel and WHM Vulnerabilities Expose Servers to Code Execution and DoS Attacks
GBHACKERS.COM — 11 May 2026
⚠️
JDownloader Hack Spreads New Python RAT
GBHACKERS.COM — 11 May 2026
⚠️
Security teams are turning to AI to survive alert overload
HELPNETSECURITY.COM — 11 May 2026
⚠️
macOS Malware Abuses Google Ads and Claude Shared Chats to Deliver Payloads
GBHACKERS.COM — 11 May 2026
⚠️
ODINI Malware Uses CPU Magnetic Signals to Exfiltrate Data from Air-Gapped Systems
GBHACKERS.COM — 11 May 2026
⚠️
Rustinel: Open-source endpoint detection for Windows and Linux
HELPNETSECURITY.COM — 11 May 2026
⚠️
Review: Foundations of Cybersecurity, 2nd edition
HELPNETSECURITY.COM — 11 May 2026
⚠️
Windows CreateFileW API Flaw Could Let Attackers Lock SMB Files at Scale
GBHACKERS.COM — 11 May 2026
⚠️
Crimenetwork Bust Reveals 22,000 Members and Over 100 Illicit Vendors
GBHACKERS.COM — 11 May 2026
⚠️
ShinyHunters Exploits Canvas LMS Free Teacher Accounts in New Breach
GBHACKERS.COM — 11 May 2026
⚠️
Mythos finds a curl vulnerability
PROGRAMMING.DEV — 11 May 2026
⚠️
8 guiding principles for reskilling the SOC for agentic AI
CSOONLINE.COM — 11 May 2026
⚠️
The scam economy has found its AI upgrade
HELPNETSECURITY.COM — 11 May 2026
⚠️
Microsoft 365 Copilot Flaws Could Let Attackers Access Sensitive Data
GBHACKERS.COM — 11 May 2026
⚠️
AI security is repeating endpoint security’s biggest mistake
CSOONLINE.COM — 11 May 2026
⚠️
Instructure confirms Canvas user data exposed in cyberattack
CYBERINSIDER.COM — 11 May 2026
⚠️
Your Purple Team Isn't Purple — It's Just Red and Blue in the Same Room
THEHACKERNEWS.COM — 11 May 2026
⚠️
PHP SOAP Extension Flaw Could Let Attackers Execute Code Remotely
GBHACKERS.COM — 11 May 2026
⚠️
Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads
CSOONLINE.COM — 11 May 2026
⚠️
Hackers Observed Using AI to Develop Zero-Day for the First Time
INFOSECURITY-MAGAZINE.COM — 11 May 2026
⚠️
Hackers Use AI for Exploit Development, Attack Automation
DARKREADING.COM — 11 May 2026
⚠️
Police take down relaunched criminal marketplace with 22,000 users, €3.6 million in revenue
HELPNETSECURITY.COM — 11 May 2026
⚠️
fsnotify Maintainer Access Change Sparks Supply Chain Security Concerns
GBHACKERS.COM — 11 May 2026
⚠️
Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program
CSOONLINE.COM — 11 May 2026
⚠️
Google discovers weaponized zero-day exploits created with AI
CSOONLINE.COM — 11 May 2026
⚠️
GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access
CLOUD.GOOGLE.COM — 11 May 2026
⚠️
Google spotted an AI-developed zero-day before attackers could use it
CYBERSCOOP.COM — 11 May 2026
⚠️
Google researchers uncover criminal zero-day exploit likely built with AI
HELPNETSECURITY.COM — 11 May 2026
⚠️
Why we use CAPTCHAs, (Mon, May 11th)
ISC.SANS.EDU — 11 May 2026
⚠️
AI used to develop working zero-day exploit, researchers warn
CYBERSECURITYDIVE.COM — 11 May 2026
⚠️
Google warns artificial intelligence is accelerating cyberattacks and zero-day exploits
SECURITYAFFAIRS.COM — 11 May 2026
⚠️
'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros
DARKREADING.COM — 11 May 2026
⚠️
Final Countdown: Last Chance to Join the Rapid7 Global Cybersecurity Summit
RAPID7.COM — 11 May 2026
⚠️
Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
THEHACKERNEWS.COM — 11 May 2026
⚠️
IAM for MSSPs: The Hidden Risk of Blind Trust - Dustin Sachs - CSP #224
YOUTUBE.COM — 2026-05-11
⚠️
Red Hat extends open source technology into space
HELPNETSECURITY.COM — 11 May 2026
⚠️
Identity security firm SailPoint discloses GitHub repository breach
SECURITYAFFAIRS.COM — 11 May 2026
⚠️
FCC Robocall Crackdown Raises Privacy Concerns Over Mandatory ID Checks
TECHREPUBLIC.COM — 11 May 2026
⚠️
AI Isn’t Replacing Cybersecurity
YOUTUBE.COM — 2026-05-11
⚠️
California hits GM with record $12.75M fine for selling driver location data
CYBERINSIDER.COM — 11 May 2026
⚠️
Google says cybercriminals used AI to develop zero-day exploit
CYBERINSIDER.COM — 11 May 2026
⚠️
Foreign routers get a longer lifeline.
THECYBERWIRE.COM — 11 May 2026
⚠️
Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools
UNIT42.PALOALTONETWORKS.COM — 11 May 2026
📋
US: FCC Relaxes Foreign-Made Router Ban to Allow for Security Updates
INFOSECURITY-MAGAZINE.COM — 11 May 2026
📋
FCC pushes ban on security updates for foreign-made routers, drones to 2029
THERECORD.MEDIA — 11 May 2026
📢
Police Shut Relaunched Crimenetwork Dark Web Marketplace
INFOSECURITY-MAGAZINE.COM — 11 May 2026
📢
Dirty Frag: Linux kernel hit by second major security flaw in two weeks
THERECORD.MEDIA — 11 May 2026
📢
Alation AI Governance creates a system of record for AI oversight
HELPNETSECURITY.COM — 11 May 2026
📢
When Ransomware Negotiators Flip Sides
YOUTUBE.COM — 2026-05-11
🔥
Welcoming the Costa Rican Government to Have I Been Pwned
TROYHUNT.COM — 11 May 2026
🔥
Weaponized JPEG file Drops Trojanized ScreenConnect Malware
GBHACKERS.COM — 11 May 2026
🔥
Zara Data Breach Impacts Nearly 200,000 Customers
INFOSECURITY-MAGAZINE.COM — 11 May 2026
🔥
The State of Ransomware – Q1 2026
RESEARCH.CHECKPOINT.COM — 11 May 2026
🔥
ShinyHunters Escalates Canvas Extortion with School by School Ransom Campaign
INFOSECURITY-MAGAZINE.COM — 11 May 2026
🔥
UK water company allowed hackers to lurk undetected for nearly two years, regulator finds
THERECORD.MEDIA — 11 May 2026
🔥
11th May – Threat Intelligence Report
RESEARCH.CHECKPOINT.COM — 11 May 2026
🔥
Cyber Espionage Group Targets Aviation Firms to Steal Map Data
DARKREADING.COM — 11 May 2026
🔥
A 2nd Canvas data breach causes major disruptions for schools, colleges
CYBERSECURITYDIVE.COM — 11 May 2026
🔥
Poor security left hackers inside water company network for nearly two years
HELPNETSECURITY.COM — 11 May 2026
🔥
Zimperium Mobile App Response Agent helps security teams counter mobile attacks
HELPNETSECURITY.COM — 11 May 2026
🔥
Welcoming the Bangladesh Government to Have I Been Pwned
TROYHUNT.COM — 11 May 2026
🕵️
ISC Stormcast For Monday, May 11th, 2026 https://isc.sans.edu/podcastdetail/9926, (Mon, May 11th)
ISC.SANS.EDU — 11 May 2026
🕵️
Top 10 Best Secure Code Review Services For Developers in 2026
GBHACKERS.COM — 11 May 2026
🕵️
Top 10 Best DevSecOps Companies For Secure SDLC 2026
GBHACKERS.COM — 11 May 2026
🕵️
Checkmarx Jenkins Plugin Backdoored in New TeamPCP Supply Chain Attack
SOCRADAR.IO — 11 May 2026
🕵️
OpenClaw Malware Targets Crypto Wallets and Bitwarden Credentials
GBHACKERS.COM — 11 May 2026
🕵️
The missing cybersecurity leader in small business
CYBERSCOOP.COM — 11 May 2026
🕵️
Fake Claude Campaign Uses PlugX-Style DLL Sideloading Chain
GBHACKERS.COM — 11 May 2026
🕵️
Trending Hugging Face Repo With 200K Downloads Spreads Windows Malware
GBHACKERS.COM — 11 May 2026
🕵️
Sandboxie Escape Flaw Could Let Attackers Gain SYSTEM-Level Privileges
GBHACKERS.COM — 11 May 2026
🕵️
Instagram messaging encryption removed, and privacy advocates are pushing back
HELPNETSECURITY.COM — 11 May 2026
🕵️
The questionnaire-based TPRM model is broken, and TrustCloud has a fix
HELPNETSECURITY.COM — 11 May 2026
🕵️
LLMs and Text-in-Text Steganography
SCHNEIER.COM — 2026-05-11
🕵️
New cybersecurity industry alliance aims to lead US critical infrastructure protection
CYBERSECURITYDIVE.COM — 11 May 2026
🕵️
Python Infostealer Hides in GitHub Releases to Bypass Detection
GBHACKERS.COM — 11 May 2026
🕵️
SailPoint Agentic Fabric expands identity governance to autonomous AI agents
HELPNETSECURITY.COM — 11 May 2026
🕵️
Google’s new reCAPTCHA system restricts access to the open web
CYBERINSIDER.COM — 11 May 2026
🕵️
Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program
GBHACKERS.COM — 11 May 2026
🕵️
Apple, Intel Reportedly Near Chip Deal That Could Reduce TSMC Reliance
TECHREPUBLIC.COM — 11 May 2026
🕵️
Microsoft’s Voluntary Retirement Offer: New Details Reveal Who Qualifies
TECHREPUBLIC.COM — 11 May 2026
🕵️
Your Team of 10 Gets This AI Project Management Platform for Just $99
TECHREPUBLIC.COM — 11 May 2026
🕵️
SS&C Intralinks FundCentre AI vs. Juniper Square: Which platform better supports modern private markets fund managers?
TECHREPUBLIC.COM — 11 May 2026
🕵️
macOS 27 May Get a New Look: Here’s What Apple Could Change
TECHREPUBLIC.COM — 11 May 2026
🕵️
Entries now open for the 2026 CSO30 Australia Awards
CSOONLINE.COM — 11 May 2026
🕵️
News Alert: Lyrie.ai joins Anthropic verification program, unveils protocol for securing AI agents
LASTWATCHDOG.COM — 11 May 2026
🕵️
TikTok Launches £3.99 Ad-Free Plan for UK Users
TECHREPUBLIC.COM — 11 May 2026
🕵️
Mac Users Warned Over Fake Claude Install Instructions
TECHREPUBLIC.COM — 11 May 2026
🕵️
1.8 Billion Gmail Users May Want to Check This AI Privacy Setting
TECHREPUBLIC.COM — 11 May 2026
🕵️
FCC moves to impose “Know Your Customer” rules for VoIP providers
CYBERINSIDER.COM — 11 May 2026
🕵️
iOS 26.5 is out, bringing encrypted RCS messaging to iPhone and Android users
HELPNETSECURITY.COM — 11 May 2026
🕵️
Pressure mounts on Canvas as data leak extortion deadline looms
CYBERSCOOP.COM — 11 May 2026
🌐
A week in security (May 4 &#8211; May 10)
MALWAREBYTES.COM — 11 May 2026
🌐
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
THEHACKERNEWS.COM — 11 May 2026
🌐
TrickMo Variant Routes Android Trojan Traffic Through TON
INFOSECURITY-MAGAZINE.COM — 11 May 2026
🌐
FCC eases restrictions on foreign-made routers.
THECYBERWIRE.COM — 11 May 2026
📡
Instagram removed end-to-end encryption for DMs. What should users do?
SECURITYAFFAIRS.COM — 11 May 2026
📡
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
THEHACKERNEWS.COM — 11 May 2026
📡
Identity is the new perimeter as rapid NHI proliferation threatens visibility and control
CYBERSECURITYDIVE.COM — 11 May 2026
📡
Crimenetwork returns after takedown, dismantled again by German authorities
SECURITYAFFAIRS.COM — 11 May 2026
📡
Yarbo responds to robot flaws that could mow down their owners
MALWAREBYTES.COM — 11 May 2026
📡
Fake Claude Code Page Pushes PowerShell Stealer at Devs
INFOSECURITY-MAGAZINE.COM — 11 May 2026
📡
Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities
INFOSECURITY-MAGAZINE.COM — 11 May 2026
📡
Complimentary virtual training: Get hands-on with AWS Security Services
AWS.AMAZON.COM — 11 May 2026
📡
Texas sues Netflix over alleged data practices that create ‘surveillance machinery’ without user consent
THERECORD.MEDIA — 11 May 2026
📡
Apple Patches Everything, (Mon, May 11th)
ISC.SANS.EDU — 11 May 2026
📡
FCC Softens Ban on Foreign-Made Routers
DARKREADING.COM — 11 May 2026
📡
Tech Can't Stop These Threats — Your People Can
DARKREADING.COM — 11 May 2026
🐛
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
MSRC.MICROSOFT.COM — 10 May 2026
🐛
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template
MSRC.MICROSOFT.COM — 10 May 2026
🐛
CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals
MSRC.MICROSOFT.COM — 10 May 2026
🐛
CVE-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsing
MSRC.MICROSOFT.COM — 10 May 2026
🐛
CVE-2026-6665 PgBouncer buffer overflow in SCRAM
MSRC.MICROSOFT.COM — 10 May 2026
🐛
CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command
MSRC.MICROSOFT.COM — 10 May 2026
🐛
CVE-2026-6666 PgBouncer crash in kill_pool_logins_server_error
MSRC.MICROSOFT.COM — 10 May 2026
🐛
CVE-2026-45130 Vim: Heap Buffer Overflow in spell file loading
MSRC.MICROSOFT.COM — 10 May 2026
🐛
CVE-2026-44656 Vim: OS Command Injection via 'path' completion
MSRC.MICROSOFT.COM — 10 May 2026
🐛
CVE-2026-33811 Crash when handling long CNAME response in net
MSRC.MICROSOFT.COM — 10 May 2026
🐛
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
MSRC.MICROSOFT.COM — 10 May 2026
🐛
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
MSRC.MICROSOFT.COM — 10 May 2026
🐛
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
MSRC.MICROSOFT.COM — 10 May 2026
🐛
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
MSRC.MICROSOFT.COM — 10 May 2026
🐛
CVE-2026-39826 Escaper bypass leads to XSS in html/template
MSRC.MICROSOFT.COM — 10 May 2026
🐛
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
MSRC.MICROSOFT.COM — 10 May 2026
🐛
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
MSRC.MICROSOFT.COM — 10 May 2026
🐛
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
MSRC.MICROSOFT.COM — 10 May 2026
🐛
CVE-2026-33079 Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles
MSRC.MICROSOFT.COM — 10 May 2026
🐛
Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
THEHACKERNEWS.COM — 10 May 2026
⚠️
Week in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scams
KEVHELPNETSECURITY.COM — 10 May 2026
⚠️
Official JDownloader site served malware to Windows and Linux users between May 6 and May 7
SECURITYAFFAIRS.COM — 10 May 2026
⚠️
New cPanel vulnerabilities could allow file access and remote code execution
SECURITYAFFAIRS.COM — 10 May 2026
🔥
CyberWire Daily at 10: The evolution of geopolitics and warfare.
THECYBERWIRE.COM — 10 May 2026
🔥
Security Affairs newsletter Round 576 by Pierluigi Paganini – INTERNATIONAL EDITION
SECURITYAFFAIRS.COM — 10 May 2026
🔥
Weekly Update 503
TROYHUNT.COM — 10 May 2026
🕵️
YARA-X 1.16.0 Release, (Sun, May 10th)
ISC.SANS.EDU — 10 May 2026
🌐
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 96
SECURITYAFFAIRS.COM — 10 May 2026
🐛
cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
THEHACKERNEWS.COM — 09 May 2026
⚠️
NVIDIA Confirms GeForce Data Breach Exposed Users’ Personal Data
GBHACKERS.COM — 09 May 2026
⚠️
Cybersecurity Today Month in Review: AI Coding Risks, Canvas Breach, QR Phishing Surge
CYBERSECURITYTODAY.LIBSYN.COM — 09 May 2026
⚠️
Vidar Infostealer Campaign Steals Passwords, Cookies, Crypto Wallets, and Device Data
GBHACKERS.COM — 09 May 2026
⚠️
ShinyHunters defaces Canvas portals during finals week.
THECYBERWIRE.COM — 09 May 2026
📢
Hackable Robot Lawn Mower Unlocks a New Nightmare
WIRED.COM — 09 May 2026
🔥
Braintrust security incident raises concerns over AI supply chain risks
SECURITYAFFAIRS.COM — 09 May 2026
🕵️
The spy who logged me in.
THECYBERWIRE.COM — 09 May 2026
🕵️
TCLBANKER Malware Leverages WhatsApp and Outlook Worm Features in Active Attacks
GBHACKERS.COM — 09 May 2026
🕵️
AI Coding Agents Need Sandboxes
YOUTUBE.COM — 2026-05-09
🌐
Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence
SECURITYAFFAIRS.COM — 09 May 2026
🚨
Your refresh plan has a CVE blind spotThe conversation is straightforward, but the problem behind it is not. The customer bought servers in 2017 and typically refresh every five to six years. Generally, around the 2022 to 2023 timeframe, they would have looked to buy new. Historically, that is what would have happene…
KEVCSOONLINE.COM — 08 May 2026
🚨
CVE-2026-6973: Authenticated Admin RCE In Ivanti EPMM Added to CISA KEVCVE-2026-6973: Authenticated Admin RCE In Ivanti EPMM Added to CISA KEV Ivanti has patched CVE-2026-6973, a high-severity remote code execution (RCE) vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM) on-prem deployments. The vulnerability has been exploited in the wil…
KEVSOCRADAR.IO — 08 May 2026
🚨
Why the approaching flood of vulnerabilities changes everything — and what to do about itAI-driven discovery, NIST’s retreat from universal enrichment, and the end of “good enough” vulnerability management Key takeaways AI-driven discovery tools are accelerating CVE volume, resulting in an expected deluge of 59,000 disclosed vulnerabilities this year.   NIST has…
KEVTENABLE.COM — 08 May 2026
🚨
Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chainWeeks after the Copy Fail vulnerability was revealed, a new Linux kernel escalation vulnerability has been uncovered. Dubbed “Dirty Frag,” this flaw could allow a local user to gain root access on affected Linux distributions. Public exploit code has been released prior to patche…
KEVTENABLE.COM — 08 May 2026
🚨
Five new holes, one exploited, found in Ivanti Endpoint Manager MobileThe five new vulnerabilities discovered in Ivanti’s on-premises mobile endpoint management solution are a “classic example of the legacy trap” that CSOs must avoid, says an expert. “Patch today to survive the weekend,” said Robert Enderle of the Enderle Group, “but start planning…
KEVCSOONLINE.COM — 08 May 2026
🐛
13 new critical holes in JavaScript sandbox allow execution of arbitrary code
CSOONLINE.COM — 08 May 2026
🐛
Palo Alto Networks firewall flaw has been exploited for several weeks
CSOONLINE.COM — 08 May 2026
🐛
PoC Exploit Released for Dirty Frag Linux Kernel Vulnerability
GBHACKERS.COM — 08 May 2026
🐛
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
THEHACKERNEWS.COM — 08 May 2026
🐛
Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
ISC.SANS.EDU — 08 May 2026
🐛
CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization
MSRC.MICROSOFT.COM — 08 May 2026
🐛
CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification
MSRC.MICROSOFT.COM — 08 May 2026
🐛
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization
MSRC.MICROSOFT.COM — 08 May 2026
🐛
CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization
MSRC.MICROSOFT.COM — 08 May 2026
🐛
CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization
MSRC.MICROSOFT.COM — 08 May 2026
🐛
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution
MSRC.MICROSOFT.COM — 08 May 2026
🐛
CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect
MSRC.MICROSOFT.COM — 08 May 2026
🐛
CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution
MSRC.MICROSOFT.COM — 08 May 2026
🐛
CVE-2026-31718 ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger
MSRC.MICROSOFT.COM — 08 May 2026
🐛
CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution
MSRC.MICROSOFT.COM — 08 May 2026
🐛
CVE-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code execution
MSRC.MICROSOFT.COM — 08 May 2026
🐛
CVE-2026-25589 RedisBloom RESTORE invalid memory access may allow remote code execution
MSRC.MICROSOFT.COM — 08 May 2026
🐛
Critical Vulnerability in Rancher Fleet Enables Full Cluster-Admin Privileges
GBHACKERS.COM — 08 May 2026
🐛
CVE-2025-68670: discovering an RCE vulnerability in xrdp
SECURELIST.COM — 08 May 2026
🐛
Your CTEM program is probably ignoring MCP. Here’s how to fix it
CSOONLINE.COM — 08 May 2026
🐛
Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)
HELPNETSECURITY.COM — 08 May 2026
🐛
Dirty Frag: Unpatched Linux vulnerability delivers root access
HELPNETSECURITY.COM — 08 May 2026
🐛
Metasploit Wrap-Up 05/08/2026
RAPID7.COM — 08 May 2026
🐛
VU#260001: Linux kernel contains local privilege escalation vulnerability (Copy Fail)
KB.CERT.ORG — 2026-05-08
⚠️
Become a millionaire by bug hunting on Android
CSOONLINE.COM — 08 May 2026
⚠️
Meta allegedly made billions from scam advertising while online fraud explodes worldwide.
CYBERSECURITYTODAY.LIBSYN.COM — 08 May 2026
⚠️
NWHStealer Campaign Deploys Bun Loader, Anti-VM Evasion, and Encrypted C2
GBHACKERS.COM — 08 May 2026
⚠️
Multiple Critical Flaws Fixed in Next.js and React Server Components
GBHACKERS.COM — 08 May 2026
⚠️
423 Firefox Flaws Fixed as Browser Gains Support for Claude, Mythos, and More
GBHACKERS.COM — 08 May 2026
⚠️
May 2026 Patch Tuesday forecast: AI starts driving security industry changes
HELPNETSECURITY.COM — 08 May 2026
⚠️
Mental health apps are collecting more than emotional conversations
HELPNETSECURITY.COM — 08 May 2026
⚠️
Product showcase: NetGuard open-source firewall for Android
HELPNETSECURITY.COM — 08 May 2026
⚠️
Snyk integrates Claude to advance AI-native application security
HELPNETSECURITY.COM — 08 May 2026
⚠️
Fake Moustache Fools Age Checks, Sparks Online Safety Act Fears
GBHACKERS.COM — 08 May 2026
⚠️
Trellix Investigates RansomHouse Breach Claims Involving Source Code Repository
GBHACKERS.COM — 08 May 2026
⚠️
Pen tests show AI security flaws far more severe than legacy software bugs
CSOONLINE.COM — 08 May 2026
⚠️
Helping North Korean IT remote workers is becoming a fast track to prison
HELPNETSECURITY.COM — 08 May 2026
⚠️
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
THEHACKERNEWS.COM — 08 May 2026
⚠️
Cline Kanban WebSocket Vulnerability Enables Malicious Sites to Take Over AI Coding Agents
GBHACKERS.COM — 08 May 2026
⚠️
Claude in Chrome is taking orders from the wrong extensions
CSOONLINE.COM — 08 May 2026
⚠️
Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild
SECURITYAFFAIRS.COM — 08 May 2026
⚠️
From Cyberwar to Cognitive Warfare: The Geopolitical Impact on Cybersecurity in Africa
KNOWBE4.COM — 08 May 2026
⚠️
Pam Backdoor Targets Linux Systems to Steal SSH Credentials
GBHACKERS.COM — 08 May 2026
⚠️
Zero Chaos: Scaling Detection Engineering at the Speed of Software, with Detection As Code
RAPID7.COM — 08 May 2026
⚠️
MFA Alone Won’t Save You
YOUTUBE.COM — 2026-05-08
⚠️
ShinyHunters defaces Canvas portals during finals week.
THECYBERWIRE.COM — 08 May 2026
⚠️
Multiple universities forced to reschedule final exams after Canvas cyber incident
THERECORD.MEDIA — 08 May 2026
⚠️
Apple and Meta warn Canada’s Bill C-22 forces encryption backdoors
CYBERINSIDER.COM — 08 May 2026
⚠️
Insider Betting on Polymarket
SCHNEIER.COM — 2026-05-08
⚠️
The four-day race you don’t want to be in.
KEVTHECYBERWIRE.COM — 08 May 2026
⚠️
Canvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance! - SWN #579
YOUTUBE.COM — 2026-05-08
📢
EU calls VPNs “a loophole that needs closing” in age verification push
CYBERINSIDER.COM — 08 May 2026
📢
Kingdom Market administrator given 16-year sentence
THERECORD.MEDIA — 08 May 2026
🔥
Canvas Breach Disrupts Schools & Colleges Nationwide
KREBSONSECURITY.COM — 08 May 2026
🔥
The Canvas Hack Is a New Kind of Ransomware Debacle
WIRED.COM — 08 May 2026
🔥
Hackers Use Morse Code to Trick Grok and Bankrbot, Steal $200K in Crypto Tokens
GBHACKERS.COM — 08 May 2026
🔥
Zara - 197,376 breached accounts
HAVEIBEENPWNED.COM — 08 May 2026
🔥
PCPJack Campaign Boots TeamPCP Off Compromised Machines
INFOSECURITY-MAGAZINE.COM — 08 May 2026
🔥
Canvas outage hits thousands of universities as ShinyHunters threatens leak
CYBERINSIDER.COM — 08 May 2026
🔥
Avantra’s new AI can diagnose SAP failures in seconds
HELPNETSECURITY.COM — 08 May 2026
🔥
Former IT contractor convicted for wiping 96 US government databases
CYBERINSIDER.COM — 08 May 2026
🔥
Microsoft says Edge’s plaintext password behavior is “by design”
MALWAREBYTES.COM — 08 May 2026
🔥
You Have 60 Seconds to Stop the Breach. Are You Ready?
KNOWBE4.COM — 08 May 2026
🔥
Pro-Ukraine BO Team and Head Mare hackers appear to team up in attacks against Russia
THERECORD.MEDIA — 08 May 2026
🔥
ShinyHunters claims nearly 9,000 schools affected by Canvas data breach
EDSCOOP.COM — 08 May 2026
🔥
Instructure confirms cybersecurity incident
CYBERSECURITYDIVE.COM — 08 May 2026
🔥
Anthropic’s Claude used in attempted compromise of Mexican water utility
CYBERSECURITYDIVE.COM — 08 May 2026
🔥
Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident
SECURITYAFFAIRS.COM — 08 May 2026
🔥
Poland says hackers breached water treatment plants, and the U.S. is facing the same threat
TECHCRUNCH.COM — 08 May 2026
🔥
Cyberattacks on Poland’s Water Plants: A Blueprint for Hybrid Warfare
SECURITYAFFAIRS.COM — 08 May 2026
🔥
RansomHouse says it breached Trellix and exposes internal systems
SECURITYAFFAIRS.COM — 08 May 2026
🔥
Developers Are the New Target
YOUTUBE.COM — 2026-05-08
🕵️
ISC Stormcast For Friday, May 8th, 2026 https://isc.sans.edu/podcastdetail/9924, (Fri, May 8th)
ISC.SANS.EDU — 08 May 2026
🕵️
New infosec products of the week: May 8, 2026
HELPNETSECURITY.COM — 08 May 2026
🕵️
Your coworker might be selling company logins, and thinks it’s fine
HELPNETSECURITY.COM — 08 May 2026
🕵️
New Infostealer Campaign Abuses GitHub Releases to Hide Malware Payloads
GBHACKERS.COM — 08 May 2026
🕵️
PCPJack Worm Targets Docker, Kubernetes, Redis, and MongoDB Credentials
GBHACKERS.COM — 08 May 2026
🕵️
Transilience AI unveils Security Operating System for cloud remediation
HELPNETSECURITY.COM — 08 May 2026
🕵️
Object First Fleet Manager simplifies distributed backup storage
HELPNETSECURITY.COM — 08 May 2026
🕵️
Roblox chat moderation gets bypassed by leet speak and code words
HELPNETSECURITY.COM — 08 May 2026
🕵️
Signed Logitech Installer Abused to Drop TCLBANKER Banking Trojan
GBHACKERS.COM — 08 May 2026
🕵️
Securonix launches AI threat research agent and ThreatWatch validation tool
HELPNETSECURITY.COM — 08 May 2026
🕵️
OpenAI tunes GPT-5.5-Cyber for more permissive security workflows
HELPNETSECURITY.COM — 08 May 2026
🕵️
ZiChatBot Malware Abuses Zulip APIs for Stealthy C2 Operations
GBHACKERS.COM — 08 May 2026
🕵️
Google is turning Android Studio into a policy watchdog
HELPNETSECURITY.COM — 08 May 2026
🕵️
Modular RAT Campaign Steals Credentials and Captures Screenshots
GBHACKERS.COM — 08 May 2026
🕵️
Fake OpenClaw Installer Targets Crypto Wallets and Password Managers
GBHACKERS.COM — 08 May 2026
🕵️
Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI
CYBERSCOOP.COM — 08 May 2026
🕵️
SOCRadar Recognized in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies
SOCRADAR.IO — 08 May 2026
🕵️
Sen. Schumer seeks DHS plan on AI cyber coordination with state, local governments
CYBERSCOOP.COM — 08 May 2026
🕵️
Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia
SCHNEIER.COM — 2026-05-08
🌐
Australian Cyber Security Centre Issues Alert Over ClickFix Attacks
INFOSECURITY-MAGAZINE.COM — 08 May 2026
🌐
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
THEHACKERNEWS.COM — 08 May 2026
🌐
TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
THEHACKERNEWS.COM — 08 May 2026
🌐
Space, the internet's next frontier.
THECYBERWIRE.COM — 08 May 2026
📡
Detecting Web Server Probing & Fuzzing in Traefik with Automated Cloudflare Response
ELASTIC.CO — 08 May 2026
📡
Meet Rassvet, Russia’s Answer to Starlink
WIRED.COM — 08 May 2026
📡
AI, Cyberwarfare, and Autonomous Weapons: Inside America’s New Military Strategy
SECURITYAFFAIRS.COM — 08 May 2026
📡
Sri Lanka makes 37 arrests as it raids another scam centre
BITDEFENDER.COM — 08 May 2026
📡
One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk
THEHACKERNEWS.COM — 08 May 2026
📡
ShinyHunters escalates Canvas attacks with school login defacements
MALWAREBYTES.COM — 08 May 2026
📡
Inside Department 4: Russia’s secret school for hackers
BITDEFENDER.COM — 08 May 2026
📡
One in eight UK workers has sold their company passwords, and bosses think it’s fine
FORTRA.COM — 08 May 2026
📡
The Evolution of Kaspersky SIEM | Kaspersky official blog
KASPERSKY.COM — 08 May 2026
📡
Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
THEHACKERNEWS.COM — 08 May 2026
📡
US defense contractor who sold hacking tools to Russian broker ordered to pay $10M to former employers
TECHCRUNCH.COM — 08 May 2026
📡
Virginia man found guilty of deleting 96 government databases
THERECORD.MEDIA — 08 May 2026
📡
GM to pay over $12 million in California privacy settlement involving driver data
THERECORD.MEDIA — 08 May 2026
📡
ShinyHunters Claims Second Attack Against Instructure
DARKREADING.COM — 08 May 2026
🚨
U.S. CISA adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Palo Alto Networks PAN-OS, tracked as CVE-…
KEVSECURITYAFFAIRS.COM — 07 May 2026
🚨
U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Ivanti Endpoint Manager Mobile…
KEVSECURITYAFFAIRS.COM — 07 May 2026
🐛
Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
UNIT42.PALOALTONETWORKS.COM — 07 May 2026
🐛
Cisco Network Flaw Exposes Devices to Remote Denial-of-Service Exploits
GBHACKERS.COM — 07 May 2026
🐛
CVE-2026-33190 CoreDNS TSIG authentication bypass on encrypted DNS transports
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplification
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43127 ntfs3: fix circular locking dependency in run_unpack_ex
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43245 ntfs: ->d_compare() must not block
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43137 ASoC: SOF: Intel: hda: Fix NULL pointer dereference
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43234 team: avoid NETDEV_CHANGEMTU event when unregistering slave
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation()
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43244 kcm: fix zero-frag skb in frag_list on partial sendmsg error
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43191 drm/amd/display: Adjust PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-33489 CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-32934 CoreDNS DNS-over-QUIC unbounded goroutine growth leads to denial of service
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43176 wifi: rtw89: pci: validate release report content before using for RTL8922DE
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43204 ASoC: qcom: q6asm: drop DSP responses for closed data streams
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43131 drm/amd/pm: Fix null pointer dereference issue
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpoints
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2025-71290 misc: ti_fpc202: fix a potential memory leak in probe function
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCU
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2025-71293 drm/amdgpu/ras: Move ras data alloc before bad page check
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2025-71285 net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43197 netconsole: avoid OOB reads, msg is not nul-terminated
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43118 btrfs: fix zero size inode with non-zero size after log replay
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43109 x86: shadow stacks: proper error handling for mmap lock
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43274 mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43258 alpha: fix user-space corruption during memory compaction
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43107 xfrm: account XFRMA_IF_ID in aevent size calculation
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43243 drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2025-71294 drm/amdgpu: fix NULL pointer issue buffer funcs
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43237 drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43201 APEI/GHES: ARM processor Error: don't go past allocated memory
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43165 hwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_fanin
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43088 net: af_key: zero aligned sockaddr tail in PF_KEY exports
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43195 drm/amdgpu: validate user queue size constraints
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43228 hfs: Replace BUG_ON with error handling for CNID count checks
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43216 net: Drop the lock in skb_may_tx_timestamp()
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43267 wifi: rtw89: fix potential zero beacon interval in beacon tracking
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43083 net: ioam6: fix OOB and missing lock
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-23918 Apache HTTP Server: http2: double free and possible RCE on early reset
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-34059 Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-34032 Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-33006 Apache HTTP Server: mod_auth_digest timing attack
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-33007 Apache HTTP Server: mod_authn_socache crash
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-29169 Apache HTTP Server: mod_dav_lock indirect lock crash
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-29168 Apache HTTP Server: mod_md unrestricted OCSP response
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions
MSRC.MICROSOFT.COM — 07 May 2026
🐛
Redis Security Flaws Expose Servers to Remote Code Execution Risks
GBHACKERS.COM — 07 May 2026
🐛
CVE-2026-34318
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-34317
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-34319
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-33845 Gnutls: gnutls: denial of service via dtls zero-length fragment
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-3833 Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-6383 Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-34875
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-34874
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-34876
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-25835
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2025-66442
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-34873
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-34871
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-34872
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-25834
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-25833
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CVE-2026-41082
MSRC.MICROSOFT.COM — 07 May 2026
🐛
CISA Issues Warning Over Palo Alto PAN-OS Flaw Enabling Root-Level Access
KEVGBHACKERS.COM — 07 May 2026
🐛
Critical Palo Alto Networks software bug hits exposed firewalls
KEVCSOONLINE.COM — 07 May 2026
🐛
CVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25
SOCRADAR.IO — 07 May 2026
🐛
PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
THEHACKERNEWS.COM — 07 May 2026
🐛
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
THEHACKERNEWS.COM — 07 May 2026
🐛
Ollama vulnerability highlights danger of AI frameworks with unrestricted access
CSOONLINE.COM — 07 May 2026
🐛
Nation-state actors exploit Palo Alto PAN-OS zero-day for weeks
SECURITYAFFAIRS.COM — 07 May 2026
⚠️
Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks
THEHACKERNEWS.COM — 07 May 2026
⚠️
US government agency to safety test frontier AI models before release
CSOONLINE.COM — 07 May 2026
⚠️
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
THEHACKERNEWS.COM — 07 May 2026
⚠️
Cybercriminals Exploit Microsoft Teams to Phish Login Credentials and Bypass MFA
GBHACKERS.COM — 07 May 2026
⚠️
DeepFake it till you make it.
THECYBERWIRE.COM — 07 May 2026
⚠️
Open-source MCP server monitoring for Python apps
HELPNETSECURITY.COM — 07 May 2026
⚠️
Critical vm2 Node.js Library Flaws Enable Arbitrary Code Execution Attacks
GBHACKERS.COM — 07 May 2026
⚠️
UAT-8302 Targets Government Agencies With Custom Malware and Open-Source Tools
GBHACKERS.COM — 07 May 2026
⚠️
Hackers Exploit Google Ads to Steal GoDaddy ManageWP Logins
GBHACKERS.COM — 07 May 2026
⚠️
Ten years later, has the GDPR fulfilled its purpose?
CSOONLINE.COM — 07 May 2026
⚠️
Researchers Spot Uptick in Use of Vercel for Phishing Campaigns
INFOSECURITY-MAGAZINE.COM — 07 May 2026
⚠️
CallPhantom Android scam reached 7.3 million downloads on Google Play
HELPNETSECURITY.COM — 07 May 2026
⚠️
Scammers Exploit Disposable VoIP Numbers to Bypass Reputation Blocking
GBHACKERS.COM — 07 May 2026
⚠️
CISOs: Align cyber risk communication with boardroom psychology
CSOONLINE.COM — 07 May 2026
⚠️
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
THEHACKERNEWS.COM — 07 May 2026
⚠️
Claude and SpaceX Join Forces to Enhance Large-Scale Compute Capacity
GBHACKERS.COM — 07 May 2026
⚠️
Spring Vulnerabilities Open Door to Arbitrary File Access and GCP Secret Leaks
GBHACKERS.COM — 07 May 2026
⚠️
The AI-vs-AI battle is already happening. Watch it live at EXPOSURE 2026.
TENABLE.COM — 07 May 2026
⚠️
If a fake moustache can fool age checks, is the Online Safety Act working?
MALWAREBYTES.COM — 07 May 2026
⚠️
Exploits and vulnerabilities in Q1 2026
SECURELIST.COM — 07 May 2026
⚠️
One House Democrat is pressing Commerce on the government’s spyware use
CYBERSCOOP.COM — 07 May 2026
⚠️
How Cloudflare responded to the “Copy Fail” Linux vulnerability
CLOUDFLARE.COM — 07 May 2026
⚠️
Why Security in 2026 Requires Continuous Threat and Exposure Management (CTEM) at Scale
RAPID7.COM — 07 May 2026
⚠️
Businesses hide vast majority of ransomware attacks, report finds
CYBERSECURITYDIVE.COM — 07 May 2026
⚠️
Palo Alto Networks warns state-linked cluster behind zero-day exploitation
CYBERSECURITYDIVE.COM — 07 May 2026
⚠️
Cisco patches high-severity flaws enabling SSRF, code execution attacks
SECURITYAFFAIRS.COM — 07 May 2026
⚠️
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
CISECURITY.ORG — 07 May 2026
⚠️
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
THEHACKERNEWS.COM — 07 May 2026
⚠️
ICYMI: April 2026 @AWS Security
AWS.AMAZON.COM — 07 May 2026
⚠️
LinkedIn illegally blocking free accounts from seeing ‘who’s viewed your profile’ data, group alleges
CSOONLINE.COM — 07 May 2026
⚠️
Getting Rid of Your VPN - Rob Allen - PSW #925
YOUTUBE.COM — 2026-05-07
⚠️
Ivanti customers confront yet another actively exploited zero-day
KEVCYBERSCOOP.COM — 07 May 2026
⚠️
Rapid7 and OpenAI: Helping Defenders Move at Machine Speed
RAPID7.COM — 07 May 2026
📋
Google pushes massive Chrome security update to patch 127 flaws
CYBERINSIDER.COM — 07 May 2026
📢
Trump’s AI Preemption Playbook.
THECYBERWIRE.COM — 07 May 2026
📢
Kloudfuse 4.0 delivers AI-governed observability and scalable workload isolation
HELPNETSECURITY.COM — 07 May 2026
📢
Bots in translation: Can AI really fix SIEM rule sprawl across vendors?
CSOONLINE.COM — 07 May 2026
📢
New CISA initiative aims to help critical infrastructure operators prepare for disruptions.
THECYBERWIRE.COM — 07 May 2026
📢
Has CISA Finally Found Its New Leader in Tom Parker?
DARKREADING.COM — 07 May 2026
📢
Pentagon reaches deals with seven AI providers.
THECYBERWIRE.COM — 07 May 2026
📢
Trump officials are steering a cybersecurity scholarship program toward AI
CYBERSCOOP.COM — 07 May 2026
📢
The backup plan needs a backup plan.
THECYBERWIRE.COM — 07 May 2026
📢
Iranian government hackers using Chaos ransomware as cover, researchers say
THERECORD.MEDIA — 07 May 2026
🔥
Woflow - 447,593 breached accounts
HAVEIBEENPWNED.COM — 07 May 2026
🔥
Day Zero Readiness: The Operational Gaps That Break Incident Response
THEHACKERNEWS.COM — 07 May 2026
🔥
Polish intelligence warns hackers attacked water treatment control systems
THERECORD.MEDIA — 07 May 2026
🔥
World's First AI-Driven Cyberattack Couldn't Breach OT Systems
DARKREADING.COM — 07 May 2026
🔥
One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches
THEHACKERNEWS.COM — 07 May 2026
🔥
North Carolina man pleads guilty to doxxing Supreme Court justices
THERECORD.MEDIA — 07 May 2026
🔥
Hackers hack victims hacked by other hackers
TECHCRUNCH.COM — 07 May 2026
🔥
Unplug your way to better code
TALOSINTELLIGENCE.COM — 07 May 2026
🔥
“ClaudeBleed” allows any Chrome extension to control Anthropic’s AI assistant
CYBERINSIDER.COM — 07 May 2026
🔥
Hackers deface school login pages after claiming another Instructure hack
TECHCRUNCH.COM — 07 May 2026
🔥
VPN Access Without Open Ports
YOUTUBE.COM — 2026-05-07
🕵️
North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware
THERECORD.MEDIA — 07 May 2026
🕵️
ISC Stormcast For Thursday, May 7th, 2026 https://isc.sans.edu/podcastdetail/9922, (Thu, May 7th)
ISC.SANS.EDU — 07 May 2026
🕵️
An Adaptive Cyber Analytics UI for Web Honeypot Logs &#x5b;Guest Diary&#x5d;, (Wed, May 6th)
ISC.SANS.EDU — 07 May 2026
🕵️
WatchGuard Agent Flaws Allow Attackers to Gain Full SYSTEM Privileges on Windows
GBHACKERS.COM — 07 May 2026
🕵️
Fake Disk Cleanup Apps Fuel New macOS ClickFix Attack
GBHACKERS.COM — 07 May 2026
🕵️
Multi-model AI is creating a routing headache for enterprises
HELPNETSECURITY.COM — 07 May 2026
🕵️
Malicious NuGet Packages Steal Browser Credentials, SSH Keys, and Crypto Wallets
GBHACKERS.COM — 07 May 2026
🕵️
Red Hat Enterprise Linux adds post-quantum security and AI-driven automation in latest releases
HELPNETSECURITY.COM — 07 May 2026
🕵️
Google Chrome 148 Released With Fixes for 127 Security Flaws
GBHACKERS.COM — 07 May 2026
🕵️
Why “Trusted Publishing” Can’t Save Us from Social Engineering
PROGRAMMING.DEV — 7 May 2026
🕵️
Daemon Tools Developer Confirms Software Was Trojanized
INFOSECURITY-MAGAZINE.COM — 07 May 2026
🕵️
Smart Glasses for the Authorities
SCHNEIER.COM — 2026-05-07
🕵️
Hackers Weaponize Claude AI in Attacks on Water and Drainage Utilities
GBHACKERS.COM — 07 May 2026
🕵️
Fake Claude AI Installers Used to Spread Malware in New Cyber Scam
GBHACKERS.COM — 07 May 2026
🕵️
Fake Call History Apps on Google Play Steal Payments, Hit 7.3M+ Downloads
GBHACKERS.COM — 07 May 2026
🕵️
American duo sentenced for hosting laptop farms for North Korean IT workers
CYBERSCOOP.COM — 07 May 2026
🕵️
Manual Changes Break Security
YOUTUBE.COM — 2026-05-07
🕵️
Google Seeks EU Deal Over ‘Parasite SEO’ News Rankings
TECHREPUBLIC.COM — 07 May 2026
🕵️
Android 17: Everything We Know About Google’s Biggest Year Yet
TECHREPUBLIC.COM — 07 May 2026
🕵️
Apple’s $250M Siri Settlement Could Pay Eligible iPhone Buyers
TECHREPUBLIC.COM — 07 May 2026
🕵️
This Dell 15 Laptop Offers a Sensible Daily Driver Setup for Just $307
TECHREPUBLIC.COM — 07 May 2026
🕵️
World Password Day 2026: Treat Identity as the Perimeter (and Act Like It)
KNOWBE4.COM — 07 May 2026
🕵️
New TCLBANKER malware self-spreads through WhatsApp and Outlook
CYBERINSIDER.COM — 07 May 2026
🕵️
Mac Studio, Mac mini Buyers Are Losing Options Amid AI Demand
TECHREPUBLIC.COM — 07 May 2026
🕵️
Alphabet Poised to Overtake Nvidia as the World’s Most Valuable Public Company
TECHREPUBLIC.COM — 07 May 2026
🕵️
Elon Musk’s Texas Chip Plant Could Cost $119B, Filings Show
TECHREPUBLIC.COM — 07 May 2026
🌐
TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook
ELASTIC.CO — 07 May 2026
🌐
AI in the Wrong Hands
THECYBERWIRE.COM — 07 May 2026
🌐
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
THEHACKERNEWS.COM — 07 May 2026
🌐
Nearly half of the world’s passwords can be cracked in under a minute | Kaspersky official blog
KASPERSKY.COM — 07 May 2026
🌐
From Android TVs to routers: the xlabs_v1 Mirai-based botnet built for DDoS attacks
SECURITYAFFAIRS.COM — 07 May 2026
🌐
OpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack, Warns Dragos
INFOSECURITY-MAGAZINE.COM — 07 May 2026
🌐
Fake Claude AI Site Drops Beagle Backdoor on Windows Users
INFOSECURITY-MAGAZINE.COM — 07 May 2026
🌐
After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
DARKREADING.COM — 07 May 2026
🎙️
How do we secure applications when anyone can code?
THECYBERWIRE.COM — 07 May 2026
📡
PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale
SENTINELONE.COM — 07 May 2026
📡
Thousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open Web
WIRED.COM — 07 May 2026
📡
'TrustFall' Exposes Claude Code Execution Risk
DARKREADING.COM — 07 May 2026
📡
Operation HookedWing: 4-Year Multi-Sector Attack Analysis
SOCRADAR.IO — 07 May 2026
📡
Police arrest SMS blaster crew that sent malicious messages to thousands across Toronto
TECHCRUNCH.COM — 07 May 2026
📡
2 days left: Get 50% off a second pass to TechCrunch Disrupt 2026
TECHCRUNCH.COM — 07 May 2026
📡
Massive AI investment scam network spans 15,500 domains
MALWAREBYTES.COM — 07 May 2026
📡
Legacy Security Tools Are Failing Data Protection, Capital One Software Report Finds
INFOSECURITY-MAGAZINE.COM — 07 May 2026
📡
Cline Kanban Flaw Lets Websites Hijack AI Coding Agents
INFOSECURITY-MAGAZINE.COM — 07 May 2026
📡
How Anthropic’s Mythos has rewritten Firefox’s approach to cybersecurity
TECHCRUNCH.COM — 07 May 2026
📡
AWS achieves SNI 27017, SNI 27018, and SNI 9001 certifications for the AWS Asia Pacific (Jakarta) Region
AWS.AMAZON.COM — 07 May 2026
📡
How to Disable Google's Gemini in Chrome
WIRED.COM — 07 May 2026
🐛
QR Phishing Explodes, Ubuntu Under Attack, CISA Warns Critical Infrastructure Prepare for Isolation
CYBERSECURITYTODAY.LIBSYN.COM — 06 May 2026
🐛
Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
KEVTHEHACKERNEWS.COM — 06 May 2026
🐛
CVE-2026-43037 ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
MSRC.MICROSOFT.COM — 06 May 2026
🐛
CVE-2026-43964
MSRC.MICROSOFT.COM — 06 May 2026
🐛
Critical Palo Alto Firewall Vulnerability Enables Attackers to Gain Root Privileges
GBHACKERS.COM — 06 May 2026
🐛
Argo CD ServerSideDiff Flaw Allows Attackers to Extract Kubernetes Secrets
GBHACKERS.COM — 06 May 2026
🐛
Palo Alto Networks PAN-OS flaw exploited for remote code execution
KEVSECURITYAFFAIRS.COM — 06 May 2026
🐛
Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE
SECURITYAFFAIRS.COM — 06 May 2026
🐛
WhatsApp warns of Instagram Reels bug that could load risky content
KEVCYBERINSIDER.COM — 06 May 2026
🐛
Root-level RCE vulnerability in Palo Alto firewalls exploited (CVE-2026-0300)
KEVHELPNETSECURITY.COM — 06 May 2026
🐛
Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)
KEVRAPID7.COM — 06 May 2026
🐛
Palo Alto warns of critical software bug used in firewall attacks
THERECORD.MEDIA — 06 May 2026
⚠️
Weekly Update 502
TROYHUNT.COM — 06 May 2026
⚠️
Zero-Auth Vulnerability Enables Cross-Tenant Access at DoD Contractor
GBHACKERS.COM — 06 May 2026
⚠️
Malicious OpenClaw Skill Targets Agentic AI Workflows to Deploy RATs and Stealers
GBHACKERS.COM — 06 May 2026
⚠️
Ransomware Gangs Escalate Attacks on Aviation and Aerospace Sector
GBHACKERS.COM — 06 May 2026
⚠️
Risky Business #836 -- You can't patch the bugpocalypse
RISKY.BIZ — 06 May 2026
⚠️
Russia’s Forest Blizzard Is Abusing Home + Small Office Routers for Cred Theft
THECYBERWIRE.COM — 06 May 2026
⚠️
Proofpoint Establishes Innovation Precedent for Source-Agnostic Modern Enterprise Investigations
PROOFPOINT.COM — 06 May 2026
⚠️
Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs
THEHACKERNEWS.COM — 06 May 2026
⚠️
Salesforce Marketing Cloud Vulnerability Exposes Email Data Risk
GBHACKERS.COM — 06 May 2026
⚠️
Poisoned truth: The quiet security threat inside enterprise AI
CSOONLINE.COM — 06 May 2026
⚠️
Train like you fight: Why cyber operations teams need no-notice drills
CSOONLINE.COM — 06 May 2026
⚠️
Teach to Sell and Two Interviews from RSAC 2026 from Dropzone AI and Microsoft - BSW #446
YOUTUBE.COM — 2026-05-06
⚠️
CloudZ RAT Exploits Microsoft Phone Link to Steal SMS OTPs
GBHACKERS.COM — 06 May 2026
⚠️
Intel 471 speeds threat hunting and remediation with Retroactive Threat Detections
HELPNETSECURITY.COM — 06 May 2026
⚠️
UiPath adds agentic AI capabilities to Automation Suite for government agencies
HELPNETSECURITY.COM — 06 May 2026
⚠️
New Relic advances AI observability with new intelligence layer
HELPNETSECURITY.COM — 06 May 2026
⚠️
ServiceNow strengthens enterprise AI security with Autonomous Security & Risk platform
HELPNETSECURITY.COM — 06 May 2026
⚠️
Taiwan High Speed Rail Hit by Spoofing Attack That Stops Three Trains
GBHACKERS.COM — 06 May 2026
⚠️
New malware turns Linux systems into P2P attack networks
CSOONLINE.COM — 06 May 2026
⚠️
Attackers Continue to Pose as Help Desks in Social Engineering Attacks
KNOWBE4.COM — 06 May 2026
⚠️
Phishing Attack Weaponizes Calendar Invites to Steal Login Credentials
GBHACKERS.COM — 06 May 2026
⚠️
Massive DDoS Attack Generates 2.45 Billion Requests Using 1.2 Million IP Addresses
GBHACKERS.COM — 06 May 2026
⚠️
FEMITBOT Network Exploits Telegram Mini Apps to Spread Crypto Scams and Android Malware
GBHACKERS.COM — 06 May 2026
⚠️
Anthropic’s CEO warns the “moment of danger” is real. But most are looking in the wrong place.
TENABLE.COM — 06 May 2026
⚠️
Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware
RAPID7.COM — 06 May 2026
⚠️
CloudZ Malware Abuses Phone Link to Steal SMS OTPs
INFOSECURITY-MAGAZINE.COM — 06 May 2026
⚠️
GrapheneOS fixes Android VPN leak Google refused to patch
CYBERINSIDER.COM — 06 May 2026
⚠️
CISA warns of CopyFail exploitation.
THECYBERWIRE.COM — 06 May 2026
⚠️
Speed, Not AI, Breaks You
YOUTUBE.COM — 2026-05-06
⚠️
A critical Palo Alto PAN-OS zero-day is being exploited in the wild
KEVCYBERSCOOP.COM — 06 May 2026
⚠️
A Vulnerability in Apache HTTP Server Could Allow for Remote Code Execution
CISECURITY.ORG — 06 May 2026
⚠️
The exploit that writes its own story.
THECYBERWIRE.COM — 06 May 2026
⚠️
A Vulnerability in PAN-OS Could Allow for Remote Code Execution
CISECURITY.ORG — 06 May 2026
📢
Iran-Linked Hackers Target Oman Ministries in Webshell and Data Theft Campaign
GBHACKERS.COM — 06 May 2026
📢
Attackers Bypass Azure AD Conditional Access Using Phantom Device Registration
GBHACKERS.COM — 06 May 2026
📢
How CISOs Reduce Cyber Risk with MITRE ATT&CK
ANY.RUN — 06 May 2026
📢
CISA Urges Critical Infrastructure Providers to Make Plans to Remain Operational if hit by Cyber-Attack
INFOSECURITY-MAGAZINE.COM — 06 May 2026
📢
NIST will test three major tech firms’ frontier AI models for cybersecurity risks
CYBERSECURITYDIVE.COM — 06 May 2026
📢
Iranian state-backed spies pose as ransomware slingers in false flag attacks
CSOONLINE.COM — 06 May 2026
📢
New CISA initiative aims for critical infrastructure to operate offline during cyberattacks
THERECORD.MEDIA — 06 May 2026
📢
New compliance guide available: ISO/IEC 42001:2023 on AWS
AWS.AMAZON.COM — 06 May 2026
🔥
QLNX Targets Developers in Supply Chain Credential Theft Campaign
GBHACKERS.COM — 06 May 2026
🔥
Ransomware Gang Member Linked to Russian Cybercrime Group Sentenced to Prison
GBHACKERS.COM — 06 May 2026
🔥
Vimeo Confirms Breach Exposing 119,000 Unique User Email Addresses
GBHACKERS.COM — 06 May 2026
🔥
Middle East Cyber Battle Field Broadens — Especially in UAE
DARKREADING.COM — 06 May 2026
🔥
LegionProxy - 10,144 breached accounts
HAVEIBEENPWNED.COM — 06 May 2026
🔥
Millions of students&#8217; personal data stolen in major education breach
MALWAREBYTES.COM — 06 May 2026
🔥
Iran-Linked APT Posed as Chaos Ransomware Member in Espionage Campaign
INFOSECURITY-MAGAZINE.COM — 06 May 2026
🔥
MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
THEHACKERNEWS.COM — 06 May 2026
🔥
Iran-sponsored threat group behind false flag social engineering campaign
CYBERSECURITYDIVE.COM — 06 May 2026
🔥
Cybercriminals Are Complaining About AI Slop Flooding Their Forums
WIRED.COM — 06 May 2026
🔥
Iranian cyber espionage disguised as a Chaos Ransomware attack
SECURITYAFFAIRS.COM — 06 May 2026
🔥
DOJ says ransomware gang tapped into Russian government databases
TECHCRUNCH.COM — 06 May 2026
🔥
AI evaluation startup Braintrust confirms breach, tells every customer to rotate sensitive keys
TECHCRUNCH.COM — 06 May 2026
🔥
Instructure Breach Exposes Schools' Vendor Dependence
DARKREADING.COM — 06 May 2026
🕵️
ISC Stormcast For Wednesday, May 6th, 2026 https://isc.sans.edu/podcastdetail/9920, (Wed, May 6th)
ISC.SANS.EDU — 06 May 2026
🕵️
Remus Infostealer Adopts Lumma-Style Browser Key Theft to Bypass App-Bound Encryption
GBHACKERS.COM — 06 May 2026
🕵️
Your Container Is Not a Sandbox
PROGRAMMING.DEV — 6 May 2026
🕵️
Rowhammer Attack Against NVIDIA Chips
SCHNEIER.COM — 2026-05-06
🕵️
Insights into the clustering and reuse of phone numbers in scam emails
TALOSINTELLIGENCE.COM — 06 May 2026
🕵️
Extreme Networks introduces Agent ONE for autonomous enterprise networking
HELPNETSECURITY.COM — 06 May 2026
🕵️
8×8 updates CX platform with AI, analytics, and frontline management capabilities
HELPNETSECURITY.COM — 06 May 2026
🕵️
Proton Mail brings quantum-safe email encryption to all accounts
HELPNETSECURITY.COM — 06 May 2026
🕵️
groundcover expands its observability platform with enhanced Synthetic Monitoring and RUM
HELPNETSECURITY.COM — 06 May 2026
🕵️
Megaport enhances network resilience with integrated DDoS protection
HELPNETSECURITY.COM — 06 May 2026
🕵️
Darkhub Hacking-for-Hire Portal Promotes Crypto Fraud and Spyware Services
GBHACKERS.COM — 06 May 2026
🕵️
Microsoft Teams on Android Now Lets Users Join External Meetings Through SIP
GBHACKERS.COM — 06 May 2026
🕵️
OceanLotus suspected of using PyPI to deliver ZiChatBot malware
SECURELIST.COM — 06 May 2026
🕵️
Swapper – A Pure Regex Match/Replace Burp Extension
BLACKHILLSINFOSEC.COM — 06 May 2026
🕵️
Google Chrome silently installs 4GB Gemini Nano AI model on user devices
CYBERINSIDER.COM — 06 May 2026
🕵️
Salat Malware Abuses QUIC and WebSockets for Stealthy C2 Control
GBHACKERS.COM — 06 May 2026
🕵️
Belief Comes Before Growth
YOUTUBE.COM — 2026-05-06
🕵️
Businesses eager but unprepared for AI to transform their security strategies
CYBERSECURITYDIVE.COM — 06 May 2026
🕵️
Mozilla, Mullvad, Proton, sign letter opposing UK age verification
CYBERINSIDER.COM — 06 May 2026
🕵️
Building Trust in Low-Touch Teams
YOUTUBE.COM — 2026-05-06
🕵️
A DOD contractor’s API flaw exposed military course data and service member records
CYBERSCOOP.COM — 06 May 2026
🌐
Malicious PyTorch Lightning update hits AI supply chain security
SECURITYAFFAIRS.COM — 06 May 2026
🌐
Google's Android Apps Get Public Verification to Stop Supply Chain Attacks
THEHACKERNEWS.COM — 06 May 2026
🌐
Websites with an undefined trust level: avoiding the trap
SECURELIST.COM — 06 May 2026
🌐
How VoidStealer bypasses Chrome’s protections to hijack sessions and steal data | Kaspersky official blog
KASPERSKY.COM — 06 May 2026
🌐
LABScon25 Replay | Please Connect to the Foreign Entity to Enhance Your User Experience
SENTINELONE.COM — 06 May 2026
🌐
Attackers adopt JavaScript runtime Bun to spread NWHStealer
MALWAREBYTES.COM — 06 May 2026
🌐
Some kids are bypassing age verification checks with a fake mustache
TECHCRUNCH.COM — 06 May 2026
🌐
Yet Another Way to Bypass Google Chrome's Encryption Protection
DARKREADING.COM — 06 May 2026
🎙️
Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired
GRAHAMCLULEY.COM — 06 May 2026
📡
Weekly Threat Bulletin – May 6th, 2026
F5.COM — 06 May 2026
📡
One in Eight Workers Has Sold Their Corporate Logins
INFOSECURITY-MAGAZINE.COM — 06 May 2026
📡
From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber
DARKREADING.COM — 06 May 2026
📡
The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open
THEHACKERNEWS.COM — 06 May 2026
📡
Your AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?
THEHACKERNEWS.COM — 06 May 2026
📡
Hackers compromise Daemon Tools in global supply-chain attack, researchers say
THERECORD.MEDIA — 06 May 2026
📡
Google Chrome&#8217;s silent 4GB AI download problem
MALWAREBYTES.COM — 06 May 2026
📡
XBOW secures an additional $35 million in Series C funding.
THECYBERWIRE.COM — 06 May 2026
📡
A Kid With a Fake Mustache Tricked an Online Age-Verification Tool
WIRED.COM — 06 May 2026
📡
After 17 years, Gavril Sandu extradited to U.S. for hacking scheme
SECURITYAFFAIRS.COM — 06 May 2026
📡
Taiwan High-Speed Rail Emergency Braking Hack: How a Student Stopped the Trains and Exposed a Major Security Gap
SECURITYAFFAIRS.COM — 06 May 2026
🚨
CISA mulls new three-day remediation deadline for critical flawsExperts have mixed reactions to a report that the US Cybersecurity and Infrastructure Security Agency (CISA) is considering reducing the timeline in which government agencies must address critical vulnerabilities from two weeks to only three days. The current 14-day window applie…
KEVCSOONLINE.COM — 05 May 2026
🐛
Apache HTTP Server Vulnerability Exposes Millions to Remote Code Execution Threats
GBHACKERS.COM — 05 May 2026
🐛
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
KEVTHEHACKERNEWS.COM — 05 May 2026
🐛
CVE-2026-42798
MSRC.MICROSOFT.COM — 05 May 2026
🐛
CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow
MSRC.MICROSOFT.COM — 05 May 2026
🐛
CVE-2026-37457
MSRC.MICROSOFT.COM — 05 May 2026
🐛
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
THEHACKERNEWS.COM — 05 May 2026
🐛
Critical Weaver E-cology RCE Exploit Raises Alarm for Enterprise Systems
KEVGBHACKERS.COM — 05 May 2026
🐛
AI finds 20-year-old bugs in PostgreSQL and MariaDB
CSOONLINE.COM — 05 May 2026
🐛
Five ways to use Kiro and Amazon Q to strengthen your security posture
AWS.AMAZON.COM — 05 May 2026
🐛
Critical Android vulnerability CVE-2026-0073 fixed by Google
SECURITYAFFAIRS.COM — 05 May 2026
🐛
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
THEHACKERNEWS.COM — 05 May 2026
🐛
Unpatched flaws turn Ollama’s auto-updater into a persistent RCE vector, researchers say
HELPNETSECURITY.COM — 05 May 2026
🐛
Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years
UNIT42.PALOALTONETWORKS.COM — 05 May 2026
⚠️
Anthropic Mythos spurs White House to weigh pre-release reviews for high-risk AI models
CSOONLINE.COM — 05 May 2026
⚠️
Mythbehavior under investigation.
THECYBERWIRE.COM — 05 May 2026
⚠️
174: Pacific Rim
DARKNETDIARIES.COM — 05 May 2026
⚠️
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
THEHACKERNEWS.COM — 05 May 2026
⚠️
The Terrorist Designation: A New Red Line for Ransomware with Cynthia Kaiser
THECYBERWIRE.COM — 05 May 2026
⚠️
Qualcomm Chipset Vulnerabilities Raise Alarm Over Remote Code Execution Risk
GBHACKERS.COM — 05 May 2026
⚠️
Attackers Exploit Amazon SES to Send Authenticated Phishing Emails
GBHACKERS.COM — 05 May 2026
⚠️
Critical Android Zero-Click Vulnerability Enables Remote Shell Access
GBHACKERS.COM — 05 May 2026
⚠️
Trellix Reveals Unauthorized Access to Source Code
INFOSECURITY-MAGAZINE.COM — 05 May 2026
⚠️
CISOs step up to the security workforce challenge
CSOONLINE.COM — 05 May 2026
⚠️
Keeping Up With the OWASP GenAI Project - Scott Clinton - ASW #381
YOUTUBE.COM — 2026-05-05
⚠️
NCSC Warns of an AI-Fuelled “Vulnerability Patch Wave”
INFOSECURITY-MAGAZINE.COM — 05 May 2026
⚠️
DarkSword Malware
SCHNEIER.COM — 2026-05-05
⚠️
WhatsApp Security Flaw Enables Malicious URL Execution Through Instagram Reels
GBHACKERS.COM — 05 May 2026
⚠️
Education Sector Hit by Espionage, Phishing, and Supply Chain Attacks
GBHACKERS.COM — 05 May 2026
⚠️
Microsoft warns of global campaign stealing auth tokens from 35K users
SECURITYAFFAIRS.COM — 05 May 2026
⚠️
CloudZ malware hijacks Microsoft Phone Link to intercept SMS and OTPs
CYBERINSIDER.COM — 05 May 2026
⚠️
We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is
THEHACKERNEWS.COM — 05 May 2026
⚠️
Silver Fox Uses Fake Tax Notices to Drop ValleyRAT and ABCDoor Backdoor
GBHACKERS.COM — 05 May 2026
⚠️
Cisco Acquisition of Astrix Security Signals to Strengthen on Non-Human Identity Security
GBHACKERS.COM — 05 May 2026
⚠️
Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs
CSOONLINE.COM — 05 May 2026
⚠️
C/C++ checklist challenges, solved
TRAILOFBITS.COM — 05 May 2026
⚠️
US-Targeted Phishing Campaign Exposes Credential and Remote Access Risks for CISOs
ANY.RUN — 05 May 2026
⚠️
How Far the US Went to Rescue Hostage Bowe Bergdahl
THECYBERWIRE.COM — 05 May 2026
⚠️
PoC tool extracts cleartext passwords from Microsoft Edge memory
CYBERINSIDER.COM — 05 May 2026
⚠️
A Walkthrough of the 2026 Global Cybersecurity Summit Agenda
RAPID7.COM — 05 May 2026
⚠️
Fake SSA Emails Drive Venomous#Helper Phishing Campaign
INFOSECURITY-MAGAZINE.COM — 05 May 2026
⚠️
Google to pay up to $1.5 million for zero-click Pixel Titan M exploits
HELPNETSECURITY.COM — 05 May 2026
⚠️
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
THEHACKERNEWS.COM — 05 May 2026
⚠️
Oracle will patch more often to counter AI cybersecurity threat
CSOONLINE.COM — 05 May 2026
⚠️
Trellix investigating breach of source code repository
CYBERSECURITYDIVE.COM — 05 May 2026
⚠️
Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk
DARKREADING.COM — 05 May 2026
⚠️
UK's NCSC warns of AI-driven "patch wave."
THECYBERWIRE.COM — 05 May 2026
⚠️
Apple brings end-to-end encryption to RCS messaging in iOS 26.5
CYBERINSIDER.COM — 05 May 2026
⚠️
Tanium Atlas aims to accelerate threat response in the AI era
HELPNETSECURITY.COM — 05 May 2026
⚠️
CISA pushes critical infrastructure operators to prepare to work in isolation
CSOONLINE.COM — 05 May 2026
⚠️
Google AppSheet Abuse Helped Phish 30,000 Facebook Accounts
TECHREPUBLIC.COM — 05 May 2026
⚠️
Google Update: Android Flaw Could Put Billions of Devices at Risk
TECHREPUBLIC.COM — 05 May 2026
⚠️
Edge browser leaves passwords exposed in plain text, says researcher
CSOONLINE.COM — 05 May 2026
⚠️
CVE Disclosures Become AI Prompts
YOUTUBE.COM — 2026-05-05
⚠️
Strengthening cyber defense through policy and people.
THECYBERWIRE.COMHTTPS: — 05 May 2026
⚠️
The fixes keep coming.
THECYBERWIRE.COM — 05 May 2026
⚠️
Trellix Source Code Breach Highlights Growing Supply Chain Threats
DARKREADING.COM — 05 May 2026
⚠️
Patch in 3 Days or Break
KEVYOUTUBE.COM — 2026-05-05
⚠️
SN 1077: A Browser AI API? - End of Bug Bounties?
TWIT.TV — 05 May 2026
📋
Oracle rolls out monthly security patch updates
HELPNETSECURITY.COM — 05 May 2026
📢
Download: Secure Foundations for AI Workloads on AWS
HELPNETSECURITY.COM — 05 May 2026
📢
Microsoft: Phishing campaign used fake compliance notices to compromise employee accounts
HELPNETSECURITY.COM — 05 May 2026
📢
LuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare Organizations
GBHACKERS.COM — 05 May 2026
📢
CISA urges critical infrastructure firms to ‘fortify’ now before it’s too late
CYBERSECURITYDIVE.COM — 05 May 2026
📢
Microsoft Flags Mass Phishing Campaign Using Fake Compliance Emails
INFOSECURITY-MAGAZINE.COM — 05 May 2026
📢
CISA boasts AI automation improvements to threat analysis, mission support
CYBERSCOOP.COM — 05 May 2026
📢
Supply-chain attacks take aim at your AI coding agents
CSOONLINE.COM — 05 May 2026
📢
Zino, 0auth, VSS, Mental Health Hackers, 3 Days of KEV, Copy/Fail, AI, Aaran Leyland - SWN #578
KEVYOUTUBE.COM — 2026-05-05
📢
CISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflict
CYBERSCOOP.COM — 05 May 2026
🔥
Vimeo - 119,167 breached accounts
HAVEIBEENPWNED.COM — 05 May 2026
🔥
DigiCert Hacked in Screensaver-Based Attack to Fraudulently Obtain EV Code Signing Certificates
GBHACKERS.COM — 05 May 2026
🔥
Educational tech firm Instructure data breach may have impacted 9,000 schools
SECURITYAFFAIRS.COM — 05 May 2026
🔥
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
THEHACKERNEWS.COM — 05 May 2026
🔥
APT37 hacks gaming platform to spread new BirdCall Android spyware
CYBERINSIDER.COM — 05 May 2026
🔥
Australia launches cyber review board modeled on version disbanded in US
THERECORD.MEDIA — 05 May 2026
🔥
Conti ransomware gang member sentenced to 102 months in prison
HELPNETSECURITY.COM — 05 May 2026
🔥
Introducing the New AI-Native KnowBe4 SAT
KNOWBE4.COM — 05 May 2026
🔥
ScarCruft Targets Gaming Platform With Windows, Android Backdoors
GBHACKERS.COM — 05 May 2026
🔥
Hackers Abuse DAEMON Tools Distribution Channel to Deliver Malicious Payloads
GBHACKERS.COM — 05 May 2026
🔥
Hackers steal students’ data during breach at education tech giant Instructure
TECHCRUNCH.COM — 05 May 2026
🔥
North Korean APT Targets Yanbian Gamers via Trojanized Platform
INFOSECURITY-MAGAZINE.COM — 05 May 2026
🔥
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
THEHACKERNEWS.COM — 05 May 2026
🔥
Latvian national sentenced for ransomware attacks run by former Conti leaders
CYBERSCOOP.COM — 05 May 2026
🔥
Conti, Akira ransomware affiliate given 8-year sentence
THERECORD.MEDIA — 05 May 2026
🔥
Vimeo confirms breach via third-party vendor impacts 119K users
SECURITYAFFAIRS.COM — 05 May 2026
🔥
U.S. court sentences Karakurt ransomware negotiator to 8.5 years
SECURITYAFFAIRS.COM — 05 May 2026
🕵️
ISC Stormcast For Tuesday, May 5th, 2026 https://isc.sans.edu/podcastdetail/9918, (Tue, May 5th)
ISC.SANS.EDU — 05 May 2026
🕵️
Microsoft Edge Found Storing Saved Passwords in Cleartext Memory at Startup
GBHACKERS.COM — 05 May 2026
🕵️
pnpm 11 Enables Default Release-Age Guard to Curb npm Supply Chain Attacks
GBHACKERS.COM — 05 May 2026
🕵️
Fake “Notepad++ for Mac” Site May Pose Malware Risk for Mac Users
GBHACKERS.COM — 05 May 2026
🕵️
New Attribution Framework Links APT Campaigns Across Key Layers
GBHACKERS.COM — 05 May 2026
🕵️
North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China
HELPNETSECURITY.COM — 05 May 2026
🕵️
Meta adds proof-based security to encrypted backups
HELPNETSECURITY.COM — 05 May 2026
🕵️
Code of Conduct Phish Hits 35,000 Users in Multi-Stage AiTM Attack
GBHACKERS.COM — 05 May 2026
🕵️
FTC orders Kochava to stop selling people’s location data
CYBERINSIDER.COM — 05 May 2026
🕵️
Anomali ThreatStream Next-Gen speeds threat response across workflows
HELPNETSECURITY.COM — 05 May 2026
🕵️
Cerberus Stalkerware Hits Google Play, Abuses Accessibility and Firebase for Remote Control
GBHACKERS.COM — 05 May 2026
🕵️
UAT-8302 and its box full of malware
TALOSINTELLIGENCE.COM — 05 May 2026
🕵️
VIAVI CyberFlood CF1000 pushes 400G validation for multi-terabit AI data centers
HELPNETSECURITY.COM — 05 May 2026
🕵️
OWASP AI Security Summit May 27
YOUTUBE.COM — 2026-05-05
🕵️
Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in ‘widespread’ attack
TECHCRUNCH.COM — 05 May 2026
🕵️
Samsung Display Reveals Screens That Measure Health, Stretch, and Fight Glare
TECHREPUBLIC.COM — 05 May 2026
🕵️
iOS 26.5 to Introduce Encrypted RCS, Maps Changes, and New EU Features
TECHREPUBLIC.COM — 05 May 2026
🕵️
Enhance Your Expertise Anytime with Unlimited Online Courses — Now $19.97
TECHREPUBLIC.COM — 05 May 2026
🕵️
What If Your Digital Footprint Could Shrink?
TECHREPUBLIC.COM — 05 May 2026
🕵️
Power Through Projects with the Microsoft Office 2024 Home & Business
TECHREPUBLIC.COM — 05 May 2026
🕵️
Apple Wallet May Get ‘Create a Pass’ Tool for Event Tickets, Gift Cards
TECHREPUBLIC.COM — 05 May 2026
🕵️
Proton Mail rolls out quantum-resistant encryption for all users
CYBERINSIDER.COM — 05 May 2026
🕵️
Brave sees 100% Linux growth as browser reaches 115M monthly users
CYBERINSIDER.COM — 05 May 2026
🕵️
LastPass Mobile Smart Scanner improves password security
HELPNETSECURITY.COM — 05 May 2026
🕵️
New WhatsApp Flaws Could Affect Billions of Users After Meta Security Patch
TECHREPUBLIC.COM — 05 May 2026
🕵️
News alert: LuxSci launches HIPAA-compliant email platform for mid-size healthcare market
LASTWATCHDOG.COM — 05 May 2026
🌐
Supply chain attack via DAEMON Tools | Kaspersky official blog
KASPERSKY.COM — 05 May 2026
🌐
Update WhatsApp now: Two new flaws could expose you to malicious files
MALWAREBYTES.COM — 05 May 2026
🌐
FTC bans data broker Kochava from selling sensitive location info
THERECORD.MEDIA — 05 May 2026
🎙️
How the Story of a USB Penetration Test Went Viral
DARKREADING.COM — 05 May 2026
📡
Elastic Workflows GA: automation where your security data already lives
ELASTIC.CO — 05 May 2026
📡
The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
THEHACKERNEWS.COM — 05 May 2026
📡
Cleartext Passwords in MS Edge&#x3f; In 2026&#x3f;, (Mon, May 4th)
ISC.SANS.EDU — 05 May 2026
📡
SSL.com rotates their root certificate today, (Tue, May 5th)
ISC.SANS.EDU — 05 May 2026
📡
CloudZ RAT potentially steals OTP messages using Pheno plugin
TALOSINTELLIGENCE.COM — 05 May 2026
📡
AI Adoption Outpaces Safety Policies, Leaving Organizations Exposed to Cyber Risk
INFOSECURITY-MAGAZINE.COM — 05 May 2026
📡
4 days left: Get 50% off a second TechCrunch Disrupt 2026 pass to make more deals faster
TECHCRUNCH.COM — 05 May 2026
📡
Introducing AI traffic analysis dashboards for AWS WAF
AWS.AMAZON.COM — 05 May 2026
🚨
U.S. CISA adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Linux Kernel, tracked as CVE-2026-31431 (CVSS score of …
KEVSECURITYAFFAIRS.COM — 04 May 2026
🐛
FreeBSD Systems at Risk From DHCP Client RCE Vulnerability
GBHACKERS.COM — 04 May 2026
🐛
cPanel Vulnerability Exploited to Compromise Government and Military Servers
GBHACKERS.COM — 04 May 2026
🐛
CISA Flags Linux Kernel Vulnerability as Threat Actors Launch Attacks
KEVGBHACKERS.COM — 04 May 2026
🐛
CISA warns “Copy Fail” Linux flaw is already actively exploited
KEVCYBERINSIDER.COM — 04 May 2026
🐛
Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)
HELPNETSECURITY.COM — 04 May 2026
🐛
Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940)
HELPNETSECURITY.COM — 04 May 2026
🐛
Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940
SECURITYAFFAIRS.COM — 04 May 2026
🐛
MOVEit automation flaws could enable full system compromise
SECURITYAFFAIRS.COM — 04 May 2026
⚠️
Spotting third-party cyber risk before attackers do
HELPNETSECURITY.COM — 04 May 2026
⚠️
What researchers learned about building an LLM security workflow
HELPNETSECURITY.COM — 04 May 2026
⚠️
Reborn Gaming - 126 breached accounts
HAVEIBEENPWNED.COM — 04 May 2026
⚠️
Pipelock: Open-source AI agent firewall
HELPNETSECURITY.COM — 04 May 2026
⚠️
Trellix Source Code Breach Exposes Repository to Unauthorized Access
GBHACKERS.COM — 04 May 2026
⚠️
Top 10 AI Pentest Tools
SOCRADAR.IO — 04 May 2026
⚠️
AI-Powered Threat Actors Accelerate 0-Day Discovery at Machine Speed
GBHACKERS.COM — 04 May 2026
⚠️
MOVEit Authentication Bypass Vulnerability Sparks Security Concerns
GBHACKERS.COM — 04 May 2026
⚠️
CISA Alert Highlights Active Exploitation of cPanel & WHM Security Bug
KEVGBHACKERS.COM — 04 May 2026
⚠️
New Apache MINA Vulnerabilities Open Door to Remote Code Execution Attacks
GBHACKERS.COM — 04 May 2026
⚠️
The fake IT worker problem CISOs can’t ignore
CSOONLINE.COM — 04 May 2026
⚠️
How CISOs should utilize data security posture management to inform risk
CSOONLINE.COM — 04 May 2026
⚠️
Post Quantum Migration Struggles, AI Threats, and Modern Defenses - ESW #457
YOUTUBE.COM — 2026-05-04
⚠️
Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching
HELPNETSECURITY.COM — 04 May 2026
⚠️
Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
THEHACKERNEWS.COM — 04 May 2026
⚠️
276 Arrested as Authorities Dismantle Crypto Scam Centers Targeting Americans
GBHACKERS.COM — 04 May 2026
⚠️
AI speeds flaw discovery, forcing rapid updates, UK NCSC warns
SECURITYAFFAIRS.COM — 04 May 2026
⚠️
DigiCert suffers breach, stolen certificates used to sign malware
CYBERINSIDER.COM — 04 May 2026
⚠️
Stronger Cybersecurity, Stronger Business: NIST Celebrates 2026 National Small Business Week
NIST.GOV — 04 May 2026
⚠️
Malicious TanStack Package Abuses Postinstall Script to Steal Developer Secrets
GBHACKERS.COM — 04 May 2026
⚠️
Security agencies draw red lines around agentic AI deployments
CSOONLINE.COM — 04 May 2026
⚠️
Cisco Launches AI Provenance Tool to Strengthen Security and Compliance
GBHACKERS.COM — 04 May 2026
⚠️
Security for AI: A strategic framework for closing the AI exposure gap
TENABLE.COM — 04 May 2026
⚠️
4th May – Threat Intelligence Report
RESEARCH.CHECKPOINT.COM — 04 May 2026
⚠️
Q-Day Might Come Sooner
YOUTUBE.COM — 2026-05-04
⚠️
Owl IRD enables one-way forensic data transfer for incident response teams
HELPNETSECURITY.COM — 04 May 2026
⚠️
Two cybersecurity pros get prison time for helping ransomware gang
KEVHELPNETSECURITY.COM — 04 May 2026
⚠️
⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
THEHACKERNEWS.COM — 04 May 2026
⚠️
Progress Software urges customers to patch critical MOVEit flaw.
THECYBERWIRE.COM — 04 May 2026
⚠️
Critical vulnerability in cPanel leads to widespread exploitation
CYBERSECURITYDIVE.COM — 04 May 2026
⚠️
A Vulnerability in WHM cPanel and WP Squared Could Allow for Remote Code Execution
CISECURITY.ORG — 04 May 2026
⚠️
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
THEHACKERNEWS.COM — 04 May 2026
⚠️
Hackers are still exploiting the cPanel bug to gain control of thousands of websites
TECHCRUNCH.COM — 04 May 2026
⚠️
Security without a login screen.
THECYBERWIRE.COM — 04 May 2026
⚠️
Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability
DARKREADING.COM — 04 May 2026
⚠️
‘Copy Fail’ is a real Linux security crisis wrapped in AI slop
KEVCYBERSCOOP.COM — 04 May 2026
📢
Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M
THEHACKERNEWS.COM — 04 May 2026
📢
DigiCert Root Certificates Incorrectly Detected as Malware by Microsoft Defender
GBHACKERS.COM — 04 May 2026
📢
Penske Logistics launches platform for real-time supply chain visibility
HELPNETSECURITY.COM — 04 May 2026
📢
US government warns of severe CopyFail bug affecting major versions of Linux
TECHCRUNCH.COM — 04 May 2026
🔥
15-year-old detained over massive data breach at French government agency
HELPNETSECURITY.COM — 04 May 2026
🔥
DOJ Sentences Two Americans for ALPHV BlackCat Ransomware Attacks
KEVGBHACKERS.COM — 04 May 2026
🔥
2026: The Year of AI-Assisted Attacks
THEHACKERNEWS.COM — 04 May 2026
🔥
Bluekit Phishing Kit Streamlines Domains, 2FA Lures, and Session Hijacking
GBHACKERS.COM — 04 May 2026
🔥
Canvas Confirms Data Breach Following ShinyHunters Claim
GBHACKERS.COM — 04 May 2026
🔥
DigiCert breached via malicious screensaver file
HELPNETSECURITY.COM — 04 May 2026
🔥
Cyberattacks are raising your prices (Lock and Code S07E09)
MALWAREBYTES.COM — 04 May 2026
🔥
Ransomware group claims breach of pro-Orbán Hungarian media firm
THERECORD.MEDIA — 04 May 2026
🔥
Educational company Infrastructure reports cyber incident
THERECORD.MEDIA — 04 May 2026
🕵️
ISC Stormcast For Monday, May 4th, 2026 https://isc.sans.edu/podcastdetail/9916, (Mon, May 4th)
ISC.SANS.EDU — 04 May 2026
🕵️
Your work apps are quietly handing 19 data points to someone
HELPNETSECURITY.COM — 04 May 2026
🕵️
Brush shell 0.4.0 tightens script safety, widens platform support
HELPNETSECURITY.COM — 04 May 2026
🕵️
Email Bombing, Fake IT Support Calls Drive Microsoft Teams Phishing Surge
GBHACKERS.COM — 04 May 2026
🕵️
UK Government Announces Plans to Grow National AI Infrastructure
TECHREPUBLIC.COM — 04 May 2026
🕵️
AI Agent Reportedly Deletes Company’s Entire Database, Admits to Violating Guardrails
TECHREPUBLIC.COM — 04 May 2026
🕵️
Lens Agents brings policy control to AI across cloud and desktop
HELPNETSECURITY.COM — 04 May 2026
🕵️
Attackers Hijack SAP npm Packages to Steal Dev Secrets
GBHACKERS.COM — 04 May 2026
🕵️
Hacking Polymarket
SCHNEIER.COM — 2026-05-04
🕵️
Why data centers now belong on the critical infrastructure list
CYBERSCOOP.COM — 04 May 2026
🕵️
Botnet Hijacks ADB-Exposed Android Devices to Target Minecraft Servers
GBHACKERS.COM — 04 May 2026
🕵️
Meta enhances security of WhatsApp and Messenger encrypted backups
CYBERINSIDER.COM — 04 May 2026
🕵️
Report: Deepfake Fraud Causes Billions in Losses
KNOWBE4.COM — 04 May 2026
🕵️
New MOVEit vulnerabilities prompt urgent vendor warning
CYBERSECURITYDIVE.COM — 04 May 2026
🕵️
Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia
DARKREADING.COM — 04 May 2026
🕵️
Operant AI Endpoint Protector secures AI agents and MCP tools
HELPNETSECURITY.COM — 04 May 2026
🕵️
Blend Autopilot MCP brings AI agent orchestration to lending platforms
HELPNETSECURITY.COM — 04 May 2026
🕵️
A college student is suing a dating app that allegedly used her TikTok videos to target men in her dormitory
CYBERSCOOP.COM — 04 May 2026
🕵️
Gen Z Is Bringing the iPod Back as a Distraction-Free Music Escape
TECHREPUBLIC.COM — 04 May 2026
🕵️
Google Workspace Adds 5 AI Upgrades That Could Change Daily Work
TECHREPUBLIC.COM — 04 May 2026
🕵️
The $59 AI Tool Turning Forms Into Smart Workflows
TECHREPUBLIC.COM — 04 May 2026
🕵️
Apple Eyes ‘Aggressive Pricing’ for iPhone 18 Pro Amid Rising Costs
TECHREPUBLIC.COM — 04 May 2026
🕵️
GameStop Launches $56 Billion Bid to Take Over eBay
TECHREPUBLIC.COM — 04 May 2026
🕵️
Indirect Prompt Injection Is Now a Real-World AI Security Threat
TECHREPUBLIC.COM — 04 May 2026
🕵️
Microsoft Defender Bug Triggers False Malware Alerts for DigiCert Certificates
TECHREPUBLIC.COM — 04 May 2026
🕵️
6 Best No-Log VPNs in 2026
TECHREPUBLIC.COM — 04 May 2026
🕵️
5 Best VPNs for Android in 2026
TECHREPUBLIC.COM — 04 May 2026
🕵️
The 7 Best iPhone VPNs in 2026
TECHREPUBLIC.COM — 04 May 2026
🌐
A week in security (April 27 &#8211; May 3)
MALWAREBYTES.COM — 04 May 2026
🌐
Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia
THEHACKERNEWS.COM — 04 May 2026
📡
Nvidia China Market Share Zero
CYBERSECURITYTODAY.LIBSYN.COM — 04 May 2026
📡
Bluekit phishing kit enables automated phishing with 40+ templates and AI tools
SECURITYAFFAIRS.COM — 04 May 2026
📡
How OpenClaw’s agent skills become an attack surface
CYBERSECURITYDIVE.COM — 04 May 2026
📡
“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security
SECURELIST.COM — 04 May 2026
📡
Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition
BITDEFENDER.COM — 04 May 2026
📡
The motivation of droids from the “Star Wars” universe | Kaspersky official blog
KASPERSKY.COM — 04 May 2026
📡
Thousands of Facebook accounts stolen by phishing emails sent through Google
MALWAREBYTES.COM — 04 May 2026
📡
The 2026 World Cup scam economy is already running before the first whistle
MALWAREBYTES.COM — 04 May 2026
📡
How Dark Reading Lifted Off the Launchpad in 2006
DARKREADING.COM — 04 May 2026
📡
DShield Honeypot Update, (Mon, May 4th)
ISC.SANS.EDU — 04 May 2026
📡
US healthcare marketplaces shared citizenship and race data with ad tech giants
TECHCRUNCH.COM — 04 May 2026
📡
5 days only: Bring a partner or colleague and get 50% off a second TechCrunch Disrupt 2026 pass
TECHCRUNCH.COM — 04 May 2026
📡
DHS Demanded Google Surrender Data on Canadian's Activity, Location Over Anti-ICE Posts
WIRED.COM — 04 May 2026
📡
Forbes preliminarily agrees to pay $10 million to settle California wiretapping lawsuit
THERECORD.MEDIA — 04 May 2026
📡
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
THEHACKERNEWS.COM — 04 May 2026
📡
TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)
ISC.SANS.EDU — 04 May 2026
📡
Securing open proxies in your AWS environment
AWS.AMAZON.COM — 04 May 2026
📡
RMM Tools Fuel Stealthy Phishing Campaign
DARKREADING.COM — 04 May 2026
🚨
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEVThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, t…
KEVTHEHACKERNEWS.COM — 03 May 2026
🚨
U.S. CISA adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-41940 (CVSS score…
KEVSECURITYAFFAIRS.COM — 03 May 2026
🐛
CVE-2026-37555
MSRC.MICROSOFT.COM — 03 May 2026
🐛
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
MSRC.MICROSOFT.COM — 03 May 2026
🐛
CVE-2026-6845 Binutils: binutils: denial of service via crafted elf file
MSRC.MICROSOFT.COM — 03 May 2026
🐛
CVE-2026-6846 Binutils: binutils: arbitrary code execution via malformed xcoff object file processing
MSRC.MICROSOFT.COM — 03 May 2026
🐛
CVE-2026-30656
MSRC.MICROSOFT.COM — 03 May 2026
🐛
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service
MSRC.MICROSOFT.COM — 03 May 2026
🐛
CVE-2017-20230 Storable versions before 3.05 for Perl has a stack overflow
MSRC.MICROSOFT.COM — 03 May 2026
🐛
CVE-2026-32148 Lockfile checksums not verified in Hex allows dependency integrity bypass
MSRC.MICROSOFT.COM — 03 May 2026
🐛
CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow
MSRC.MICROSOFT.COM — 03 May 2026
🐛
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
MSRC.MICROSOFT.COM — 03 May 2026
🐛
CVE-2026-43058 media: vidtv: fix pass-by-value structs causing MSAN warnings
MSRC.MICROSOFT.COM — 03 May 2026
🐛
CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion
MSRC.MICROSOFT.COM — 03 May 2026
🐛
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference
MSRC.MICROSOFT.COM — 03 May 2026
⚠️
Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months
HELPNETSECURITY.COM — 03 May 2026
⚠️
Google Revamps Bug Bounty Programs: Android Rewards Rise, Chrome Payouts Drop in the Age of AI
SECURITYAFFAIRS.COM — 03 May 2026
🔥
Security Affairs newsletter Round 575 by Pierluigi Paganini – INTERNATIONAL EDITION
SECURITYAFFAIRS.COM — 03 May 2026
🔥
Salt Typhoon breach IBM subsidiary in Italy: a warning for Europe’s digital defenses
SECURITYAFFAIRS.COM — 03 May 2026
🔥
Marcus & Millichap - 1,837,078 breached accounts
HAVEIBEENPWNED.COM — 03 May 2026
🕵️
Wireshark 4.6.5 Released, (Sun, May 3rd)
ISC.SANS.EDU — 03 May 2026
🕵️
ChatGPT advanced account security adds passkeys and hardware keys
HELPNETSECURITY.COM — 03 May 2026
🌐
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 95
SECURITYAFFAIRS.COM — 03 May 2026
📡
3 easy-to-miss cybersecurity risks for small businesses
MALWAREBYTES.COM — 03 May 2026
🐛
cPanelSniper PoC Exploit Disclosed as 44,000 Servers Reportedly Compromised
GBHACKERS.COM — 02 May 2026
🐛
CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions
MSRC.MICROSOFT.COM — 02 May 2026
🐛
CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization
MSRC.MICROSOFT.COM — 02 May 2026
🐛
Massive cPanel campaign compromised 44,000 servers worldwide
CYBERINSIDER.COM — 02 May 2026
⚠️
Connected Cars Are Rolling Spy Networks — And They Can Be Hacked
CYBERSECURITYTODAY.LIBSYN.COM — 02 May 2026
⚠️
Double-edged threat.
THECYBERWIRE.COM — 02 May 2026
⚠️
OpenAI and Anthropic brief Congress on cyber-capable AI models.
THECYBERWIRE.COM — 02 May 2026
⚠️
Trellix Confirms Source Code Breach With Unauthorized Repository Access
THEHACKERNEWS.COM — 02 May 2026
⚠️
ZenBusiness - 5,118,184 breached accounts
HAVEIBEENPWNED.COM — 02 May 2026
⚠️
Trellix discloses the breach of a code repository
SECURITYAFFAIRS.COM — 02 May 2026
🔥
Massive Facebook Phishing Operation Leverages AppSheet, Netlify, and Telegram
GBHACKERS.COM — 02 May 2026
🔥
New Deep#Door RAT uses stealth and persistence to target Windows
SECURITYAFFAIRS.COM — 02 May 2026
🔥
Two US cybersecurity experts sentenced in ransomware case, third awaits July ruling
KEVSECURITYAFFAIRS.COM — 02 May 2026
🕵️
The Data That Actually Matters
YOUTUBE.COM — 2026-05-02
🕵️
What Could Go Wrong With AI Audit
YOUTUBE.COM — 2026-05-02
📡
Disneyland Now Uses Face Recognition on Visitors
WIRED.COM — 02 May 2026
🐛
‘Trivial’ exploit can give attackers root access to Linux kernel
CSOONLINE.COM — 01 May 2026
🐛
Chromium: CVE-2026-7343 Use after free in Views
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7363 Use after free in Canvas
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7359 Use after free in ANGLE
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7333 Use after free in GPU
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7360 Insufficient validation of untrusted input in Compositing
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7344 Use after free in Accessibility
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7358 Use after free in Animation
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7334 Use after free in Views
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7357 Use after free in GPU
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7356 Use after free in Navigation
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7353 Heap buffer overflow in Skia
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7351 Race in MHTML
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7354 Out of bounds read and write in Angle
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7349 Use after free in Cast
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7348 Use after free in Codecs
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7335 Use after free in media
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7336 Use after free in WebRTC
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7350 Use after free in WebMIDI
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7345 Insufficient validation of untrusted input in Feedback
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7347 Use after free in Chromoting
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7346 Inappropriate implementation in Tint
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7337 Type Confusion in V8
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7338 Use after free in Cast
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7341 Use after free in WebRTC
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7340 Integer overflow in ANGLE
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7339 Heap buffer overflow in WebRTC
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Chromium: CVE-2026-7355 Use after free in Media
MSRC.MICROSOFT.COM — 01 May 2026
🐛
WhatsApp Encryption Under Fire After Probe Shut Down
CYBERSECURITYTODAY.LIBSYN.COM — 01 May 2026
🐛
CVE-2026-31533 net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption
MSRC.MICROSOFT.COM — 01 May 2026
🐛
CVE-2026-41526
MSRC.MICROSOFT.COM — 01 May 2026
🐛
CVE-2026-40356
MSRC.MICROSOFT.COM — 01 May 2026
🐛
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
MSRC.MICROSOFT.COM — 01 May 2026
🐛
CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns
MSRC.MICROSOFT.COM — 01 May 2026
🐛
CVE-2026-40355
MSRC.MICROSOFT.COM — 01 May 2026
🐛
Federal agencies must patch cPanel bug by Sunday, CISA says
THERECORD.MEDIA — 01 May 2026
🐛
Windows shell spoofing vulnerability puts sensitive data at risk
KEVCSOONLINE.COM — 01 May 2026
🐛
Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers
WIRED.COM — 01 May 2026
🐛
Metasploit Wrap-Up 05/01/2026
RAPID7.COM — 01 May 2026
⚠️
Snake Oilers: Ent AI, Spacewalk and Mondoo
RISKY.BIZ — 01 May 2026
⚠️
New infosec products of the month: April 2026
HELPNETSECURITY.COM — 01 May 2026
⚠️
Fake CAPTCHA Scam Uses SMS Pumping to Inflate Phone Bills
GBHACKERS.COM — 01 May 2026
⚠️
Aman - 215,563 breached accounts
HAVEIBEENPWNED.COM — 01 May 2026
⚠️
AI traffic is getting bigger, louder, and less predictable
HELPNETSECURITY.COM — 01 May 2026
⚠️
Claude Security Enters Public Beta for Enterprise Customers
GBHACKERS.COM — 01 May 2026
⚠️
Open-source privacy proxy masks PII before prompts reach external AI services
HELPNETSECURITY.COM — 01 May 2026
⚠️
Shadow AI risks deepen as 31% of users get no employer training
HELPNETSECURITY.COM — 01 May 2026
⚠️
China-Aligned Hackers Deploy ShadowPad in Multi-Stage Espionage Campaign
GBHACKERS.COM — 01 May 2026
⚠️
Multiple Wireshark Vulnerabilities Allow Arbitrary Code Execution via Malformed Packets
GBHACKERS.COM — 01 May 2026
⚠️
AI-Powered Ransomware Surge Hits 7,831 Victims Worldwide
GBHACKERS.COM — 01 May 2026
⚠️
DDoS Malware Targets Jenkins to Hit Valve Game Servers
GBHACKERS.COM — 01 May 2026
⚠️
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
THEHACKERNEWS.COM — 01 May 2026
⚠️
Just 34% of cyber pros plan to stick with their current employer
CSOONLINE.COM — 01 May 2026
⚠️
Managing OT risk at scale: Why OT cyber decisions are leadership decisions
CSOONLINE.COM — 01 May 2026
⚠️
Human-centric failures: Why BEC continues to work despite MFA
CSOONLINE.COM — 01 May 2026
⚠️
Actively exploited cPanel bug exposes millions of websites to takeover
KEVMALWAREBYTES.COM — 01 May 2026
⚠️
Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher
INFOSECURITY-MAGAZINE.COM — 01 May 2026
⚠️
Anthropic launches Claude Security to counter rapid AI-Powered exploits
SECURITYAFFAIRS.COM — 01 May 2026
⚠️
Utah becomes first US state to require age verification for VPN use
CYBERINSIDER.COM — 01 May 2026
⚠️
Mozilla warns Chrome’s Prompt API threatens web neutrality
CYBERINSIDER.COM — 01 May 2026
⚠️
Anthropic Rolls Out Claude Security for AI Vulnerability Scanning
INFOSECURITY-MAGAZINE.COM — 01 May 2026
⚠️
Vulnerability remediation: Match CVEs to asset owners in seconds with Tenable Hexa AI
TENABLE.COM — 01 May 2026
⚠️
British cyber agency warns of looming ‘patch wave’ as AI speeds flaw discovery
THERECORD.MEDIA — 01 May 2026
⚠️
China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists
THEHACKERNEWS.COM — 01 May 2026
⚠️
A Medicare database leaked Social Security numbers.
THECYBERWIRE.COM — 01 May 2026
⚠️
TCP Packet Walks Into a Bar
YOUTUBE.COM — 2026-05-01
⚠️
Your KnowBe4 Fresh Content Updates from April 2026
KNOWBE4.COM — 01 May 2026
⚠️
Think before you deploy the agent.
THECYBERWIRE.COM — 01 May 2026
⚠️
Hidden Risk QR Code Phishing
YOUTUBE.COM — 2026-05-01
⚠️
AI agents can bypass guardrails and put credentials at risk, Okta study finds
CSOONLINE.COM — 01 May 2026
⚠️
Essential Data Sources for Detection Beyond the Endpoint
UNIT42.PALOALTONETWORKS.COM — 01 May 2026
📋
Microsoft Windows 11 April 2026 Security Update Disrupts Third-Party Backup Tools
GBHACKERS.COM — 01 May 2026
📋
SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. Patch them now
SECURITYAFFAIRS.COM — 01 May 2026
📢
Multiple Exim Mail Server Vulnerabilities Could Trigger Crashes via Malicious DNS Data
GBHACKERS.COM — 01 May 2026
📢
EtherRAT Uses SEO Poisoning and Fake GitHub Pages to Target Enterprise Admins
GBHACKERS.COM — 01 May 2026
📢
Nearly every Linux system built since 2017 vulnerable to ‘Copy Fail’ flaw
THERECORD.MEDIA — 01 May 2026
📢
UK Tech Ministers Opposing Government Plans to Align with EU AI Rules
TECHREPUBLIC.COM — 01 May 2026
📢
US government, allies publish guidance on how to safely deploy AI agents
CYBERSCOOP.COM — 01 May 2026
📢
Announcing the ISO 31000:2018 Risk Management on AWS Compliance Guide
AWS.AMAZON.COM — 01 May 2026
🔥
A Ransomware Negotiator Was Working for a Ransomware Gang
SCHNEIER.COM — 2026-05-01
🔥
Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks
KEVTHEHACKERNEWS.COM — 01 May 2026
🔥
Two American Cybersecurity Workers Jailed for BlackCat Ransomware Attacks
INFOSECURITY-MAGAZINE.COM — 01 May 2026
🔥
Cyber incident responders who carried out ransomware attacks given 4-year sentences
THERECORD.MEDIA — 01 May 2026
🔥
30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
THEHACKERNEWS.COM — 01 May 2026
🔥
The new speed of cyber defense with Andrew Carr from Booz Allen
THECYBERWIRE.COMHTTPS: — 01 May 2026
🕵️
ISC Stormcast For Friday, May 1st, 2026 https://isc.sans.edu/podcastdetail/9914, (Fri, May 1st)
ISC.SANS.EDU — 01 May 2026
🕵️
Identity is the control plane for distributed infrastructure
HELPNETSECURITY.COM — 01 May 2026
🕵️
Ruby Gems and Go Modules Used in Campaign Targeting GitHub Actions
GBHACKERS.COM — 01 May 2026
🕵️
Deep#Door Stealer Targets Passwords, Tokens, SSH Keys, and Wi-Fi Credentials
GBHACKERS.COM — 01 May 2026
🕵️
FBI Warns Logistics Sector of Fake Business Identity Cargo Scams
GBHACKERS.COM — 01 May 2026
🕵️
CAPTCHA and ClickFix Abuse Fuels Credential Theft Surge
GBHACKERS.COM — 01 May 2026
🕵️
New Android Spyware Platform Enables Rebranding and Resale
GBHACKERS.COM — 01 May 2026
🕵️
Name That Toon: Mark of (Security) Progress
DARKREADING.COM — 01 May 2026
🕵️
Download: Automating Pentest Delivery Guide
HELPNETSECURITY.COM — 01 May 2026
🕵️
Cyber spies target Russian aviation firms to steal satellite and GPS data
THERECORD.MEDIA — 01 May 2026
🕵️
Samsung’s Next Galaxy Book Could Run Android Instead of Windows
TECHREPUBLIC.COM — 01 May 2026
🕵️
US and allies urge ‘careful adoption’ of AI agents
CYBERSECURITYDIVE.COM — 01 May 2026
🕵️
German MPs advised to drop Signal in favor of Wire over security concerns
CYBERINSIDER.COM — 01 May 2026
🕵️
As email phishing evolves, malicious attachments decline and QR codes surge
CYBERSECURITYDIVE.COM — 01 May 2026
🕵️
OpenAI Introduces Password-Free Login for Millions of ChatGPT Users
TECHREPUBLIC.COM — 01 May 2026
🕵️
Microsoft Flagged 8.3B Phishing Emails in Q1 as QR Codes, CAPTCHAs Rise
TECHREPUBLIC.COM — 01 May 2026
🕵️
Alert: Payroll-Hijacking Attacks Are Targeting Canadian Employees
KNOWBE4.COM — 01 May 2026
🕵️
Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations
GBHACKERS.COM — 01 May 2026
🕵️
DOS, Seneca the Younger, Outlook, CopyFail, cPanel, QR, Ruby, Go, Talkie, Josh Marpet - SWN #577
YOUTUBE.COM — 2026-05-01
🕵️
White House questions tech industry on defensive AI use, cybersecurity resilience
CYBERSECURITYDIVE.COM — 01 May 2026
🕵️
Apple Sales Jump as ‘Most Popular’ iPhone Fuels Growth
TECHREPUBLIC.COM — 01 May 2026
🕵️
Breaking encryption with quantum computing — Interview with Chris Peikert
CYBERINSIDER.COM — 01 May 2026
🕵️
76% of All Crypto Stolen in 2026 Is Now in North Korea
DARKREADING.COM — 01 May 2026
📡
Enterprise Spotlight: Transforming software development with AI
US.RESOURCES.CSOONLINE.COM — 01 May 2026
📡
Top Five Sales Challenges Costing MSPs Cybersecurity Revenue
THEHACKERNEWS.COM — 01 May 2026
📡
20 Years in Cyber: Dark Reading Marks Milestone With Month of Special Coverage
DARKREADING.COM — 01 May 2026
📡
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
THEHACKERNEWS.COM — 01 May 2026
📡
Carding service Jerry’s Store leak exposes 345,000 stolen payment cards
SECURITYAFFAIRS.COM — 01 May 2026
📡
Ubuntu services hit by outages after DDoS attack
TECHCRUNCH.COM — 01 May 2026
📡
If AI's So Smart, Why Does It Keep Deleting Production Databases?
DARKREADING.COM — 01 May 2026
📡
Senate Judiciary advances bill that would bar minors from interacting with AI companions
THERECORD.MEDIA — 01 May 2026
📡
Digital attacks drive a new wave of cargo theft, FBI says
SECURITYAFFAIRS.COM — 01 May 2026
📡
Malicious Ad for Homebrew Leads to MacSync Stealer, (Fri, May 1st)
ISC.SANS.EDU — 01 May 2026
📡
Security posture improvement in the AI era
AWS.AMAZON.COM — 01 May 2026
📡
Social Engineering Leveled Up. Has Your Security Program?
HUNTRESS.COM — 2026-05-01
🚨
Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerabilityA flaw in the Linux kernel present since 2017 allows a local user to gain root access on virtually every major Linux distribution. A public exploit is available and reported to work reliably. Key Takeaways CVE-2026-31431 is a high severity local privilege escalation vulnerability…
KEVTENABLE.COM — 30 Apr 2026
🐛
Linux Kernel 0-Day “Copy Fail” Grants Root Access Across Major Distros Since 2017
GBHACKERS.COM — 30 Apr 2026
🐛
ProFTPD SQL Injection Flaw Opens Door To Remote Code Execution Attacks
GBHACKERS.COM — 30 Apr 2026
🐛
CVE-2017-3731 Truncated packet could crash via OOB read
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
CVE-2026-31545 NFC: nxp-nci: allow GPIOs to sleep
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
CVE-2026-31546 net: bonding: fix NULL deref in bond_debug_rlb_hash_show
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
CVE-2026-41607 Apache Thrift: C++ JSON OOB read
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
CVE-2026-41636 Apache Thrift: Node.js skip() recursion
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
CVE-2026-34477 Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
CVE-2026-31429 net: skb: fix cross-cache free of KFENCE-allocated skb head
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
CVE-2026-41305 PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
CVE-2026-3298 Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
CVE-2026-31508 net: openvswitch: Avoid releasing netdev before teardown completes
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
CVE-2026-31540 drm/i915/gt: Check set_default_submission() before deferencing
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
CVE-2026-6238 Buffer overread in ns_printrrf with corrupted RDATA field
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
CVE-2026-31499 Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del()
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
CVE-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflow
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
CVE-2026-41604 Apache Thrift: Swift Range crash in skip()
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
CVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
CVE-2026-41606 Apache Thrift: c_glib dispatch stack overflow
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions
THEHACKERNEWS.COM — 30 Apr 2026
🐛
Attackers Exploit cPanel Authentication Bypass 0-Day After PoC Release
KEVGBHACKERS.COM — 30 Apr 2026
🐛
Critical cPanel zero-day auth bypass exploited since February
KEVCYBERINSIDER.COM — 30 Apr 2026
🐛
CVE-2019-1551 rsaz_512_sqr overflow bug on x86_64
MSRC.MICROSOFT.COM — 30 Apr 2026
🐛
PoC Disclosed for Critical Root ASUSTOR ADM RCE Flaw
GBHACKERS.COM — 30 Apr 2026
🐛
Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)
HELPNETSECURITY.COM — 30 Apr 2026
🐛
“Copy Fail” gives root access to all Linux systems via 732-byte exploit
CYBERINSIDER.COM — 30 Apr 2026
🐛
cPanel zero-day exploited for months before patch release (CVE-2026-41940)
HELPNETSECURITY.COM — 30 Apr 2026
🐛
Copy Fail: New Linux bug enables Root via page‑cache corruption
SECURITYAFFAIRS.COM — 30 Apr 2026
🐛
cPanel’s authentication bypass bug is being exploited in the wild, CISA warns
KEVCYBERSCOOP.COM — 30 Apr 2026
⚠️
Amazon Layoffs Hit Thousands Across Multiple States as Fresh Stores Close
TECHREPUBLIC.COM — 30 Apr 2026
⚠️
Microsoft Confirms Windows Flaw Is Being Exploited After Incomplete Patch
TECHREPUBLIC.COM — 30 Apr 2026
⚠️
Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years
CSOONLINE.COM — 30 Apr 2026
⚠️
SonicWall SonicOS Flaw Lets Attackers Bypass Access Controls and Crash Firewalls
GBHACKERS.COM — 30 Apr 2026
⚠️
A game of loans.
THECYBERWIRE.COM — 30 Apr 2026
⚠️
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
THEHACKERNEWS.COM — 30 Apr 2026
⚠️
Qinglong Task Scheduler RCE Flaws Exploited in the Wild
KEVGBHACKERS.COM — 30 Apr 2026
⚠️
Jenkins Plugin Updates Fix Path Traversal and Stored XSS Bugs
GBHACKERS.COM — 30 Apr 2026
⚠️
SAP npm package attack highlights risks in developer tools and CI/CD pipelines
CSOONLINE.COM — 30 Apr 2026
⚠️
Stopping the quiet drift toward excessive agency with re-permissioning
CSOONLINE.COM — 30 Apr 2026
⚠️
ODNI to CISOs on threat assessments: You’re on your own
CSOONLINE.COM — 30 Apr 2026
⚠️
Max-severity RCE flaw found in Google Gemini CLI
CSOONLINE.COM — 30 Apr 2026
⚠️
New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
THEHACKERNEWS.COM — 30 Apr 2026
⚠️
Dismantle implicit trust in OT networks, CISA tells critical infrastructure operators
CSOONLINE.COM — 30 Apr 2026
⚠️
Cisco releases open-source toolkit for verifying AI model lineage
HELPNETSECURITY.COM — 30 Apr 2026
⚠️
Met Police face criticism for using AI to spy on their own officers
HELPNETSECURITY.COM — 30 Apr 2026
⚠️
Hackers arrested for stealing and reselling 600,000 Roblox accounts
HELPNETSECURITY.COM — 30 Apr 2026
⚠️
AI Is Scaling Cyber Attacks
YOUTUBE.COM — 2026-04-30
⚠️
Arbitrary code execution and Claude Code CLI: How Claude executed code before you click 'trust'
PROGRAMMING.DEV — 30 Apr 2026
⚠️
"Copy Fail" flaw leads to privilege escalation on Linux.
THECYBERWIRE.COM — 30 Apr 2026
⚠️
Agent’s claims on WhatsApp access spark security concerns
SECURITYAFFAIRS.COM — 30 Apr 2026
⚠️
Hackers are actively exploiting a bug in cPanel, used by millions of websites
TECHCRUNCH.COM — 30 Apr 2026
⚠️
Bridging the gap: How to integrate Claude Security into the Tenable One Exposure Management Platform
TENABLE.COM — 30 Apr 2026
⚠️
Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug
DARKREADING.COM — 30 Apr 2026
⚠️
FIRESTARTER - PSW #924
YOUTUBE.COM — 2026-04-30
⚠️
When Trusted Sites Turn Malicious
YOUTUBE.COM — 2026-04-30
⚠️
That AI Extension Helping You Write Emails? It’s Reading Them First
UNIT42.PALOALTONETWORKS.COM — 30 Apr 2026
⚠️
Bank regulator sounds warning over cybersecurity threat posed by AI models
CSOONLINE.COM — 30 Apr 2026
📢
EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades
THEHACKERNEWS.COM — 30 Apr 2026
📢
CISA and Partners Publish Zero Trust Guidance For OT Security
INFOSECURITY-MAGAZINE.COM — 30 Apr 2026
📢
Zambia cancels global digital freedoms conference days before start
THERECORD.MEDIA — 30 Apr 2026
📢
Hackers earning millions from hijacked cargo, FBI says
THERECORD.MEDIA — 30 Apr 2026
🔥
Compromised SAP npm Packages Found Harvesting Developer and CI/CD Secrets
GBHACKERS.COM — 30 Apr 2026
🔥
Operation Winter SHIELD: What the FBI Wants Industry to Do Now
THECYBERWIRE.COM — 30 Apr 2026
🔥
Meta accused of violating DSA by failing to safeguard minors
SECURITYAFFAIRS.COM — 30 Apr 2026
🔥
Why Your Email Security Needs a Global Human Network to Close the Detection Gap
KNOWBE4.COM — 30 Apr 2026
🔥
Moldova’s health insurance agency reports possible data leak after cyberattack
THERECORD.MEDIA — 30 Apr 2026
🔥
UK: Education Sector Faces Surge in Cyber Breaches Despite Stable National Threat Levels
INFOSECURITY-MAGAZINE.COM — 30 Apr 2026
🔥
Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
KREBSONSECURITY.COM — 30 Apr 2026
🔥
France investigates 15-year-old over alleged hack of national ID agency
THERECORD.MEDIA — 30 Apr 2026
🔥
France arrests 15-year-old hacker who stole data of 11.7 million people
CYBERINSIDER.COM — 30 Apr 2026
🔥
PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials
THEHACKERNEWS.COM — 30 Apr 2026
🔥
TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack
DARKREADING.COM — 30 Apr 2026
🔥
Former incident responders sentenced to 4 years in prison for committing ransomware attacks
KEVCYBERSCOOP.COM — 30 Apr 2026
🕵️
Danger of Libredtail &#x5b;Guest Diary&#x5d;, (Wed, Apr 29th)
ISC.SANS.EDU — 30 Apr 2026
🕵️
Tesla Optimus Robot Launch Timeline Targets 2027 Scale
TECHREPUBLIC.COM — 30 Apr 2026
🕵️
ISC Stormcast For Thursday, April 30th, 2026 https://isc.sans.edu/podcastdetail/9912, (Thu, Apr 30th)
ISC.SANS.EDU — 30 Apr 2026
🕵️
Large-scale Roblox hacking operation shut down by Ukrainian authorities
SECURITYAFFAIRS.COM — 30 Apr 2026
🕵️
Backdoored WordPress Plugin Abuses Remote Update Checker for Silent Code Delivery
GBHACKERS.COM — 30 Apr 2026
🕵️
Everyone’s building AI agents. Almost nobody’s ready for what they do to identity.
CYBERSCOOP.COM — 30 Apr 2026
🕵️
Fast16 Malware
SCHNEIER.COM — 2026-04-30
🕵️
OpenAI Unveils Cyber Defense Roadmap Focused on AI-Powered Security
GBHACKERS.COM — 30 Apr 2026
🕵️
Microsoft PowerToys 0.99 Adds Multi-Monitor Tools for Windows Users
TECHREPUBLIC.COM — 30 Apr 2026
🕵️
Release Notes: Expanded Threat Intelligence Access, AI Assisted Search 1,770 New Detections and More
ANY.RUN — 30 Apr 2026
🕵️
5 Best Employer of Record Services in 2026
TECHREPUBLIC.COM — 30 Apr 2026
🕵️
Researchers develop tool to expose GPS signal spoofing in transit networks
HELPNETSECURITY.COM — 30 Apr 2026
🕵️
Proxmox Backup Server 4.2 arrives with S3 storage support and parallel sync jobs
HELPNETSECURITY.COM — 30 Apr 2026
🕵️
Two new extortion crews are speedrunning the Scattered Spider playbook
CYBERSCOOP.COM — 30 Apr 2026
🕵️
PwC partners with Google Cloud to take on the managed security market
CYBERSECURITYDIVE.COM — 30 Apr 2026
🕵️
How to Design Security for Agentic AI
KNOWBE4.COM — 30 Apr 2026
🕵️
SHARED INTEL Q&A: PKI’s unfinished business—’digital passports’ for content, models and agents
LASTWATCHDOG.COM — 30 Apr 2026
🕵️
US agencies promote zero-trust practices for operational technology networks
CYBERSECURITYDIVE.COM — 30 Apr 2026
🕵️
AWS Expands Amazon Connect Into AI Tools for Hiring, Healthcare, and Supply Chains
TECHREPUBLIC.COM — 30 Apr 2026
🕵️
Congress kicks the can down the road on surveillance law (again)
CYBERSCOOP.COM — 30 Apr 2026
🕵️
FCC tightens KYC rules for telecoms, closes loophole for banned foreign services
CYBERSCOOP.COM — 30 Apr 2026
🌐
Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India
SECURELIST.COM — 30 Apr 2026
🌐
Cyber is the Number One Global “People Risk,” Says Marsh
INFOSECURITY-MAGAZINE.COM — 30 Apr 2026
🌐
Exposed Data Illustrates the Nightmare Scenario for a Stalkerware Victim
WIRED.COM — 30 Apr 2026
🌐
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
THEHACKERNEWS.COM — 30 Apr 2026
🌐
Deep#Door Python Backdoor Evades Detection On Windows
INFOSECURITY-MAGAZINE.COM — 30 Apr 2026
🌐
Three Arrested for Hacking Over 610,000 Roblox Accounts
INFOSECURITY-MAGAZINE.COM — 30 Apr 2026
📡
Claude Mythos Fears Startle Japan's Financial Services Sector
DARKREADING.COM — 30 Apr 2026
📡
All rise for the Chatrie.
THECYBERWIRE.COM — 30 Apr 2026
📡
Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats
BITDEFENDER.COM — 30 Apr 2026
📡
Europol Busts Albanian Scam Call Centers in Major Online Fraud Case
INFOSECURITY-MAGAZINE.COM — 30 Apr 2026
📡
Post-quantum encryption for Cloudflare IPsec is generally available
CLOUDFLARE.COM — 30 Apr 2026
📡
Oracle Red Bull Racing Team Revs Up Automation to Boost Security
DARKREADING.COM — 30 Apr 2026
📡
Dental practice software maker fixes bug that exposed patients’ medical records
TECHCRUNCH.COM — 30 Apr 2026
📡
Hackers stole hundreds of thousands of Roblox accounts: Here’s what to do
MALWAREBYTES.COM — 30 Apr 2026
📡
Trump’s cyber ambassador nominee advances to full Senate vote
THERECORD.MEDIA — 30 Apr 2026
📡
OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts
WIRED.COM — 30 Apr 2026
📡
After dissing Anthropic for limiting Mythos, OpenAI restricts access to Cyber, too
TECHCRUNCH.COM — 30 Apr 2026
📡
Great responsibility, without great power
TALOSINTELLIGENCE.COM — 30 Apr 2026
📡
More PayPal emails hijacked to deliver tech support scams
MALWAREBYTES.COM — 30 Apr 2026
📡
One copy too many.
THECYBERWIRE.COM — 30 Apr 2026
📡
Geofence Supreme Court case kicks off.
THECYBERWIRE.COM — 30 Apr 2026
📡
Anthropic's Mythos Has Landed: Here's What Comes Next for Cyber
DARKREADING.COM — 30 Apr 2026
📡
Congress punts FISA renewal to June
THERECORD.MEDIA — 30 Apr 2026
🚨
U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect f…
KEVSECURITYAFFAIRS.COM — 29 Apr 2026
🚨
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEVThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are l…
KEVTHEHACKERNEWS.COM — 29 Apr 2026
🚨
CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalogRussia has used one of the flaws, security experts said, while North Korea has used the other.
CYBERSECURITYDIVE.COM — 29 Apr 2026
🐛
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
THEHACKERNEWS.COM — 29 Apr 2026
🐛
GitHub.com and Enterprise Server Vulnerability Allows Remote Code Execution
GBHACKERS.COM — 29 Apr 2026
🐛
CISA Warns of Windows Shell Zero-Day Exploited in Attacks
KEVGBHACKERS.COM — 29 Apr 2026
🐛
CVE-2026-24051 OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2017-3735
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2017-3736
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2019-1547 ECDSA remote timing attack
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2019-1549 Fork Protection
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2019-1563 Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-31686 mm/kasan: fix double free for kasan pXds
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-41898 rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-33999 Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-31689 EDAC/mc: Fix error path ordering in edac_mc_alloc()
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-31688 driver core: enforce device_lock for driver_match_device()
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-31548 wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-31549 i2c: cp2615: fix serial string NULL-deref at probe
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-31550 pmdomain: bcm: bcm2835-power: Increase ASB control timeout
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-31551 wifi: mac80211: Fix static_branch_dec() underflow for aql_disable.
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-31552 wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-31584 media: mediatek: vcodec: fix use-after-free in encoder release path
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-31661 wifi: brcmsmac: Fix dma_free_coherent() size
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-31563 net: macb: Use dev_consume_skb_any() to free TX SKBs
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-31648 mm: filemap: fix nr_pages calculation overflow in filemap_map_pages()
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-40225
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-5435 Potential buffer overflow in ns_sprintrrf TSIG handling path
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-40556 Insecure Directory Permissions in GNU nano Leading to Privilege Abuse
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-6861 Emacs: emacs: memory corruption vulnerability when processing svg css
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-2708 Libsoup: libsoup: http request smuggling via duplicate content-length headers
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-6732 Libxml2: libxml2: denial of service via crafted xsd-validated document
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-34001 Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CVE-2026-34003 Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access
MSRC.MICROSOFT.COM — 29 Apr 2026
🐛
CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)
HELPNETSECURITY.COM — 29 Apr 2026
🐛
CVE-2026-3854 Exposes a Critical Weak Point in GitHub’s Git Push Pipeline
SOCRADAR.IO — 29 Apr 2026
🐛
CISA Warns of ConnectWise ScreenConnect Flaw Exploited in Attacks
KEVGBHACKERS.COM — 29 Apr 2026
🐛
Critical GitHub RCE bug exposed millions of repositories
CSOONLINE.COM — 29 Apr 2026
🐛
CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure
SECURITYAFFAIRS.COM — 29 Apr 2026
🐛
CVE-2026-41940: cPanel & WHM Authentication Bypass
KEVRAPID7.COM — 29 Apr 2026
⚠️
CI/CD pipeline abuse: the problem no one is watching
ELASTIC.CO — 29 Apr 2026
⚠️
More fake extensions linked to GlassWorm found in Open VSX code marketplace
CSOONLINE.COM — 29 Apr 2026
⚠️
Product showcase: SimpleX Chat removes user identifiers from messaging
HELPNETSECURITY.COM — 29 Apr 2026
⚠️
Massive Python Supply Chain Hack, $2.1B Scam Losses, North Korea Targets Crypto Execs
CYBERSECURITYTODAY.LIBSYN.COM — 29 Apr 2026
⚠️
cPanel Releases Emergency Patch for Critical Authentication Flaw
GBHACKERS.COM — 29 Apr 2026
⚠️
Risky Business #835 -- Why the Fast16 malware is badass
RISKY.BIZ — 29 Apr 2026
⚠️
Vimeo Confirms Data Breach After Hackers Access User Database
GBHACKERS.COM — 29 Apr 2026
⚠️
ShinyHunters exploit Anodot incident to target Vimeo
SECURITYAFFAIRS.COM — 29 Apr 2026
⚠️
Virtue AI PolicyGuard turns AI policies into enforceable runtime guardrails
HELPNETSECURITY.COM — 29 Apr 2026
⚠️
SLOTAGENT Malware Hides API Calls and Strings to Thwart Analysis
GBHACKERS.COM — 29 Apr 2026
⚠️
DigitalOcean AI-Native Cloud unifies infrastructure, inference, and agents for production AI
HELPNETSECURITY.COM — 29 Apr 2026
⚠️
Claude Mythos Has Found 271 Zero-Days in Firefox
SCHNEIER.COM — 2026-04-29
⚠️
Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately
THEHACKERNEWS.COM — 29 Apr 2026
⚠️
AWS leans on prior ingenuity to face future AI and quantum threats
CSOONLINE.COM — 29 Apr 2026
⚠️
The Next Frontier: Autonomous Security and RSAC Interviews from Quantro & SandboxAQ - BSW #445
YOUTUBE.COM — 2026-04-29
⚠️
Cursor AI Coding Agent Vulnerability Lets Attackers Run Code on Developers’ Machines
GBHACKERS.COM — 29 Apr 2026
⚠️
U.S. Charges Suspected Scattered Spider Member Over Cyber Intrusions
GBHACKERS.COM — 29 Apr 2026
⚠️
Extending Ruzzy with LibAFL
TRAILOFBITS.COM — 29 Apr 2026
⚠️
Cursor AI Extension Flaw Exposes Developer Tokens to Credential Theft
GBHACKERS.COM — 29 Apr 2026
⚠️
Mastering agentic AI security through exposure management
TENABLE.COM — 29 Apr 2026
⚠️
Experts on Experts: The 2026 Threat Landscape is Moving Faster than Defenders Expect
RAPID7.COM — 29 Apr 2026
⚠️
Microsoft won&#8217;t patch PhantomRPC: Feature or bug?
MALWAREBYTES.COM — 29 Apr 2026
⚠️
All supported cPanel versions hit by critical auth bug, now patched
SECURITYAFFAIRS.COM — 29 Apr 2026
⚠️
Swiss police arrest 10 suspected members of Nigeria-linked crime group Black Axe
THERECORD.MEDIA — 29 Apr 2026
⚠️
AI Speeds Up Cyber Attacks
YOUTUBE.COM — 2026-04-29
⚠️
AI Finds 38 Security Flaws in Electronic Health Record Platform
DARKREADING.COM — 29 Apr 2026
⚠️
What It Takes to Run Marketing Solo with Sara Ceballos, Director of Marketing at BreachRx
THECYBERWIRE.COM — 29 Apr 2026
⚠️
A wake-up call on frontier AI.
THECYBERWIRE.COM — 29 Apr 2026
⚠️
Reverse Engineering With AI Unearths High-Severity GitHub Bug
DARKREADING.COM — 29 Apr 2026
⚠️
Five Things we Took Away from Gartner SRM Sydney 2026
RAPID7.COM — 29 Apr 2026
📋
Microsoft Confirms Remote Desktop Warning Issue After April Update
GBHACKERS.COM — 29 Apr 2026
📢
amazee.ai’s amazeeClaw simplifies production deployment of AI agents with regional control
HELPNETSECURITY.COM — 29 Apr 2026
📢
Alleged Silk Typhoon hacker extradited to the United States to face charges
BITDEFENDER.COM — 29 Apr 2026
📢
Sri Lanka discloses another missing payment, days after hackers stole $2.5M from its finance ministry
TECHCRUNCH.COM — 29 Apr 2026
🔥
BlueNoroff Deploys Fileless PowerShell in AI-Generated Zoom Lure Campaign
GBHACKERS.COM — 29 Apr 2026
🔥
Vect 2.0 RaaS Expands Attacks Across Windows, Linux, and ESXi
GBHACKERS.COM — 29 Apr 2026
🔥
LofyStealer Targets Minecraft Players via Node.js Loader and Browser Injection
GBHACKERS.COM — 29 Apr 2026
🔥
VECT 2.0 Ransomware Wipes Large Files Across Windows, Linux & ESXi
GBHACKERS.COM — 29 Apr 2026
🔥
Critical Flaw Turns Vect Ransomware into Data Destroying Wiper
INFOSECURITY-MAGAZINE.COM — 29 Apr 2026
🔥
Researchers Track 2.9 Billion Compromised Credentials
INFOSECURITY-MAGAZINE.COM — 29 Apr 2026
🔥
OpenAI and Anthropic brief Congress on cyber-capable AI models.
THECYBERWIRE.COM — 29 Apr 2026
🔥
European Commission accuses Meta of breaching child safety rules
THERECORD.MEDIA — 29 Apr 2026
🔥
Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error
DARKREADING.COM — 29 Apr 2026
🔥
SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware
THEHACKERNEWS.COM — 29 Apr 2026
🔥
Google AppSheet abused to compromise 30,000 Facebook accounts
CYBERINSIDER.COM — 29 Apr 2026
🔥
Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions
GRAHAMCLULEY.COM — 29 Apr 2026
🕵️
ISC Stormcast For Wednesday, April 29th, 2026 https://isc.sans.edu/podcastdetail/9910, (Wed, Apr 29th)
ISC.SANS.EDU — 29 Apr 2026
🕵️
The Exchange Online security controls organizations keep getting wrong
HELPNETSECURITY.COM — 29 Apr 2026
🕵️
AI prompt confidentiality and false citations worry researchers
HELPNETSECURITY.COM — 29 Apr 2026
🕵️
Identity discovery: The overlooked lever in strategic risk reduction
HELPNETSECURITY.COM — 29 Apr 2026
🕵️
Fedora Linux 44 ships with GNOME 50 and KDE Plasma 6.6
HELPNETSECURITY.COM — 29 Apr 2026
🕵️
Margin vs. Madness: Fixing MSSP Top 5 Operational Nightmares
ANY.RUN — 29 Apr 2026
🕵️
Eino’s agentic network observability platform enables real-time, AI-driven network insights
HELPNETSECURITY.COM — 29 Apr 2026
🕵️
Microchip expands Trust Shield with PQC-ready root of trust and secure boot controllers
HELPNETSECURITY.COM — 29 Apr 2026
🕵️
Kaseya agentic IT management unifies data and automates ticketing, security and backups
HELPNETSECURITY.COM — 29 Apr 2026
🕵️
At Machine Speed
PROGRAMMING.DEV — 29 Apr 2026
🕵️
AI-powered honeypots: Turning the tables on malicious AI agents
TALOSINTELLIGENCE.COM — 29 Apr 2026
🕵️
Scam-checking just got a lot easier: Malwarebytes is now in Claude
MALWAREBYTES.COM — 29 Apr 2026
🕵️
9 Best Project Management Software in 2026
TECHREPUBLIC.COM — 29 Apr 2026
🕵️
State CISOs losing confidence in ability to manage cyber risks
CYBERSECURITYDIVE.COM — 29 Apr 2026
🕵️
Apple removes AdGuard’s TrustTunnel iOS app from Russian App Store
CYBERINSIDER.COM — 29 Apr 2026
🕵️
Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks
THEHACKERNEWS.COM — 29 Apr 2026
🕵️
Phishing Attacks Target Executives via Microsoft Teams
KNOWBE4.COM — 29 Apr 2026
🕵️
Lazarus Targets macOS Users With New “Mach-O Man” Malware Kit
GBHACKERS.COM — 29 Apr 2026
🕵️
A Practical Guide to BloodHound Data Collection
BLACKHILLSINFOSEC.COM — 29 Apr 2026
🕵️
Set AI Security Red Lines Now
YOUTUBE.COM — 2026-04-29
🕵️
This $30 Subscription Will Bring AI Into Your Business
TECHREPUBLIC.COM — 29 Apr 2026
🕵️
Congress, industry ponder government posture for protecting data centers
CYBERSCOOP.COM — 29 Apr 2026
🕵️
SAS Launches AI Governance Tools to Tame Agentic AI in the Enterprise
TECHREPUBLIC.COM — 29 Apr 2026
🕵️
AWS to Resell OpenAI Products After Microsoft Loses Exclusive License
TECHREPUBLIC.COM — 29 Apr 2026
🕵️
New Apple Rumor: iOS 27 Could Add AI Editing Tools to Photos
TECHREPUBLIC.COM — 29 Apr 2026
🕵️
Hackers Abuse Robinhood Signup Process to Deliver Phishing Emails
TECHREPUBLIC.COM — 29 Apr 2026
🕵️
CISOs Step Into the Boardroom
YOUTUBE.COM — 2026-04-29
🌐
Lotus Wiper Attack Targeted Venezuelan Energy Firms, Utilities
DARKREADING.COM — 29 Apr 2026
🌐
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
THEHACKERNEWS.COM — 29 Apr 2026
📡
Weekly Threat Bulletin – April 29th, 2026
F5.COM — 29 Apr 2026
📡
A Quarter of Healthcare Organizations Report Medical Device Cyber-Attacks
INFOSECURITY-MAGAZINE.COM — 29 Apr 2026
📡
What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)
THEHACKERNEWS.COM — 29 Apr 2026
📡
Today's Odd Web Requests, (Wed, Apr 29th)
ISC.SANS.EDU — 29 Apr 2026
📡
Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets
INFOSECURITY-MAGAZINE.COM — 29 Apr 2026
📡
What Is Dark Web Monitoring?
SOCRADAR.IO — 29 Apr 2026
📡
Cursor Extension Flaw Exposes Developer API Keys
INFOSECURITY-MAGAZINE.COM — 29 Apr 2026
📡
Internet censorship index reveals Russia’s lead and widespread content blocking
SECURITYAFFAIRS.COM — 29 Apr 2026
📡
Vehicle-based surveillance tools | Kaspersky official blog
KASPERSKY.COM — 29 Apr 2026
📡
Designing trust and safety into Amazon Bedrock powered applications
AWS.AMAZON.COM — 29 Apr 2026
📡
Cloudsmith raises $72 million in Series C funding.
THECYBERWIRE.COM — 29 Apr 2026
📡
US, China partner on scam center takedown in Dubai
THERECORD.MEDIA — 29 Apr 2026
📡
Researchers built a chatbot that only knows the world before 1931
MALWAREBYTES.COM — 29 Apr 2026
📡
House approves spy program on second attempt, Senate fate murky
THERECORD.MEDIA — 29 Apr 2026
🐛
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
KEVTHEHACKERNEWS.COM — 28 Apr 2026
🐛
Critical LiteLLM Flaw Enables Database Attacks Through SQL Injection
GBHACKERS.COM — 28 Apr 2026
🐛
Notepad++ Vulnerability Lets Attackers Crash App and Expose Memory Data
GBHACKERS.COM — 28 Apr 2026
🐛
Infected Cisco firewalls need cold start to clear persistent Firestarter backdoor
CSOONLINE.COM — 28 Apr 2026
🐛
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
THEHACKERNEWS.COM — 28 Apr 2026
🐛
Hugging Face LeRobot Flaw Opens Door to Remote Code Execution Attacks
GBHACKERS.COM — 28 Apr 2026
🐛
Critical Cursor bug could turn routine Git into RCE
CSOONLINE.COM — 28 Apr 2026
🐛
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
THEHACKERNEWS.COM — 28 Apr 2026
🐛
CVE-2026-3854 GitHub flaw enables remote code execution
SECURITYAFFAIRS.COM — 28 Apr 2026
⚠️
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
THEHACKERNEWS.COM — 28 Apr 2026
⚠️
ClickUp Security Flaw Exposes 959 Emails Linked to Major Fortune 500 Firms
GBHACKERS.COM — 28 Apr 2026
⚠️
Claude Opus 4.6-Powered AI Coding Agent Wipes Production Database in 9 Seconds
GBHACKERS.COM — 28 Apr 2026
⚠️
What CISOs need to get right as identity enters the agentic era
CSOONLINE.COM — 28 Apr 2026
⚠️
Stopping AiTM attacks: The defenses that actually work after authentication succeeds
CSOONLINE.COM — 28 Apr 2026
⚠️
Top 10 Web Hacking Techniques of 2025 and a Hint for 2026 - James Kettle - ASW #380
YOUTUBE.COM — 2026-04-28
⚠️
Building Resilience in a World of Constant Threats
THECYBERWIRE.COM — 28 Apr 2026
⚠️
Vimeo suffers 3rd-party breach exposing user data, hackers threaten leak
CYBERINSIDER.COM — 28 Apr 2026
⚠️
MDR Selection is a Partnership Decision
RAPID7.COM — 28 Apr 2026
⚠️
After Mythos: New Playbooks For a Zero-Window Era
THEHACKERNEWS.COM — 28 Apr 2026
⚠️
Securing RAG pipelines in enterprise SaaS
CSOONLINE.COM — 28 Apr 2026
⚠️
What Anthropic’s Mythos Means for the Future of Cybersecurity
SCHNEIER.COM — 2026-04-28
⚠️
Microsoft fixes Entra ID flaw enabling privilege escalation
SECURITYAFFAIRS.COM — 28 Apr 2026
⚠️
HTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)
ISC.SANS.EDU — 28 Apr 2026
⚠️
Securing the git push pipeline: Responding to a critical remote code execution vulnerability
GITHUB.BLOG — 28 Apr 2026
⚠️
Signal Phishing Campaign Targets German Officials in Suspected Russian Operation
SECURITYAFFAIRS.COM — 28 Apr 2026
⚠️
Get Motivated: What to Expect from Our Keynote at Rapid7's Global Cybersecurity Summit
RAPID7.COM — 28 Apr 2026
⚠️
Access control with IAM Identity Center session tags
AWS.AMAZON.COM — 28 Apr 2026
⚠️
A Vulnerability in OpenSSH Could Allow for Authentication Bypass
CISECURITY.ORG — 28 Apr 2026
⚠️
Why Sharing a Screenshot Can Get You Jailed in the UAE
WIRED.COM — 28 Apr 2026
⚠️
Pitney Bowes confirms Salesforce breach after hacker leaks 25 million records
CYBERINSIDER.COM — 28 Apr 2026
⚠️
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
CISECURITY.ORG — 28 Apr 2026
⚠️
Oracle Quarterly Critical Patches Issued April 21, 2026
CISECURITY.ORG — 28 Apr 2026
⚠️
Vidar Rises to Top of Chaotic Infostealer Market
DARKREADING.COM — 28 Apr 2026
⚠️
Spy agency officials say job loss anxiety, moving fast ‘safely’ among top challenges in AI workforce overhaul
CYBERSCOOP.COM — 28 Apr 2026
📋
Fake Tax Audits and Updates Fuel Silver Fox Malware Campaign
GBHACKERS.COM — 28 Apr 2026
📢
French police arrest 21-year-old “HexDex” hacker over 100 alleged data breaches
BITDEFENDER.COM — 28 Apr 2026
📢
No Metrics Are Better Than Bad Metrics in the SOC, Says NCSC
INFOSECURITY-MAGAZINE.COM — 28 Apr 2026
📢
NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links
SECURITYAFFAIRS.COM — 28 Apr 2026
📢
Signal to roll out anti-phishing safeguards following account takeovers
CYBERINSIDER.COM — 28 Apr 2026
📢
War hits where it hurts.
THECYBERWIRE.COM — 28 Apr 2026
🔥
Weekly Update 501
TROYHUNT.COM — 28 Apr 2026
🔥
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
THEHACKERNEWS.COM — 28 Apr 2026
🔥
Proofpoint Research Reveals Half of Global Organizations Experienced AI Incidents Despite Having AI Security Controls in Place
PROOFPOINT.COM — 28 Apr 2026
🔥
Checkmarx Confirms Security Incident Involving GitHub Repository Exposure
GBHACKERS.COM — 28 Apr 2026
🔥
Ransomware Turf War as 0APT and KryBit Groups Trade Blows
INFOSECURITY-MAGAZINE.COM — 28 Apr 2026
🔥
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
THEHACKERNEWS.COM — 28 Apr 2026
🔥
Iran war updates.
THECYBERWIRE.COM — 28 Apr 2026
🔥
Medtronic Confirms Data Breach After ShinyHunters Claims
INFOSECURITY-MAGAZINE.COM — 28 Apr 2026
🔥
VECT: Ransomware by design, Wiper by accident
RESEARCH.CHECKPOINT.COM — 28 Apr 2026
🔥
Video site Vimeo blames security incident on Anodot breach
THERECORD.MEDIA — 28 Apr 2026
🔥
ADT Confirms Major Data Breach Exposing Millions of Names, Partial SSNs
TECHREPUBLIC.COM — 28 Apr 2026
🔥
What the March 2026 Threat Technique Catalog update means for your AWS environment
AWS.AMAZON.COM — 28 Apr 2026
🔥
Feuding Ransomware Groups Leak Each Other's Data
DARKREADING.COM — 28 Apr 2026
🕵️
Chinese national extradited to US for pandemic-era Silk Typhoon attacks
CYBERSCOOP.COM — 28 Apr 2026
🕵️
ISC Stormcast For Tuesday, April 28th, 2026 https://isc.sans.edu/podcastdetail/9908, (Tue, Apr 28th)
ISC.SANS.EDU — 28 Apr 2026
🕵️
Microsoft Expands Copilot Agent Mode for Outlook Inbox and Calendar Tasks
GBHACKERS.COM — 28 Apr 2026
🕵️
Chinese-Backed Smishing Rings Scale Credential Theft via SMS and OTT Apps
GBHACKERS.COM — 28 Apr 2026
🕵️
Sandworm Uses SSH-over-Tor Tunnel for Stealthy Long-Term Persistence
GBHACKERS.COM — 28 Apr 2026
🕵️
WhatsApp Tests Encrypted Cloud Backup Service for Safer Message Storage
GBHACKERS.COM — 28 Apr 2026
🕵️
OilRig Hides C2 Config in Google Drive Image via LSB Steganography
GBHACKERS.COM — 28 Apr 2026
🕵️
Fake KYC Android Malware Spreads via WhatsApp to Hijack Bank Accounts
GBHACKERS.COM — 28 Apr 2026
🕵️
GUEST ESSAY: How augmented reality (AR) can turn building images into ad space with no control
LASTWATCHDOG.COM — 28 Apr 2026
🕵️
U.S. companies hit with record fines for privacy in 2025
CYBERSCOOP.COM — 28 Apr 2026
🕵️
North Korean Hackers Target Crypto Firms with ClickFix and AI-Made Zoom Lures
INFOSECURITY-MAGAZINE.COM — 28 Apr 2026
🕵️
Google Cloud Next AI Keynote: 5 Takeaways for IT Leaders
TECHREPUBLIC.COM — 28 Apr 2026
🕵️
Best Legal Project Management Software in 2026
TECHREPUBLIC.COM — 28 Apr 2026
🕵️
Fake CAPTCHA scam turns a quick click into a costly phone bill
MALWAREBYTES.COM — 28 Apr 2026
🕵️
Silk Typhoon Hacker Extradited to U.S. from Italy
GBHACKERS.COM — 28 Apr 2026
🕵️
Phishing-to-RMM Attacks: The Remote Access Blind Spot CISOs Can’t Ignore
ANY.RUN — 28 Apr 2026
🕵️
Chinese National Extradited Over Silk Typhoon Cyber Campaign
INFOSECURITY-MAGAZINE.COM — 28 Apr 2026
🕵️
5 Stages of The Threat Intelligence Lifecycle
SOCRADAR.IO — 28 Apr 2026
🕵️
CyberheistNews Vol 16 #17 [Heads Up] This Sophisticated Scam Should Be a Warning to All Companies
KNOWBE4.COM — 28 Apr 2026
🕵️
AI’s False Novelty Trap
YOUTUBE.COM — 2026-04-28
🕵️
Rep. Delia Ramirez takes over as top House cybersecurity Dem
CYBERSCOOP.COM — 28 Apr 2026
🕵️
‘Fundamental tension’ undermines manufacturers’ cybersecurity
CYBERSECURITYDIVE.COM — 28 Apr 2026
🕵️
Stop Juggling AI Tools — This Lifetime Deal Puts GPT‑4o and More in One Place
TECHREPUBLIC.COM — 28 Apr 2026
🕵️
Visual Studio 2026 Brings AI Deeper Into Development and It’s 90% Off Right Now
TECHREPUBLIC.COM — 28 Apr 2026
🕵️
50k on YouTube!
YOUTUBE.COM — 2026-04-28
🕵️
50K Subscribers. This is Security Weekly.
YOUTUBE.COM — 2026-04-28
🕵️
Apple’s $599 Mac mini Sells Out, Resurfaces on eBay Above Retail
TECHREPUBLIC.COM — 28 Apr 2026
🕵️
Google, Kaggle Relaunch Free AI Course Focused on ‘Vibe Coding’
TECHREPUBLIC.COM — 28 Apr 2026
🕵️
Samsung Galaxy Glasses Leak: Pricing, Specs, and Launch Timeline Revealed
TECHREPUBLIC.COM — 28 Apr 2026
🕵️
‘Windows K2’ Could Be Microsoft’s Answer to Years of Windows 11 Frustration
TECHREPUBLIC.COM — 28 Apr 2026
🕵️
Xpeng Flying Car Deliveries Target 2027 as Certification Gaps Remain
TECHREPUBLIC.COM — 28 Apr 2026
🕵️
ORMs Reopened Injection Risks
YOUTUBE.COM — 2026-04-28
🕵️
Police arrest 10 suspected members of Black Axe cybercrime gang
HELPNETSECURITY.COM — 28 Apr 2026
🕵️
Federal CIO cautious on Anthropic’s Mythos despite planned rollout
CYBERSCOOP.COM — 28 Apr 2026
🕵️
Elfsmasher, PYPI, Facebook, Glassworm, Medtronic, OpenSSH, Sararimen, Aaran Leyland - SWN #576
YOUTUBE.COM — 2026-04-28
🕵️
ClickUp Data Leak Exposes Enterprise Emails for Over a Year
TECHREPUBLIC.COM — 28 Apr 2026
🕵️
BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures
DARKREADING.COM — 28 Apr 2026
🕵️
Play-to-Earn Collapse Risk
YOUTUBE.COM — 2026-04-28
🕵️
FIDO Alliance wants to keep AI agents from going rogue on online payments
HELPNETSECURITY.COM — 28 Apr 2026
🕵️
SN 1076: FAST16.SYS - Unmasking the NSA's Most Diabolical Digital Sabotage
TWIT.TV — 28 Apr 2026
🌐
New Android spyware Morpheus linked to Italian surveillance firm
SECURITYAFFAIRS.COM — 28 Apr 2026
🌐
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About
THEHACKERNEWS.COM — 28 Apr 2026
🌐
Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain
DARKREADING.COM — 28 Apr 2026
🌐
Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign
THEHACKERNEWS.COM — 28 Apr 2026
🌐
Paragon is not collaborating with Italian authorities probing spyware attacks, report says
TECHCRUNCH.COM — 28 Apr 2026
📡
Chinese engineer stole US military and NASA software for years
MALWAREBYTES.COM — 28 Apr 2026
📡
From DMV to Wallet: Understanding Verifiable Digital Credential Issuance
NIST.GOV — 28 Apr 2026
📡
The Hunt for American Turncoats in World War II Europe
THECYBERWIRE.COM — 28 Apr 2026
📡
From the Kaiser to the Führer: Inside the World of Lothar Witzke
THECYBERWIRE.COM — 28 Apr 2026
📡
A practical guide to secure vibe-coding for small businesses | Kaspersky official blog
KASPERSKY.COM — 28 Apr 2026
📡
Five defender priorities from the Talos Year in Review
TALOSINTELLIGENCE.COM — 28 Apr 2026
📡
Ukrainian police detain hackers suspected of stealing thousands of Roblox accounts for resale
THERECORD.MEDIA — 28 Apr 2026
📡
The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards
WIRED.COM — 28 Apr 2026
📡
US Supreme Court appears split over controversial use of ‘geofence’ search warrants
TECHCRUNCH.COM — 28 Apr 2026
📡
Cyber Command, NSA chief warns foreign adversaries likely to target midterms
THERECORD.MEDIA — 28 Apr 2026
📡
NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later
DARKREADING.COM — 28 Apr 2026
🚨
As the NVD scales back CVE enrichment, here’s what Tenable customers need to knowNIST’s shift toward selective CVE enrichment creates significant visibility gaps for teams relying solely on the National Vulnerability Database. As AI accelerates vulnerability disclosure rates, organizations need independent, high-fidelity intelligence to prioritize risks that …
KEVTENABLE.COM — 27 Apr 2026
🚨
TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns, (Mon, Apr 27th)This update succeeds&#;x26;#;xc2;&#;x26;#;xa0; TeamPCP Supply Chain Campaign Update 007 , published April 8, 2026, which left the campaign in credential-monetization mode following the Cisco source code theft via Trivy-linke…
KEVISC.SANS.EDU — 27 Apr 2026
🐛
CVE-2018-0734 Timing attack against DSA
MSRC.MICROSOFT.COM — 27 Apr 2026
🐛
CVE-2018-0735 Timing attack against ECDSA signature generation
MSRC.MICROSOFT.COM — 27 Apr 2026
🐛
Nessus Agent Windows Flaw Enables SYSTEM-Level Code Execution
GBHACKERS.COM — 27 Apr 2026
🐛
Metabase Enterprise RCE Flaw Now Has Public Proof-of-Concept Exploit
GBHACKERS.COM — 27 Apr 2026
🐛
AI is reshaping DevSecOps to bring security closer to the code
CSOONLINE.COM — 27 Apr 2026
🐛
Firefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprinting
SECURITYAFFAIRS.COM — 27 Apr 2026
⚠️
Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
THEHACKERNEWS.COM — 27 Apr 2026
⚠️
Critical Gemini CLI Flaw Raises Supply Chain Security Concerns
GBHACKERS.COM — 27 Apr 2026
⚠️
Attackers Chain CODESYS Vulnerabilities to Backdoor Applications
GBHACKERS.COM — 27 Apr 2026
⚠️
ADT - 5,488,888 breached accounts
HAVEIBEENPWNED.COM — 27 Apr 2026
⚠️
U.S. utility giant Itron discloses a security breach
SECURITYAFFAIRS.COM — 27 Apr 2026
⚠️
25 open-source cybersecurity tools that don’t care about your budget
HELPNETSECURITY.COM — 27 Apr 2026
⚠️
Product showcase: LuLu reveals unauthorized outbound connections from Mac apps
HELPNETSECURITY.COM — 27 Apr 2026
⚠️
OpenClaw Flaws Expose Systems to Policy Bypass Attacks
GBHACKERS.COM — 27 Apr 2026
⚠️
The ‘manager of agents’: How AI evolves the SOC analyst role
CSOONLINE.COM — 27 Apr 2026
⚠️
Rethinking Security from the OS Up in the Age of AI and more RSAC 2026 Interviews - ESW #456
YOUTUBE.COM — 2026-04-27
⚠️
Fake Income Tax Notices Used to Spread Malware
GBHACKERS.COM — 27 Apr 2026
⚠️
Itron Discloses Data Breach After Hackers Access Internal Systems
GBHACKERS.COM — 27 Apr 2026
⚠️
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side
THEHACKERNEWS.COM — 27 Apr 2026
⚠️
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
THEHACKERNEWS.COM — 27 Apr 2026
⚠️
Microsoft patched an ‘agent-only’ role that was not
CSOONLINE.COM — 27 Apr 2026
⚠️
27th April – Threat Intelligence Report
RESEARCH.CHECKPOINT.COM — 27 Apr 2026
⚠️
EU Proposes Forcing Google to Share Search Data With Rivals Under DMA
GBHACKERS.COM — 27 Apr 2026
⚠️
US, UK authorities warn that Firestarter backdoor malware survives patching
CYBERSECURITYDIVE.COM — 27 Apr 2026
⚠️
Medical device giant Medtronic confirms data breach incident
CYBERINSIDER.COM — 27 Apr 2026
⚠️
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
THEHACKERNEWS.COM — 27 Apr 2026
⚠️
Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation
DARKREADING.COM — 27 Apr 2026
⚠️
Optimize security operations through an AWS Security Hub POC
AWS.AMAZON.COM — 27 Apr 2026
⚠️
Open source package with 1 million monthly downloads stole user credentials
PROGRAMMING.DEV — 27 Apr 2026
📋
Microsoft Releases Enterprise Policy Option to Disable Windows 11 Copilot
GBHACKERS.COM — 27 Apr 2026
📢
TLS Connect gives SMBs a right-sized automated tool to manage TLS certificates
HELPNETSECURITY.COM — 27 Apr 2026
🔥
Cyber Weapon in Toronto, Grid Attack, Stuxnet Lie Exposed
CYBERSECURITYTODAY.LIBSYN.COM — 27 Apr 2026
🔥
Critical infrastructure giant Itron says it was hacked
TECHCRUNCH.COM — 27 Apr 2026
🔥
Hackers impersonate Microsoft Teams help desk to breach corporate networks
THERECORD.MEDIA — 27 Apr 2026
🔥
Utilities Tech Supplier Itron Discloses Cyber-Attack, Operations Unaffected
INFOSECURITY-MAGAZINE.COM — 27 Apr 2026
🔥
LINKEDIN BROWSERGATE
SECURITYAFFAIRS.COM — 27 Apr 2026
🔥
FIRESIDE CHAT: Leaked secrets are now the go-to attack vector — and AI is accelerating exposures
LASTWATCHDOG.COM — 27 Apr 2026
🔥
Ransomware Uses Your Own Permissions
YOUTUBE.COM — 2026-04-27
🔥
Major critical infrastructure supplier reports cyberattack
CYBERSECURITYDIVE.COM — 27 Apr 2026
🔥
Senators seek answers about hackers obtaining sensitive student data from ostensibly anonymous tip line
CYBERSCOOP.COM — 27 Apr 2026
🔥
Hacker who allegedly carried out cyberattacks for China is extradited to U.S.
TECHCRUNCH.COM — 27 Apr 2026
🔥
Simplicity Stops Data Exfiltration
YOUTUBE.COM — 2026-04-27
🔥
Medtronic discloses security incident after ShinyHunters claimed theft of 9M+ records
SECURITYAFFAIRS.COM — 27 Apr 2026
🔥
The Supreme Court sits on the geofence.
THECYBERWIRE.COM — 27 Apr 2026
🔥
Pitney Bowes - 8,243,989 breached accounts
HAVEIBEENPWNED.COM — 27 Apr 2026
🕵️
NPM Worm Hits Namastex Packages, Steals Secrets Across Registries
GBHACKERS.COM — 27 Apr 2026
🕵️
ClickFix Attack Swaps PowerShell for Cmdkey, Remote Regsvr32 Payloads
GBHACKERS.COM — 27 Apr 2026
🕵️
Vidar Malware Conceals Payloads in JPEG, TXT Files to Evade Detection
GBHACKERS.COM — 27 Apr 2026
🕵️
Fast16 Malware Targets High-Value Systems With Sabotage Capabilities
GBHACKERS.COM — 27 Apr 2026
🕵️
Suspicious Microsoft Store App Vibing.exe Allegedly Harvests Screens and Audio
GBHACKERS.COM — 27 Apr 2026
🕵️
Italy moves to extradite Chinese national to the U.S. over hacking charges
SECURITYAFFAIRS.COM — 27 Apr 2026
🕵️
Aptori expands its platform with autonomous offensive testing to reduce security bottlenecks
HELPNETSECURITY.COM — 27 Apr 2026
🕵️
Your IAM was built for humans, AI agents don’t care
HELPNETSECURITY.COM — 27 Apr 2026
🕵️
The AI criminal mastermind is already hiring on gig platforms
HELPNETSECURITY.COM — 27 Apr 2026
🕵️
North Korean Hackers Target Pharma Firms with Malware-Laced Excel Attacks
GBHACKERS.COM — 27 Apr 2026
🕵️
Why I Chose This $19.97 Lifetime Deal Over MasterClass
TECHREPUBLIC.COM — 27 Apr 2026
🕵️
7 Best Project Budgeting Software in 2026
TECHREPUBLIC.COM — 27 Apr 2026
🕵️
Linux ELF Malware Generator Evades ML Detection With Semantic-Preserving Changes
GBHACKERS.COM — 27 Apr 2026
🕵️
Researchers Warn macOS textutil, KeePassXC Can Fuel Automation Attacks
GBHACKERS.COM — 27 Apr 2026
🕵️
Medieval Encrypted Letter Decoded
SCHNEIER.COM — 2026-04-27
🕵️
Price Drop: Upgrade to Windows 11 Pro for Only $10
TECHREPUBLIC.COM — 27 Apr 2026
🕵️
New Malware Hides Behind Obfuscation and Staged Payloads
GBHACKERS.COM — 27 Apr 2026
🕵️
Fake YouTube Downloads Spread Vidar Malware to Steal Corporate Logins
GBHACKERS.COM — 27 Apr 2026
🕵️
Anthropic Draws Google’s $40B Bet in Latest AI Megadeal
TECHREPUBLIC.COM — 27 Apr 2026
🕵️
Get Lifetime Access to Microsoft Office 2021 for Just $30
TECHREPUBLIC.COM — 27 Apr 2026
🕵️
BlackFile actively extorting data-theft victims in retail and hospitality sector
CYBERSCOOP.COM — 27 Apr 2026
🕵️
New Hack Lets 30-Year-Old Windows PCs Run Modern Linux
TECHREPUBLIC.COM — 27 Apr 2026
🕵️
China’s Honor Just Launched an iPhone Lookalike in Europe
TECHREPUBLIC.COM — 27 Apr 2026
🕵️
Apple Watch Blood Oxygen Monitoring Gets Major Breakthrough
TECHREPUBLIC.COM — 27 Apr 2026
🕵️
EU’s proposed Google data access rule could enable large-scale surveillance
CYBERINSIDER.COM — 27 Apr 2026
🕵️
EU Funds Sovereign Cloud Infrastructure with €180 Million Contract
TECHREPUBLIC.COM — 27 Apr 2026
🕵️
China Startup Secures $8.4B in Credit Lines for Orbital Data Center Push
TECHREPUBLIC.COM — 27 Apr 2026
🕵️
The Prompt Engineering Cheat Sheet: How to Write Better AI Prompts
TECHREPUBLIC.COM — 27 Apr 2026
🕵️
China Shuts Down Meta’s $2.5B Bid for AI Startup Manus
TECHREPUBLIC.COM — 27 Apr 2026
🕵️
Apple ‘Ultra’ 2026: A New iPhone, MacBook Tier May Be Coming
TECHREPUBLIC.COM — 27 Apr 2026
🕵️
Truecaller Faces New Pressure in India as Growth Matures
TECHREPUBLIC.COM — 27 Apr 2026
🕵️
WhatsApp to End Support for Millions of Older Android Phones in 2026
TECHREPUBLIC.COM — 27 Apr 2026
🕵️
UNC6692 Combines Social Engineering, Malware, Cloud Abuse
DARKREADING.COM — 27 Apr 2026
🕵️
Supreme Court justices skeptically question both sides in geofence surveillance case
CYBERSCOOP.COM — 27 Apr 2026
🌐
A week in security (April 20 &#8211; April 26)
MALWAREBYTES.COM — 27 Apr 2026
🌐
Fast16: Pre-Stuxnet malware that targeted precision engineering software
SECURITYAFFAIRS.COM — 27 Apr 2026
🌐
Researchers Identify Fast16 Sabotage Malware That Pre-Dates Stuxnet
INFOSECURITY-MAGAZINE.COM — 27 Apr 2026
🌐
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
THEHACKERNEWS.COM — 27 Apr 2026
🌐
20-Year-Old Malware Rewrites History of Cyber Sabotage
DARKREADING.COM — 27 Apr 2026
🌐
⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
THEHACKERNEWS.COM — 27 Apr 2026
🌐
Phishing crypto-wallet clones in the App Store and other attacks on iOS and macOS crypto owners | Kaspersky official blog
KASPERSKY.COM — 27 Apr 2026
📡
When security becomes the attack surface: Why endpoint protection must evolve
CYBERSECURITYDIVE.COM — 27 Apr 2026
📡
BlackFile Group Targets Retail and Hospitality with Vishing Attacks
INFOSECURITY-MAGAZINE.COM — 27 Apr 2026
📡
Most Cybersecurity Professionals Feel Undervalued and Underpaid
INFOSECURITY-MAGAZINE.COM — 27 Apr 2026
📡
Parsing Agentic Offensive Security's Existential Threat
DARKREADING.COM — 27 Apr 2026
📡
Widely Used Browser Extensions Selling User Data
INFOSECURITY-MAGAZINE.COM — 27 Apr 2026
📡
Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software
SECURITYAFFAIRS.COM — 27 Apr 2026
📡
US Sanctions Target Cambodian Scam Network Leaders
INFOSECURITY-MAGAZINE.COM — 27 Apr 2026
📡
Disinformation campaign targeted Tibetan parliament-in-exile elections
THERECORD.MEDIA — 27 Apr 2026
📡
Italy extradites alleged Chinese state hacker to US
THERECORD.MEDIA — 27 Apr 2026
📡
Can I do that with policy? Understanding the AWS Service Authorization Reference
AWS.AMAZON.COM — 27 Apr 2026
📡
US Supreme Court weighs legality of geofence warrants.
THECYBERWIRE.COM — 27 Apr 2026
📡
Money launderer for crypto thieves given 5-year sentence
THERECORD.MEDIA — 27 Apr 2026
📡
Cole Allen Charged With Attempting to Assassinate Trump
WIRED.COM — 27 Apr 2026
📡
Supreme Court signals location data searches should require a warrant
THERECORD.MEDIA — 27 Apr 2026
📡
Tennessee becomes second state to ban cryptocurrency ATMs over scam concerns
THERECORD.MEDIA — 27 Apr 2026
🚨
Security Affairs newsletter Round 574 by Pierluigi Paganini – INTERNATIONAL EDITIONA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds SimpleHelp, Sa…
KEVSECURITYAFFAIRS.COM — 26 Apr 2026
🐛
CVE-2022-2068 The c_rehash script allows command injection
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31619 ALSA: fireworks: bound device-supplied status before string array lookup
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-41079 OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31557 nvmet: move async event work off nvmet-wq
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in use
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31646 net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31620 ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31593 KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31667 Input: uinput - fix circular locking dependency with ff-core
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31590 KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31618 fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31589 mm: call ->free_folio() directly in folio_unmap_invalidate()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31660 nfc: pn533: allocate rx skb before consuming bytes
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31605 fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31566 drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31599 media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31602 ALSA: ctxfi: Limit PTP to a single page
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31637 rxrpc: reject undecryptable rxkad response tickets
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31570 can: gw: fix OOB heap access in cgw_csum_crc8_rel()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31651 mmc: vub300: fix NULL-deref on disconnect
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-23420 wifi: wlcore: Fix a locking bug
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31672 wifi: rt2x00usb: fix devres lifetime
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-23422 dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31565 RDMA/irdma: Fix deadlock during netdev reset with active connections
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31621 bnge: return after auxiliary_device_uninit() in error path
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31626 staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31615 usb: gadget: renesas_usb3: validate endpoint index in standard request handlers
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31610 ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31645 net: lan966x: fix page pool leak in error paths
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-41907 uuid: Missing buffer bounds check in `v3`/`v5`/`v6` when `buf` is provided
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_write
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31537 smb: server: make use of smbdirect_socket.send_io.bcredits
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-23414 tls: Purge async_hold in tls_decrypt_async_wait()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31603 staging: sm750fb: fix division by zero in ps_to_hz()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31611 ksmbd: require 3 sub-authorities before reading sub_auth[2]
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31600 arm64: mm: Handle invalid large leaf mappings correctly
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31627 i2c: s3c24xx: check the size of the SMBUS message before using it
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31671 xfrm_user: fix info leak in build_report()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transaction
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrap
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memory
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31587 ASoC: qcom: q6apm: move component registration to unmanaged version
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31575 mm/userfaultfd: fix hugetlb fault mutex hash calculation
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31662 tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31580 bcache: fix cached_dev.sb_bio use-after-free and crash
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-41681 rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31639 rxrpc: Fix key reference count leak from call->key
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31657 batman-adv: hold claim backbone gateways by reference
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31591 KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31629 nfc: llcp: add missing return after LLCP_CLOSED checks
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31628 x86/CPU: Fix FPDSS on Zen1
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31630 rxrpc: proc: size address buffers for %pISpc output
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31655 pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31685 netfilter: ip6t_eui64: reject invalid MAC header for all packets
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31649 net: stmmac: fix integer underflow in chain mode
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_established
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31680 net: ipv6: flowlabel: defer exclusive option free until RCU teardown
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31678 openvswitch: defer tunnel netdev_put to RCU release
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31595 PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31681 netfilter: xt_multiport: validate range encoding in checkentry
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31586 mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31578 media: as102: fix to not free memory after the device is registered in as102_usb_probe()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31682 bridge: br_nd_send: linearize skb before parsing ND options
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31659 batman-adv: reject oversized global TT response buffers
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31625 HID: alps: fix NULL pointer dereference in alps_raw_event()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31679 openvswitch: validate MPLS set/set_masked payload length
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31674 netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31673 af_unix: read UNIX_DIAG_VFS data under unix_state_lock
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31664 xfrm: clear trailing padding in build_polexpire()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31622 NFC: digital: Bounds check NFC-A cascade depth in SDD response handler
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31597 ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31656 drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-23401 KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31555 futex: Clear stale exiting pointer in futex_lock_pi() retry path
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31583 media: em28xx: fix use-after-free in em28xx_v4l2_open()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31638 rxrpc: Only put the call ref if one was acquired
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31574 clockevents: Add missing resets of the next_event_forced flag
KEVMSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31596 ocfs2: handle invalid dinode in ocfs2_group_extend
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31581 ALSA: 6fire: fix use-after-free on disconnect
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31604 wifi: rtw88: fix device leak on probe failure
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31585 media: vidtv: fix nfeeds state corruption on start_streaming failure
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31577 nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31665 netfilter: nft_ct: fix use-after-free in timeout object destroy
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31670 net: rfkill: prevent unlimited numbers of rfkill events from being created
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31642 rxrpc: Fix call removal to use RCU safe deletion
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31613 smb: client: fix OOB reads parsing symlink error response
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31594 PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31609 smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31601 vfio/xe: Reorganize the init to decouple migration from reset
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31668 seg6: separate dst_cache for input and output paths in seg6 lwtunnel
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31582 hwmon: (powerz) Fix use-after-free on USB disconnect
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31676 rxrpc: only handle RESPONSE during service challenge
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31588 KVM: x86: Use scratch field in MMIO fragment to hold small write values
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31677 crypto: af_alg - limit RX SG extraction by receive buffer budget
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31675 net/sched: sch_netem: fix out-of-bounds access in packet corruption
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31634 rxrpc: fix reference count leak in rxrpc_server_keyring()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31684 net: sched: act_csum: validate nested VLAN headers
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31658 net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-23394 af_unix: Give up GC if MSG_PEEK intervened.
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-23362 can: bcm: fix locking for bcm_op runtime updates
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-31788 xen/privcmd: restrict usage in unprivileged domU
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
CVE-2026-23360 nvme: fix admin queue leak on controller reset
MSRC.MICROSOFT.COM — 26 Apr 2026
🐛
Critical bug in CrowdStrike LogScale let attackers access files
SECURITYAFFAIRS.COM — 26 Apr 2026
⚠️
Week in review: Claude Mythos finds 271 Firefox flaws, Vercel breach
HELPNETSECURITY.COM — 26 Apr 2026
🔥
Trigona ransomware adopts custom tool to steal data and evade detection
SECURITYAFFAIRS.COM — 26 Apr 2026
🔥
Udemy - 1,401,259 breached accounts
HAVEIBEENPWNED.COM — 26 Apr 2026
🕵️
XChat launches standalone iOS app as security concerns remain
CYBERINSIDER.COM — 26 Apr 2026
🕵️
GopherWhisper: new China-linked APT targets Mongolia with Go-based malware
SECURITYAFFAIRS.COM — 26 Apr 2026
🕵️
Npm Slop & Wonky Software Supply Chains
PROGRAMMING.DEV — 26 Apr 2026
🌐
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 94
SECURITYAFFAIRS.COM — 26 Apr 2026
📡
California Engineer Identified in Suspected Shooting at White House Correspondents' Dinner
WIRED.COM — 26 Apr 2026
🚨
CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal DeadlineThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.…
KEVTHEHACKERNEWS.COM — 25 Apr 2026
🚨
U.S. CISA adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SimpleHelp, Samsung, and D-Link flaws to its Known Exploi…
KEVSECURITYAFFAIRS.COM — 25 Apr 2026
🐛
CVE-2026-41080
MSRC.MICROSOFT.COM — 25 Apr 2026
🐛
CVE-2026-23438 net: mvpp2: guard flow control update with global_tx_fc in buffer switching
MSRC.MICROSOFT.COM — 25 Apr 2026
🐛
CVE-2026-23439 udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n
MSRC.MICROSOFT.COM — 25 Apr 2026
🐛
CVE-2026-23446 net: usb: aqc111: Do not perform PM inside suspend callback
MSRC.MICROSOFT.COM — 25 Apr 2026
🐛
CVE-2026-23447 net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check
MSRC.MICROSOFT.COM — 25 Apr 2026
🐛
CVE-2026-5450 scanf %mc off-by-one heap buffer overflow
MSRC.MICROSOFT.COM — 25 Apr 2026
🐛
CVE-2026-23428 ksmbd: fix use-after-free of share_conf in compound request
MSRC.MICROSOFT.COM — 25 Apr 2026
🐛
CVE-2026-23434 mtd: rawnand: serialize lock/unlock against other NAND operations
MSRC.MICROSOFT.COM — 25 Apr 2026
🐛
CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup
MSRC.MICROSOFT.COM — 25 Apr 2026
🐛
CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable
MSRC.MICROSOFT.COM — 25 Apr 2026
🐛
Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844)
SECURITYAFFAIRS.COM — 25 Apr 2026
⚠️
The Patch Gap Is the Problem
YOUTUBE.COM — 2026-04-25
⚠️
Governments and industry race to harness AI for vulnerability discovery.
THECYBERWIRE.COM — 25 Apr 2026
⚠️
Firefox is quietly experimenting with Brave’s ad-blocking engine
CYBERINSIDER.COM — 25 Apr 2026
📢
CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network
SECURITYAFFAIRS.COM — 25 Apr 2026
🔥
Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos
WIRED.COM — 25 Apr 2026
🌐
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software
THEHACKERNEWS.COM — 25 Apr 2026
🎙️
Cybersecurity Today Weekend: Deepfakes, the Death of Truth, and Verifying AI in the Enterprise
CYBERSECURITYTODAY.LIBSYN.COM — 25 Apr 2026
📡
Monitoring Claude Code/Cowork at scale with OTel in Elastic
ELASTIC.CO — 25 Apr 2026
📡
A QRazy clever scam.
THECYBERWIRE.COM — 25 Apr 2026
🐛
Hackers Track 900+ React2Shell Exploits via Telegram Bots
GBHACKERS.COM — 24 Apr 2026
🐛
Hackers Exploit Ollama Model Uploads to Leak Server Data
GBHACKERS.COM — 24 Apr 2026
🐛
CVE-2026-5958 Race Condition in GNU Sed
MSRC.MICROSOFT.COM — 24 Apr 2026
🐛
CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()
MSRC.MICROSOFT.COM — 24 Apr 2026
🐛
CVE-2026-41989
MSRC.MICROSOFT.COM — 24 Apr 2026
🐛
CVE-2026-41988
MSRC.MICROSOFT.COM — 24 Apr 2026
🐛
CVE-2026-31532 can: raw: fix ro->uniq use-after-free in raw_rcv()
MSRC.MICROSOFT.COM — 24 Apr 2026
🐛
Python Vulnerability Enables Out-of-Bounds Write on Windows
GBHACKERS.COM — 24 Apr 2026
🐛
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
THEHACKERNEWS.COM — 24 Apr 2026
🐛
Hackers Exploit Cisco Firepower N-Day Flaws for Unauthorized Access
GBHACKERS.COM — 24 Apr 2026
🐛
12-year-old Pack2TheRoot bug lets Linux users gain root privileges
SECURITYAFFAIRS.COM — 24 Apr 2026
🐛
Metasploit Wrap-Up 04/25/2026
RAPID7.COM — 24 Apr 2026
⚠️
Inside The Vercel Supply Chain Exploit
CYBERSECURITYTODAY.LIBSYN.COM — 24 Apr 2026
⚠️
Hackers Exploit SS7 and Diameter Flaws to Track Mobile Users Globally
GBHACKERS.COM — 24 Apr 2026
⚠️
PhantomRPC: A new privilege escalation technique in Windows RPC
SECURELIST.COM — 24 Apr 2026
⚠️
Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2
THEHACKERNEWS.COM — 24 Apr 2026
⚠️
Xiongmai IP Camera Flaw Lets Attackers Bypass Authentication
GBHACKERS.COM — 24 Apr 2026
⚠️
Hackers Exploit Pastebin PowerShell Script to Hijack Telegram Sessions
GBHACKERS.COM — 24 Apr 2026
⚠️
Firefox flaw enables cross-site tracking, undermines Tor Browser defenses
CYBERINSIDER.COM — 24 Apr 2026
⚠️
Hackers Exploit Agent ID Administrator Role to Hijack Service Principals
GBHACKERS.COM — 24 Apr 2026
⚠️
UK Biobank Data Breach: Health Data of 500,000 Listed for Sale in China
INFOSECURITY-MAGAZINE.COM — 24 Apr 2026
⚠️
3 Reasons to Attend our Global Cybersecurity Summit if you’re Focused on AI, Threats, and CTEM
RAPID7.COM — 24 Apr 2026
⚠️
CIS Control Becomes Law
YOUTUBE.COM — 2026-04-24
⚠️
FIRESTARTER malware remained on Cisco devices after patches were applied.
THECYBERWIRE.COM — 24 Apr 2026
⚠️
Meta’s Biggest Layoff of 2026 Is Confirmed to Start Next Month
TECHREPUBLIC.COM — 24 Apr 2026
⚠️
CISA last in line for access to Anthropic Mythos
CSOONLINE.COM — 24 Apr 2026
⚠️
New US House privacy bills raise hard questions about enterprise data collection
CSOONLINE.COM — 24 Apr 2026
⚠️
When Updates Turn Into Malware
YOUTUBE.COM — 2026-04-24
📢
Chinese attackers are pwning your infrastructure to use in attacks, 10 countries warn
SH.ITJUST.WORKS — 24 Apr 2026
📢
Chinese attackers are pwning your infrastructure to use in attacks, 10 countries warn
INFOSEC.PUB — 24 Apr 2026
📢
China-linked threat actors use consumer device botnets to evade detection, warn UK and partners
SECURITYAFFAIRS.COM — 24 Apr 2026
📢
Compromised everyday devices power Chinese cyber espionage operations
HELPNETSECURITY.COM — 24 Apr 2026
📢
New Cisco firewall malware can only be killed by pulling the plug
HELPNETSECURITY.COM — 24 Apr 2026
📢
Norway's prime minister proposes ban on social media access for young teens
THERECORD.MEDIA — 24 Apr 2026
📢
NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
THEHACKERNEWS.COM — 24 Apr 2026
📢
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches
THEHACKERNEWS.COM — 24 Apr 2026
📢
Iran’s cyber threat may be less ‘shock and awe’ than ‘low and slow,’ officials say
THERECORD.MEDIA — 24 Apr 2026
📢
A digital battlefield in practice.
THECYBERWIRE.COM — 24 Apr 2026
📢
Latest spy power reauthorization bill leaves critics unimpressed
CYBERSCOOP.COM — 24 Apr 2026
🔥
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Attack
INFOSEC.PUB — 24 Apr 2026
🔥
Carnival - 7,531,359 breached accounts
HAVEIBEENPWNED.COM — 24 Apr 2026
🔥
Ransomware Gang Unveils Custom Data-Theft Tool
GBHACKERS.COM — 24 Apr 2026
🔥
Hackers Impersonate IT Helpdesk Staff to Breach Firms via Microsoft Teams
GBHACKERS.COM — 24 Apr 2026
🔥
Bitwarden CLI Compromised After Malicious GitHub Actions Workflow
GBHACKERS.COM — 24 Apr 2026
🔥
China-Linked Hackers Hide Behind Compromised Routers
GBHACKERS.COM — 24 Apr 2026
🔥
AI is speeding up nation-state cyber programs
HELPNETSECURITY.COM — 24 Apr 2026
🔥
Checkmarx supply chain attack impacts Bitwarden npm distribution path
SECURITYAFFAIRS.COM — 24 Apr 2026
🔥
AI Phishing Is No. 1 With a Bullet for Cyberattackers
DARKREADING.COM — 24 Apr 2026
🔥
Signal phishing campaign targets Germany’s Bundestag President Julia Klöckner
SECURITYAFFAIRS.COM — 24 Apr 2026
🔥
Hasbro expects March cyberattack to impact second-quarter revenue
CYBERSECURITYDIVE.COM — 24 Apr 2026
🔥
Scattered Spider co-conspirator pleads guilty
CSOONLINE.COM — 24 Apr 2026
🔥
ADT says customer data stolen in cyber intrusion
THERECORD.MEDIA — 24 Apr 2026
🔥
ADT confirms data breach after hacker claims 10 million records stolen
CYBERINSIDER.COM — 24 Apr 2026
🕵️
ISC Stormcast For Friday, April 24th, 2026 https://isc.sans.edu/podcastdetail/9906, (Fri, Apr 24th)
ISC.SANS.EDU — 24 Apr 2026
🕵️
PLC Cybersecurity — Securing Industrial Control Systems
INFOSEC.PUB — 24 Apr 2026
🕵️
Turn Your iPad Into a Work Machine While This Keyboard Case Is $30 Off
TECHREPUBLIC.COM — 24 Apr 2026
🕵️
Sign, Send, and Manage Documents Online for Just $79
TECHREPUBLIC.COM — 24 Apr 2026
🕵️
Ubuntu 26.04 LTS delivers memory-safe system tools and live patching for Arm servers
HELPNETSECURITY.COM — 24 Apr 2026
🕵️
OpenAI’s GPT-5.5 is out with expanded cybersecurity safeguards
HELPNETSECURITY.COM — 24 Apr 2026
🕵️
Void Dokkaebi Hackers Spread Malware Through Fake Job Interviews
GBHACKERS.COM — 24 Apr 2026
🕵️
Covert telecom spying campaign “Ghost Operators” tracks users worldwide
CYBERINSIDER.COM — 24 Apr 2026
🕵️
Meta is overhauling how you sign in, manage settings, and protect your accounts
HELPNETSECURITY.COM — 24 Apr 2026
🕵️
Fake CAPTCHA Scam Triggers Costly SMS Fraud
GBHACKERS.COM — 24 Apr 2026
🕵️
Hiding Bluetooth Trackers in Mail
SCHNEIER.COM — 2026-04-24
🕵️
GPT-5.5 Bio Bug Bounty Program Aims to Improve AI Safety and Performance
GBHACKERS.COM — 24 Apr 2026
🕵️
Claude Desktop Reportedly Adds Browser Access Bridge for Chromium Browsers
GBHACKERS.COM — 24 Apr 2026
🕵️
Mythos Mystery in Mozilla Numbers: How 22 Vulns Became 271 or Maybe 3 in April
PROGRAMMING.DEV — 24 Apr 2026
🕵️
Inside agenteV2: How Brazilian Attackers Use Fake Court Summons to Steal Banking Credentials in Real Time
ANY.RUN — 24 Apr 2026
🕵️
Off-Topic Friday
INFOSEC.PUB — 24 Apr 2026
🕵️
North Korea's Lazarus Targets macOS Users via ClickFix
DARKREADING.COM — 24 Apr 2026
🕵️
Windows 10 Support Is Over. Here Are 6 Options for Users
TECHREPUBLIC.COM — 24 Apr 2026
🕵️
US lawmakers introduce bill to require warrants for government data searches
CYBERINSIDER.COM — 24 Apr 2026
🕵️
Health Records of 500,000 UK Biobank Volunteers Listed Online in China
TECHREPUBLIC.COM — 24 Apr 2026
🕵️
TGR-STA-1030: New Activity in Central and South America
UNIT42.PALOALTONETWORKS.COM — 24 Apr 2026
🕵️
Friday Squid Blogging: How Squid Survived Extinction Events
SCHNEIER.COM — 2026-04-24
🕵️
Scylla &Charybdis, Kyber, Trigonia, Namastex, GitHub, Crypto, Cables, Aaran Leyland - SWN #575
YOUTUBE.COM — 2026-04-24
🕵️
The npm Threat Landscape: Attack Surface and Mitigations
UNIT42.PALOALTONETWORKS.COM — 24 Apr 2026
🕵️
DeepSeek Drops Cheaper V4 AI as Huawei Jumps In
TECHREPUBLIC.COM — 24 Apr 2026
🌐
Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation
INFOSECURITY-MAGAZINE.COM — 24 Apr 2026
🌐
26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases
THEHACKERNEWS.COM — 24 Apr 2026
🌐
Another spyware maker caught distributing fake Android snooping apps
TECHCRUNCH.COM — 24 Apr 2026
📡
Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine
THEHACKERNEWS.COM — 24 Apr 2026
📡
Medical data of 500,000 UK volunteers listed for sale on Alibaba
MALWAREBYTES.COM — 24 Apr 2026
📡
AI Rush is Reviving Old Cybersecurity Mistakes, Mandiant VP Warns
INFOSECURITY-MAGAZINE.COM — 24 Apr 2026
📡
Toronto police arrest three in Canada’s first mobile SMS blaster case
THERECORD.MEDIA — 24 Apr 2026
📡
The Latest Push to Extend Key US Spy Powers Is Still a Mess
WIRED.COM — 24 Apr 2026
📡
Glasswing Secured the Code. The Rest of Your Stack Is Still on You
DARKREADING.COM — 24 Apr 2026
📡
Pentagon grapples with securing AI as it moves toward autonomous warfare
THERECORD.MEDIA — 24 Apr 2026
📡
Protecting your secrets from tomorrow’s quantum risks
AWS.AMAZON.COM — 24 Apr 2026
📡
US Busts Myanmar Ring Targeting US Citizens in Financial Fraud
DARKREADING.COM — 24 Apr 2026
📡
Eavesdropping via fiber-optic cables | Kaspersky official blog
KASPERSKY.COM — 24 Apr 2026
🚨
U.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-33825 (CVSS s…
KEVSECURITYAFFAIRS.COM — 23 Apr 2026
🐛
CVE-2026-27820 zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-35239
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-34271
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-35238
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-34267
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-22005
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-22015
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31452 ext4: convert inline data to extents when truncate exceeds inline size
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31455 xfs: stop reclaim before pushing AIL during unmount
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31476 ksmbd: do not expire session on binding failure
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31474 can: isotp: fix tx.buf use-after-free in isotp_sendmsg()
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31464 scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31461 drm/amd/display: Fix drm_edid leak in amdgpu_dm
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31441 dmaengine: idxd: Fix memory leak when a wq is reset
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31454 xfs: save ailp before dropping the AIL lock in push callbacks
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31432 ksmbd: fix OOB write in QUERY_INFO for compound requests
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31502 team: fix header_ops type confusion with non-Ethernet ports
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31495 netfilter: ctnetlink: use netlink policy range checks
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31448 ext4: avoid infinite loops caused by residual data
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31439 dmaengine: xilinx: xdma: Fix regmap init error handling
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock()
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep()
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31450 ext4: publish jinode after initialization
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-41445 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-5358 Static buffer overflow in deprecated nis_local_principal
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-34278
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-21998
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-35237
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-22009
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-34270
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-34293
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-22002
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-22017
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-34303
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-34308
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-34304
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-34276
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-22004
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-22001
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-35240
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-35236
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-40706
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-40890 github.com/gomarkdown/markdown: Out-of-bounds Read in SmartypantsRenderer
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31524 HID: asus: avoid memory leak in asus_report_fixup()
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31487 spi: use generic driver_override infrastructure
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31496 netfilter: nf_conntrack_expect: skip expectations in other netns via proc
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31515 af_key: validate families in pfkey_send_migrate()
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31527 driver core: platform: use generic driver_override infrastructure
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31506 net: bcmasp: fix double free of WoL irq
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31458 mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0]
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31504 net: fix fanout UAF in packet_release() via NETDEV_UP race
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31462 drm/amdgpu: prevent immediate PASID reuse case
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31523 nvme-pci: ensure we're polling a polled queue
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31497 Bluetooth: btusb: clamp SCO altsetting table indices
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31440 dmaengine: idxd: Fix leaking event log memory
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31489 spi: meson-spicc: Fix double-put in remove path
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31469 virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31510 Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31482 s390/entry: Scrub r12 register on kernel entry
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31518 esp: fix skb leak with espintcp and async crypto
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31446 ext4: fix use-after-free in update_super_work when racing with umount
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31520 HID: apple: avoid memory leak in apple_report_fixup()
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31519 btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31433 ksmbd: fix potencial OOB in get_file_all_info() for compound requests
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31485 spi: spi-fsl-lpspi: fix teardown order issue (UAF)
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31447 ext4: reject mount if bigalloc with s_first_data_block != 0
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31444 ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31522 HID: magicmouse: avoid memory leak in magicmouse_report_fixup()
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31509 nfc: nci: fix circular locking dependency in nci_close_device
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31451 ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groups
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31503 udp: Fix wildcard bind conflict check when using hash2
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31453 xfs: avoid dereferencing log items after push callbacks
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31467 erofs: add GFP_NOIO in the bio completion if needed
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31492 RDMA/irdma: Initialize free_qp completion before using it
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31494 net: macb: use the current queue number for stats
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-6507 Dnsmasq: dnsmasq: denial of service due to out-of-bounds write in dhcp bootreply processing
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL
MSRC.MICROSOFT.COM — 23 Apr 2026
🐛
Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case
THEHACKERNEWS.COM — 23 Apr 2026
🐛
Attackers Exploit LMDeploy Flaw in the Wild Within 12 Hours of Advisory
GBHACKERS.COM — 23 Apr 2026
🐛
Apple Patches Exploited Notification Flaw, (Thu, Apr 23rd)
ISC.SANS.EDU — 23 Apr 2026
🐛
VU#748485: Unauthenticated configuration modification vulnerability in Central Office Services - Content Hosting Component
KB.CERT.ORG — 2026-04-23
🐛
iOS Flaw Let Deleted Notifications Linger, Apple Issues Fix
SECURITYAFFAIRS.COM — 23 Apr 2026
🐛
UAT-4356's Targeting of Cisco Firepower Devices
TALOSINTELLIGENCE.COM — 23 Apr 2026
⚠️
Malicious pgserve, automagik developer tools found in npm registry
CSOONLINE.COM — 23 Apr 2026
⚠️
Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox
CSOONLINE.COM — 23 Apr 2026
⚠️
Riddled with flaws, serial-to-Ethernet converters endanger critical infrastructure
CSOONLINE.COM — 23 Apr 2026
⚠️
SLAM, scam, thank you ma’am.
THECYBERWIRE.COM — 23 Apr 2026
⚠️
Apple Patches Privacy Issue Exposing Signal Message Data Through Notifications
GBHACKERS.COM — 23 Apr 2026
⚠️
Claude Mythos Exposes 271 Zero-Day Security Flaws in Firefox
GBHACKERS.COM — 23 Apr 2026
⚠️
Apple fixes iOS privacy flaw that allowed Signal message retrieval
CYBERINSIDER.COM — 23 Apr 2026
⚠️
Vercel Finds More Compromised Accounts in Context.ai-Linked Breach
THEHACKERNEWS.COM — 23 Apr 2026
⚠️
Microsoft taps Anthropic’s Mythos to strengthen secure software development
CSOONLINE.COM — 23 Apr 2026
⚠️
Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents
INFOSECURITY-MAGAZINE.COM — 23 Apr 2026
⚠️
Apple fixes iOS bug that kept deleted notifications, including chat previews
MALWAREBYTES.COM — 23 Apr 2026
⚠️
[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed
THEHACKERNEWS.COM — 23 Apr 2026
⚠️
Google gets agent-ready for the Mythos age
CSOONLINE.COM — 23 Apr 2026
⚠️
DNN vulnerability puts 750,000 websites at risk​ | Cybernews
SH.ITJUST.WORKS — 23 Apr 2026
⚠️
Flaw in Microsoft-owned GitHub repository allowed RCE via issue submission | news | SC Media
SH.ITJUST.WORKS — 23 Apr 2026
⚠️
Trailmark turns code into graphs
TRAILOFBITS.COM — 23 Apr 2026
⚠️
Vercel Confirms Security Breach Affecting Customer Accounts
GBHACKERS.COM — 23 Apr 2026
⚠️
Offer customers passkeys by default, UK’s NCSC tells enterprises
CSOONLINE.COM — 23 Apr 2026
⚠️
House Republicans unveil data privacy law that would override state protections
THERECORD.MEDIA — 23 Apr 2026
⚠️
ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories
THEHACKERNEWS.COM — 23 Apr 2026
⚠️
Vercel says some of its customers’ data was stolen prior to its recent hack
TECHCRUNCH.COM — 23 Apr 2026
⚠️
Snow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite
CLOUD.GOOGLE.COM — 23 Apr 2026
⚠️
Sony to enforce age checks for PlayStation users in the UK starting in June
CYBERINSIDER.COM — 23 Apr 2026
⚠️
Five steps to become Mythos ready
TENABLE.COM — 23 Apr 2026
⚠️
Surveillance vendors exploit telecom weaknesses.
THECYBERWIRE.COM — 23 Apr 2026
⚠️
Luxury cosmetics giant Rituals discloses data breach impacting member personal details
SECURITYAFFAIRS.COM — 23 Apr 2026
⚠️
Recent Microsoft Defender Vulnerability Exploited as Zero-Day - SecurityWeek
SH.ITJUST.WORKS — 23 Apr 2026
⚠️
Surveillance companies exploiting telecom system to spy on targets’ locations, research shows
THERECORD.MEDIA — 23 Apr 2026
⚠️
CISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March
THERECORD.MEDIA — 23 Apr 2026
⚠️
Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities
CYBERSCOOP.COM — 23 Apr 2026
⚠️
Microsoft Offers First-Ever Retirement Buyouts to Thousands of Employees
TECHREPUBLIC.COM — 23 Apr 2026
⚠️
3 practical ways AI threat detection improves enterprise cyber resilience
CSOONLINE.COM — 23 Apr 2026
⚠️
The curious case of Sean Plankey’s derailed CISA nomination
CSOONLINE.COM — 23 Apr 2026
⚠️
Your signal is showing.
THECYBERWIRE.COM — 23 Apr 2026
⚠️
Back to (or Start) Fundamentals? - Rajesh Khazanchi - PSW #923
YOUTUBE.COM — 2026-04-23
⚠️
AI threats in the wild: The current state of prompt injections on the web
SECURITY.GOOGLEBLOG.COM — 2026-04-23
⚠️
Supply Chain Defense Limits
YOUTUBE.COM — 2026-04-23
⚠️
Vercel attack fallout expands to more customers and third-party systems
CYBERSCOOP.COM — 23 Apr 2026
⚠️
Bitwarden CLI password manager trojanized in supply chain attack
CSOONLINE.COM — 23 Apr 2026
📢
NCSC Backs Passkeys, Hailing a New Era of Sign-in
INFOSECURITY-MAGAZINE.COM — 23 Apr 2026
📢
Defending Against China-Nexus Covert Networks of Compromised Devices | CISA
SH.ITJUST.WORKS — 23 Apr 2026
📢
Trump’s pick for CISA director withdraws from consideration
THERECORD.MEDIA — 23 Apr 2026
📢
China disguises cyberattacks with ‘covert network’ botnets, US and allies warn
CYBERSECURITYDIVE.COM — 23 Apr 2026
📢
A dozen allied agencies say China is building covert hacker networks out of everyday routers
CYBERSCOOP.COM — 23 Apr 2026
📢
Trump’s pick to run US cyber agency CISA asks to drop out
TECHCRUNCH.COM — 23 Apr 2026
📢
US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied
CYBERSCOOP.COM — 23 Apr 2026
🔥
How does AI change the economics of cybercrime?
THECYBERWIRE.COM — 23 Apr 2026
🔥
Checkmarx KICS Docker Repo Hijacked in Malicious Code Injection Attack
GBHACKERS.COM — 23 Apr 2026
🔥
Breach School
THECYBERWIRE.COM — 23 Apr 2026
🔥
Xinference PyPI Breach Exposes Developers to Cloud Credential Theft
GBHACKERS.COM — 23 Apr 2026
🔥
Lazarus Lures Developers With Backdoored Coding Tests
GBHACKERS.COM — 23 Apr 2026
🔥
Malicious npm Package Hijacks Hugging Face for Malware Delivery
GBHACKERS.COM — 23 Apr 2026
🔥
RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace
SECURITYAFFAIRS.COM — 23 Apr 2026
🔥
Discord-Linked Group Accessed Anthropic’s Claude Mythos AI in Vendor Breach
SH.ITJUST.WORKS — 23 Apr 2026
🔥
Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says - SecurityWeek
SH.ITJUST.WORKS — 23 Apr 2026
🔥
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
THEHACKERNEWS.COM — 23 Apr 2026
🔥
How cyberattacks on companies affect everyone
MALWAREBYTES.COM — 23 Apr 2026
🔥
Bitwarden CLI backdoored in Checkmarx supply chain attack
CYBERINSIDER.COM — 23 Apr 2026
🔥
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware
THEHACKERNEWS.COM — 23 Apr 2026
🕵️
ISC Stormcast For Thursday, April 23rd, 2026 https://isc.sans.edu/podcastdetail/9904, (Thu, Apr 23rd)
ISC.SANS.EDU — 23 Apr 2026
🕵️
Fake TradingView AI Site Spreads Needle Stealer Through Phony TradingClaw App
GBHACKERS.COM — 23 Apr 2026
🕵️
Tropic Trooper Uses Custom Beacon and VS Code Tunnels for Stealthy Remote Access
GBHACKERS.COM — 23 Apr 2026
🕵️
Fake Wallpaper App, YouTube Channel Used to Spread notnullOSX Malware
GBHACKERS.COM — 23 Apr 2026
🕵️
Microsoft Graph API misused by new GoGra Linux malware for hidden communication
SECURITYAFFAIRS.COM — 23 Apr 2026
🕵️
What Is Square? Pricing, Features & How It Works
TECHREPUBLIC.COM — 23 Apr 2026
🕵️
North Korean Fake IT Workers Infiltrate Firms to Dodge Sanctions
GBHACKERS.COM — 23 Apr 2026
🕵️
Brave brings “Shred” to Android for one-tap tracking data deletion
CYBERINSIDER.COM — 23 Apr 2026
🕵️
China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors
THEHACKERNEWS.COM — 23 Apr 2026
🕵️
Outlook Mailboxes Used to Conceal Linux GoGra Backdoor Traffic
GBHACKERS.COM — 23 Apr 2026
🕵️
Can AI Attack the Cloud? Lessons From Building an Autonomous Cloud Offensive Multi-Agent System
UNIT42.PALOALTONETWORKS.COM — 23 Apr 2026
🕵️
FBI Extracts Deleted Signal Messages from iPhone Notification Database
SCHNEIER.COM — 2026-04-23
🕵️
GitLab Fixes Flaws That Could Allow Attackers to Hijack User Sessions
GBHACKERS.COM — 23 Apr 2026
🕵️
Outlook Mailboxes Abused to Conceal Linux GoGra Backdoor Traffic
GBHACKERS.COM — 23 Apr 2026
🕵️
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
SH.ITJUST.WORKS — 23 Apr 2026
🕵️
FBI: Americans Lost More Than $20 billion to Fraud Last Year
KNOWBE4.COM — 23 Apr 2026
🕵️
Phishing reclaims the top initial access spot, attackers experiment with AI tools - Help Net Security
SH.ITJUST.WORKS — 23 Apr 2026
🕵️
Microsoft releases emergency patches for critical ASP.NET flaw
SH.ITJUST.WORKS — 23 Apr 2026
🕵️
Cloud Security Isn’t What You Think
YOUTUBE.COM — 2026-04-23
🕵️
Apple’s $599 Mac mini Just Sold Out Everywhere
TECHREPUBLIC.COM — 23 Apr 2026
🕵️
AI-written software creates hassles for wary security teams
CYBERSECURITYDIVE.COM — 23 Apr 2026
🕵️
Google’s Pixel Update Sparks ‘Severe’ Battery Drain Across Multiple Models
TECHREPUBLIC.COM — 23 Apr 2026
🕵️
Researcher claims Claude Desktop installs “spyware” on macOS
SH.ITJUST.WORKS — 23 Apr 2026
🕵️
Iran-nexus threat groups refine attacks against critical infrastructure
CYBERSECURITYDIVE.COM — 23 Apr 2026
🕵️
New Pentagon Plan Would Pour $54B Into Drones, AI Combat Systems
TECHREPUBLIC.COM — 23 Apr 2026
🕵️
Apple Fixes iPhone Bug After FBI Retrieved Signal Messages
TECHREPUBLIC.COM — 23 Apr 2026
🕵️
TikTok Invests $1.16 Billion in New Finland Facility to Localize European Data
TECHREPUBLIC.COM — 23 Apr 2026
🕵️
Samsung Galaxy Connect Now Works on Any Windows 11 PC
TECHREPUBLIC.COM — 23 Apr 2026
🕵️
Hackers Use Hidden Website Instructions in New Attacks on AI Assistants
SH.ITJUST.WORKS — 23 Apr 2026
🕵️
India’s App Boom Has a Revenue Problem
TECHREPUBLIC.COM — 23 Apr 2026
🕵️
Dragos: Despite AI use, new malware targeting water plants is ‘hype’
CYBERSCOOP.COM — 23 Apr 2026
🕵️
Frontier AI and the Future of Defense: Your Top Questions Answered
UNIT42.PALOALTONETWORKS.COM — 23 Apr 2026
🌐
TrendAI™’s AI Security Brief podcast joins the N2K CyberWire network.
THECYBERWIRE.COM — 23 Apr 2026
🌐
China-linked hackers targeted Mongolian government using Slack, Discord for covert communications
THERECORD.MEDIA — 23 Apr 2026
🌐
Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet
WIRED.COM — 23 Apr 2026
📡
Section 702 survives for now.
THECYBERWIRE.COM — 23 Apr 2026
📡
Roblox clamps down on chats and age checks as legal pressure builds
MALWAREBYTES.COM — 23 Apr 2026
📡
Cyber-Attacks Surge 63% Annually in Education Sector
INFOSECURITY-MAGAZINE.COM — 23 Apr 2026
📡
Google Introduces Unique AI Agent Identities in New Gemini Enterprise Platform
INFOSECURITY-MAGAZINE.COM — 23 Apr 2026
📡
Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?
THEHACKERNEWS.COM — 23 Apr 2026
📡
Surveillance vendors caught abusing access to telcos to track people’s phone locations, researchers say
TECHCRUNCH.COM — 23 Apr 2026
📡
Apple Fixes iOS Notification Bug Exposing Deleted Messages
INFOSECURITY-MAGAZINE.COM — 23 Apr 2026
📡
Medical data of 500,000 Britons put up for sale on Chinese website
THERECORD.MEDIA — 23 Apr 2026
📡
Spam and phishing targeting taxpayers | Kaspersky official blog
KASPERSKY.COM — 23 Apr 2026
📡
Google Favors General‑Purpose Gemini Models Over Cybersecurity‑Specific AI
INFOSECURITY-MAGAZINE.COM — 23 Apr 2026
📡
It pays to be a forever student
TALOSINTELLIGENCE.COM — 23 Apr 2026
📡
India drops national ID app mandate.
THECYBERWIRE.COM — 23 Apr 2026
📡
US sanctions Cambodian senator for millions earned through scam compounds
THERECORD.MEDIA — 23 Apr 2026
📡
fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet
SENTINELONE.COM — 23 Apr 2026
🚨
Anthropic bets on EPSS for the coming bug surgeAnthropic’s Mythos has intensified a problem that vulnerability management programs were already struggling to contain: too many vulnerabilities and not enough clarity about which ones matter. What changes with Mythos — and the AI-based class of vulnerability discovery systems it…
KEVCSOONLINE.COM — 22 Apr 2026
🚨
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlinessubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/cisa-adds-8-exploited-flaws-to-kev-sets.html
KEVSH.ITJUST.WORKS — 22 Apr 2026
🐛
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
THEHACKERNEWS.COM — 22 Apr 2026
🐛
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
THEHACKERNEWS.COM — 22 Apr 2026
🐛
Critical Spring Authorization Server Issue Exposes Systems to XSS and SSRF Attacks
GBHACKERS.COM — 22 Apr 2026
🐛
Critical Bamboo Data Centre and Server Flaw Enables Command Injection Attacks
GBHACKERS.COM — 22 Apr 2026
🐛
Mozilla Firefox 150 Released With Fixes for Multiple Code Execution Vulnerabilities
GBHACKERS.COM — 22 Apr 2026
🐛
VU#518910: Ollama GGUF Quantization Remote Memory Leak
KB.CERT.ORG — 2026-04-22
🐛
Microsoft out-of-band updates fixed critical ASP.NET Core privilege escalation flaw
SECURITYAFFAIRS.COM — 22 Apr 2026
🐛
Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers
SECURITYAFFAIRS.COM — 22 Apr 2026
🐛
Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core
CSOONLINE.COM — 22 Apr 2026
🐛
Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed
TECHREPUBLIC.COM — 22 Apr 2026
⚠️
Vercel Breach Started With AI Tool
CYBERSECURITYTODAY.LIBSYN.COM — 22 Apr 2026
⚠️
Microsoft Issues Emergency .NET 10.0.7 Update to Patch Elevation of Privilege Vulnerability
GBHACKERS.COM — 22 Apr 2026
⚠️
1,370+ Microsoft SharePoint Servers at Risk of Spoofing Attacks Found Exposed Online
KEVGBHACKERS.COM — 22 Apr 2026
⚠️
DinDoor Backdoor Exploits Deno and MSI Installers to Slip Past Detection
GBHACKERS.COM — 22 Apr 2026
⚠️
From Shame to Fame: Changing Behaviors and RSAC Interviews from Tanium and Illumio - BSW #444
YOUTUBE.COM — 2026-04-22
⚠️
Risky Business #834 -- Vercel gets owned, Mozilla dumps hundreds of Mythos bugs
RISKY.BIZ — 22 Apr 2026
⚠️
The AI era demands a different kind of CISO
CYBERSCOOP.COM — 22 Apr 2026
⚠️
Lotus Wiper Hits Energy Sector in Destructive Cyberattack
GBHACKERS.COM — 22 Apr 2026
⚠️
Mullvad to add feature that forces all iOS traffic through the VPN tunnel
CYBERINSIDER.COM — 22 Apr 2026
⚠️
Toxic Combinations: When Cross-App Permissions Stack into Risk
THEHACKERNEWS.COM — 22 Apr 2026
⚠️
NFC tap-to-pay gets tapped by hackers
CSOONLINE.COM — 22 Apr 2026
⚠️
Mozilla says Claude’s Mythos AI helped uncover 271 flaws in Firefox
CYBERINSIDER.COM — 22 Apr 2026
⚠️
109 Fake GitHub Repos Spread SmartLoader, StealC Malware
GBHACKERS.COM — 22 Apr 2026
⚠️
Iran claims US exploited networking equipment backdoors during strikes
INFOSEC.PUB — 22 Apr 2026
⚠️
Unsecured Perforce Servers Expose Sensitive Data From Major Orgs - SecurityWeek
SH.ITJUST.WORKS — 22 Apr 2026
⚠️
Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
KEVSH.ITJUST.WORKS — 22 Apr 2026
⚠️
Punishment Fails Behavior Change
YOUTUBE.COM — 2026-04-22
⚠️
News alert: BreachLock’s integrated attack validation platform debuts in Gartner AEV category
LASTWATCHDOG.COM — 22 Apr 2026
⚠️
Microsoft SharePoint vulnerability widely exposed across multiple countries
CYBERSECURITYDIVE.COM — 22 Apr 2026
⚠️
New Apple Phishing Scam Uses Fake $899 iPhone Purchase Alert
TECHREPUBLIC.COM — 22 Apr 2026
⚠️
DDoS wave continues as Mastodon hit after Bluesky incident
SECURITYAFFAIRS.COM — 22 Apr 2026
⚠️
Apple fixes bug that cops used to extract deleted chat messages from iPhones
TECHCRUNCH.COM — 22 Apr 2026
⚠️
The leak was only a matter of time.
THECYBERWIRE.COM — 22 Apr 2026
📢
Namastex npm Packages Spread TeamPCP-Style CanisterWorm Malware
GBHACKERS.COM — 22 Apr 2026
📢
The Cybercrime Shift: From Opportunistic Attacks to Marketplace-Driven Ecosystem
THECYBERWIRE.COM — 22 Apr 2026
📢
UK Faces a Cyber ‘Perfect Storm’ Driven by Tech Advances and Nation State Threats, NCSC Warns
INFOSECURITY-MAGAZINE.COM — 22 Apr 2026
📢
IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist
TALOSINTELLIGENCE.COM — 22 Apr 2026
📢
Iran, Russia and China behind most major cyberattacks on UK, security chief warns
INFOSEC.PUB — 22 Apr 2026
📢
Iran, Russia and China behind most major cyberattacks on UK, security chief warns
SH.ITJUST.WORKS — 22 Apr 2026
📢
New Defense Department cyber strategy imminent, official says
THERECORD.MEDIA — 22 Apr 2026
📢
NCSC Unveils SilentGlass, a Plug-In Device to Protect Monitors from Cyber-Attacks
INFOSECURITY-MAGAZINE.COM — 22 Apr 2026
📢
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
THEHACKERNEWS.COM — 22 Apr 2026
📢
CISA director pick Sean Plankey withdraws his nomination
CYBERSCOOP.COM — 22 Apr 2026
📢
House Republicans roll out national privacy bill
CYBERSCOOP.COM — 22 Apr 2026
📢
Anonymous Competition Drives Executives
YOUTUBE.COM — 2026-04-22
📢
Trump’s CISA director pick withdraws after tumultuous nomination
CYBERSECURITYDIVE.COM — 22 Apr 2026
🔥
&#x5b;Guest Diary&#x5d; Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident, (Wed, Apr 22nd)
ISC.SANS.EDU — 22 Apr 2026
🔥
Exclusive Anthropic Cyber Tool Mythos Accessed by Unapproved Actors
GBHACKERS.COM — 22 Apr 2026
🔥
French Authorities Confirm Data Breach Amid Hackers’ Data Leak Allegations
GBHACKERS.COM — 22 Apr 2026
🔥
Former Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang
INFOSECURITY-MAGAZINE.COM — 22 Apr 2026
🔥
Ransomware Negotiator Pleads Guilty to BlackCat Scheme
SH.ITJUST.WORKS — 22 Apr 2026
🔥
UK cyber agency handling four major incidents a week as nation-state attacks surge
THERECORD.MEDIA — 22 Apr 2026
🔥
French govt agency confirms breach as hacker offers to sell data
SH.ITJUST.WORKS — 22 Apr 2026
🔥
Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000 - SecurityWeek
SH.ITJUST.WORKS — 22 Apr 2026
🔥
Cosmetics giant Rituals confirms data breach of customer membership records
TECHCRUNCH.COM — 22 Apr 2026
🔥
French police arrest suspected hacker behind dozens of data breaches
THERECORD.MEDIA — 22 Apr 2026
🔥
Malicious TikTok Downloader Extensions Quietly Compromised 130K Users
TECHREPUBLIC.COM — 22 Apr 2026
🔥
France confirms data breach at government agency that manages citizens’ IDs
TECHCRUNCH.COM — 22 Apr 2026
🔥
Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not
GRAHAMCLULEY.COM — 22 Apr 2026
🕵️
ISC Stormcast For Wednesday, April 22nd, 2026 https://isc.sans.edu/podcastdetail/9902, (Wed, Apr 22nd)
ISC.SANS.EDU — 22 Apr 2026
🕵️
Wireshark tutorial: Capture vs. Display Filters
INFOSEC.PUB — 22 Apr 2026
🕵️
Nobody runs a marathon by accident
KNOWBE4.COM — 22 Apr 2026
🕵️
Microsoft-Signed Binary Helps Deliver LOTUSLITE in India Spy Campaign
GBHACKERS.COM — 22 Apr 2026
🕵️
Scale Computing Spotlights Edge Wins in Retail, K-12
TECHREPUBLIC.COM — 22 Apr 2026
🕵️
Amazon, Anthropic Expand Alliance With 5GW Compute Push to Power Claude
GBHACKERS.COM — 22 Apr 2026
🕵️
Hackers Tie Iranian Espionage to CastleRAT and ChainShell
GBHACKERS.COM — 22 Apr 2026
🕵️
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
THEHACKERNEWS.COM — 22 Apr 2026
🕵️
Auraboros RAT Adds Live Audio, Keylogging, and Cookie Theft via Open C2 Panel
GBHACKERS.COM — 22 Apr 2026
🕵️
Microsoft warns of fake IT worker identities infiltrating cloud environments
GBHACKERS.COM — 22 Apr 2026
🕵️
Unauthorized Group Gains Access to Anthropic's Exclusive Cyber Tool Mythos
SH.ITJUST.WORKS — 22 Apr 2026
🕵️
When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks
UNIT42.PALOALTONETWORKS.COM — 22 Apr 2026
🕵️
ICE Uses Graphite Spyware
SCHNEIER.COM — 2026-04-22
🕵️
French Fintech Accounts Used to Launder Stolen Funds Before Detection
GBHACKERS.COM — 22 Apr 2026
🕵️
NGate NFC malware targets Android users through trojanized payment app - Help Net Security
SH.ITJUST.WORKS — 22 Apr 2026
🕵️
Microsoft Must Face £2.1B UK Cloud Licensing Lawsuit
TECHREPUBLIC.COM — 22 Apr 2026
🕵️
Researchers Uncover SIM Farm-as-a-Service Operation Spanning 87 Panels in 17 Nations
GBHACKERS.COM — 22 Apr 2026
🕵️
Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations | CSO Online
SH.ITJUST.WORKS — 22 Apr 2026
🕵️
Phishing Campaigns Abuse AI Workflow Automation Platforms
KNOWBE4.COM — 22 Apr 2026
🕵️
Malicious Google Ads Hit Crypto Users With Wallet Drainers
GBHACKERS.COM — 22 Apr 2026
🕵️
Downloads falsos do Google Antigravity estão roubando contas em questão de minutos | Malwarebytes
SH.ITJUST.WORKS — 22 Apr 2026
🕵️
More Attack Context for Faster Triage, Response, and Hunting. Now Available to Every SOC
ANY.RUN — 22 Apr 2026
🕵️
What are You Working on Wednesday
INFOSEC.PUB — 22 Apr 2026
🕵️
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
THEHACKERNEWS.COM — 22 Apr 2026
🕵️
Phishing — sometimes with AI’s help — topped initial-access methods in Q1, Cisco says
CYBERSECURITYDIVE.COM — 22 Apr 2026
🕵️
Network Engineering Basics
BLACKHILLSINFOSEC.COM — 22 Apr 2026
🕵️
Revolut Reportedly Targets $200B IPO Valuation in Huge Fintech Bet
TECHREPUBLIC.COM — 22 Apr 2026
🕵️
The Supreme Court is about to decide how far geofence warrants can go
CYBERSCOOP.COM — 22 Apr 2026
🕵️
AI Tools Are Helping Mediocre North Korean Hackers Steal Millions
WIRED.COM — 22 Apr 2026
🕵️
Authentication No Longer Means Safe
YOUTUBE.COM — 2026-04-22
🕵️
Hackers Impersonate IT Help Desk on Microsoft Teams to Gain Access, Steal Data
TECHREPUBLIC.COM — 22 Apr 2026
🕵️
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
THEHACKERNEWS.COM — 22 Apr 2026
🕵️
KelpDAO suffers $290 million heist tied to Lazarus hackers
SH.ITJUST.WORKS — 22 Apr 2026
🕵️
Fake Google Antigravity Installer Can Steal Accounts in Minutes
TECHREPUBLIC.COM — 22 Apr 2026
🕵️
Microsoft: Most Windows 11 Users Don’t Need Third-Party Antivirus
TECHREPUBLIC.COM — 22 Apr 2026
🕵️
Harvester: APT Group Expands Toolset With New GoGra Linux Backdoor
SH.ITJUST.WORKS — 22 Apr 2026
🕵️
AI Demand Is Forcing a Rethink of Data Center Power, Cooling
TECHREPUBLIC.COM — 22 Apr 2026
🕵️
Vonage, Girls Who Code Show What ‘Responsible AI’ Looks Like
TECHREPUBLIC.COM — 22 Apr 2026
🕵️
Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI
TECHREPUBLIC.COM — 22 Apr 2026
🕵️
North Korean hackers siphon more than $12 million from crypto users in sprawling campaign
THERECORD.MEDIA — 22 Apr 2026
🌐
Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack
THEHACKERNEWS.COM — 22 Apr 2026
🌐
Researcher claims Claude Desktop installs “spyware” on macOS
MALWAREBYTES.COM — 22 Apr 2026
🌐
Malicious trading website drops malware that hands your browser to attackers
MALWAREBYTES.COM — 22 Apr 2026
🌐
UK government says 100 countries have spyware that can hack people’s phones
TECHCRUNCH.COM — 22 Apr 2026
🌐
Targeting developers: real-world cases, tactics, and defense strategies | Kaspersky official blog
KASPERSKY.COM — 22 Apr 2026
🌐
Hackers deployed wiper malware in destructive attacks on Venezuela’s energy sector
THERECORD.MEDIA — 22 Apr 2026
🌐
LABScon25 Replay | Are Your Chinese Cameras Spying For You Or On You?
SENTINELONE.COM — 22 Apr 2026
🎙️
Alignment Episode: How Traci Byrne Works Across CISOs, Startups, and Partners
THECYBERWIRE.COM — 22 Apr 2026
🎙️
The AI-driven gap between innovation and security with Brian Vecci from Varonis
THECYBERWIRE.COMHTTPS: — 22 Apr 2026
📡
Weekly Threat Bulletin – April 22nd, 2026
F5.COM — 22 Apr 2026
📡
Winter 2025 SOC 1 report is now available with 184 services in scope
AWS.AMAZON.COM — 22 Apr 2026
📡
Venezuela energy sector targeted by highly destructive Lotus wiper
SECURITYAFFAIRS.COM — 22 Apr 2026
📡
Researchers Uncover ProxySmart Software Powering 90+ SIM Farms
INFOSECURITY-MAGAZINE.COM — 22 Apr 2026
📡
Surge in Silent Subject Phishing Attacks Targets VIP Users
INFOSECURITY-MAGAZINE.COM — 22 Apr 2026
📡
China’s cyber capabilities now equal to the US, warns Dutch intelligence
THERECORD.MEDIA — 22 Apr 2026
📡
Critical BRIDGE:BREAK flaws impact Lantronix and Silex Technology converters
SECURITYAFFAIRS.COM — 22 Apr 2026
📡
UK Commits £90m for Cybersecurity and Pushes for ‘Resilience Pledge’
INFOSECURITY-MAGAZINE.COM — 22 Apr 2026
📡
Unauthorized users gain access to Anthropic's Mythos model.
THECYBERWIRE.COM — 22 Apr 2026
📡
A technical walkthrough of multicloud full-stack security using AWS Security Hub Extended
AWS.AMAZON.COM — 22 Apr 2026
📡
MacOS Native Tools Enable Stealthy Enterprise Attacks
INFOSECURITY-MAGAZINE.COM — 22 Apr 2026
📡
Artemis emerges from stealth with $70 million in funding.
THECYBERWIRE.COM — 22 Apr 2026
🚨
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal DeadlinesThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vuln…
KEVTHEHACKERNEWS.COM — 21 Apr 2026
🚨
U.S. CISA adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency…
KEVSECURITYAFFAIRS.COM — 21 Apr 2026
🚨
Trust Lags Behind Technology.Anthropic’s Mythos proves irresistible despite claimed supply chain risks.Iran claims U.S. backdoors hit its networks. New Coast Guard rules target maritime OT security. A fresh NGate Android malware variant emerges. Thousands of ActiveMQ servers face active exploitation risk. CI…
KEVTHECYBERWIRE.COM — 21 Apr 2026
🐛
Malicious GGUF Models Could Trigger Remote Code Execution on SGLang Servers
GBHACKERS.COM — 21 Apr 2026
🐛
6,000+ Publicly Exposed Apache ActiveMQ Instances Found Vulnerable to CVE-2026-34197
GBHACKERS.COM — 21 Apr 2026
🐛
CVE-2026-41254
MSRC.MICROSOFT.COM — 21 Apr 2026
🐛
Apache Syncope RCE Vulnerability Detailed After Public Exploit Code Release
GBHACKERS.COM — 21 Apr 2026
🐛
Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations
CSOONLINE.COM — 21 Apr 2026
🐛
VU#414811: Terrarium contains a vulnerability that allows arbitrary code execution
KB.CERT.ORG — 2026-04-21
🐛
VU#890999: Radware Alteon has a reflected XSS vulnerability that can execute JavaScript in the host browser
KB.CERT.ORG — 2026-04-21
🐛
Thousands of Apache ActiveMQ instances still unpatched, weeks after an actively exploited hole discovered
KEVCSOONLINE.COM — 21 Apr 2026
⚠️
Lovable AI App Builder Hit by Reported API Flaw Exposing Thousands of Projects
GBHACKERS.COM — 21 Apr 2026
⚠️
AI-Driven Exploitation Could Shrink Defenders’ Patch Window
GBHACKERS.COM — 21 Apr 2026
⚠️
173: Tarjeteros
DARKNETDIARIES.COM — 21 Apr 2026
⚠️
GitHub Issue Alerts Exploited in OAuth Phishing Scam Targeting Developers
GBHACKERS.COM — 21 Apr 2026
⚠️
CISA Alerts Defenders to Exploited Cisco Catalyst SD-WAN Manager Security Flaws
KEVGBHACKERS.COM — 21 Apr 2026
⚠️
Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility
SECURITYAFFAIRS.COM — 21 Apr 2026
⚠️
Top techniques attackers use to infiltrate your systems today
CSOONLINE.COM — 21 Apr 2026
⚠️
The thin gray line: Handala, CyberAv3ngers and Iran’s proxy ops
CSOONLINE.COM — 21 Apr 2026
⚠️
The Human Aspect of Red Teams - Brian Fox, Tom Tovar, T. Gwyddon 'Data' Owen - ASW #379
YOUTUBE.COM — 2026-04-21
⚠️
Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool
INFOSECURITY-MAGAZINE.COM — 21 Apr 2026
⚠️
Microsoft spots Sapphire Sleet macOS attack using AppleScript and social engineering
GBHACKERS.COM — 21 Apr 2026
⚠️
Why identity is the driving force behind digital transformation
CSOONLINE.COM — 21 Apr 2026
⚠️
Mythos can find the vulnerability. It can’t tell you what to do about it.
CYBERSCOOP.COM — 21 Apr 2026
⚠️
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
THEHACKERNEWS.COM — 21 Apr 2026
⚠️
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
THEHACKERNEWS.COM — 21 Apr 2026
⚠️
UK probes Telegram and other chat apps over child safety failures
CYBERINSIDER.COM — 21 Apr 2026
⚠️
Prompt injection turned Google’s Antigravity file search into RCE
CSOONLINE.COM — 21 Apr 2026
⚠️
The Vercel breach started at a tool nobody was watching
PROGRAMMING.DEV — 21 Apr 2026
⚠️
Alert: WhatsApp Phishing Campaign Delivers Malware
KNOWBE4.COM — 21 Apr 2026
⚠️
Phishing and MFA exploitation: Targeting the keys to the kingdom
TALOSINTELLIGENCE.COM — 21 Apr 2026
⚠️
Cloud platform Vercel says company breached through third-party AI tool
THERECORD.MEDIA — 21 Apr 2026
⚠️
22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters
THEHACKERNEWS.COM — 21 Apr 2026
⚠️
CISA confirms exploitation of 3 more Cisco networking device vulnerabilities
CYBERSECURITYDIVE.COM — 21 Apr 2026
⚠️
The Ungoverned Workforce: Cybersecurity Insiders Finds 92% Lack Visibility Into AI Identities
GBHACKERS.COM — 21 Apr 2026
⚠️
Security Game Isn’t Fair
YOUTUBE.COM — 2026-04-21
⚠️
Mozilla: Anthropic's Mythos found 271 zero-day vulnerabilities in Firefox 150
ARSTECHNICA.COM — 21 Apr 2026
⚠️
Robosawmill, Gentleman, Vercel, GitHub, Claude, RS232, Josh Marpet, and More... - SWN #574
YOUTUBE.COM — 2026-04-21
⚠️
Oracle April 2026 Critical Patch Update Addresses 241 CVEs
TENABLE.COM — 21 Apr 2026
⚠️
Former DigitalMint ransomware negotiator pleads guilty to extortion scheme
CYBERSCOOP.COM — 21 Apr 2026
📢
SideWinder Spoofs Chrome PDF Viewer, Zimbra to Steal Government Webmail Logins
GBHACKERS.COM — 21 Apr 2026
📢
CISA Warns Compromised Axios npm Package Fueled Major Supply Chain Attack
GBHACKERS.COM — 21 Apr 2026
📢
European Commission Moving to Classify ChatGPT as ‘Very Large Online Search Engine’ Under Digital Services Act
TECHREPUBLIC.COM — 21 Apr 2026
📢
CISA urges security teams to view environments following axios compromise
CYBERSECURITYDIVE.COM — 21 Apr 2026
🔥
12 Fraudulent Browser Extensions Disguised as TikTok Downloaders Compromise 130K Users
GBHACKERS.COM — 21 Apr 2026
🔥
Gentlemen RaaS Hits Windows, Linux, and ESXi With New C-Based Locker
GBHACKERS.COM — 21 Apr 2026
🔥
PureRAT Hides PE Payloads in PNGs for Fileless Execution
GBHACKERS.COM — 21 Apr 2026
🔥
Unchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of Firms
INFOSECURITY-MAGAZINE.COM — 21 Apr 2026
🔥
5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time
THEHACKERNEWS.COM — 21 Apr 2026
🔥
The Gentlemen Ransomware Expands With Rapid Affiliate Growth
INFOSECURITY-MAGAZINE.COM — 21 Apr 2026
🔥
Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023
THEHACKERNEWS.COM — 21 Apr 2026
🔥
Ransomware negotiator pleads guilty to helping ransomware gang
TECHCRUNCH.COM — 21 Apr 2026
🔥
BreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation
GBHACKERS.COM — 21 Apr 2026
🔥
Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks
CYBERSCOOP.COM — 21 Apr 2026
🔥
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
THEHACKERNEWS.COM — 21 Apr 2026
🔥
Ransomware negotiator caught secretly assisting BlackCat extortion scheme
SECURITYAFFAIRS.COM — 21 Apr 2026
🔥
Weekly Update 500
TROYHUNT.COM — 21 Apr 2026
🕵️
End of an Era: Tim Cook Steps Down as Apple CEO, John Ternus to Take Over
TECHREPUBLIC.COM — 21 Apr 2026
🕵️
ISC Stormcast For Tuesday, April 21st, 2026 https://isc.sans.edu/podcastdetail/9900, (Tue, Apr 21st)
ISC.SANS.EDU — 21 Apr 2026
🕵️
Square POS Review 2026: Pricing, Features, Pros and Cons
TECHREPUBLIC.COM — 21 Apr 2026
🕵️
A .WAV With A Payload, (Tue, Apr 21st)
ISC.SANS.EDU — 21 Apr 2026
🕵️
New Lazarus APT Campaign: “Mach-O Man” macOS Malware Kit Hits Businesses
ANY.RUN — 21 Apr 2026
🕵️
North Korean Blamed for $290m KelpDAO Crypto Heist
INFOSECURITY-MAGAZINE.COM — 21 Apr 2026
🕵️
Get Microsoft Office 2024 Plus a Full Training Bundle for Just $114
TECHREPUBLIC.COM — 21 Apr 2026
🕵️
Set Your Business Up With Microsoft Office 2019 & Windows 11 Pro, $26
TECHREPUBLIC.COM — 21 Apr 2026
🕵️
FakeWallet cryptostealer propagating via iOS App Store applications
INFOSEC.PUB — 21 Apr 2026
🕵️
New NGate Android malware variant uses NFC app to steal card data
CYBERINSIDER.COM — 21 Apr 2026
🕵️
pompelmi – ClamAV antivirus scanning for Node.js, zero dependencies
PROGRAMMING.DEV — 21 Apr 2026
🕵️
Mexican Surveillance Company
SCHNEIER.COM — 2026-04-21
🕵️
NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
THEHACKERNEWS.COM — 21 Apr 2026
🕵️
AI-Powered NGate Malware Evades Detection Inside NFC Payment Apps
GBHACKERS.COM — 21 Apr 2026
🕵️
Claude Code, Gemini CLI, and GitHub Copilot Exposed to Prompt Injection via GitHub Comments
GBHACKERS.COM — 21 Apr 2026
🕵️
All-in-One PDFtoolkit Unlimited Is $79 (reg. $619)
TECHREPUBLIC.COM — 21 Apr 2026
🕵️
Google’s AI Overviews Produce Hundreds of Millions of Inaccurate Answers Every Day, Analysis Suggests
TECHREPUBLIC.COM — 21 Apr 2026
🕵️
Amazon Deepens Anthropic Partnership, Eyeing Up to $25B as Claude Demand Surges
TECHREPUBLIC.COM — 21 Apr 2026
🕵️
LLMs Push Red Team Boundaries
YOUTUBE.COM — 2026-04-21
🕵️
Big banks seek to ease security worries as AI push accelerates
CYBERSECURITYDIVE.COM — 21 Apr 2026
🕵️
67% of Android apps log data not mentioned in their privacy policies
CYBERINSIDER.COM — 21 Apr 2026
🕵️
This Sophisticated Scam Should Be a Warning To All Companies
KNOWBE4.COM — 21 Apr 2026
🕵️
Leak Points to Google’s ‘Fitbit Air’ as a Screen-Free Wearable for Health Tracking
TECHREPUBLIC.COM — 21 Apr 2026
🕵️
Apple May Drop iOS 27 Support for Four iPhones, Leaving Millions Behind
TECHREPUBLIC.COM — 21 Apr 2026
🕵️
Huawei Just Beat Apple and Samsung to a New Foldable Format in China
TECHREPUBLIC.COM — 21 Apr 2026
🕵️
Google Photos Rolls Out New AI-Powered Portrait Editing Features
TECHREPUBLIC.COM — 21 Apr 2026
🕵️
Quantum Computers Are Not a Threat to 128-bit Symmetric Keys
INFOSEC.PUB — 21 Apr 2026
🕵️
Scottish man pleads guilty to attack spree that created Scattered Spider’s notoriety
CYBERSCOOP.COM — 21 Apr 2026
🕵️
North Korea’s Lazarus APT stole $290M from Kelp DAO
SECURITYAFFAIRS.COM — 21 Apr 2026
🕵️
MacBook Neo Cheat Sheet: Everything to Know About Apple’s Budget Mac
TECHREPUBLIC.COM — 21 Apr 2026
🕵️
Intel Handheld Gaming Chip Core G3: Can It Challenge AMD in 2026?
TECHREPUBLIC.COM — 21 Apr 2026
🕵️
Meta Tests Paid WhatsApp Features With New ‘Plus’ Tier
TECHREPUBLIC.COM — 21 Apr 2026
🕵️
Galaxy S27 Could Debut Samsung’s Biggest Battery Upgrade in Years
TECHREPUBLIC.COM — 21 Apr 2026
🕵️
China Deploys Robot Dogs, Drones, and Humanoids to Run a ‘Full-Space’ Metro System
TECHREPUBLIC.COM — 21 Apr 2026
🌐
The US NSA is using Anthropic’s Claude Mythos despite supply chain risk
SECURITYAFFAIRS.COM — 21 Apr 2026
🌐
Fake Google Antigravity downloads are stealing accounts in minutes
MALWAREBYTES.COM — 21 Apr 2026
🌐
Trojanized Android App Fuels New Wave of NFC Fraud
INFOSECURITY-MAGAZINE.COM — 21 Apr 2026
📰
Daily Briefing for 04.21.26
THECYBERWIRE.COM — 21 Apr 2026
🎙️
The Three-Layer Strategy for Autonomous Agent Governance with Joe Hladik and Amit Malik
THECYBERWIRE.COM — 21 Apr 2026
🎙️
[Podcast] It's not you, it's your printer: State-sponsored and phishing threats in 2025
TALOSINTELLIGENCE.COM — 21 Apr 2026
📡
Bad Apples: Weaponizing native macOS primitives for movement and execution
TALOSINTELLIGENCE.COM — 21 Apr 2026
📡
Android 17 ends all-or-nothing access to your contacts
MALWAREBYTES.COM — 21 Apr 2026
📡
They Built a Legendary Privacy Tool. Now They’re Sworn Enemies
WIRED.COM — 21 Apr 2026
📡
Real Apple notifications are being used to drive tech support scams
MALWAREBYTES.COM — 21 Apr 2026
📡
EU targets two Russian propaganda networks with new sanctions
THERECORD.MEDIA — 21 Apr 2026
📡
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
KREBSONSECURITY.COM — 21 Apr 2026
📡
UK regulator to probe Telegram, teen chat sites for potential child safety violations
THERECORD.MEDIA — 21 Apr 2026
📡
Meta Is Sued Over Scam Ads on Facebook and Instagram
WIRED.COM — 21 Apr 2026
📡
Mozilla Used Anthropic’s Mythos to Find and Fix 151 Bugs in Firefox
WIRED.COM — 21 Apr 2026
🐛
Security Researcher Goes To War Against Microsoft
CYBERSECURITYTODAY.LIBSYN.COM — 20 Apr 2026
🐛
NIST Adopts Risk-Based NVD Model as CVE Submissions Jump 263% Since 2020
GBHACKERS.COM — 20 Apr 2026
🐛
Copilot & Agentforce offen für Prompt-Injection-Tricks
CSOONLINE.COM — 20 Apr 2026
🐛
Claude Mythos – ist der Hype gerechtfertigt?
CSOONLINE.COM — 20 Apr 2026
🐛
TBK DVR Vulnerability CVE-2024-3721 Exploited to Spread Nexcorium DDoS Malware
GBHACKERS.COM — 20 Apr 2026
🐛
VU#915947: SGLang is vulnerable to remote code execution when rendering chat templates from a model file
KB.CERT.ORG — 2026-04-20
🐛
Attackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based Botnet
INFOSECURITY-MAGAZINE.COM — 20 Apr 2026
🐛
CVE-2023-33538 under attack for a year, but exploitation still unsuccessful
SECURITYAFFAIRS.COM — 20 Apr 2026
🐛
National Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges | Flashpoint
SH.ITJUST.WORKS — 20 Apr 2026
🐛
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
THEHACKERNEWS.COM — 20 Apr 2026
⚠️
deleteduser.com - a $15 Personally Identifiable Information (PII) Magnet
SH.ITJUST.WORKS — 20 Apr 2026
⚠️
Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials
THEHACKERNEWS.COM — 20 Apr 2026
⚠️
Vercel Reports Data Breach Amid Claims of Compromised Internal Infrastructure
GBHACKERS.COM — 20 Apr 2026
⚠️
QEMU Hijacked as Stealth Backdoor for Credential Theft, Ransomware
GBHACKERS.COM — 20 Apr 2026
⚠️
Critical Gardyn Flaws Open Smart Garden Devices to Remote Hijacking
GBHACKERS.COM — 20 Apr 2026
⚠️
Handling the CVE Flood With EPSS, (Mon, Apr 20th)
ISC.SANS.EDU — 20 Apr 2026
⚠️
Ungepatchte Windows-Zero-Days RedSun, UnDefend und BlueHammer werden attackiert
HEISE.DE — 2026-04-20
⚠️
AI Model Claude Opus turns bugs into exploits for just $2,283
SECURITYAFFAIRS.COM — 20 Apr 2026
⚠️
Angriff auf Next.js-Hersteller Vercel: Kundendaten abgegriffen
HEISE.DE — 2026-04-20
⚠️
Making AI actually work in the enterprise and more RSAC Conference 2026 interviews - A... - ESW #455
YOUTUBE.COM — 2026-04-20
⚠️
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
THEHACKERNEWS.COM — 20 Apr 2026
⚠️
CISOs reshape their roles as business risk strategists
CSOONLINE.COM — 20 Apr 2026
⚠️
Network ‘background noise’ may predict the next big edge-device vulnerability
CYBERSCOOP.COM — 20 Apr 2026
⚠️
Fracturing Software Security With Frontier AI Models
UNIT42.PALOALTONETWORKS.COM — 20 Apr 2026
⚠️
Third-party AI hack triggers Vercel breach, internal environments accessed
SECURITYAFFAIRS.COM — 20 Apr 2026
⚠️
Anthropic MCP Hit by Critical Vulnerability Enabling Remote Code Execution
GBHACKERS.COM — 20 Apr 2026
⚠️
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
KEVSH.ITJUST.WORKS — 20 Apr 2026
⚠️
Attackers abuse Microsoft Teams to impersonate the IT helpdesk in a new enterprise intrusion playbook
CSOONLINE.COM — 20 Apr 2026
⚠️
Hackers exploit Vercel’s trust in AI integration
CSOONLINE.COM — 20 Apr 2026
⚠️
CISA flags Apache ActiveMQ flaw as actively exploited in attacks
KEVSH.ITJUST.WORKS — 20 Apr 2026
⚠️
Vercel confirms breach as hackers claim to be selling stolen data
SH.ITJUST.WORKS — 20 Apr 2026
⚠️
Gh0st RAT, CloverPlus Hit Victims in Dual-Malware Campaign
GBHACKERS.COM — 20 Apr 2026
⚠️
ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers
SH.ITJUST.WORKS — 20 Apr 2026
⚠️
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
THEHACKERNEWS.COM — 20 Apr 2026
⚠️
App host Vercel says it was hacked and customer data stolen
TECHCRUNCH.COM — 20 Apr 2026
⚠️
AI Agents Are Insider Risk
YOUTUBE.COM — 2026-04-20
⚠️
Fireside Chat: PKI has carried digital trust through every tech advance—now comes the hardest one
LASTWATCHDOG.COM — 20 Apr 2026
⚠️
Vulnerability exploitation surges often precede disclosure, offering possible early warnings
CYBERSECURITYDIVE.COM — 20 Apr 2026
⚠️
Vercel systems targeted after third-party tool compromised
CYBERSECURITYDIVE.COM — 20 Apr 2026
⚠️
Cloud development platform Vercel confirms breach.
THECYBERWIRE.COM — 20 Apr 2026
⚠️
2026’s Breach List So Far: FBI Hacked, 1B Androids at Risk, 270M iPhones Vulnerable
TECHREPUBLIC.COM — 20 Apr 2026
⚠️
Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand
TECHREPUBLIC.COM — 20 Apr 2026
⚠️
Survey: Security Leaders Emphasize Need for Workforce Education
KNOWBE4.COM — 20 Apr 2026
⚠️
Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched
TECHREPUBLIC.COM — 20 Apr 2026
⚠️
The MCP Disclosure Is the AI Era’s ‘Open Redirect’ Moment
TECHREPUBLIC.COM — 20 Apr 2026
⚠️
When one weak link is enough.
THECYBERWIRE.COM — 20 Apr 2026
⚠️
The FTC’s AI portfolio is about to get bigger
CYBERSCOOP.COM — 20 Apr 2026
⚠️
Vercel’s security breach started with malware disguised as Roblox cheats
CYBERSCOOP.COM — 20 Apr 2026
⚠️
Small Banks at Risk of Collapse
YOUTUBE.COM — 2026-04-20
⚠️
Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution
CYBERSCOOP.COM — 20 Apr 2026
📢
NCSC Outlines Coordinated Plan to Boost NHS Cyber Resilience
INFOSECURITY-MAGAZINE.COM — 20 Apr 2026
📢
Iran’s MOIS Tied to Coordinated Cyber Campaign Using Multiple Hacker Personas
GBHACKERS.COM — 20 Apr 2026
📢
Minister: Swedish heating plant targeted by pro-Russian cyberattack
SH.ITJUST.WORKS — 20 Apr 2026
📢
Cyberattack at French identity document agency may have exposed personal data
THERECORD.MEDIA — 20 Apr 2026
🔥
Fake Helpdesk Attack Uses Teams and Quick Assist to Breach Targets
GBHACKERS.COM — 20 Apr 2026
🔥
British Hacker Admits Stealing Millions in Virtual Currency From Targeted Companies
GBHACKERS.COM — 20 Apr 2026
🔥
JanaWare Ransomware Hits Turkish Users via Tailored Adwind RAT
GBHACKERS.COM — 20 Apr 2026
🔥
DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy
RESEARCH.CHECKPOINT.COM — 20 Apr 2026
🔥
Bluesky blames app outage on ‘sophisticated’ DDoS attack
THERECORD.MEDIA — 20 Apr 2026
🔥
20th April – Threat Intelligence Report
RESEARCH.CHECKPOINT.COM — 20 Apr 2026
🔥
Crypto infrastructure company blames $290 million theft on North Korean hackers
THERECORD.MEDIA — 20 Apr 2026
🔥
Scattered Spider member Tyler Buchanan pleads guilty to major crypto theft
SECURITYAFFAIRS.COM — 20 Apr 2026
🔥
Amtrak Data Breach Exposes 2.1M Records, Reports Suggest Larger Leak
TECHREPUBLIC.COM — 20 Apr 2026
🔥
France’s ANTS ID System website hit by cyberattack, possible data breach
SECURITYAFFAIRS.COM — 20 Apr 2026
🕵️
ISC Stormcast For Monday, April 20th, 2026 https://isc.sans.edu/podcastdetail/9898, (Mon, Apr 20th)
ISC.SANS.EDU — 20 Apr 2026
🕵️
Public Notion Pages Expose Editors’ Profile Photos and Email Addresses
GBHACKERS.COM — 20 Apr 2026
🕵️
ZionSiphon Hits Israeli Water Systems With OT Sabotage Malware
GBHACKERS.COM — 20 Apr 2026
🕵️
NSA Confirms Use of Anthropic’s Mythos Despite Pentagon Blacklist
GBHACKERS.COM — 20 Apr 2026
🕵️
Top ERP Software Vendors in 2026
TECHREPUBLIC.COM — 20 Apr 2026
🕵️
Windows 11 Dev Build Introduces Improved Secure Boot Oversight and Storage Security
GBHACKERS.COM — 20 Apr 2026
🕵️
iTerm2 Flaw Turns SSH Escape Sequences Into Arbitrary Code Execution
GBHACKERS.COM — 20 Apr 2026
🕵️
Microsoft-Signed Malware Built With FUD Crypt Packs Persistence and C2
GBHACKERS.COM — 20 Apr 2026
🕵️
MiningDropper Spreads Infostealers, RATs, Banking Malware on Android
GBHACKERS.COM — 20 Apr 2026
🕵️
Is “Satoshi Nakamoto” Really Adam Back?
SCHNEIER.COM — 2026-04-20
🕵️
North Korea-Linked UNC1069 Hacks Crypto Pros via Fake Meetings
GBHACKERS.COM — 20 Apr 2026
🕵️
Notion pages have leaked user data via an unauthenticated API since 2022
CYBERINSIDER.COM — 20 Apr 2026
🕵️
Intel Utility Hijacked in AppDomain Attack to Launch Malware
GBHACKERS.COM — 20 Apr 2026
🕵️
New RecruitRat, SaferRat, Astrinox, Massiv Android Malware Found Targeting 800 Apps
SH.ITJUST.WORKS — 20 Apr 2026
🕵️
Critical sandbox bypass fixed in popular Thymeleaf Java template engine | CSO Online
SH.ITJUST.WORKS — 20 Apr 2026
🕵️
This $20 Career Prep Bundle Teaches Something Others Neglect
TECHREPUBLIC.COM — 20 Apr 2026
🕵️
Why the Axios attack proves AI is mandatory for supply chain security
CYBERSCOOP.COM — 20 Apr 2026
🕵️
Meta Plans Up to 8,000 Job Cuts in New Round of Layoffs
TECHREPUBLIC.COM — 20 Apr 2026
🕵️
Anthropic secretly installs spyware when you install Claude Desktop
PROGRAMMING.DEV — 20 Apr 2026
🕵️
Stellantis teams with Microsoft to strengthen digital capabilities
CYBERSECURITYDIVE.COM — 20 Apr 2026
🕵️
Apple’s App Store found hosting ‘FakeWallet’ crypto-stealing apps
CYBERINSIDER.COM — 20 Apr 2026
🕵️
North Korea hackers blamed for $290M crypto theft
TECHCRUNCH.COM — 20 Apr 2026
🕵️
Chrome Privacy Concerns Rise as Expert Warns of Fingerprinting Risks
TECHREPUBLIC.COM — 20 Apr 2026
🕵️
Amazon Debuts ‘Slimmest Ever’ Fire TV Stick HD Starting at $34.99
TECHREPUBLIC.COM — 20 Apr 2026
🕵️
Italy fines national postal service $14.7M over invasive data collection
CYBERINSIDER.COM — 20 Apr 2026
🕵️
Over 800 Android Apps Targeted in PIN-Stealing Trojan Campaign
TECHREPUBLIC.COM — 20 Apr 2026
🕵️
Bad Data Breaks AI Systems
YOUTUBE.COM — 2026-04-20
🕵️
Mac Studio 2026: Apple’s New Desktop Faces a Delayed Timeline
TECHREPUBLIC.COM — 20 Apr 2026
🕵️
China’s Robot Half Marathon Was More Than a Stunt
TECHREPUBLIC.COM — 20 Apr 2026
🕵️
This VPN Lets You Verify Your Business Privacy For $130
TECHREPUBLIC.COM — 20 Apr 2026
🌐
A week in security (April 13 &#8211; April 19)
MALWAREBYTES.COM — 20 Apr 2026
🌐
Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems
THEHACKERNEWS.COM — 20 Apr 2026
🌐
ZionSiphon Malware Targets Water Infrastructure Systems
INFOSECURITY-MAGAZINE.COM — 20 Apr 2026
🌐
Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection
INFOSECURITY-MAGAZINE.COM — 20 Apr 2026
🎙️
Beyond IT: Cybersecurity is a strategic business risk
CYBERSECURITYDIVE.COM — 20 Apr 2026
🎙️
Big Tech can stop scams. They just don&#8217;t (Lock and Code S07E08)
MALWAREBYTES.COM — 20 Apr 2026
🎙️
Building a unified security ecosystem with Melissa K. Smith from SentinelOne
THECYBERWIRE.COMHTTPS: — 20 Apr 2026
📡
Microsoft: Update außer der Reihe gegen ungewollte Server-Reboots
HEISE.DE — 2026-04-20
📡
Zahlreiche Attacken auf Dell PowerProtect Data Domain möglich
HEISE.DE — 2026-04-20
📡
FakeWallet crypto stealer spreading through iOS apps in the App Store
SECURELIST.COM — 20 Apr 2026
📡
FakeWallet crypto stealer spreading through iOS apps in the App Store
SECURELIST.COM — 20 Apr 2026
📡
The Weird, Twisting Tale of How China Spied on Alysa Liu and Her Dad
WIRED.COM — 20 Apr 2026
📡
Crypto Exchange Grinex Blames Western Spies for $13m Theft
INFOSECURITY-MAGAZINE.COM — 20 Apr 2026
📡
Why Most AI Deployments Stall After the Demo
THEHACKERNEWS.COM — 20 Apr 2026
📡
British hacker tied to Scattered Spider campaign pleads guilty in $8M scheme
THERECORD.MEDIA — 20 Apr 2026
📡
Mythos: An AI tool too powerful for public release
MALWAREBYTES.COM — 20 Apr 2026
📡
How to clone an AWS CloudHSM cluster across Regions
AWS.AMAZON.COM — 20 Apr 2026
📡
Elon Musk fails to appear for questioning by French police over sexualized AI images on X
THERECORD.MEDIA — 20 Apr 2026
📡
Mastodon says its flagship server was hit by a DDoS attack
TECHCRUNCH.COM — 20 Apr 2026
📡
Italian regulator fines national postal service orgs $15 million for data privacy violations
THERECORD.MEDIA — 20 Apr 2026
🐛
CVE-2026-5160
MSRC.MICROSOFT.COM — 19 Apr 2026
🐛
CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
MSRC.MICROSOFT.COM — 19 Apr 2026
🐛
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
MSRC.MICROSOFT.COM — 19 Apr 2026
⚠️
Vercel confirms security incident as hackers claim to sell internal access
CYBERINSIDER.COM — 19 Apr 2026
📢
A new licensing period and legal regulations for VPN services are being discussed in Türkiye.
SH.ITJUST.WORKS — 19 Apr 2026
🔥
Cyber attacks fuel surge in cargo theft across logistics industry
SECURITYAFFAIRS.COM — 19 Apr 2026
🔥
Carnival Corporation probes data breach after claims of 8.7M records theft
CYBERINSIDER.COM — 19 Apr 2026
🕵️
Oil Industry Hacker Accused of Targeting Environmental Activists Appears in Court
SH.ITJUST.WORKS — 19 Apr 2026
🕵️
Microsoft's Silent Lockout: Why WireGuard, VeraCrypt & Windscribe Can No Longer Update Windows Users
INFOSEC.PUB — 19 Apr 2026
🌐
Security Affairs newsletter Round 573 by Pierluigi Paganini – INTERNATIONAL EDITION
SECURITYAFFAIRS.COM — 19 Apr 2026
🌐
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 93
SECURITYAFFAIRS.COM — 19 Apr 2026
📡
Staatliches Bedrohungsmanagement: Psychisch kranke Personen mit Risikopotential
HEISE.DE — 2026-04-19
📡
Palantir posts mini-manifesto denouncing inclusivity and ‘regressive’ cultures
TECHCRUNCH.COM — 19 Apr 2026
🐛
NVD shifts strategy to deal with a CVE backlog.
THECYBERWIRE.COM — 18 Apr 2026
🐛
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
THEHACKERNEWS.COM — 18 Apr 2026
🐛
Nexcorium Mirai Variant Weaponises TBK DVR Vulnerability in Fresh IoT Botnet Push
GBHACKERS.COM — 18 Apr 2026
⚠️
Claude Opus wrote a Chrome exploit for $2,283
INFOSEC.PUB — 18 Apr 2026
⚠️
Cybersecurity Today Month in Review of March/April 2026
CYBERSECURITYTODAY.LIBSYN.COM — 18 Apr 2026
⚠️
Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access
SECURITYAFFAIRS.COM — 18 Apr 2026
⚠️
Nexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacks
SECURITYAFFAIRS.COM — 18 Apr 2026
⚠️
Researcher Claims Claude Opus Enabled Creation of Working Chrome Exploit
GBHACKERS.COM — 18 Apr 2026
⚠️
Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware
SECURITYAFFAIRS.COM — 18 Apr 2026
📢
NIST gives up enriching most CVEs
INFOSEC.PUB — 18 Apr 2026
🔥
A new breed of RAT.
THECYBERWIRE.COM — 18 Apr 2026
🔥
$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims
THEHACKERNEWS.COM — 18 Apr 2026
🔥
Proaktive Ermittlungen gegen Cybercrime auf Landesebene
HEISE.DE — 2026-04-18
🕵️
HTTP desync in Discord's media proxy: Spying on a whole platform
INFOSEC.PUB — 18 Apr 2026
🕵️
It Is Time to Ban the Sale of Precise Geolocation
SH.ITJUST.WORKS — 18 Apr 2026
🚨
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active ExploitationA recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA). To that end, the agency has added the vulnerability, tracked as CV…
KEVTHEHACKERNEWS.COM — 17 Apr 2026
🚨
U.S. CISA adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Apache ActiveMQ, tracked as CVE-2026-34197 (CVSS score o…
KEVSECURITYAFFAIRS.COM — 17 Apr 2026
🐛
Cisco Warns Webex Customers Of Critical SSO Problem
CYBERSECURITYTODAY.LIBSYN.COM — 17 Apr 2026
🐛
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
THEHACKERNEWS.COM — 17 Apr 2026
🐛
CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
CVE-2026-40164 jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
CVE-2026-35469 SpdyStream: DOS on CRI
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
CVE-2026-39956 jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
CVE-2026-32316 jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
CVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
CVE-2026-39979 jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
CVE-2026-41035
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
CVE-2026-35199 SymCrypt SymCryptXmssSign function - Heap overflow via 64->32-bit leaf-count truncation
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
CVE-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
PoC Released for FortiSandbox Flaw Enabling Arbitrary Command Execution
GBHACKERS.COM — 17 Apr 2026
🐛
Weaponized CVE-2026-39987 Pushes Blockchain Backdoor Through Hugging Face
GBHACKERS.COM — 17 Apr 2026
🐛
Another Microsoft Defender privilege escalation bug emerges days after patch
CSOONLINE.COM — 17 Apr 2026
🐛
TP-Link Routers Hit by Mirai in CVE-2023-33538 Attacks
GBHACKERS.COM — 17 Apr 2026
🐛
NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities - Infosecurity Magazine
SH.ITJUST.WORKS — 17 Apr 2026
🐛
Chromium: CVE-2026-6296 Heap buffer overflow in ANGLE
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6363 Type Confusion in V8
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6359 Use after free in Video
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6364 Out of bounds read in Skia
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6362 Use after free in Codecs
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6313 Insufficient policy enforcement in CORS
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6314 Out of bounds write in GPU
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6318 Use after free in Codecs
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6361 Heap buffer overflow in PDFium
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6310 Use after free in Dawn
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6360 Use after free in FileSystem
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6316 Use after free in Forms
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6309 Use after free in Viz
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6311 Uninitialized Use in Accessibility
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6307 Type Confusion in Turbofan
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6306 Heap buffer overflow in PDFium
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6303 Use after free in Codecs
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6308 Out of bounds read in Media
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6302 Use after free in Video
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6300 Use after free in CSS
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6304 Use after free in Graphite
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6305 Heap buffer overflow in PDFium
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6301 Type Confusion in Turbofan
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6317 Use after free in Cast
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6312 Insufficient policy enforcement in Passwords
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6298 Heap buffer overflow in Skia
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6297 Use after free in Proxy
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Chromium: CVE-2026-6299 Use after free in Prerender
MSRC.MICROSOFT.COM — 17 Apr 2026
🐛
Critical sandbox bypass fixed in popular Thymeleaf Java template engine
CSOONLINE.COM — 17 Apr 2026
⚠️
Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts
THEHACKERNEWS.COM — 17 Apr 2026
⚠️
Fake Zoom SDK Update Spreads Sapphire Sleet Malware in New macOS Attack Chain
GBHACKERS.COM — 17 Apr 2026
⚠️
Critical Flowise Flaw Enables Remote Command Execution via MCP Adapters
GBHACKERS.COM — 17 Apr 2026
⚠️
Google Deploys Gemini AI to Stop Threat Actors, Blocking 8.3 Billion Ads
GBHACKERS.COM — 17 Apr 2026
⚠️
Amtrak - 2,147,679 breached accounts
HAVEIBEENPWNED.COM — 17 Apr 2026
⚠️
Local area network anonymity hardening tool for Linux
SH.ITJUST.WORKS — 17 Apr 2026
⚠️
Palo Alto’s Helmut Reisinger sees a cyber sea change ahead as AI advances
CSOONLINE.COM — 17 Apr 2026
⚠️
Mythos and Cybersecurity
SCHNEIER.COM — 2026-04-17
⚠️
Tails 7.6.2 patches vulnerability that could expose saved files - Help Net Security
SH.ITJUST.WORKS — 17 Apr 2026
⚠️
We beat Google’s zero-knowledge proof of quantum cryptanalysis
TRAILOFBITS.COM — 17 Apr 2026
⚠️
SEO Poisoning Attack Uses Microsoft Binary to Install RMM Tool
GBHACKERS.COM — 17 Apr 2026
⚠️
Operation PowerOFF Knocks Out 75,000 DDoS Attackers and Over 50 Service Domains
GBHACKERS.COM — 17 Apr 2026
⚠️
White House moves to give federal agencies access to Anthropic’s Claude Mythos
CSOONLINE.COM — 17 Apr 2026
⚠️
Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
SH.ITJUST.WORKS — 17 Apr 2026
⚠️
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
KEVTHEHACKERNEWS.COM — 17 Apr 2026
⚠️
PowMix botnet targets Czech workforce
SH.ITJUST.WORKS — 17 Apr 2026
⚠️
Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered
SECURITYAFFAIRS.COM — 17 Apr 2026
⚠️
Pen Test Took Down Campus WiFi
YOUTUBE.COM — 2026-04-17
⚠️
We Reproduced Anthropic's Mythos Findings With Public Models
PROGRAMMING.DEV — 17 Apr 2026
⚠️
Inditex confirms third-party breach as hackers threaten Zara data leak
CYBERINSIDER.COM — 17 Apr 2026
⚠️
New “RedSun” Windows Defender zero-day exploited in the wild
KEVCYBERINSIDER.COM — 17 Apr 2026
⚠️
Hackers are abusing unpatched Windows security flaws to hack into organizations
TECHCRUNCH.COM — 17 Apr 2026
⚠️
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
KEVINFOSEC.PUB — 17 Apr 2026
⚠️
Flawed Cisco update threatens to stop APs from getting further patches
CSOONLINE.COM — 17 Apr 2026
⚠️
Temporary fix for Section 702.
KEVTHECYBERWIRE.COM — 17 Apr 2026
⚠️
Securing autonomous AI at scale with Arvind (Nitro) Nithrakashyap from Rubrik
THECYBERWIRE.COMHTTPS: — 17 Apr 2026
📢
With US spy laws set to expire, lawmakers are split over protecting Americans from warrantless surveillance
TECHCRUNCH.COM — 17 Apr 2026
📢
US House extends FISA Section 702 for ten days.
THECYBERWIRE.COM — 17 Apr 2026
🔥
Payouts King Emerges: New Ransomware Operation Tied to Ex-BlackBasta Members
GBHACKERS.COM — 17 Apr 2026
🔥
108 Chrome extensions caught stealing user data and hijacking sessions
INFOSEC.PUB — 17 Apr 2026
🔥
“Your shipment has arrived” email hides remote access software
MALWAREBYTES.COM — 17 Apr 2026
🔥
Data breach at edtech giant McGraw Hill affects 13.5 million accounts
SH.ITJUST.WORKS — 17 Apr 2026
🔥
Industrial Systems Hit by New Email-Worm Threat Wave
GBHACKERS.COM — 17 Apr 2026
🔥
Amtrak data breach exposed information of 2.1 million accounts
CYBERINSIDER.COM — 17 Apr 2026
🔥
AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech
TECHREPUBLIC.COM — 17 Apr 2026
🔥
Man who hacked US Supreme Court filing system sentenced to probation
TECHCRUNCH.COM — 17 Apr 2026
🔥
Kyrgyzstan-based crypto exchange Grinex shuts down after $13.7M cyber heist, blames Western Intelligence
SECURITYAFFAIRS.COM — 17 Apr 2026
🕵️
ISC Stormcast For Friday, April 17th, 2026 https://isc.sans.edu/podcastdetail/9896, (Fri, Apr 17th)
ISC.SANS.EDU — 17 Apr 2026
🕵️
Hackers Deploy ATHR for Scalable AI-Driven Vishing and Credential Theft
GBHACKERS.COM — 17 Apr 2026
🕵️
Anthropic Introduces Claude Opus 4.7 for Advanced Problem-Solving
GBHACKERS.COM — 17 Apr 2026
🕵️
ZionSiphon Malware Hits Israeli Desalination Plants
GBHACKERS.COM — 17 Apr 2026
🕵️
Censys Warns 6 Million Public-Facing FTP Servers Are Still Exposed in 2026
GBHACKERS.COM — 17 Apr 2026
🕵️
Fiverr left customer files public and searchable on Google
INFOSEC.PUB — 17 Apr 2026
🕵️
Top 5 Disaster Recovery Companies in 2026
TECHREPUBLIC.COM — 17 Apr 2026
🕵️
OpenAI Extends GPT-5.4-Cyber Access to Trusted Organizations Worldwide
GBHACKERS.COM — 17 Apr 2026
🕵️
Microsoft Acknowledges Reboot Loop Issue on Windows Servers Following April Patches
GBHACKERS.COM — 17 Apr 2026
🕵️
Identity at the Edge: How the Sixth Annual Identity Management Day Highlights the New Frontiers of Trust
KNOWBE4.COM — 17 Apr 2026
🕵️
ZionSiphon malware designed to sabotage water treatment systems
SH.ITJUST.WORKS — 17 Apr 2026
🕵️
Operation PowerOFF identifies 75k DDoS users, takes down 53 domains
SH.ITJUST.WORKS — 17 Apr 2026
🕵️
North Korea Uses ClickFix to Target macOS Users' Data
SH.ITJUST.WORKS — 17 Apr 2026
🕵️
Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads - Infosecurity Magazine
SH.ITJUST.WORKS — 17 Apr 2026
🕵️
Six million FTP servers exposed online | Cybernews
SH.ITJUST.WORKS — 17 Apr 2026
🕵️
Bluesky Outage: Coordinated Traffic Attack Causes Widespread Errors
TECHREPUBLIC.COM — 17 Apr 2026
🕵️
Off-Topic Friday
INFOSEC.PUB — 17 Apr 2026
🕵️
Over 13M Kemper Corporation records leaked on the dark web, hackers claim | Cybernews
SH.ITJUST.WORKS — 17 Apr 2026
🕵️
Cisco patches critical bugs in Webex, ISE | news | SC Media
SH.ITJUST.WORKS — 17 Apr 2026
🕵️
New Phishing Attack Turns n8n Into On-Demand Malware Machine
TECHREPUBLIC.COM — 17 Apr 2026
🕵️
Widespread AI Use Masks a Growing Workplace Readiness Gap
TECHREPUBLIC.COM — 17 Apr 2026
🕵️
Brave to launch minimalist “Origin” browser with core privacy features
CYBERINSIDER.COM — 17 Apr 2026
🕵️
Tor VPN for Android security audit confirms robust design
CYBERINSIDER.COM — 17 Apr 2026
🕵️
Transform security logs into OCSF format using a configuration-driven ETL solution
AWS.AMAZON.COM — 17 Apr 2026
🕵️
Anthropic Releases Opus 4.7, Not as ‘Broadly Capable’ as Mythos AI
TECHREPUBLIC.COM — 17 Apr 2026
🕵️
Clothing Retailer Patches Website Flaw Exposing Customer Data
TECHREPUBLIC.COM — 17 Apr 2026
🕵️
Chinese Humanoid Robots Dominate Opening Day of Canton Fair 2026
TECHREPUBLIC.COM — 17 Apr 2026
🕵️
Apple iPhone Ultra: New Leak Reveals ‘Passport’ Design, High Price Tag
TECHREPUBLIC.COM — 17 Apr 2026
🕵️
Friday Squid Blogging: New Giant Squid Video
SCHNEIER.COM — 2026-04-17
🕵️
Dougbot, RedSun, ATHR, Vishing, Cisco, Google, Chrome, Severance, Shor, Josh Marpet.. - SWN #573
YOUTUBE.COM — 2026-04-17
🌐
Inside ZionSiphon: politically driven malware aims at Israeli water systems
SECURITYAFFAIRS.COM — 17 Apr 2026
🌐
Analyse: Vom Mythos zur Vulnocalypse und was jetzt wirklich zu tun ist
HEISE.DE — 2026-04-17
🌐
Hackers leverage leaked government intelligence tools to target everyday iOS users | Kaspersky official blog
KASPERSKY.COM — 17 Apr 2026
🎙️
Auslegungssache 157: Datenschutz vor Gericht
HEISE.DE — 2026-04-17
📡
Lumma Stealer infection with Sectop RAT (ArechClient2), (Fri, Apr 17th)
ISC.SANS.EDU — 17 Apr 2026
📡
Angreifer attackieren Apache ActiveMQ Broker, Apache ActiveMQ
HEISE.DE — 2026-04-17
📡
Ärger mit aktueller NordVPN-App für macOS
HEISE.DE — 2026-04-17
📡
Amazon: Ring-Kameras jetzt mit optionaler Gesichtserkennung
HEISE.DE — 2026-04-17
📡
Windows-Updates: Unerwartete Server-Reboots und Anmeldestörungen
HEISE.DE — 2026-04-17
📡
Jetzt patchen nginx-ui! Angreifer übernehmen Kontrolle über Nginx-Server
HEISE.DE — 2026-04-17
📡
Österlicher Zertifikats-GAU bei D-Trust: Zehntausende Zertifikate ungültig
HEISE.DE — 2026-04-17
📡
YubiKey Manager: Sicherheitslücke ermöglicht Ausführung untergeschobenen Codes
HEISE.DE — 2026-04-17
📡
Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul
THEHACKERNEWS.COM — 17 Apr 2026
📡
Singer loses life savings to fake wallet downloaded from the Apple App Store
BITDEFENDER.COM — 17 Apr 2026
📡
Android 13 erreicht Support-Ende: Millionen Geräte betroffen
HEISE.DE — 2026-04-17
📡
This old-school scam is still working
MALWAREBYTES.COM — 17 Apr 2026
📡
DraftKings hacker sentenced to prison, ordered to pay $1.4 Million
SECURITYAFFAIRS.COM — 17 Apr 2026
📡
EU-App zur Altersprüfung: Experten knacken „Sorglos-Paket“ in Minuten
HEISE.DE — 2026-04-17
🐛
Nginx-UI Flaw Actively Exploited to Enable Full Server Takeover
KEVGBHACKERS.COM — 16 Apr 2026
🐛
Splunk Enterprise and Cloud Platform Exposed to Dangerous RCE Vulnerability
GBHACKERS.COM — 16 Apr 2026
🐛
Cisco Webex Vulnerability Allows User Impersonation Attacks
GBHACKERS.COM — 16 Apr 2026
🐛
New PoC Exploit Published for Microsoft Defender 0-Day Flaw
GBHACKERS.COM — 16 Apr 2026
🐛
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
THEHACKERNEWS.COM — 16 Apr 2026
🐛
Behind the Mythos hype, Glasswing has just one confirmed CVE
CSOONLINE.COM — 16 Apr 2026
🐛
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
KEVSH.ITJUST.WORKS — 16 Apr 2026
🐛
NVD shifts strategy to deal with a CVE backlog.
THECYBERWIRE.COM — 16 Apr 2026
🐛
Too many flaws, not enough time.
THECYBERWIRE.COM — 16 Apr 2026
🐛
NIST cuts down CVE analysis amid vulnerability overload
KEVCSOONLINE.COM — 16 Apr 2026
🐛
Cisco Systems issues three advisories for critical vulnerabilities in Webex, ISE
CSOONLINE.COM — 16 Apr 2026
⚠️
McGraw Hill - 13,500,136 breached accounts
HAVEIBEENPWNED.COM — 16 Apr 2026
⚠️
Konform Browser - Open source web browser taking privacy, security and freedom to the next level
SH.ITJUST.WORKS — 16 Apr 2026
⚠️
Who is winning the scam game?
THECYBERWIRE.COM — 16 Apr 2026
⚠️
AI Content Hijacks Google Discover to Deliver Malicious Alerts
GBHACKERS.COM — 16 Apr 2026
⚠️
UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign
THEHACKERNEWS.COM — 16 Apr 2026
⚠️
Cisco FMC Zero-Day Among 31 High-Impact Vulnerabilities Exploited in March
KEVGBHACKERS.COM — 16 Apr 2026
⚠️
Chrome Privacy Vulnerability Exposes Users via Fingerprinting and Header Leaks
GBHACKERS.COM — 16 Apr 2026
⚠️
Critical Cisco ISE Flaws Let Remote Attackers Execute Malicious Code
GBHACKERS.COM — 16 Apr 2026
⚠️
Sniffnet 1.5: Welches Programm funkt nach Hause?
HEISE.DE — 2026-04-16
⚠️
Human Trust of AI Agents
SCHNEIER.COM — 2026-04-16
⚠️
Hackers Exploit n8n Webhooks to Spread Malware
GBHACKERS.COM — 16 Apr 2026
⚠️
The endless CISO reporting line debate — and what it says about cybersecurity leadership
CSOONLINE.COM — 16 Apr 2026
⚠️
PowMix botnet targets Czech workforce
TALOSINTELLIGENCE.COM — 16 Apr 2026
⚠️
Defending Your Enterprise When AI Models Can Find Vulnerabilities Faster Than Ever
KEVCLOUD.GOOGLE.COM — 16 Apr 2026
⚠️
Fake ProtonVPN, game mod sites spread NWHStealer in new Windows malware campaign
GBHACKERS.COM — 16 Apr 2026
⚠️
Microsoft’s Windows Recall still allows silent data extraction
KEVCSOONLINE.COM — 16 Apr 2026
⚠️
Microsoft, Salesforce Patch AI Agent Data Leak Flaws
SH.ITJUST.WORKS — 16 Apr 2026
⚠️
PHP Composer flaws enable remote command execution via Perforce VCS
SH.ITJUST.WORKS — 16 Apr 2026
⚠️
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
THEHACKERNEWS.COM — 16 Apr 2026
⚠️
Vom BlueHammer-Autor: Neuer Windows-Zeroday verschafft Adminrechte
HEISE.DE — 2026-04-16
⚠️
AI platform n8n abused for stealthy phishing and malware delivery
SECURITYAFFAIRS.COM — 16 Apr 2026
⚠️
EU’s official age verification app found exposing sensitive user data
CYBERINSIDER.COM — 16 Apr 2026
⚠️
Fake Proton VPN sites are pushing NWHStealer malware to Windows users
CYBERINSIDER.COM — 16 Apr 2026
⚠️
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
THEHACKERNEWS.COM — 16 Apr 2026
⚠️
EU’s official age verification app found exposing sensitive user data; also EU Age Verification can be bypassed using their own infrastructure
INFOSEC.PUB — 16 Apr 2026
⚠️
The Q1 vulnerability pulse
TALOSINTELLIGENCE.COM — 16 Apr 2026
⚠️
Foxit, LibRaw vulnerabilities
TALOSINTELLIGENCE.COM — 16 Apr 2026
⚠️
Beating the Mythos clock: Using Tenable Hexa AI custom agents for automated patching
TENABLE.COM — 16 Apr 2026
⚠️
McGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records Leaked
TECHREPUBLIC.COM — 16 Apr 2026
⚠️
RCE by design: MCP architectural choice haunts AI agent ecosystem
CSOONLINE.COM — 16 Apr 2026
⚠️
When “No Exploit” Becomes One
YOUTUBE.COM — 2026-04-16
⚠️
The AI "Vulnpocolypse" Is Real? - PSW #922
YOUTUBE.COM — 2026-04-16
📋
Critical Chrome Flaws Allow Arbitrary Code Execution – Patch Immediately
GBHACKERS.COM — 16 Apr 2026
📢
Insurance carriers quietly back away from covering AI outputs
CSOONLINE.COM — 16 Apr 2026
📢
Spionageangst im Bendlerblock: Pistorius verbannt Privat-Handys aus Sitzungen
HEISE.DE — 2026-04-16
📢
Early Results From KnowBe4’s AI Agents Show Easier Administration and Lower Cyber Risk
KNOWBE4.COM — 16 Apr 2026
🔥
How Nations Hack, Spy, and Win
THECYBERWIRE.COM — 16 Apr 2026
🔥
Sweden reports cyberattack attempt on heating plant amid rising energy threats
SECURITYAFFAIRS.COM — 16 Apr 2026
🔥
Booking.com breach gives scammers what they need to target guests
MALWAREBYTES.COM — 16 Apr 2026
🔥
McGraw Hill data breach incident exposed 13.5 million accounts
CYBERINSIDER.COM — 16 Apr 2026
🔥
[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment
THEHACKERNEWS.COM — 16 Apr 2026
🔥
UAC-0247 Hits Hospitals, Governments With Browser and WhatsApp Data Theft
GBHACKERS.COM — 16 Apr 2026
🔥
Autovista blames ransomware for service disruption • The Register
SH.ITJUST.WORKS — 16 Apr 2026
🔥
Cookeville hospital notifies 337K after hack​ | Cybernews
KEVSH.ITJUST.WORKS — 16 Apr 2026
🔥
Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites
TECHREPUBLIC.COM — 16 Apr 2026
🔥
Cookeville Regional Medical Center hospital data breach impacts 337,917 people
KEVSECURITYAFFAIRS.COM — 16 Apr 2026
🔥
Here's What Agentic AI Can Do With Have I Been Pwned's APIs
TROYHUNT.COM — 16 Apr 2026
🕵️
ISC Stormcast For Thursday, April 16th, 2026 https://isc.sans.edu/podcastdetail/9894, (Thu, Apr 16th)
ISC.SANS.EDU — 16 Apr 2026
🕵️
Fake Adobe Reader Download Drops ScreenConnect via Fileless Loader
GBHACKERS.COM — 16 Apr 2026
🕵️
Russian Hosting Tied to 1,250+ C2 Servers Across 165 Providers
GBHACKERS.COM — 16 Apr 2026
🕵️
Two U.S. Nationals Sentenced in $5 Million DPRK Remote Worker Laptop Farm Scheme
GBHACKERS.COM — 16 Apr 2026
🕵️
From clinics to government: UAC-0247 expands cyber campaign across Ukraine
SECURITYAFFAIRS.COM — 16 Apr 2026
🕵️
BlobPhish: The Phantom Phishing Campaign Hiding in Browser Memory
ANY.RUN — 16 Apr 2026
🕵️
US Moves Toward Mandatory Data Center Energy Reporting as EIA Pilot Expands
TECHREPUBLIC.COM — 16 Apr 2026
🕵️
Google, Microsoft, Meta Tracking You Even if You Opt Out - New Research
SH.ITJUST.WORKS — 16 Apr 2026
🕵️
French cops free mother and son after crypto kidnapping • The Register
SH.ITJUST.WORKS — 16 Apr 2026
🕵️
AI adoption is outpacing the safeguards around it - Help Net Security
SH.ITJUST.WORKS — 16 Apr 2026
🕵️
WordPress plugins injected with malicious code​ | Cybernews
SH.ITJUST.WORKS — 16 Apr 2026
🕵️
Fortinet Patches Critical FortiSandbox Vulnerabilities - SecurityWeek
SH.ITJUST.WORKS — 16 Apr 2026
🕵️
Quantum-safe encrypted cloud storage Tuta Drive debuts in closed beta
CYBERINSIDER.COM — 16 Apr 2026
🕵️
AI Security Arms Race Begins
YOUTUBE.COM — 2026-04-16
🕵️
Adobe Expands Firefly Into AI-Powered Editing Assistant Across Creative Apps
TECHREPUBLIC.COM — 16 Apr 2026
🕵️
Two Americans sentenced for helping North Korea steal $5 million in fake IT worker scheme
TECHCRUNCH.COM — 16 Apr 2026
🕵️
Major Disney Layoffs: 1,000 Jobs Cut in Tech-Driven Shakeup
TECHREPUBLIC.COM — 16 Apr 2026
🕵️
EU Declares New Digital Age Verification App Ready for Deployment
TECHREPUBLIC.COM — 16 Apr 2026
🕵️
New MacBook Pro Overhaul Expected with OLED, Touchscreen, and M6 Chips
TECHREPUBLIC.COM — 16 Apr 2026
🕵️
NTT Research Launches Scale Academy to Bring Lab Technology to Market
TECHREPUBLIC.COM — 16 Apr 2026
🕵️
The Boy That Cried Mythos: Verification is Collapsing Trust in Anthropic
PROGRAMMING.DEV — 16 Apr 2026
🌐
Anthropic vs Washington.
THECYBERWIRE.COM — 16 Apr 2026
🌐
A fake Slack download is giving attackers a hidden desktop on your machine
MALWAREBYTES.COM — 16 Apr 2026
🌐
Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks
THEHACKERNEWS.COM — 16 Apr 2026
🎙️
Extending zero trust beyond the endpoint with Rob Allen from ThreatLocker
THECYBERWIRE.COMHTTPS: — 16 Apr 2026
📡
Chrome-Update stopft 31 Sicherheitslücken, davon fünf kritische
HEISE.DE — 2026-04-16
📡
Cisco: Kritische Codeschmuggel-Lücken in ISE und mehr geschlossen
HEISE.DE — 2026-04-16
📡
Anonymisierendes Linux: Notfallupdate auf Tails 7.6.2 schließt Flatpak-Lücke
HEISE.DE — 2026-04-16
📡
More than pretty pictures: Wendy Bishop on visual storytelling in tech
TALOSINTELLIGENCE.COM — 16 Apr 2026
📡
Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu
THEHACKERNEWS.COM — 16 Apr 2026
📡
Fashion retailer Express left customers’ personal data and order details exposed to the internet
TECHCRUNCH.COM — 16 Apr 2026
📡
Browser Guard gets even better with Access Control
MALWAREBYTES.COM — 16 Apr 2026
📡
“iCloud storage is full” scam is back, and now it wants your payment details
MALWAREBYTES.COM — 16 Apr 2026
📡
Android Canary: Google testet überarbeitetes Kontextmenü für App-Icons
HEISE.DE — 2026-04-16
📡
Gimp: Ungepatchte Lücke erlaubt Codeschmuggel mit GIFs
HEISE.DE — 2026-04-16
📡
ÖPNV-Expressmodus-Funktion beim iPhone: YouTuber zeigen potenziellen Angriff
HEISE.DE — 2026-04-16
📡
„Power Off“: BKA geht gegen DDoS-Angebote vor
HEISE.DE — 2026-04-16
📡
It’s not just you — Bluesky is (sorta) down
TECHCRUNCH.COM — 16 Apr 2026
📡
Die Natur ist unsere Quelle der Zufälligkeit: zum Tode von Michael O. Rabin
HEISE.DE — 2026-04-16
📡
European police email 75,000 people asking them to stop DDoS attacks
TECHCRUNCH.COM — 16 Apr 2026
📡
Cisco fixed four critical flaws in Identity Services and Webex
SECURITYAFFAIRS.COM — 16 Apr 2026
📡
Treasury Secretary holds a meeting to cover risks related to Anthropic’s new model.
THECYBERWIRE.COM — 16 Apr 2026
🚨
Risky Business #833 -- The Great Mythos Freakout of 2026On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: Everyone has an opinion about Claude Mythos… even though almost nobody has used it yet CISA adds a 2009 Excel bug to the KEV list, u wot? Adobe also parties like it…
KEVRISKY.BIZ — 15 Apr 2026
🚨
U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and …
KEVSECURITYAFFAIRS.COM — 15 Apr 2026
🐛
April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs
KEVCSOONLINE.COM — 15 Apr 2026
🐛
Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day
KEVSECURITYAFFAIRS.COM — 15 Apr 2026
🐛
CVE-2026-33555
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5466 wc_VerifyEccsiHash missing sanity check
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5194 wolfSSL ECDSA Certificate Verification
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5448 1-2 Byte Buffer Overflow in wolfSSL_X509_notAfter/notBefore
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5264 DTLS 1.3 ACK heap buffer overflow
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path.
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5446 wolfSSL ARIA-GCM TLS 1.2/DTLS 1.2 GCM nonce reuse
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-34601 xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5393 OOB Read in DoTls13CertificateVerify with WOLFSSL_DUAL_ALG_CERTS
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5500 Improper Validation of AES-GCM Authentication Tag Length in PKCS#7 Envelope Allows Authentication Bypass
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5504 PKCS7 CBC Padding Oracle — Plaintext Recovery
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5501 Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized Pointer
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5477 Prefix-substitution forgery via integer overflow in wolfCrypt CMAC
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5479 wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5503 out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicName
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5295 Stack Buffer Overflow in wolfSSL PKCS7 wc_PKCS7_DecryptOri() via Oversized OID
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5188 Integer underflow in X.509 SAN parsing in wolfSSL
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5447 Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5263 URI nameConstraints not enforced in ConfirmNameConstraints()
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5392 wolfSSL heap OOB read in PKCS7 SignedData streaming
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-35201 Discount has an Out-of-bounds Read in rdiscount
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-34479 Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-34480 Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-40175 Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
Microsoft Warns of Actively Exploited SharePoint Server Zero-Day
KEVGBHACKERS.COM — 15 Apr 2026
🐛
CVE-2025-30258 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
Windows Active Directory Flaw Opens Door to Malicious Code Execution
GBHACKERS.COM — 15 Apr 2026
🐛
Copilot and Agentforce fall to form-based prompt injection tricks
CSOONLINE.COM — 15 Apr 2026
🐛
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
KEVTHEHACKERNEWS.COM — 15 Apr 2026
🐛
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
THEHACKERNEWS.COM — 15 Apr 2026
🐛
CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access
KEVSECURITYAFFAIRS.COM — 15 Apr 2026
🐛
Critical nginx UI tool vulnerability opens web servers to full compromise
CSOONLINE.COM — 15 Apr 2026
⚠️
Curity looks to reinvent IAM with runtime authorization for AI agents
CSOONLINE.COM — 15 Apr 2026
⚠️
North Korean Spies DM You On Facebook
CYBERSECURITYTODAY.LIBSYN.COM — 15 Apr 2026
⚠️
Top 10 Best Passwordless Authentication Solutions in 2026
GBHACKERS.COM — 15 Apr 2026
⚠️
13 Fragen gegen Drittanbieterrisiken
CSOONLINE.COM — 15 Apr 2026
⚠️
Microsoft Patch Tuesday April 2026 Fixes 168 Flaws, Including an Actively Exploited Zero-Day
KEVGBHACKERS.COM — 15 Apr 2026
⚠️
OpenAI Introduces GPT-5.4 for Reverse Engineering, Vulnerability Discovery, and Malware Analysis
GBHACKERS.COM — 15 Apr 2026
⚠️
Ivanti Neurons for ITSM Vulnerabilities Let Remote Attackers Hijack User Sessions
GBHACKERS.COM — 15 Apr 2026
⚠️
Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action
CSOONLINE.COM — 15 Apr 2026
⚠️
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
THEHACKERNEWS.COM — 15 Apr 2026
⚠️
Hackers Exploit Hidden Microsoft 365 Mailbox Rules to Steal Sensitive Business Emails
GBHACKERS.COM — 15 Apr 2026
⚠️
PHP Composer flaws enable remote command execution via Perforce VCS
SECURITYAFFAIRS.COM — 15 Apr 2026
⚠️
The need for a board-level definition of cyber resilience
CSOONLINE.COM — 15 Apr 2026
⚠️
Credit Resources Vault: Why this credit email set off our scam alarms
MALWAREBYTES.COM — 15 Apr 2026
⚠️
The deepfake dilemma: From financial fraud to reputational crisis
CSOONLINE.COM — 15 Apr 2026
⚠️
April Patch Tuesday fixes two zero-days, including one under active attack
MALWAREBYTES.COM — 15 Apr 2026
⚠️
Hackers Abuse Google Cloud Storage to Slip Remcos RAT Past Email Filters
GBHACKERS.COM — 15 Apr 2026
⚠️
MuddyWater-Style Hackers Probe 12,000+ Systems Ahead of Middle East
GBHACKERS.COM — 15 Apr 2026
⚠️
Unlocking foundational visibility for cyber-physical systems with OT vulnerability management
TENABLE.COM — 15 Apr 2026
⚠️
Top 10 Best Application Security Testing Companies in 2026
GBHACKERS.COM — 15 Apr 2026
⚠️
Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities - SecurityWeek
SH.ITJUST.WORKS — 15 Apr 2026
⚠️
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
SH.ITJUST.WORKS — 15 Apr 2026
⚠️
wolfSSL Vulnerability Hits IoT, Routers and Military Systems, Update Now!
SH.ITJUST.WORKS — 15 Apr 2026
⚠️
EFF urges state probe into Google over undisclosed data sharing with ICE
CYBERINSIDER.COM — 15 Apr 2026
⚠️
Patch Tuesday notes: Microsoft addresses two zero-days.
THECYBERWIRE.COM — 15 Apr 2026
⚠️
Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days
TECHREPUBLIC.COM — 15 Apr 2026
⚠️
A heavy patch Tuesday lands.
THECYBERWIRE.COM — 15 Apr 2026
⚠️
Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying
GRAHAMCLULEY.COM — 15 Apr 2026
📋
Fortinet Fixes 11 Security Flaws Affecting FortiSandbox, FortiOS, FortiAnalyzer, and FortiManager
GBHACKERS.COM — 15 Apr 2026
📋
Microsoft Rolls Out KB5083769 Update for Windows 11 24H2 and 25H2
GBHACKERS.COM — 15 Apr 2026
📢
Chile’s Cybersecurity Framework Law: How SOCs Achieve Compliance and Response Readiness
ANY.RUN — 15 Apr 2026
📢
Michigan’s New Bill Takes Aim at AI Employee Surveillance
TECHREPUBLIC.COM — 15 Apr 2026
📢
Deterministic + Agentic AI: The Architecture Exposure Validation Requires
THEHACKERNEWS.COM — 15 Apr 2026
📢
Google, Microsoft, Meta Accused of Tracking Users Even After Privacy Opt-Out
GBHACKERS.COM — 15 Apr 2026
📢
Sweden blames Russian hackers for attempting ‘destructive’ cyberattack on thermal plant
TECHCRUNCH.COM — 15 Apr 2026
🔥
'Addicted to hacking': Young hacker behind historic breach speaks out for 1st time, before reporting to prison
SH.ITJUST.WORKS — 15 Apr 2026
🔥
JanaWare Ransomware Hits Turkish Users via Customized Adwind RAT
GBHACKERS.COM — 15 Apr 2026
🔥
Not All CISO Gigs Are Created Equal and RSAC Interviews from ESET and Mimecast - BSW #443
YOUTUBE.COM — 2026-04-15
🔥
Trusted WordPress Plugins Hijacked in 8-Month Stealth Backdoor Campaign
GBHACKERS.COM — 15 Apr 2026
🔥
Comcast’s $117.5M Breach Settlement: Up to 30M People May Qualify
TECHREPUBLIC.COM — 15 Apr 2026
🔥
&#x5b;Guest Diary&#x5d; Compromised DVRs and Finding Them in the Wild, (Thu, Apr 16th)
ISC.SANS.EDU — 15 Apr 2026
🕵️
ISC Stormcast For Wednesday, April 15th, 2026 https://isc.sans.edu/podcastdetail/9892, (Wed, Apr 15th)
ISC.SANS.EDU — 15 Apr 2026
🕵️
Dragon Boss Solutions Supply Chain Attack Exposes 25,000+ Endpoints
GBHACKERS.COM — 15 Apr 2026
🕵️
FUNNULL Scam Network Resurfaces With 175+ Rotating Domains Worldwide
GBHACKERS.COM — 15 Apr 2026
🕵️
Agentic LLM Browsers Open New Front in Prompt Injection, Data Theft
GBHACKERS.COM — 15 Apr 2026
🕵️
Fiverr exposes sensitive data via public URLs indexed by Google
CYBERINSIDER.COM — 15 Apr 2026
🕵️
Get This Fast and Powerful Lenovo ThinkPad for $1,000 Off
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
Defense in Depth, Medieval Style
SCHNEIER.COM — 2026-04-15
🕵️
Your AI Hiring Tools Are Now a Civil Rights Liability in Illinois
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
Google Uses Rust-Based Firmware in Pixel 10 Modem to Improve Memory Safety
GBHACKERS.COM — 15 Apr 2026
🕵️
The n8n n8mare: How threat actors are misusing AI workflow automation
TALOSINTELLIGENCE.COM — 15 Apr 2026
🕵️
Top 10 Best API Security Providers Protecting Web Apps in 2026
GBHACKERS.COM — 15 Apr 2026
🕵️
Google Photos Fixes Android Image Editing Tool: Here’s What Changed
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
This $60 AI Assistant Aims to Consolidate Your Daily Work Tools
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
Why CSOs Fail the Business
YOUTUBE.COM — 2026-04-15
🕵️
Dependency cooldowns turn you into a free-rider
PROGRAMMING.DEV — 15 Apr 2026
🕵️
Testing reveals Claude Mythos's offensive capabilities and limits - Help Net Security
SH.ITJUST.WORKS — 15 Apr 2026
🕵️
Malicious Chrome Extensions Campaign Exposes User Data - Infosecurity Magazine
SH.ITJUST.WORKS — 15 Apr 2026
🕵️
WhatsApp New Update Lets You Chat Without Sharing Your Phone Number
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
Microsoft Takes Over Key Stargate Site in Latest OpenAI Pullback
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
Kraken Exchange Faces Extortion After Insider Recorded System Footage
SH.ITJUST.WORKS — 15 Apr 2026
🕵️
Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto
SH.ITJUST.WORKS — 15 Apr 2026
🕵️
Google to penalize “back button hijacking” starting June 2026
CYBERINSIDER.COM — 15 Apr 2026
🕵️
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
THEHACKERNEWS.COM — 15 Apr 2026
🕵️
AI Zuckerberg Runs the Company
YOUTUBE.COM — 2026-04-15
🕵️
Cybersecurity Looks Like Proof of Work Now
PROGRAMMING.DEV — 15 Apr 2026
🕵️
Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
YouTube Will Show Fewer Livestream Ads During Purchases and Chat Spikes
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
SS&C Intralinks DealCentre AI vs. Datasite: Which platform is built for the future of dealmaking?
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
News Alert: NTT Research launches SaltGrain—advanced Attribute-Based Encryption security
LASTWATCHDOG.COM — 15 Apr 2026
🕵️
Tech Layoffs Continue: Snap Cuts 1,000 Jobs, Citing ‘Rapid Advancements’ in AI
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
Security Became the Business Nexus
YOUTUBE.COM — 2026-04-15
🌐
From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere
MALWAREBYTES.COM — 15 Apr 2026
🌐
Mirax malware campaign hits 220K accounts, enables full remote control
SECURITYAFFAIRS.COM — 15 Apr 2026
🌐
Threat landscape for industrial automation systems in Q4 2025
SECURELIST.COM — 15 Apr 2026
🌐
Nach Anthropic Mythos: OpenAI kündigt GPT-5.4-Cyber an
HEISE.DE — 2026-04-15
🎙️
Human-centered security in an AI world with Johnny Hand from TrendAI
THECYBERWIRE.COMHTTPS: — 15 Apr 2026
📡
Weekly Threat Bulletin – April 15th, 2026
F5.COM — 15 Apr 2026
📡
Azure-Hosted Scanning Cluster Launches WordPress Webshell Discovery Campaign
F5.COM — 15 Apr 2026
📡
Scanning for AI Models, (Tue, Apr 14th)
ISC.SANS.EDU — 15 Apr 2026
📡
What Founders Get Wrong About Early Marketing with Merav Ben Avi, VP of Marketing at YL Ventures
THECYBERWIRE.COM — 15 Apr 2026
📡
OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams
THEHACKERNEWS.COM — 15 Apr 2026
📡
Fortinet stopft 18 Sicherheitslecks
HEISE.DE — 2026-04-15
📡
Patchday: Angreifer attackieren Edge und Microsoft SharePoint Server
HEISE.DE — 2026-04-15
📡
Warnung vor Attacken auf 17 Jahre alte Excel-Lücke
HEISE.DE — 2026-04-15
📡
Adobe-Patchday: Kritische Schadcode-Lücken bedrohen Photoshop & Co.
HEISE.DE — 2026-04-15
📡
Bugs ohne Bounty: Eclipse Foundation startet Sicherheitsprogramm für Open VSX
HEISE.DE — 2026-04-15
📡
Microsoft Office 2021: Support endet am 13. Oktober 2026
HEISE.DE — 2026-04-15
📡
„Passwort“ Folge 55: News mit Claude-Code-Klau, PKI-Oopsies und Quantenturbo
HEISE.DE — 2026-04-15
📡
Raspberry Pi OS 6.2: Update verspricht mehr Sicherheit
HEISE.DE — 2026-04-15
📡
108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users
BITDEFENDER.COM — 15 Apr 2026
📡
WireGuard: Update für Windows-Client nach vier Jahren
HEISE.DE — 2026-04-15
📡
Fake YouTube copyright notices can steal your Google login
MALWAREBYTES.COM — 15 Apr 2026
📡
OpenSSL 4.0 verschlüsselt, was TLS bisher verraten hat
HEISE.DE — 2026-04-15
📡
Überwachung weltweit: Bundesregierung winkt UN-Cybercrime-Konvention durch
HEISE.DE — 2026-04-15
📡
21. BSI-Sicherheitskongress: NIS-2-Umsetzung weit hinter den Erwartungen
HEISE.DE — 2026-04-15
📡
Identität bleibt geheim: EU-App für Altersnachweis kommt
HEISE.DE — 2026-04-15
📡
Spotting cyberthreats: a guide for blind and low-vision users | Kaspersky official blog
KASPERSKY.COM — 15 Apr 2026
📡
AI clickbait can turn your notifications into a scam feed
MALWAREBYTES.COM — 15 Apr 2026
📡
Cisco intends to acquire AI observability and evaluation platform provider Galileo
THECYBERWIRE.COM — 15 Apr 2026
🚨
CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe SoftwareThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 (CVSS score: 9.1) …
KEVTHEHACKERNEWS.COM — 14 Apr 2026
🚨
How AI is transforming threat detectionArtificial intelligence is rapidly reshaping how security teams detect and hunt cyber threats by helping analyze vast volumes of security data, uncovering subtle signs of malicious activity, and identifying potential attacks faster than traditional tools or human analysts alone. …
KEVCSOONLINE.COM — 14 Apr 2026
🚨
U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire…
KEVSECURITYAFFAIRS.COM — 14 Apr 2026
🚨
Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from AnthropicWith the Federal Reserve Chairman meeting with bank CEOs to discuss the security implications of Claude Mythos, you can bet that your board of directors will ask you about the impact of the AI model on your cybersecurity strategy. Here’s how to prepare.  Key takeaways Anthro…
KEVTENABLE.COM — 14 Apr 2026
🐛
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
KEVTHEHACKERNEWS.COM — 14 Apr 2026
🐛
CVE-2025-1147 GNU Binutils nm nm.c internal_strlen buffer overflow
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2025-1148 GNU Binutils ld ldelfgen.c link_order_scan memory leak
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2025-11839 GNU Binutils prdbg.c tg_tag_type return value
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-40385
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-40393
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-31416 netfilter: nfnetlink_log: account for netlink header size
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-31423 net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-31424 netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-31427 netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-31419 net: bonding: fix use-after-free in bond_xmit_broadcast()
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-31421 net/sched: cls_fw: fix NULL pointer dereference on shared blocks
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-31428 netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-31418 netfilter: ipset: drop logically empty buckets in mtype_del
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-40386
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-31417 net/x25: Fix overflow when accumulating packets
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-31422 net/sched: cls_flow: fix NULL pointer dereference on shared blocks
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-31414 netfilter: nf_conntrack_expect: use expect->helper
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-31426 ACPI: EC: clean up handlers on probe failure in acpi_ec_setup()
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-31420 bridge: mrp: reject zero test interval to avoid OOM panic
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
Hackers Exploit Critical ShowDoc RCE Flaw in Ongoing Attacks
GBHACKERS.COM — 14 Apr 2026
🐛
CISA Warns Fortinet SQL Injection Flaw Is Being Actively Exploited
KEVGBHACKERS.COM — 14 Apr 2026
🐛
Attackers target unpatched ShowDoc servers via CVE-2025-0520
KEVSECURITYAFFAIRS.COM — 14 Apr 2026
🐛
Critical etcd Vulnerability Allows Unauthorized Access to Sensitive Cluster APIs
GBHACKERS.COM — 14 Apr 2026
🐛
Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621) - Help Net Security
KEVSH.ITJUST.WORKS — 14 Apr 2026
🐛
New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released
THEHACKERNEWS.COM — 14 Apr 2026
🐛
CVE-2026-20930 Windows Management Services Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-25250 MITRE: CVE-2026-25250 Secure Boot disable Eazy Fix
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-25184 Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-20945 Microsoft SharePoint Server Spoofing Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-23670 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26149 Microsoft Power Apps Security Feature Bypass
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26151 Remote Desktop Spoofing Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26154 Windows Server Update Service (WSUS) Tampering Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26155 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26160 Remote Desktop Licensing Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26161 Windows Sensor Data Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26162 Windows OLE Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26165 Windows Shell Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26166 Windows Shell Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26167 Windows Push Notifications Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26174 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26175 Windows Boot Manager Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26179 Windows Kernel Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26180 Windows Kernel Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26181 Microsoft Brokering File System Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26183 Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27906 Windows Hello Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27908 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27915 Windows UPnP Device Host Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27917 Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27918 Windows Shell Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27919 Windows UPnP Device Host Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27921 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27924 Desktop Window Manager Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27926 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27927 Windows Projected File System Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27929 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27931 Windows GDI Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32071 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32073 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32075 Windows UPnP Device Host Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32081 Package Catalog Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32082 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32083 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32085 Remote Procedure Call Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32087 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32089 Windows Speech Brokered Api Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32090 Windows Speech Brokered Api Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32093 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32152 Desktop Window Manager Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32154 Desktop Window Manager Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32156 Windows UPnP Device Host Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32157 Remote Desktop Client Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32158 Windows Push Notifications Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32159 Windows Push Notifications Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32160 Windows Push Notifications Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-0390 UEFI Secure Boot Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32165 Windows User Interface Core Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32167 SQL Server Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32168 Azure Monitor Agent Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32178 .NET Spoofing Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32181 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32183 Windows Snipping Tool Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32184 Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32188 Microsoft Excel Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32189 Microsoft Excel Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32192 Azure Monitor Agent Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32195 Windows Kernel Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32202 Windows Shell Spoofing Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32215 Windows Kernel Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32216 Windows Redirected Drive Buffering System Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32217 Windows Kernel Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32218 Windows Kernel Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2023-20585 AMD: CVE-2023-20585 IOMMU Write Buffer Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32219 Microsoft Brokering File System Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32220 UEFI Secure Boot Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32221 Windows Graphics Component Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32222 Windows Win32k Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32224 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32226 .NET Framework Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-33095 Microsoft Word Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-33096 HTTP.sys Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-33098 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-33116 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-33120 Microsoft SQL Server Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-33822 Microsoft Word Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-33826 Windows Active Directory Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32212 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32631 GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-21637 HackerOne: CVE-2026-21637 TLS PSK/ALPN Callback Exceptions Bypass Error Handlers
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-20928 Windows Recovery Environment Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-20806 Windows COM Server Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-23657 Microsoft Word Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-23666 .NET Framework Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26143 Microsoft PowerShell Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26152 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26153 Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26156 Windows Hyper-V Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26159 Remote Desktop Licensing Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26163 Windows Kernel Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26169 Windows Kernel Memory Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26170 PowerShell Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26172 Windows Push Notifications Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26173 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26176 Windows Client Side Caching driver (csc.sys) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26177 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26178 Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26182 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26184 Windows Projected File System Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27909 Windows Search Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27910 Windows Installer Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27911 Windows User Interface Core Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27912 Windows Kerberos Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27913 Windows BitLocker Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27914 Microsoft Management Console Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27916 Windows UPnP Device Host Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27920 Windows UPnP Device Host Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27922 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27923 Desktop Window Manager Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27925 Windows UPnP Device Host Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27928 Windows Hello Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-27930 Windows GDI Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32068 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32069 Windows Projected File System Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32070 Windows Common Log File System Driver Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32072 Active Directory Spoofing Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32074 Windows Projected File System Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32076 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32078 Windows Projected File System Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32079 Web Account Manager Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32080 Windows WalletService Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32084 Windows Print Spooler Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32086 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32088 Windows Biometric Service Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32091 Microsoft Brokering File System Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32149 Windows Hyper-V Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32150 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32151 Windows Shell Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32153 Windows Speech Runtime Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32155 Desktop Window Manager Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32162 Windows COM Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32163 Windows User Interface Core Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32164 Windows User Interface Core Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32171 Azure Logic Apps Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32176 SQL Server Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32190 Microsoft Office Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32196 Windows Admin Center Spoofing Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32197 Microsoft Excel Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32198 Microsoft Excel Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32199 Microsoft Excel Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32200 Microsoft PowerPoint Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-26171 .NET Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32203 .NET and Visual Studio Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32225 Windows Shell Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-33099 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-33100 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-33101 Windows Print Spooler Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-33103 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-33104 Win32k Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-33114 Microsoft Word Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-33115 Microsoft Word Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-33827 Windows TCP/IP Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-33824 Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-33829 Windows Snipping Tool Spoofing Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-32214 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
CVE-2026-33825 Microsoft Defender Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 14 Apr 2026
🐛
Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)
KEVTENABLE.COM — 14 Apr 2026
⚠️
How Hackers Are Thinking About AI
SCHNEIER.COM — 2026-04-14
⚠️
Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
THEHACKERNEWS.COM — 14 Apr 2026
⚠️
CISA Alerts on Exploited Microsoft Exchange and Windows CLFS Security Flaws
KEVGBHACKERS.COM — 14 Apr 2026
⚠️
Hackers Exploit Obsidian Plugin to Deploy Cross-Platform Malware
GBHACKERS.COM — 14 Apr 2026
⚠️
Synology SSL VPN Client Vulnerability Enabled Remote Access to Sensitive Files
GBHACKERS.COM — 14 Apr 2026
⚠️
The AI inflection point: What security leaders must do now
CSOONLINE.COM — 14 Apr 2026
⚠️
Securing Software's Journey with the OWASP SPVS - ASW #378
YOUTUBE.COM — 2026-04-14
⚠️
AI Codex Exploits Samsung TV Driver Flaw to Gain Root Access
GBHACKERS.COM — 14 Apr 2026
⚠️
China-linked cloud credential heist runs on typos and SMTP
CSOONLINE.COM — 14 Apr 2026
⚠️
Securing non-human identities: automated revocation, OAuth, and scoped permissions
CLOUDFLARE.COM — 14 Apr 2026
⚠️
US, UK and Canada disrupt $45M crypto theft in Operation Atlantic
SECURITYAFFAIRS.COM — 14 Apr 2026
⚠️
Adobe fixes PDF zero-day security bug that hackers have exploited for months
TECHCRUNCH.COM — 14 Apr 2026
⚠️
AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
THEHACKERNEWS.COM — 14 Apr 2026
⚠️
EU regulators largely denied access to Anthropic Mythos
CSOONLINE.COM — 14 Apr 2026
⚠️
Kali Forms Vulnerability Enables Remote Code Execution RCE
SH.ITJUST.WORKS — 14 Apr 2026
⚠️
Hack the AI agent: Build agentic AI security skills with the GitHub Secure Code Game
GITHUB.BLOG — 14 Apr 2026
⚠️
Personal data of 1 million gym members compromised in Basic-Fit security incident
SECURITYAFFAIRS.COM — 14 Apr 2026
⚠️
Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months
TECHREPUBLIC.COM — 14 Apr 2026
⚠️
4 questions to ask before outsourcing MDR
CSOONLINE.COM — 14 Apr 2026
⚠️
5 trends defining the future of AI-powered cybersecurity
CSOONLINE.COM — 14 Apr 2026
⚠️
Patch Tuesday, April 2026 Edition
KEVKREBSONSECURITY.COM — 14 Apr 2026
⚠️
Zuckbot, Rockstar, Klaude, Browsers Galore, Microsoft 365, ATC, Kieran Human and more - SWN #572
YOUTUBE.COM — 2026-04-14
⚠️
Microsoft’s April Windows update fixes 165 flaws, one exploited zero-day
KEVCYBERINSIDER.COM — 14 Apr 2026
⚠️
Secure AI agent access patterns to AWS resources using Model Context Protocol
AWS.AMAZON.COM — 14 Apr 2026
📋
SAP Patch Day Fixes Critical SQL Injection, DoS, and Code Injection Flaws
GBHACKERS.COM — 14 Apr 2026
📋
Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
ISC.SANS.EDU — 14 Apr 2026
📋
Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities
TALOSINTELLIGENCE.COM — 14 Apr 2026
📢
Angriffe auf sieben Sicherheitslücken beobachtet – eine ist 14 Jahre alt
HEISE.DE — 2026-04-14
📢
Omnistealer uses the blockchain to steal everything it can
MALWAREBYTES.COM — 14 Apr 2026
📢
Anthropic co-founder confirms the company briefed the Trump administration on Mythos
TECHCRUNCH.COM — 14 Apr 2026
📢
AI Breaks Identity Models
YOUTUBE.COM — 2026-04-14
🔥
Weekly Update 499
TROYHUNT.COM — 14 Apr 2026
🔥
Okta Under Attack as Hackers Skip Phishing for Identity Systems
GBHACKERS.COM — 14 Apr 2026
🔥
Rockstar’s GTA Game Hacked, 78.6 Million Records Published Online
GBHACKERS.COM — 14 Apr 2026
🔥
Is Booking.com compromised ?
SH.ITJUST.WORKS — 14 Apr 2026
🔥
Janela RAT Spreads via Fake MSI Installers, Malicious Extensions
GBHACKERS.COM — 14 Apr 2026
🔥
Booking.com breach sparks scam wave targeting travelers’ bookings
SH.ITJUST.WORKS — 14 Apr 2026
🔥
Mirax Android RAT Hijacks Infected Phones as Residential Proxies
GBHACKERS.COM — 14 Apr 2026
🔥
European Gym giant Basic-Fit data breach affects 1 million members
SH.ITJUST.WORKS — 14 Apr 2026
🔥
Three Rowhammer attacks targeting GDDR6 | Kaspersky official blog
KASPERSKY.COM — 14 Apr 2026
🔥
France builds its own digital future.
THECYBERWIRE.COM — 14 Apr 2026
🕵️
ISC Stormcast For Tuesday, April 14th, 2026 https://isc.sans.edu/podcastdetail/9890, (Tue, Apr 14th)
ISC.SANS.EDU — 14 Apr 2026
🕵️
APT41 Targets Linux Cloud Servers With New Winnti Backdoor
GBHACKERS.COM — 14 Apr 2026
🕵️
Fake Proxifier GitHub Installer Spreads ClipBanker Crypto Malware
GBHACKERS.COM — 14 Apr 2026
🕵️
GUEST ESSAY: Google’s 2029 deadline exposes readiness gap as move to quantum-safe crypto lags
LASTWATCHDOG.COM — 14 Apr 2026
🕵️
Cyber-Inspekteur: Hybride Attacken nehmen weiter zu
CSOONLINE.COM — 14 Apr 2026
🕵️
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.
INFOSEC.PUB — 14 Apr 2026
🕵️
When Trust Becomes a Weapon: Google Cloud Storage Phishing Deploying Remcos RAT
ANY.RUN — 14 Apr 2026
🕵️
China Clean Tech and the Gulf Energy Shock
TECHREPUBLIC.COM — 14 Apr 2026
🕵️
108 Chrome extensions caught stealing user data and hijacking sessions
CYBERINSIDER.COM — 14 Apr 2026
🕵️
New KnowBe4 Agent Risk Manager Addresses Pervasive AI Agent Risk
KNOWBE4.COM — 14 Apr 2026
🕵️
Mirax Android Trojan Turns Devices Into Residential Proxy Nodes - Infosecurity Magazine
SH.ITJUST.WORKS — 14 Apr 2026
🕵️
Mozilla Criticizes Microsoft for Installing Copilot on Windows Without User Consent
SH.ITJUST.WORKS — 14 Apr 2026
🕵️
JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025
SH.ITJUST.WORKS — 14 Apr 2026
🕵️
Build Real Coding Skills for $43 with Visual Studio 2026 Bundle
TECHREPUBLIC.COM — 14 Apr 2026
🕵️
APT41 Delivers 'Undetectable' Backdoor to Steal Cloud Credentials
SH.ITJUST.WORKS — 14 Apr 2026
🕵️
PlugX USB Worm Hits Multiple Continents via DLL Sideloading
GBHACKERS.COM — 14 Apr 2026
🕵️
Botnet Exposed: Hackers Leave Worker Access and Root Passwords Wide Open
GBHACKERS.COM — 14 Apr 2026
🕵️
Our evaluation of Claude Mythos Preview’s cyber capabilities
PROGRAMMING.DEV — 14 Apr 2026
🕵️
OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack - SecurityWeek
SH.ITJUST.WORKS — 14 Apr 2026
🕵️
Fake Ledger app on the Apple App Store steals $9.5 million from 50 users
CYBERINSIDER.COM — 14 Apr 2026
🕵️
SAP Patch Day Fixes Critical SQL Injection, DoS, and Code Injection Flaws
SH.ITJUST.WORKS — 14 Apr 2026
🕵️
Turn Your Expertise Into Published Books Using Advanced AI Technology
TECHREPUBLIC.COM — 14 Apr 2026
🕵️
Top 10 Security Isn’t Enough
YOUTUBE.COM — 2026-04-14
🕵️
How exposed is your code? Find out in minutes—for free
GITHUB.BLOG — 14 Apr 2026
🕵️
Upcoming Speaking Engagements
SCHNEIER.COM — 2026-04-14
🕵️
CyberheistNews Vol 16 #15 Anthropic's Mythos Is Not Just a Tool. It's Something You Have to Contain.
KNOWBE4.COM — 14 Apr 2026
🕵️
Security Risk Advisors Purple Team Participants Can Now Earn CPE Credits
GBHACKERS.COM — 14 Apr 2026
🕵️
AI “Watershed Moment” or expensive pen tester? The AISI Mythos Data
PROGRAMMING.DEV — 14 Apr 2026
🕵️
Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
SH.ITJUST.WORKS — 14 Apr 2026
🕵️
State-sponsored threats: Different objectives, similar access paths
TALOSINTELLIGENCE.COM — 14 Apr 2026
🕵️
Jeff Bezos-Backed EV Startup Raises $650M to Launch $25K Electric Pickup
TECHREPUBLIC.COM — 14 Apr 2026
🕵️
X Cuts Clickbait Payouts and Exposes a Creator Program Problem
TECHREPUBLIC.COM — 14 Apr 2026
🕵️
Microsoft to Retire Outlook Lite, Impacting Millions of Android Users
TECHREPUBLIC.COM — 14 Apr 2026
🕵️
What is AEO SEO? Why Answer Engine Optimization Is the Next Evolution of SEO
TECHREPUBLIC.COM — 14 Apr 2026
🕵️
HubSpot Launches AEO Tool to Help Brands Compete in AI Search
TECHREPUBLIC.COM — 14 Apr 2026
🕵️
Motorola Razr 70 Ultra Specs Leak Raises Familiar Concerns
TECHREPUBLIC.COM — 14 Apr 2026
🕵️
Toyota Unveils Basketball-Shooting Robot With Vision Tech
TECHREPUBLIC.COM — 14 Apr 2026
🕵️
Google $135M Settlement: Millions of Android Users May Qualify for Payout
TECHREPUBLIC.COM — 14 Apr 2026
🕵️
Apple’s Mac mini 2026: New Leak Teases M5 Upgrade, Release Timeline
TECHREPUBLIC.COM — 14 Apr 2026
🕵️
Proton boosts Drive performance and expands encrypted workspace features
CYBERINSIDER.COM — 14 Apr 2026
🕵️
Amazon to Acquire Globalstar in $11.6B Bid to Power Future iPhones
TECHREPUBLIC.COM — 14 Apr 2026
🌐
Fake Claude AI installer abuses DLL sideloading to deploy PlugX
SECURITYAFFAIRS.COM — 14 Apr 2026
🌐
CPUID: Angreifer haben über Webseite Malware-Installer verteilt
HEISE.DE — 2026-04-14
🌐
Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites
TECHCRUNCH.COM — 14 Apr 2026
📡
108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
THEHACKERNEWS.COM — 14 Apr 2026
📡
FIFA World Cup 2026: More than One-Third of Official Partners Expose the Public to the Risk of Email Fraud
PROOFPOINT.COM — 14 Apr 2026
📡
Phantom in the vault: Obsidian abused to deliver PhantomPulse RAT
ELASTIC.CO — 14 Apr 2026
📡
ChatGPT under scrutiny as Florida investigates campus shooting
MALWAREBYTES.COM — 14 Apr 2026
📡
Sicherheitslücke: wolfSSL-Bibliothek winkt manipulierte Zertifikate durch
HEISE.DE — 2026-04-14
📡
Rockstar Games: Kriminelle Gang veröffentlicht Daten
HEISE.DE — 2026-04-14
📡
Linux 7.0 erschienen – mehr als ein Nummernsprung
HEISE.DE — 2026-04-14
📡
SAP-Patchday: Eine kritische SQL-Injection-Lücke – und 18 weitere
HEISE.DE — 2026-04-14
📡
Scaling MCP adoption: Our reference architecture for simpler, safer and cheaper enterprise deployments of MCP
CLOUDFLARE.COM — 14 Apr 2026
📡
Managed OAuth for Access: make internal apps agent-ready in one click
CLOUDFLARE.COM — 14 Apr 2026
📡
Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security
THEHACKERNEWS.COM — 14 Apr 2026
📡
UK gov's Mythos AI tests help separate cybersecurity threat from hype
ARSTECHNICA.COM — 14 Apr 2026
🚨
CISA Adds Seven Known Exploited Vulnerabilities to CatalogCISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2012-1854 Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability CVE-2020-9715 Adobe Acrobat Use-After-Free Vulner…
KEVCISA.GOV — Mon, 13 Apr 26 1
🐛
Adobe Fixes Actively Exploited Zero-Day in Acrobat Reader
KEVGBHACKERS.COM — 13 Apr 2026
🐛
WordPress Plugin Vulnerability Enables Admin Takeover via Auth Bypass
GBHACKERS.COM — 13 Apr 2026
🐛
Marimo RCE Vulnerability Exploited Within 10 Hours of Public Disclosure
KEVGBHACKERS.COM — 13 Apr 2026
🐛
Critical Axios Vulnerability Enables Remote Code Execution, PoC Released
GBHACKERS.COM — 13 Apr 2026
🐛
Seven IBM WebSphere Liberty flaws can be chained into full takeover
CSOONLINE.COM — 13 Apr 2026
🐛
Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure
KEVCSOONLINE.COM — 13 Apr 2026
🐛
Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw
BLEEPINGCOMPUTER.COM — 13 Apr 2026
⚠️
Banks Panic As Anthropic Mythos Exposes Software Vulnerabilties
CYBERSECURITYTODAY.LIBSYN.COM — 13 Apr 2026
⚠️
Apache Tomcat Flaws Enable EncryptInterceptor Bypass
GBHACKERS.COM — 13 Apr 2026
⚠️
CISOs tackle the AI visibility gap
CSOONLINE.COM — 13 Apr 2026
⚠️
We catch up on the news, including AI vuln hunting; also more RSAC interviews! - ESW #454
YOUTUBE.COM — 2026-04-13
⚠️
AI Chatbots and Trust
SCHNEIER.COM — 2026-04-13
⚠️
International Operation Targets Multimillion-Dollar Crypto Theft Schemes
SECURITYWEEK.COM — 13 Apr 2026
⚠️
Hackers Exploit MSBuild LOLBin to Evade Detection in Fileless Windows Attacks
GBHACKERS.COM — 13 Apr 2026
⚠️
Critical Marimo pre-auth RCE flaw now under active exploitation
SH.ITJUST.WORKS — 13 Apr 2026
⚠️
Your MTTD Looks Great. Your Post-Alert Gap Doesn't
THEHACKERNEWS.COM — 13 Apr 2026
⚠️
⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
THEHACKERNEWS.COM — 13 Apr 2026
⚠️
Too Many Vulnerabilities to Fix
YOUTUBE.COM — 2026-04-13
⚠️
From Compliance to Code: Rethinking Cloud Security - Richard Marcus - CSP #223
YOUTUBE.COM — 2026-04-13
⚠️
On Anthropic’s Mythos Preview and Project Glasswing
SCHNEIER.COM — 2026-04-13
⚠️
Anthropic's Mythos Preview: Why the Human Layer Matters More, Not Less
KNOWBE4.COM — 13 Apr 2026
⚠️
Anthropic’s Mythos signals a structural cybersecurity shift
CSOONLINE.COM — 13 Apr 2026
⚠️
March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day
RECORDEDFUTURE.COM — 13 Apr 2026
⚠️
Simply opening a PDF could trigger this Adobe Reader zero-day
KEVMALWAREBYTES.COM — 13 Apr 2026
⚠️
Citizen Lab: Webloc tracked 500M devices for global law enforcement
SECURITYAFFAIRS.COM — 13 Apr 2026
⚠️
GrafanaGhost: The AI That Leaked Everything Without Being Hacked
TECHREPUBLIC.COM — 13 Apr 2026
⚠️
Get Secure Cloud Storage on a 2TB Lifetime Plan with Internxt for $100
TECHREPUBLIC.COM — 13 Apr 2026
⚠️
Rockstar Games confirms data breach as ShinyHunters leaks 78 million records
CYBERINSIDER.COM — 13 Apr 2026
⚠️
Booking.com data breach exposed users’ reservation details
CYBERINSIDER.COM — 13 Apr 2026
⚠️
Standard fiber optic cables can be turned into remote microphones
CYBERINSIDER.COM — 13 Apr 2026
⚠️
Hallmark data breach exposed information of 1.7 million accounts
CYBERINSIDER.COM — 13 Apr 2026
📢
Google Brings End-to-End Encrypted Gmail to Android and iPhone
GBHACKERS.COM — 13 Apr 2026
📢
New Nginx 1.29.8 and FreeNginx Versions Patch Critical Security Flaws
GBHACKERS.COM — 13 Apr 2026
📢
[Control systems] CISA ICS security advisories (AV26–339)
CYBER.GC.CA — 2026-04-13
📢
Ubuntu security advisory (AV26-338)
CYBER.GC.CA — 2026-04-13
📢
Adobe Acrobat security advisory (AV26-340)
CYBER.GC.CA — 2026-04-13
📢
IBM security advisory (AV26-342)
CYBER.GC.CA — 2026-04-13
📢
Red Hat security advisory (AV26-341)
CYBER.GC.CA — 2026-04-13
🔥
EDR Killers Broaden Ransomware Tactics, ESET Warns
GBHACKERS.COM — 13 Apr 2026
🔥
APT37 Uses Facebook, Telegram, and Trojanzied Installer in New Targeted Cyberattack
GBHACKERS.COM — 13 Apr 2026
🔥
OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
THEHACKERNEWS.COM — 13 Apr 2026
🔥
Basic-Fit Suffers Data Breach Affecting Millions Across Multiple Nations
GBHACKERS.COM — 13 Apr 2026
🔥
CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads
SECURITYWEEK.COM — 13 Apr 2026
🔥
How to protect your privacy while using smart sex toys | Kaspersky official blog
KASPERSKY.COM — 13 Apr 2026
🔥
Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
SH.ITJUST.WORKS — 13 Apr 2026
🔥
OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack
SECURITYWEEK.COM — 13 Apr 2026
🔥
Hacker Used Claude Code, GPT-4.1 to Exfiltrate Hundreds of Millions of Mexican Records
SH.ITJUST.WORKS — 13 Apr 2026
🔥
Hack at Anodot leaves over a dozen breached companies facing extortion
TECHCRUNCH.COM — 13 Apr 2026
🔥
Booking.com confirms hackers accessed customers’ data
TECHCRUNCH.COM — 13 Apr 2026
🔥
Rockstar Games receives “pay or leak” warning after cyberattack
SH.ITJUST.WORKS — 13 Apr 2026
🔥
Iran-linked group Handala claims to have breached three major UAE organizations
SECURITYAFFAIRS.COM — 13 Apr 2026
🔥
CPUID watering hole attack spreads STX RAT malware
SECURITYAFFAIRS.COM — 13 Apr 2026
🔥
Booking.com Hack Exposes Customer Data, Sparks Travel Scam Fears
TECHREPUBLIC.COM — 13 Apr 2026
🕵️
ISC Stormcast For Monday, April 13th, 2026 https://isc.sans.edu/podcastdetail/9888, (Mon, Apr 13th)
ISC.SANS.EDU — 13 Apr 2026
🕵️
WhatsApp’s “End-to-End Encryption by Default” Claim Called Consumer Fraud by Pavel Durov
GBHACKERS.COM — 13 Apr 2026
🕵️
Elon Musk Announces XChat Launch With Self-Destructing Messages
GBHACKERS.COM — 13 Apr 2026
🕵️
Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users
SECURITYWEEK.COM — 13 Apr 2026
🕵️
VIPERTUNNEL Python Backdoor Hidden in Fake DLL, Obfuscated Loader Chain
GBHACKERS.COM — 13 Apr 2026
🕵️
Fake Claude Website Distributes PlugX RAT
SECURITYWEEK.COM — 13 Apr 2026
🕵️
North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
THEHACKERNEWS.COM — 13 Apr 2026
🕵️
Iran-Linked CyberAv3ngers Target Water Utilities, Industrial Controllers
GBHACKERS.COM — 13 Apr 2026
🕵️
Juniper Networks Patches Dozens of Junos OS Vulnerabilities - SecurityWeek
SH.ITJUST.WORKS — 13 Apr 2026
🕵️
Microsoft: Canadian employees targeted in payroll pirate attacks
SH.ITJUST.WORKS — 13 Apr 2026
🕵️
New Phishing Kit Streamlines ClickFix Attacks
KNOWBE4.COM — 13 Apr 2026
🕵️
GitHub and Jira Alerts Hijacked for Trusted-SaaS Phishing
GBHACKERS.COM — 13 Apr 2026
🕵️
BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings
SECURITYWEEK.COM — 13 Apr 2026
🕵️
Booking.com Says Hackers Accessed User Information
SECURITYWEEK.COM — 13 Apr 2026
🕵️
The Risk of Trusted System Access
YOUTUBE.COM — 2026-04-13
🕵️
Outlook Breaks on Moon Mission
YOUTUBE.COM — 2026-04-13
🕵️
Just 21 IP Addresses Are Now Behind Nearly Half of All RDP Scanning on the Internet
SH.ITJUST.WORKS — 13 Apr 2026
🕵️
Google’s ‘Tap to Share’ Could Finally Give Android Its AirDrop Moment
TECHREPUBLIC.COM — 13 Apr 2026
🕵️
Google Rolls Out End-to-End Encryption to Eligible Gmail Users on Mobile
TECHREPUBLIC.COM — 13 Apr 2026
🕵️
Own Windows 11 Pro and Microsoft Office 2024 for just $105
TECHREPUBLIC.COM — 13 Apr 2026
🕵️
Your Data, Always Within Reach – 2TB of Lifetime Cloud Storage Is $75
TECHREPUBLIC.COM — 13 Apr 2026
🕵️
Apple Car Key Support Coming to Lexus Vehicles: What We Know So Far
TECHREPUBLIC.COM — 13 Apr 2026
🕵️
Surfshark unveils new Dausos VPN protocol with dedicated user tunnels
CYBERINSIDER.COM — 13 Apr 2026
🌐
The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
BLEEPINGCOMPUTER.COM — 13 Apr 2026
🌐
JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025
THEHACKERNEWS.COM — 13 Apr 2026
🌐
A week in security (April 6 &#8211; April 12)
MALWAREBYTES.COM — 13 Apr 2026
🌐
JanelaRAT: a financial threat targeting users in Latin America
SECURELIST.COM — 13 Apr 2026
🌐
iPhone forensics expose Signal messages after app removal in U.S. case
SECURITYAFFAIRS.COM — 13 Apr 2026
🌐
„ClickFix“-Angriffe auf macOS jetzt auch via Script Editor
HEISE.DE — 2026-04-13
📡
Scans for EncystPHP Webshell, (Mon, Apr 13th)
ISC.SANS.EDU — 13 Apr 2026
📡
FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts
THEHACKERNEWS.COM — 13 Apr 2026
📡
FBI announces takedown of phishing operation that targeted thousands of victims
TECHCRUNCH.COM — 13 Apr 2026
📡
The Iran War: What You Need to Know
RECORDEDFUTURE.COM — 13 Apr 2026
📡
Hackers access Booking.com user data, company secures systems
SECURITYAFFAIRS.COM — 13 Apr 2026
📡
KI-Betrug: Deutsche überschätzen ihre Fähigkeit, Deepfakes zu entlarven
HEISE.DE — 2026-04-13
📡
Fitnesskette Basic-Fit: Rund eine Million Mitglieder von Datenleck betroffen
HEISE.DE — 2026-04-13
📡
SSL-Konfigurationsfehler gefährdet VMware Tanzu Spring Cloud Gateway
HEISE.DE — 2026-04-13
📡
Angreifer attackieren Python-Notebook Marimo
HEISE.DE — 2026-04-13
🐛
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
KEVTHEHACKERNEWS.COM — 12 Apr 2026
🐛
CVE-2026-35206 Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment
MSRC.MICROSOFT.COM — 12 Apr 2026
🐛
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
MSRC.MICROSOFT.COM — 12 Apr 2026
🐛
CVE-2026-40226
MSRC.MICROSOFT.COM — 12 Apr 2026
🐛
CVE-2026-39853 osslsigncode has a Stack Buffer Overflow via Unbounded Digest Copy During Signature Verification
MSRC.MICROSOFT.COM — 12 Apr 2026
🐛
CVE-2026-39855 osslsigncode has an Integer Underflow in PE Page Hash Calculation Can Cause Out-of-Bounds Read
MSRC.MICROSOFT.COM — 12 Apr 2026
🐛
CVE-2026-39856 osslsigncode has an Out-of-Bounds Read via Unvalidated Section Bounds in PE Page Hash Calculation
MSRC.MICROSOFT.COM — 12 Apr 2026
🐛
Adobe Patches Reader Zero-Day Exploited for Months
SECURITYWEEK.COM — 12 Apr 2026
🐛
Adobe fixes actively exploited Acrobat Reader flaw CVE-2026-34621
KEVSECURITYAFFAIRS.COM — 12 Apr 2026
⚠️
Hallmark - 1,736,520 breached accounts
HAVEIBEENPWNED.COM — 12 Apr 2026
⚠️
Critical Marimo pre-auth RCE flaw now under active exploitation
BLEEPINGCOMPUTER.COM — 12 Apr 2026
🔥
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
THEHACKERNEWS.COM — 12 Apr 2026
🔥
Hackers claim control over Venice San Marco anti-flood pumps
SECURITYAFFAIRS.COM — 12 Apr 2026
🔥
Crime-as-a-Service: Regierung warnt vor hochprofessionellen kriminellen Netzen
HEISE.DE — 2026-04-12
🕵️
No one owes you supply-chain security
PROGRAMMING.DEV — 12 Apr 2026
🕵️
TIOBE Index for April 2026: C Gains Again While Rust Loses Some Steam
TECHREPUBLIC.COM — 12 Apr 2026
🕵️
TIOBE Index for April 2026: Top 10 Most Popular Programming Languages
TECHREPUBLIC.COM — 12 Apr 2026
📡
Frontier artificial intelligence
CYBER.GC.CA — 2026-04-12
📡
Rockstar bestätigt Cyberangriff und Datendiebstahl
HEISE.DE — 2026-04-12
🐛
Jeff Williams CTO Cofounder of Contrast Security and OWASP co-founder on Mythos and AI Security
CYBERSECURITYTODAY.LIBSYN.COM — 11 Apr 2026
🐛
CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver
MSRC.MICROSOFT.COM — 11 Apr 2026
🐛
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
MSRC.MICROSOFT.COM — 11 Apr 2026
🐛
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
MSRC.MICROSOFT.COM — 11 Apr 2026
🐛
CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
MSRC.MICROSOFT.COM — 11 Apr 2026
🐛
CVE-2026-33810 Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509
MSRC.MICROSOFT.COM — 11 Apr 2026
🐛
CVE-2026-4878 Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()
MSRC.MICROSOFT.COM — 11 Apr 2026
🐛
CVE-2026-35611 Addressable has a Regular Expression Denial of Service in Addressable templates
MSRC.MICROSOFT.COM — 11 Apr 2026
🐛
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
MSRC.MICROSOFT.COM — 11 Apr 2026
🐛
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
MSRC.MICROSOFT.COM — 11 Apr 2026
🐛
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
MSRC.MICROSOFT.COM — 11 Apr 2026
🐛
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
MSRC.MICROSOFT.COM — 11 Apr 2026
🐛
CVE-2026-32281 Inefficient policy validation in crypto/x509
MSRC.MICROSOFT.COM — 11 Apr 2026
🐛
CVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template
MSRC.MICROSOFT.COM — 11 Apr 2026
🐛
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
MSRC.MICROSOFT.COM — 11 Apr 2026
🐛
CVE-2026-32280 Unexpected work during chain building in crypto/x509
MSRC.MICROSOFT.COM — 11 Apr 2026
🐛
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile
MSRC.MICROSOFT.COM — 11 Apr 2026
🐛
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go
MSRC.MICROSOFT.COM — 11 Apr 2026
⚠️
Claude and ChatGPT Exploited in Sweeping Cyber Campaign Against Government Agencies
GBHACKERS.COM — 11 Apr 2026
⚠️
Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
THEHACKERNEWS.COM — 11 Apr 2026
⚠️
Over 20,000 crypto fraud victims identified in international crackdown
BLEEPINGCOMPUTER.COM — 11 Apr 2026
⚠️
Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise
INFOSEC.PUB — 11 Apr 2026
🔥
HWMonitor & CPU-Z users were exposed to malware through fake downloads after CPUID breach
INFOSEC.PUB — 11 Apr 2026
🔥
Security PSA: Popular Tools CPU-Z and HWMonitor Were Briefly Compromised
SH.ITJUST.WORKS — 11 Apr 2026
🕵️
CPUID site hijacked to serve malware instead of HWMonitor downloads
INFOSEC.PUB — 11 Apr 2026
🕵️
Google rolls out end-to-end encryption for Gmail on Android and iOS devices for enterprise users, letting them read and compose emails without additional tools
INFOSEC.PUB — 11 Apr 2026
🕵️
Google rolls out end-to-end encryption for Gmail on Android and iOS devices for enterprise users, letting them read and compose emails without additional tools
PROGRAMMING.DEV — 11 Apr 2026
🕵️
Google rolls out end-to-end encryption for Gmail on Android and iOS devices for enterprise users, letting them read and compose emails without additional tools
SH.ITJUST.WORKS — 11 Apr 2026
🕵️
Google rolls out end-to-end encryption for Gmail on Android and iOS devices for enterprise users, letting them read and compose emails without additional tools
INFOSEC.PUB — 11 Apr 2026
🕵️
Google Locks Chrome Sessions to Devices to Stop Cookie Theft
GBHACKERS.COM — 11 Apr 2026
🕵️
Supply chain nightmare: How Rust will be attacked and what we can do to mitigate the inevitable
INFOSEC.PUB — 11 Apr 2026
🕵️
AI Cybersecurity After Mythos: The Jagged Frontier
INFOSEC.PUB — 11 Apr 2026
📡
Jetzt patchen! Adobe veröffentlicht Notfall-Sicherheitsupdate für Acrobat Reader
HEISE.DE — 2026-04-11
📡
Einzelhändler frustriert über strenge Regeln bei KI-Kameras
HEISE.DE — 2026-04-11
📡
US-Regierung traf sich vor Mythos-Preview-Rollout mit KI-Herstellern
HEISE.DE — 2026-04-11
🚨
Analysis of one billion CISA KEV remediation records exposes limits of human-scale securityAnalysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most critical flaws are exploited before defenders can patch them. [...]
KEVBLEEPINGCOMPUTER.COM — 10 Apr 2026
🚨
Breaking the Patch Sound Barrier: Your Vulnerability Remediation Will Not Keep Up AI Exploit Speed.Breaking the Patch Sound Barrier: Your Vulnerability Remediation Will Not Keep Up AI Exploit Speed. So? Many years ago while at Gartner , I wrote a blog post where I defined the concept of the “Patch Sound Barrier.” ( original via Archive if you don’t believe that I was that smar…
KEVMEDIUM.COM — 10 Apr 2026
🐛
Juniper Networks Default Credential Vulnerability Allows Unauthorized Full Access
GBHACKERS.COM — 10 Apr 2026
🐛
CVE-2026-23405 apparmor: fix: limit the number of levels of policy namespaces
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
CVE-2026-40026 Sleuth Kit ISO9660 SUSP Extension Reference Out-of-Bounds Read
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
CVE-2026-40025 Sleuth Kit APFS Keybag Parser Out-of-Bounds Read
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
CVE-2026-40024 Sleuth Kit tsk_recover Path Traversal
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
CVE-2026-39881 Vim Ex command injection in Vims NetBeans integration
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
CVE-2026-23403 apparmor: fix memory leak in verify_header
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
CVE-2026-23404 apparmor: replace recursive profile removal with iterative approach
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
CVE-2026-23406 apparmor: fix side-effect bug in match_char() macro usage
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
CVE-2026-23407 apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
CVE-2026-23408 apparmor: Fix double free of ns_name in aa_replace_profiles()
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
CVE-2026-23409 apparmor: fix differential encoding verification
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
CVE-2026-23410 apparmor: fix race on rawdata dereference
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
CVE-2026-23411 apparmor: fix race between freeing data and fs accessing it
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
New React Server Components Flaw Could Let Attackers Trigger DoS
GBHACKERS.COM — 10 Apr 2026
🐛
HPE Aruba Private 5G Vulnerability Opens Door to Credential Theft Attacks
GBHACKERS.COM — 10 Apr 2026
🐛
Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
THEHACKERNEWS.COM — 10 Apr 2026
🐛
Claude uncovers a 13‑year‑old ActiveMQ RCE bug within minutes
CSOONLINE.COM — 10 Apr 2026
🐛
Hackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive Data
GBHACKERS.COM — 10 Apr 2026
🐛
Bringing Rust to the Pixel Baseband
SECURITY.GOOGLEBLOG.COM — 2026-04-10
🐛
Old Docker authorization bypass pops up despite previous patch
CSOONLINE.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5899 Incorrect security UI in History Navigation
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5897 Incorrect security UI in Downloads
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5898 Incorrect security UI in Omnibox
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5896 Policy bypass in Audio
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5894 Inappropriate implementation in PDF
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5893 Race in V8
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5891 Insufficient policy enforcement in browser UI
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5892 Insufficient policy enforcement in PWAs
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5886 Out of bounds read in WebAudio
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5888 Uninitialized Use in WebCodecs
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5890 Race in WebCodecs
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5884 Insufficient validation of untrusted input in Media
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5885 Insufficient validation of untrusted input in WebML
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5895 Incorrect security UI in Omnibox
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5883 Use after free in Media
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5887 Insufficient validation of untrusted input in Downloads
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5889 Cryptographic Flaw in PDFium
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5880 Incorrect security UI in browser UI
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5879 Insufficient validation of untrusted input in ANGLE
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5882 Incorrect security UI in Fullscreen
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5881 Policy bypass in LocalNetworkAccess
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5876 Side-channel information leakage in Navigation
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5878 Incorrect security UI in Blink
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5877 Use after free in Navigation
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5874 Use after free in PrivateAI
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5871 Type Confusion in V8
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5872 Use after free in Blink
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5873 Out of bounds read and write in V8
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5875 Policy bypass in Blink
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5869 Heap buffer overflow in WebML
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5870 Integer overflow in Skia
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5868 Heap buffer overflow in ANGLE
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5864 Heap buffer overflow in WebAudio
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5862 Inappropriate implementation in V8
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5867 Heap buffer overflow in WebML
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5860 Use after free in WebRTC
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5863 Inappropriate implementation in V8
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5858 Heap buffer overflow in WebML
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5859 Integer overflow in WebML
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5861 Use after free in V8
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5918 Inappropriate implementation in Navigation
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5919 Insufficient validation of untrusted input in WebSockets
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5913 Out of bounds read in Blink
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5915 Insufficient validation of untrusted input in WebML
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5914 Type Confusion in CSS
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5911 Policy bypass in ServiceWorkers
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5909 Integer overflow in Media
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5912 Integer overflow in WebRTC
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5910 Integer overflow in Media
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5908 Integer overflow in Media
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5907 Insufficient data validation in Media
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5904 Use after free in V8
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5865 Type Confusion in V8
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5906 Incorrect security UI in Omnibox
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5905 Incorrect security UI in Permissions
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5900 Policy bypass in Downloads
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5866 Use after free in Media
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5903 Policy bypass in IFrameSandbox
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5902 Race in Media
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
Chromium: CVE-2026-5901 Policy bypass in DevTools
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
CVE-2026-33119 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
MSRC.MICROSOFT.COM — 10 Apr 2026
🐛
CVE-2026-33118 Microsoft Edge (Chromium-based) Spoofing Vulnerability
MSRC.MICROSOFT.COM — 10 Apr 2026
⚠️
News alert: Mallory launches AI-native platform to cut through alert noise and surface real risk
LASTWATCHDOG.COM — 10 Apr 2026
⚠️
AWS Fixes Severe RCE, Privilege Escalation Flaws in Research and Engineering Studio
GBHACKERS.COM — 10 Apr 2026
⚠️
ChatGPT, Claude, and Gemini Among 11 AI Models Vulnerable to One-Line Jailbreak
GBHACKERS.COM — 10 Apr 2026
⚠️
Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users
SECURITYWEEK.COM — 10 Apr 2026
⚠️
TP-Link Devices at Risk as Multiple Security Flaws Enable Takeover
GBHACKERS.COM — 10 Apr 2026
⚠️
Critical Marimo Flaw Exploited Hours After Public Disclosure
SECURITYWEEK.COM — 10 Apr 2026
⚠️
The cyber winners and losers in Trump’s 2027 budget
CSOONLINE.COM — 10 Apr 2026
⚠️
CMMC compliance in the age of AI
CSOONLINE.COM — 10 Apr 2026
⚠️
Why most zero-trust architectures fail at the traffic layer
CSOONLINE.COM — 10 Apr 2026
⚠️
Fake BTS Tour Ticket Scams Target Fans Worldwide
GBHACKERS.COM — 10 Apr 2026
⚠️
Orthanc DICOM Vulnerabilities Lead to Crashes, RCE
SECURITYWEEK.COM — 10 Apr 2026
⚠️
Hungarian government email passwords exposed ahead of election
CSOONLINE.COM — 10 Apr 2026
⚠️
Juniper Networks Patches Dozens of Junos OS Vulnerabilities
SECURITYWEEK.COM — 10 Apr 2026
⚠️
EngageSDK Vulnerability puts millions of crypto wallets at risk
GBHACKERS.COM — 10 Apr 2026
⚠️
FCC Can’t Define a Router
YOUTUBE.COM — 2026-04-10
⚠️
In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack
SECURITYWEEK.COM — 10 Apr 2026
⚠️
Hacker Unknown now known, named on Europol’s most-wanted list
CSOONLINE.COM — 10 Apr 2026
⚠️
Google adds end-to-end Gmail encryption to Android, iOS devices for enterprises
CSOONLINE.COM — 10 Apr 2026
⚠️
Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI
TENABLE.COM — 10 Apr 2026
⚠️
[local] NetBT e-Fatura - Privilege Escalation
EXPLOIT-DB.COM — 10 Apr 2026
⚠️
Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed
TECHREPUBLIC.COM — 10 Apr 2026
⚠️
AI Expansion, Security Crises, and Workforce Upheaval Define This Week in Tech
TECHREPUBLIC.COM — 10 Apr 2026
⚠️
Webloc surveillance system tracks millions using mobile ad data
CYBERINSIDER.COM — 10 Apr 2026
⚠️
Warten auf Sicherheitsupdate: Angreifer attackieren Adobe Reader
HEISE.DE — 2026-04-10
📢
Rising Compliance Oversight Pressure: From Audit Fatigue to Continuous Readiness
KNOWBE4.COM — 10 Apr 2026
📢
Google Chrome security advisory (AV26-337)
CYBER.GC.CA — 2026-04-10
📢
Friday Squid Blogging: Squid Overfishing in the South Pacific
SCHNEIER.COM — 2026-04-10
📢
ur best techno-babble to bypass clueless auditors?
INFOSEC.PUB — 10 Apr 2026
📢
ur best techno-babble to bypass clueless auditors?
SH.ITJUST.WORKS — 10 Apr 2026
🔥
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
THEHACKERNEWS.COM — 10 Apr 2026
🔥
Iranian APT alert: 5,219 Rockwell PLCs exposed online
GBHACKERS.COM — 10 Apr 2026
🔥
Massive Data Breach Exposes 337K LAPD-Linked Records
SH.ITJUST.WORKS — 10 Apr 2026
🔥
Healthcare IT solutions provider ChipSoft hit by ransomware attack
SH.ITJUST.WORKS — 10 Apr 2026
🔥
Cryptocurrency ATM giant Bitcoin Depot reports $3.6 million stolen in cyberattack | The Record from Recorded Future News
SH.ITJUST.WORKS — 10 Apr 2026
🔥
Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
BLEEPINGCOMPUTER.COM — 10 Apr 2026
🔥
CPUID hijacked to serve malware as HWMonitor downloads
INFOSEC.PUB — 10 Apr 2026
🔥
VIP Credential Monitoring Blog
RECORDEDFUTURE.COM — 10 Apr 2026
🕵️
WhatsApp Adds Username Feature to Boost Privacy and Reduce Number Sharing
GBHACKERS.COM — 10 Apr 2026
🕵️
DesckVB RAT Uses Fileless .NET Loader to Evade Detection
GBHACKERS.COM — 10 Apr 2026
🕵️
GlassWorm Trojan Hits VS Code, Cursor, Windsurf via OpenVSX Extension
GBHACKERS.COM — 10 Apr 2026
🕵️
Obfuscated JavaScript or Nothing, (Thu, Apr 9th)
ISC.SANS.EDU — 10 Apr 2026
🕵️
MuddyWater Uses Russian MaaS in New ChainShell Attack
GBHACKERS.COM — 10 Apr 2026
🕵️
GitHub, GitLab Abused for Malware and Phishing Campaigns
GBHACKERS.COM — 10 Apr 2026
🕵️
Google Rolls Out Cookie Theft Protections in Chrome
SECURITYWEEK.COM — 10 Apr 2026
🕵️
Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action
GBHACKERS.COM — 10 Apr 2026
🕵️
Middle East Espionage Attack Uses Fake Secure Messaging Apps to Deliver ProSpy
GBHACKERS.COM — 10 Apr 2026
🕵️
MITRE Releases Fight Fraud Framework
SECURITYWEEK.COM — 10 Apr 2026
🕵️
Sen. Sanders Talks to Claude About AI and Privacy
SCHNEIER.COM — 2026-04-10
🕵️
Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000
SECURITYWEEK.COM — 10 Apr 2026
🕵️
Do extremely short credential lifetimes actually help security?
SH.ITJUST.WORKS — 10 Apr 2026
🕵️
Microsoft: Canadian employees targeted in payroll pirate attacks
BLEEPINGCOMPUTER.COM — 10 Apr 2026
🕵️
Smart Slider updates hijacked to push malicious WordPress, Joomla versions
SH.ITJUST.WORKS — 10 Apr 2026
🕵️
New ‘LucidRook’ malware used in targeted attacks on NGOs, universities
SH.ITJUST.WORKS — 10 Apr 2026
🕵️
Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday
SECURITYWEEK.COM — 10 Apr 2026
🕵️
EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs
SH.ITJUST.WORKS — 10 Apr 2026
🕵️
Google Warns of New Threat Group Targeting BPOs and Helpdesks - Infosecurity Magazine
SH.ITJUST.WORKS — 10 Apr 2026
🕵️
FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database
INFOSEC.PUB — 10 Apr 2026
🕵️
Storm-2755 Uses AiTM Hijacking to Divert Employee Salaries
GBHACKERS.COM — 10 Apr 2026
🕵️
Phishing Campaign Targets Japanese Firms During Tax Season
KNOWBE4.COM — 10 Apr 2026
🕵️
Staypuft, Claude, One Pixel, deepfakes, Raccoon, BOFH, Satoshi Nakamoto, Josh Marpet. - SWN #571
YOUTUBE.COM — 2026-04-10
🕵️
Samsung Eyes Vietnam for $4B Semiconductor Packaging Project
TECHREPUBLIC.COM — 10 Apr 2026
🕵️
Alibaba Launches AI Data Center Powered by 10,000 Homegrown Chips
TECHREPUBLIC.COM — 10 Apr 2026
🕵️
Google Brings NotebookLM to Gemini for Easy Project Organization
TECHREPUBLIC.COM — 10 Apr 2026
🕵️
New Apple Rumor: iPhone Air 2 Leak Suggests Major Upgrades After First-Gen Criticism
TECHREPUBLIC.COM — 10 Apr 2026
🕵️
Mitsubishi Targets Hybrid Vehicle Production in the Philippines by 2028
TECHREPUBLIC.COM — 10 Apr 2026
🕵️
When Are Payroll Taxes Due? 2026 Due Dates and Requirements
TECHREPUBLIC.COM — 10 Apr 2026
🕵️
Embedded Finance vs Banking as a Service in 2026: Key Differences Explained
TECHREPUBLIC.COM — 10 Apr 2026
🕵️
Session says funding will last until July, pauses development
CYBERINSIDER.COM — 10 Apr 2026
🕵️
Signal is testing a new plaintext chat export feature in Beta 8.7
CYBERINSIDER.COM — 10 Apr 2026
🕵️
HWMonitor and CPU-Z downloads hijacked to deliver malware to users
CYBERINSIDER.COM — 10 Apr 2026
🌐
Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor
BLEEPINGCOMPUTER.COM — 10 Apr 2026
🌐
Fake Claude site installs malware that gives attackers access to your computer
MALWAREBYTES.COM — 10 Apr 2026
🎙️
Snake Oilers: Burp AI, Sondera and Truffle Security
RISKY.BIZ — 10 Apr 2026
📡
Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
THEHACKERNEWS.COM — 10 Apr 2026
📡
Google rolls out Gmail end-to-end encryption on mobile devices
BLEEPINGCOMPUTER.COM — 10 Apr 2026
📡
Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
THEHACKERNEWS.COM — 10 Apr 2026
📡
GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
THEHACKERNEWS.COM — 10 Apr 2026
📡
France to ditch Windows for Linux to reduce reliance on US tech
TECHCRUNCH.COM — 10 Apr 2026
📡
How to protect your organization from AirSnitch Wi-Fi vulnerabilities | Kaspersky official blog
KASPERSKY.COM — 10 Apr 2026
📡
ChatGPT rolls out new $100 Pro subscription to challenge Claude
BLEEPINGCOMPUTER.COM — 10 Apr 2026
📡
Recovery scammers hit you when you’re down: Here’s how to avoid a second strike
WELIVESECURITY.COM — 10 Apr 2026
📡
AI and cryptocurrency scams are costing Americans billions, FBI reports
FORTRA.COM — 10 Apr 2026
📡
[webapps] D-Link DIR-650IN - Authenticated Command Injection
EXPLOIT-DB.COM — 10 Apr 2026
📡
ClickFix finds a new way to infect Macs
MALWAREBYTES.COM — 10 Apr 2026
📡
iOS: Gelöschte Signal-Daten von FBI via Benachrichtigungsdatenbank extrahiert
HEISE.DE — 2026-04-10
📡
Frankreichs Plan: Weg von Windows, hin zu Linux
HEISE.DE — 2026-04-10
📡
Google Chrome macht Cookie-Klau unter Windows sinnlos
HEISE.DE — 2026-04-10
📡
Pornografische KI-Plattform MyLovely.ai: Datenleck von 106.000 Konten
HEISE.DE — 2026-04-10
🚨
Patch windows collapse as time-to-exploit acceleratesThe gap between vulnerability disclosure and exploitation is drastically decreasing, putting security teams’ patching practices on notice. According to Rapid7’s latest Cyber Threat Landscape Report , confirmed exploitation of newly disclosed high- and critical-severity vulnerabil…
KEVCSOONLINE.COM — 09 Apr 2026
🚨
What to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical InfrastructureAn Iran-affiliated threat group has evolved from defacing water utility displays to deploying custom ICS malware and exploiting Rockwell Automation PLCs across multiple U.S. critical infrastructure sectors. Key takeaways: CyberAv3ngers is a state-directed threat group operating u…
KEVTENABLE.COM — 09 Apr 2026
🐛
Fortinet EMS Zero-Day, Anthropic's AI Finds Thousands of Bugs, Iranian Hackers Target US ICS
KEVCYBERSECURITYTODAY.LIBSYN.COM — 09 Apr 2026
🐛
Palo Alto Cortex XSOAR Flaw in Microsoft Teams Integration Lets Attackers Access Data
GBHACKERS.COM — 09 Apr 2026
🐛
CVE-2026-34933 Avahi: Reachable assertion in `transport_flags_from_domain()` via conflicting publish flags crashes avahi-daemon
MSRC.MICROSOFT.COM — 09 Apr 2026
🐛
CVE-2026-39314 CUPS has an integer underflow in `_ppdCreateFromIPP` causes root cupsd crash via negative `job-password-supported`
MSRC.MICROSOFT.COM — 09 Apr 2026
🐛
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
MSRC.MICROSOFT.COM — 09 Apr 2026
🐛
CVE-2026-28387 Potential Use-after-free in DANE Client Code
MSRC.MICROSOFT.COM — 09 Apr 2026
🐛
CVE-2026-31790 Incorrect Failure Handling in RSA KEM RSASVE Encapsulation
MSRC.MICROSOFT.COM — 09 Apr 2026
🐛
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
MSRC.MICROSOFT.COM — 09 Apr 2026
🐛
CVE-2026-34446 ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load
MSRC.MICROSOFT.COM — 09 Apr 2026
🐛
CVE-2026-39316 CUPS has a use-after-free in `cupsdDeleteTemporaryPrinters` via dangling subscription pointer
MSRC.MICROSOFT.COM — 09 Apr 2026
🐛
CVE-2026-35093 Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins
MSRC.MICROSOFT.COM — 09 Apr 2026
🐛
CVE-2026-34445 ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.
MSRC.MICROSOFT.COM — 09 Apr 2026
🐛
CISA Issues Warning on Critical Ivanti EPMM Flaw Exploited in Ongoing Attacks
KEVGBHACKERS.COM — 09 Apr 2026
🐛
Technical Details Released for Critical Cisco SSM Command Execution Vulnerability
GBHACKERS.COM — 09 Apr 2026
🐛
Vulnerability-Lookup 4.4.0
KEVINFOSEC.PUB — 9 Apr 2026
🐛
Hackers have been exploiting an unpatched Adobe Reader vulnerability for months
KEVCSOONLINE.COM — 09 Apr 2026
🐛
VU#536588: Multiple Heap Buffer Overflows in Orthanc DICOM Server
KB.CERT.ORG — 2026-04-09
⚠️
Questions raised about how LinkedIn uses the petabytes of data it collects
CSOONLINE.COM — 09 Apr 2026
⚠️
GitLab Addresses Multiple Vulnerabilities Linked to DoS and Code Injection
GBHACKERS.COM — 09 Apr 2026
⚠️
Multiple SonicWall Flaws Enable SQL Injection and Privilege Escalation Attacks
GBHACKERS.COM — 09 Apr 2026
⚠️
Microsoft suspends dev accounts for high-profile open source projects
BLEEPINGCOMPUTER.COM — 09 Apr 2026
⚠️
Linux Foundation Leader Impersonated in Slack Attack on Open Source Developers
GBHACKERS.COM — 09 Apr 2026
⚠️
Adobe Reader Zero-Day Exploited for Months: Researcher
SECURITYWEEK.COM — 09 Apr 2026
⚠️
Weak at the seams
CSOONLINE.COM — 09 Apr 2026
⚠️
Hackers exploiting Acrobat Reader zero-day flaw since December
BLEEPINGCOMPUTER.COM — 09 Apr 2026
⚠️
Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
THEHACKERNEWS.COM — 09 Apr 2026
⚠️
Critical Vulnerability in Ninja Forms Exposes WordPress Sites - Infosecurity Magazine
SH.ITJUST.WORKS — 9 Apr 2026
⚠️
Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities
SECURITYWEEK.COM — 09 Apr 2026
⚠️
New ClickFix variant bypasses Apple safeguards with one‑click script execution
CSOONLINE.COM — 09 Apr 2026
⚠️
New Phishing Campaign Exploits Google Storage to Deliver Remcos RAT
GBHACKERS.COM — 09 Apr 2026
⚠️
Attackers Deploy Hidden Magecart Skimmer on Magento Using SVG onload Abuse
GBHACKERS.COM — 09 Apr 2026
⚠️
Hackers Actively Attacking Adobe Reader Users Using Sophisticated 0-Day Exploit
SH.ITJUST.WORKS — 9 Apr 2026
⚠️
ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
THEHACKERNEWS.COM — 09 Apr 2026
⚠️
Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk
MICROSOFT.COM — 09 Apr 2026
⚠️
Microsoft BANNED WireGuard, VeraCrypt & Windscribe With Zero Warning
INFOSEC.PUB — 9 Apr 2026
⚠️
Cloudflare ‘actively adjusting’ quantum priorities in wake of Google warning
CSOONLINE.COM — 09 Apr 2026
⚠️
EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets
THEHACKERNEWS.COM — 09 Apr 2026
⚠️
Healthcare IT solutions provider ChipSoft hit by ransomware attack
BLEEPINGCOMPUTER.COM — 09 Apr 2026
⚠️
AI Makes All Bug Shallow? - PSW #921
YOUTUBE.COM — 2026-04-09
⚠️
U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026
TRENDMICRO.COM — 09 Apr 2026
⚠️
[webapps] React Server 19.2.0 - Remote Code Execution
EXPLOIT-DB.COM — 09 Apr 2026
⚠️
[webapps] Jumbo Website Manager - Remote Code Execution
EXPLOIT-DB.COM — 09 Apr 2026
⚠️
[local] ZSH 5.9 - RCE
EXPLOIT-DB.COM — 09 Apr 2026
⚠️
Master C and C++ with our new Testing Handbook chapter
TRAILOFBITS.COM — 09 Apr 2026
📋
Critical Chrome Flaws Let Attackers Execute Arbitrary Code
GBHACKERS.COM — 09 Apr 2026
📋
AI Can Catch Malicious Updates
YOUTUBE.COM — 2026-04-09
📢
Microsoft Details How Defender Protects High-Value Assets in Real-World Attacks
GBHACKERS.COM — 09 Apr 2026
📢
The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security
SECURITYWEEK.COM — 09 Apr 2026
📢
STX RAT Hides Remote Desktop, Steals Data to Dodge Detection
GBHACKERS.COM — 09 Apr 2026
📢
Juniper Networks security advisory (AV26-334)
CYBER.GC.CA — 2026-04-09
📢
HPE security advisory (AV26-333)
CYBER.GC.CA — 2026-04-09
📢
Qualcomm security advisory – April 2026 monthly rollup (AV26-335)
CYBER.GC.CA — 2026-04-09
📢
Tenable security advisory (AV26-336)
CYBER.GC.CA — 2026-04-09
📢
Elastic on Defence Cyber Marvel 2026: A Technical overview from the Exercise Floor
ELASTIC.CO — 09 Apr 2026
🔥
Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long
SECURITYWEEK.COM — 09 Apr 2026
🔥
Microsoft Confirms Windows 11 Update Breaks Start Menu Search
GBHACKERS.COM — 09 Apr 2026
🔥
Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot
BLEEPINGCOMPUTER.COM — 09 Apr 2026
🔥
300,000 People Impacted by Eurail Data Breach
SECURITYWEEK.COM — 09 Apr 2026
🔥
China’s Tianjin Supercomputer Center Allegedly Hit in 10-Petabyte Data Theft
GBHACKERS.COM — 09 Apr 2026
🔥
Fake Security Tool Spreads LucidRook in Taiwan Cyberattacks
GBHACKERS.COM — 09 Apr 2026
🔥
Eurail says December data breach impacts 300,000 individuals
BLEEPINGCOMPUTER.COM — 09 Apr 2026
🔥
Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access
SECURITYWEEK.COM — 09 Apr 2026
🔥
Apple Intelligence AI Guardrails Bypassed in New Attack
SECURITYWEEK.COM — 09 Apr 2026
🔥
Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees
MICROSOFT.COM — 09 Apr 2026
🔥
Eurail says December data breach impacts 300,000 individuals
SH.ITJUST.WORKS — 9 Apr 2026
🔥
Protecting Cookies with Device Bound Session Credentials
SECURITY.GOOGLEBLOG.COM — 2026-04-09
🔥
CASI Leaderboard Shifts: Developer Role Attack, and Three Concerning Incidents
F5.COM — 09 Apr 2026
🕵️
ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th)
ISC.SANS.EDU — 09 Apr 2026
🕵️
Meta Business Alerts Abused for Phishing Campaigns
GBHACKERS.COM — 09 Apr 2026
🕵️
Silver Fox Campaign Spreads ValleyRAT via Fake Chinese Telegram Language Pack
GBHACKERS.COM — 09 Apr 2026
🕵️
$3.6 Million Stolen in Bitcoin Depot Hack
SECURITYWEEK.COM — 09 Apr 2026
🕵️
RoningLoader Campaign Uses DLL Side-Loading, Code Injection to Slip Past Defenses
GBHACKERS.COM — 09 Apr 2026
🕵️
Package Security Problems for AI Agents
PROGRAMMING.DEV — 9 Apr 2026
🕵️
LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions
SH.ITJUST.WORKS — 9 Apr 2026
🕵️
Google Warns of New Campaign Targeting BPOs to Steal Corporate Data
SECURITYWEEK.COM — 09 Apr 2026
🕵️
On Microsoft’s Lousy Cloud Security
SCHNEIER.COM — 2026-04-09
🕵️
ClickFix Campaign Abuses macOS Script Editor to Deploy Atomic Stealer
GBHACKERS.COM — 09 Apr 2026
🕵️
Iran Disrupts US Critical Infrastructure Via Exposed PLCs
SH.ITJUST.WORKS — 9 Apr 2026
🕵️
Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
THEHACKERNEWS.COM — 09 Apr 2026
🕵️
13-year-old bug in ActiveMQ lets hackers remotely execute commands
SH.ITJUST.WORKS — 9 Apr 2026
🕵️
Webinar: From noise to signal - What threat actors are targeting next
BLEEPINGCOMPUTER.COM — 09 Apr 2026
🕵️
FBI: Cybercrime Losses Neared $21 Billion in 2025 - SecurityWeek
SH.ITJUST.WORKS — 9 Apr 2026
🕵️
Phishing Campaign Impersonates Palo Alto Networks Recruiters
KNOWBE4.COM — 09 Apr 2026
🕵️
Can we Trust AI? No – But Eventually We Must
SECURITYWEEK.COM — 09 Apr 2026
🕵️
ClickFix, Malicious DMGs Push notnullOSX to macOS Users
GBHACKERS.COM — 09 Apr 2026
🕵️
AI Phishing Attack Prevention Strategies: How AI Identifies and Limits Human Risk
KNOWBE4.COM — 09 Apr 2026
🕵️
U.S. Treasury to loop in crypto sector on hacker warnings shared with traditional firms
SH.ITJUST.WORKS — 9 Apr 2026
🕵️
The agentic SOC—Rethinking SecOps for the next decade
MICROSOFT.COM — 09 Apr 2026
🕵️
New VENOM phishing attacks steal senior executives' Microsoft logins
BLEEPINGCOMPUTER.COM — 09 Apr 2026
🕵️
The long road to your crypto: ClipBanker and its marathon infection chain
SECURELIST.COM — 09 Apr 2026
🕵️
How Phishing Is Targeting Germany’s Economy: Active Threats from Finance to Manufacturing
ANY.RUN — 09 Apr 2026
🌐
Smart Slider updates hijacked to push malicious WordPress, Joomla versions
BLEEPINGCOMPUTER.COM — 09 Apr 2026
🌐
UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns
THEHACKERNEWS.COM — 09 Apr 2026
🌐
Google Chrome adds infostealer protection against session cookie theft
BLEEPINGCOMPUTER.COM — 09 Apr 2026
🌐
New ‘LucidRook’ malware used in targeted attacks on NGOs, universities
BLEEPINGCOMPUTER.COM — 09 Apr 2026
🌐
This fake Windows support website delivers password-stealing malware
MALWAREBYTES.COM — 09 Apr 2026
📡
Number Usage in Passwords: Take Two, (Thu, Apr 9th)
ISC.SANS.EDU — 09 Apr 2026
📡
The Hidden Security Risks of Shadow AI in Enterprises
THEHACKERNEWS.COM — 09 Apr 2026
📡
Fake BTS ARIRANG tour tickets: K-pop fans being targeted by scammers | Kaspersky official blog
KASPERSKY.COM — 09 Apr 2026
📡
When attackers already have the keys, MFA is just another door to open
BLEEPINGCOMPUTER.COM — 09 Apr 2026
📡
Hacker stole £700,000 from U.K. energy company by redirecting payment
TECHCRUNCH.COM — 09 Apr 2026
📡
Tearing down a car telematic unit (and finding an accident on Facebook)
QUARKSLAB.COM — 2026-04-09
📡
Third-Party Risk Is an Intelligence Operation. It's Time We Treated It Like One.
RECORDEDFUTURE.COM — 09 Apr 2026
📡
[webapps] RomM 4.4.0 - XSS_CSRF Chain
EXPLOIT-DB.COM — 09 Apr 2026
📡
Scammers pose as Amazon support to steal your account
MALWAREBYTES.COM — 09 Apr 2026
📡
NSFW app leak exposes 70,000 prompts linked to individual users
MALWAREBYTES.COM — 09 Apr 2026
📡
30,000 private Facebook images allegedly downloaded by Meta employee
MALWAREBYTES.COM — 09 Apr 2026
🚨
TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)This is the seventh update to the TeamPCP supply chain campaign threat intelligence report,&#;x26;#;xc2;&#;x26;#;xa0; "When the Security Scanner Became the Weapon" &#;x26;#;xc2;&#;x26…
KEVISC.SANS.EDU — 08 Apr 2026
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-1340 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malici…
KEVCISA.GOV — Wed, 08 Apr 26 1
🐛
Claude Identifies Critical 13-Year-Old RCE Vulnerability in Apache ActiveMQ
GBHACKERS.COM — 08 Apr 2026
🐛
CVE-2026-34982 Vim modeline bypass via various options affects Vim < 9.2.0276
MSRC.MICROSOFT.COM — 08 Apr 2026
🐛
CVE-2026-35177 Path traversal issue with zip.vim in Vim
MSRC.MICROSOFT.COM — 08 Apr 2026
🐛
Docker Authorization Bypass Flaw Exposed Hosts to Potential Attackers
GBHACKERS.COM — 08 Apr 2026
🐛
Multiple OpenSSL Flaws Expose Sensitive Data in RSA KEM Handling
GBHACKERS.COM — 08 Apr 2026
🐛
Hackers exploit a critical Flowise flaw affecting thousands of AI workflows
CSOONLINE.COM — 08 Apr 2026
🐛
Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
SH.ITJUST.WORKS — 8 Apr 2026
⚠️
Cybercriminals Use Fake Zoom, Teams Calls to Deliver Malware
GBHACKERS.COM — 08 Apr 2026
⚠️
Claude Code Leak Exploited to Spread Vidar and GhostSocks via GitHub Releases
GBHACKERS.COM — 08 Apr 2026
⚠️
Remus Infostealer Debuts With Stealthy New Credential-Theft Tactics
GBHACKERS.COM — 08 Apr 2026
⚠️
Assessing Claude Mythos Preview’s cybersecurity capabilities
PROGRAMMING.DEV — 8 Apr 2026
⚠️
GreyNoise Launches C2 Detection for Exploited Edge Devices
GBHACKERS.COM — 08 Apr 2026
⚠️
Top 10 Best Multi-Factor Authentication (MFA) Providers in 2026
GBHACKERS.COM — 08 Apr 2026
⚠️
The tabletop exercise grows up
CSOONLINE.COM — 08 Apr 2026
⚠️
Microsoft’s new Agent Governance Toolkit targets top OWASP risks for AI agents
CSOONLINE.COM — 08 Apr 2026
⚠️
Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems
THEHACKERNEWS.COM — 08 Apr 2026
⚠️
The zero-day timeline just collapsed. Here’s what security leaders do next
CSOONLINE.COM — 08 Apr 2026
⚠️
US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking
SECURITYWEEK.COM — 08 Apr 2026
⚠️
LLM-generated passwords are indefensible. Your codebase may already prove it
CSOONLINE.COM — 08 Apr 2026
⚠️
Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions
CSOONLINE.COM — 08 Apr 2026
⚠️
Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover
SECURITYWEEK.COM — 08 Apr 2026
⚠️
Hackers Target Adobe Reader Users With Sophisticated Zero-Day Exploit
GBHACKERS.COM — 08 Apr 2026
⚠️
Iran‑linked PLC attacks cause real‑world disruption at critical US infra sites
CSOONLINE.COM — 08 Apr 2026
⚠️
Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption
SECURITYWEEK.COM — 08 Apr 2026
⚠️
Anthropic Launches Claude Mythos Preview Focused on Zero-Day Vulnerability Discovery
GBHACKERS.COM — 08 Apr 2026
⚠️
Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
SH.ITJUST.WORKS — 8 Apr 2026
⚠️
Voice Phishing is a Growing Social Engineering Threat
KNOWBE4.COM — 08 Apr 2026
⚠️
Joint advisory on Russian GRU exploiting vulnerable routers to steal sensitive information
CYBER.GC.CA — 2026-04-08
⚠️
RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years
SECURITYWEEK.COM — 08 Apr 2026
⚠️
GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltrati
SH.ITJUST.WORKS — 8 Apr 2026
⚠️
Developer of VeraCrypt encryption software says Windows users may face boot-up issues after Microsoft locked his account
TECHCRUNCH.COM — 08 Apr 2026
⚠️
Data Leakage Vulnerability Patched in OpenSSL
SECURITYWEEK.COM — 08 Apr 2026
⚠️
Yael Nardi joins Minimus as Chief Business Officer to drive hyper-growth
CSOONLINE.COM — 08 Apr 2026
⚠️
Legit Login Flow Turned Attack
YOUTUBE.COM — 2026-04-08
⚠️
13-year-old bug in ActiveMQ lets hackers remotely execute commands
BLEEPINGCOMPUTER.COM — 08 Apr 2026
⚠️
How botnet-driven DDoS attacks evolved in 2H 2025
CSOONLINE.COM — 08 Apr 2026
⚠️
CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday
BLEEPINGCOMPUTER.COM — 08 Apr 2026
⚠️
Arelion employs NETSCOUT Arbor DDoS protection products
CSOONLINE.COM — 08 Apr 2026
⚠️
WireGuard VPN developer can’t ship software updates after Microsoft locks account
TECHCRUNCH.COM — 08 Apr 2026
⚠️
Hackers use pixel-large SVG trick to hide credit card stealer
BLEEPINGCOMPUTER.COM — 08 Apr 2026
⚠️
[webapps] FortiWeb 8.0.2 - Remote Code Execution
EXPLOIT-DB.COM — 08 Apr 2026
⚠️
[webapps] xibocms 3.3.4 - RCE
EXPLOIT-DB.COM — 08 Apr 2026
⚠️
[webapps] Horilla v1.3 - RCE
EXPLOIT-DB.COM — 08 Apr 2026
⚠️
Risky Business #832 -- Anthropic unveils magical 0day computer God
RISKY.BIZ — 08 Apr 2026
📋
IBM Security Verify Access Flaws Let Remote Attackers Access Sensitive Data
GBHACKERS.COM — 08 Apr 2026
📢
HPE security advisory (AV26-325)
CYBER.GC.CA — 2026-04-08
📢
CUPS security advisory (AV26-326)
CYBER.GC.CA — 2026-04-08
📢
GitLab security advisory (AV26-327)
CYBER.GC.CA — 2026-04-08
📢
Mitel security advisory (AV26-328)
CYBER.GC.CA — 2026-04-08
📢
OpenSSL security advisory (AV26-329)
CYBER.GC.CA — 2026-04-08
📢
Ivanti security advisory (AV26-068) – Update 2
CYBER.GC.CA — 2026-04-08
📢
Apache ActiveMQ security advisory (AV26-330)
CYBER.GC.CA — 2026-04-08
📢
Palo Alto Networks security advisory (AV26-331)
CYBER.GC.CA — 2026-04-08
📢
SonicWall security advisory (AV26-332)
CYBER.GC.CA — 2026-04-08
📢
A framework for securely collecting forensic artifacts into S3 buckets
AWS.AMAZON.COM — 08 Apr 2026
📢
Russian hacking group targets home and small office routers to spy on users
MALWAREBYTES.COM — 08 Apr 2026
🔥
Snowflake customers hit in data theft attacks after SaaS integrator breach
SH.ITJUST.WORKS — 8 Apr 2026
🔥
My Lovely AI - 106,271 breached accounts
HAVEIBEENPWNED.COM — 08 Apr 2026
🔥
FBI Takes Down Russian Campaign That Compromised Thousands of Routers
GBHACKERS.COM — 08 Apr 2026
🔥
Zero Trust Readiness and Two RSAC 2026 Interviews from Fenix24 and Absolute Security - BSW #442
YOUTUBE.COM — 2026-04-08
🔥
Hackers steal and leak sensitive LAPD police documents
TECHCRUNCH.COM — 08 Apr 2026
🔥
Thousands of consumer routers hacked by Russia's military
SH.ITJUST.WORKS — 8 Apr 2026
🕵️
ISC Stormcast For Wednesday, April 8th, 2026 https://isc.sans.edu/podcastdetail/9884, (Wed, Apr 8th)
ISC.SANS.EDU — 08 Apr 2026
🕵️
Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks
SECURITYWEEK.COM — 08 Apr 2026
🕵️
ComfyUI Servers Hijacked for Cryptomining, Proxy Botnet Ops
GBHACKERS.COM — 08 Apr 2026
🕵️
Fiber Optic Cables Turned Into Hidden Microphones to Spy on Private Conversations
GBHACKERS.COM — 08 Apr 2026
🕵️
Russian Threat Actors Abuse Home Routers in Expanding DNS Hijacking Wave
GBHACKERS.COM — 08 Apr 2026
🕵️
Minimum Release Age is an Underrated Supply Chain Defense
PROGRAMMING.DEV — 8 Apr 2026
🕵️
N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust
THEHACKERNEWS.COM — 08 Apr 2026
🕵️
Python Supply-Chain Compromise
SCHNEIER.COM — 2026-04-08
🕵️
Masjesu Botnet Targets Routers in Commercial DDoS Attacks
GBHACKERS.COM — 08 Apr 2026
🕵️
Evasive Masjesu DDoS Botnet Targets IoT Devices
SECURITYWEEK.COM — 08 Apr 2026
🕵️
EvilTokens Uses Stolen Microsoft 365 Tokens, AI to Supercharge BEC
GBHACKERS.COM — 08 Apr 2026
🕵️
Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks
SH.ITJUST.WORKS — 8 Apr 2026
🕵️
What are You Working on Wednesday
INFOSEC.PUB — 8 Apr 2026
🕵️
FBI: Cybercrime Losses Neared $21 Billion in 2025
SECURITYWEEK.COM — 08 Apr 2026
🕵️
Major outage cripples Russian banking apps and metro payments nationwide
SH.ITJUST.WORKS — 8 Apr 2026
🕵️
LLMs vs Machine Learning for Security
YOUTUBE.COM — 2026-04-08
🕵️
APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
THEHACKERNEWS.COM — 08 Apr 2026
🕵️
6 Winter 2026 G2 Leader Badges prove this DDoS protection stands out
CSOONLINE.COM — 08 Apr 2026
🕵️
VeraCrypt lockdown
SH.ITJUST.WORKS — 8 Apr 2026
🕵️
Don’t Know Your Data? Problem
YOUTUBE.COM — 2026-04-08
🕵️
Google: New UNC6783 hackers steal corporate Zendesk support tickets
BLEEPINGCOMPUTER.COM — 08 Apr 2026
🕵️
Announcing ADEM Universal Agent
PALOALTONETWORKS.COM — 08 Apr 2026
🕵️
Understanding and Anticipating Venezuelan Government Actions
RECORDEDFUTURE.COM — 08 Apr 2026
🕵️
Building Phishing Detection That Works: 3 Steps for CISOs
ANY.RUN — 08 Apr 2026
🌐
Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
THEHACKERNEWS.COM — 08 Apr 2026
🌐
Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices
THEHACKERNEWS.COM — 08 Apr 2026
🌐
New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
THEHACKERNEWS.COM — 08 Apr 2026
🌐
New macOS stealer campaign uses Script Editor in ClickFix attack
BLEEPINGCOMPUTER.COM — 08 Apr 2026
🌐
Hack-for-hire group caught targeting Android devices and iCloud backups
TECHCRUNCH.COM — 08 Apr 2026
🌐
Financial cyberthreats in 2025 and the outlook for 2026
SECURELIST.COM — 08 Apr 2026
🎙️
Smashing Security podcast #462: LinkedIn is spying on you, and you agreed to nothing
GRAHAMCLULEY.COM — 08 Apr 2026
📡
Weekly Threat Bulletin – April 8th, 2026
F5.COM — 08 Apr 2026
📡
Microsoft rolls out fix for broken Windows Start Menu search
BLEEPINGCOMPUTER.COM — 08 Apr 2026
📡
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
THEHACKERNEWS.COM — 08 Apr 2026
📡
Is a $30,000 GPU Good at Password Cracking?
BLEEPINGCOMPUTER.COM — 08 Apr 2026
📡
Final 3 days to save up to $500 on your TechCrunch Disrupt 2026 pass
TECHCRUNCH.COM — 08 Apr 2026
📡
More Honeypot Fingerprinting Scans, (Wed, Apr 8th)
ISC.SANS.EDU — 08 Apr 2026
📡
Hardening security management console settings | Kaspersky official blog
KASPERSKY.COM — 08 Apr 2026
📡
[local] 7-Zip 24.00 - Directory Traversal
EXPLOIT-DB.COM — 08 Apr 2026
📡
[local] SQLite 3.50.1 - Heap Overflow
EXPLOIT-DB.COM — 08 Apr 2026
📡
[local] Microsoft MMC MSC EvilTwin - Local Admin Creation
EXPLOIT-DB.COM — 08 Apr 2026
📡
Your extensions leak clues about you, so we made sure Browser Guard doesn&#8217;t
MALWAREBYTES.COM — 08 Apr 2026
📡
Timeshare owners warned to watch out for cartel-linked scams
MALWAREBYTES.COM — 08 Apr 2026
🚨
CISA Alerts Defenders to Actively Exploited Fortinet Zero-Day VulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability in Fortinet products. The agency officially added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on April 6, 2026, indicating that t…
KEVGBHACKERS.COM — 07 Apr 2026
🐛
50,000 WordPress Sites Running Ninja Forms Vulnerable to Critical File Upload RCE
GBHACKERS.COM — 07 Apr 2026
🐛
Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
THEHACKERNEWS.COM — 07 Apr 2026
🐛
CVE-2026-35386
MSRC.MICROSOFT.COM — 07 Apr 2026
🐛
CVE-2026-34743 XZ Utils: Buffer overflow in lzma_index_append()
MSRC.MICROSOFT.COM — 07 Apr 2026
🐛
CVE-2026-31410 ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION
MSRC.MICROSOFT.COM — 07 Apr 2026
🐛
CVE-2026-31407 netfilter: conntrack: add missing netlink policy validations
MSRC.MICROSOFT.COM — 07 Apr 2026
🐛
CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization
MSRC.MICROSOFT.COM — 07 Apr 2026
🐛
CVE-2026-34591 Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write
MSRC.MICROSOFT.COM — 07 Apr 2026
🐛
CVE-2026-35388
MSRC.MICROSOFT.COM — 07 Apr 2026
🐛
CVE-2026-35387
MSRC.MICROSOFT.COM — 07 Apr 2026
🐛
CVE-2026-35385
MSRC.MICROSOFT.COM — 07 Apr 2026
🐛
CVE-2026-31408 Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
MSRC.MICROSOFT.COM — 07 Apr 2026
🐛
Attackers Exploit Flowise Injection Vulnerability as 15,000+ Instances Remain Exposed
KEVGBHACKERS.COM — 07 Apr 2026
🐛
Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
THEHACKERNEWS.COM — 07 Apr 2026
🐛
Max severity Flowise RCE vulnerability now exploited in attacks
BLEEPINGCOMPUTER.COM — 07 Apr 2026
🐛
AL26-007 - Vulnerability impacting Fortinet FortiClientEMS - CVE-2026-35616
CYBER.GC.CA — 2026-04-07
🐛
Fortinet releases emergency hotfix for FortiClient EMS zero-day flaw
CSOONLINE.COM — 07 Apr 2026
⚠️
North Korea's $285M Crypto Heist, China Breaches FBI System, Delve Faces New Allegations
CYBERSECURITYTODAY.LIBSYN.COM — 07 Apr 2026
⚠️
Windows Defender 0-Day Published Online, Giving Attackers Potential Full Access
GBHACKERS.COM — 07 Apr 2026
⚠️
Microsoft Warns Storm-1175 Exploiting Web-Facing Vulnerabilities to Deploy Medusa Ransomware
GBHACKERS.COM — 07 Apr 2026
⚠️
172: SuperBox
DARKNETDIARIES.COM — 07 Apr 2026
⚠️
Threat Actors Exploit LogMeIn Resolve, ScreenConnect in Phishing Campaigns
GBHACKERS.COM — 07 Apr 2026
⚠️
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
THEHACKERNEWS.COM — 07 Apr 2026
⚠️
Life imprisonment for Cambodian scam compound operators – but will it make a difference?
BITDEFENDER.COM — 07 Apr 2026
⚠️
The rise of proactive cyber: Why defense is no longer enough
CSOONLINE.COM — 07 Apr 2026
⚠️
The noisy tenants: Engineering fairness in multi-tenant SIEM solutions
CSOONLINE.COM — 07 Apr 2026
⚠️
AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - ASW #377
YOUTUBE.COM — 2026-04-07
⚠️
Critical Android Flaw Allows Zero-Interaction Denial-of-Service Attacks
GBHACKERS.COM — 07 Apr 2026
⚠️
Hong Kong Police Can Force You to Reveal Your Encryption Keys
SCHNEIER.COM — 2026-04-07
⚠️
New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips
THEHACKERNEWS.COM — 07 Apr 2026
⚠️
Supply chain security is now a board-level issue: Here’s what CSOs need to know
CSOONLINE.COM — 07 Apr 2026
⚠️
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
SH.ITJUST.WORKS — 7 Apr 2026
⚠️
Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems
SECURITYWEEK.COM — 07 Apr 2026
⚠️
Hackers Exploit Next.js React2Shell Vulnerability, Breach 766 Hosts in 24 Hours
GBHACKERS.COM — 07 Apr 2026
⚠️
Microsoft says Medusa-linked Storm-1175 is speeding ransomware attacks
CSOONLINE.COM — 07 Apr 2026
⚠️
Fake Gemini npm Package Steals AI Tool Tokens
GBHACKERS.COM — 07 Apr 2026
⚠️
GPUBreach Attack Could Lead to Full System Takeover and Root Shell Access
GBHACKERS.COM — 07 Apr 2026
⚠️
[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk
THEHACKERNEWS.COM — 07 Apr 2026
⚠️
Zero‑click Grafana AI attack can enable enterprise data exfiltration
CSOONLINE.COM — 07 Apr 2026
⚠️
Campaign Mode: Because Your SOC Team Has a Life
KNOWBE4.COM — 07 Apr 2026
⚠️
Windmill Developer Platform Flaws Expose Users to RCE Attacks, Proof-of-Concept Published
GBHACKERS.COM — 07 Apr 2026
⚠️
Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
THEHACKERNEWS.COM — 07 Apr 2026
⚠️
CUPS Vulnerabilities Could Allow Remote Attackers to Achieve Root-Level Code Execution
GBHACKERS.COM — 07 Apr 2026
⚠️
GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data
SECURITYWEEK.COM — 07 Apr 2026
⚠️
Trump administration plans to cut cybersecurity agency’s budget by $700 million
TECHCRUNCH.COM — 07 Apr 2026
⚠️
Why Your Automated Pentesting Tool Just Hit a Wall
BLEEPINGCOMPUTER.COM — 07 Apr 2026
⚠️
Severe StrongBox Vulnerability Patched in Android
SECURITYWEEK.COM — 07 Apr 2026
⚠️
One Click Took Down the Supply Chain
YOUTUBE.COM — 2026-04-07
⚠️
Critical Flowise Vulnerability in Attacker Crosshairs
SECURITYWEEK.COM — 07 Apr 2026
⚠️
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
BLEEPINGCOMPUTER.COM — 07 Apr 2026
⚠️
Milking the last drop of Intego - Time for Windows to get its LPE
QUARKSLAB.COM — 2026-04-07
⚠️
Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
THEHACKERNEWS.COM — 07 Apr 2026
⚠️
A Little Bit Pivoting: What Web Shells are Attackers Looking for&#x3f;, (Tue, Apr 7th)
ISC.SANS.EDU — 07 Apr 2026
⚠️
5 steps to strengthen supply chain security and improve cyber resilience
CSOONLINE.COM — 07 Apr 2026
⚠️
5 ways to strengthen identity security and improve attack resilience
CSOONLINE.COM — 07 Apr 2026
⚠️
5 practical steps to strengthen attack resilience with attack surface management
KEVCSOONLINE.COM — 07 Apr 2026
⚠️
AI Found and Exploited Bugs Automatically
YOUTUBE.COM — 2026-04-07
⚠️
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
CISECURITY.ORG — 07 Apr 2026
⚠️
Hackers exploit critical flaw in Ninja Forms WordPress plugin
BLEEPINGCOMPUTER.COM — 07 Apr 2026
⚠️
What Anthropic Glasswing reveals about the future of vulnerability discovery
CSOONLINE.COM — 07 Apr 2026
⚠️
What we learned about TEE security from auditing WhatsApp's Private Inference
TRAILOFBITS.COM — 07 Apr 2026
⚠️
ClickFix Meets AI: A Multi-Platform Attack Targeting macOS in the Wild
ANY.RUN — 07 Apr 2026
📢
White House Seeks to Slash CISA Funding by $707 Million
SECURITYWEEK.COM — 07 Apr 2026
📢
Fortinet security advisory (AV26-313)
CYBER.GC.CA — 2026-04-07
📢
Android security advisory – April 2026 monthly rollup (AV26-314)
CYBER.GC.CA — 2026-04-07
📢
Microsoft Edge security advisory (AV26-315)
CYBER.GC.CA — 2026-04-07
📢
IBM security advisory (AV26-316)
CYBER.GC.CA — 2026-04-07
📢
Ubuntu security advisory (AV26-317)
CYBER.GC.CA — 2026-04-07
📢
Red Hat security advisory (AV26-318)
CYBER.GC.CA — 2026-04-07
📢
VMware security advisory (AV26-319)
CYBER.GC.CA — 2026-04-07
📢
Iranian hackers are targeting American critical infrastructure, U.S. agencies warn
TECHCRUNCH.COM — 07 Apr 2026
📢
Erlang security advisory (AV26-320)
CYBER.GC.CA — 2026-04-07
📢
Hitachi security advisory (AV26-321)
CYBER.GC.CA — 2026-04-07
📢
Dell security advisory (AV26-322)
CYBER.GC.CA — 2026-04-07
📢
[Control systems] CISA ICS security advisories (AV26–324)
CYBER.GC.CA — 2026-04-07
📢
Mozilla security advisory (AV26-323)
CYBER.GC.CA — 2026-04-07
🔥
Weekly Update 498
TROYHUNT.COM — 07 Apr 2026
🔥
German Police Unmask REvil Ransomware Leader
SECURITYWEEK.COM — 07 Apr 2026
🔥
GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack
SECURITYWEEK.COM — 07 Apr 2026
🔥
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
SH.ITJUST.WORKS — 7 Apr 2026
🔥
The Hidden Cost of Recurring Credential Incidents
THEHACKERNEWS.COM — 07 Apr 2026
🔥
Kubernetes Flaws Let Hackers Jump From Containers to Cloud Accounts
GBHACKERS.COM — 07 Apr 2026
🔥
New GPUBreach attack enables system takeover via GPU rowhammer
SH.ITJUST.WORKS — 7 Apr 2026
🔥
The dangers of telehealth: data breaches, phishing, and spam | Kaspersky official blog
KASPERSKY.COM — 07 Apr 2026
🔥
German authorities identify REvil and GandCrab ransomware bosses
SH.ITJUST.WORKS — 7 Apr 2026
🔥
AI for Human Risk Management Shift to Adaptive Behavior Based Training
KNOWBE4.COM — 07 Apr 2026
🔥
Russia Hacked Routers to Steal Microsoft Office Tokens
KREBSONSECURITY.COM — 07 Apr 2026
🔥
Snowflake customers hit in data theft attacks after SaaS integrator breach
BLEEPINGCOMPUTER.COM — 07 Apr 2026
🔥
FBI: Americans lost a record $21 billion to cybercrime last year
BLEEPINGCOMPUTER.COM — 07 Apr 2026
🔥
Support platform breach exposes Hims &amp; Hers customer data
MALWAREBYTES.COM — 07 Apr 2026
🕵️
Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
THEHACKERNEWS.COM — 07 Apr 2026
🕵️
ISC Stormcast For Tuesday, April 7th, 2026 https://isc.sans.edu/podcastdetail/9882, (Tue, Apr 7th)
ISC.SANS.EDU — 07 Apr 2026
🕵️
Fake TradingView Premium Reddit Posts Spread Vidar and AMOS Stealers
GBHACKERS.COM — 07 Apr 2026
🕵️
Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack
SECURITYWEEK.COM — 07 Apr 2026
🕵️
New Microsoft Defender Update Issued for Windows 11, Windows 10, and Server Images
GBHACKERS.COM — 07 Apr 2026
🕵️
Iran-Linked Hackers Hit M365 Tenants in Middle East Password Spray Campaign
GBHACKERS.COM — 07 Apr 2026
🕵️
Fake Installers Spread RATs, Monero Miners in Ongoing Malware Campaign
GBHACKERS.COM — 07 Apr 2026
🕵️
Tor-Backed ClickFix Campaign Drops Node.js RAT on Windows
GBHACKERS.COM — 07 Apr 2026
🕵️
FIRESIDE CHAT: Geopolitical turmoil, rising AI risk add a new layer to enterprise cyber defense
LASTWATCHDOG.COM — 07 Apr 2026
🕵️
Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware
SH.ITJUST.WORKS — 7 Apr 2026
🕵️
Guardarian Users Targeted With Malicious Strapi NPM Packages - SecurityWeek
SH.ITJUST.WORKS — 7 Apr 2026
🕵️
BPFDoor Variants Hide with Stateless C2 and ICMP Relay Tactics
GBHACKERS.COM — 07 Apr 2026
🕵️
Webinar Today: Why Automated Pentesting Alone Is Not Enough
SECURITYWEEK.COM — 07 Apr 2026
🕵️
SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks
MICROSOFT.COM — 07 Apr 2026
🕵️
Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do
TRENDMICRO.COM — 07 Apr 2026
🕵️
CyberheistNews Vol 16 #14 [Heads Up] Clever Hackers Use Custom Fonts to Bypass AI Defenses
KNOWBE4.COM — 07 Apr 2026
🕵️
The New Rules of Engagement: Matching Agentic Attack Speed
SECURITYWEEK.COM — 07 Apr 2026
🕵️
Trent AI Emerges From Stealth With $13 Million in Funding
SECURITYWEEK.COM — 07 Apr 2026
🕵️
Bounty Available (>$2,000) for QubesOS BusKill package
SH.ITJUST.WORKS — 7 Apr 2026
🕵️
Russian government hackers broke into thousands of home routers to steal passwords
TECHCRUNCH.COM — 07 Apr 2026
🕵️
Bounty Available (>$2,000) for QubesOS BusKill package
PROGRAMMING.DEV — 7 Apr 2026
🕵️
US warns of Iranian hackers targeting critical infrastructure
BLEEPINGCOMPUTER.COM — 07 Apr 2026
🕵️
Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks
SECURITYWEEK.COM — 07 Apr 2026
🕵️
Cthullu, BlueHammer, NK, CUPs, Axios, Fortinet, Cognitive Surrender, Aaran Leyland - SWN #570
YOUTUBE.COM — 2026-04-07
🕵️
The AI Chip War Explained
YOUTUBE.COM — 2026-04-07
🕵️
As breakout time accelerates, prevention-first cybersecurity takes center stage
WELIVESECURITY.COM — 07 Apr 2026
🕵️
Palo Alto Networks at Nutanix .NEXT 2026
PALOALTONETWORKS.COM — 07 Apr 2026
🕵️
Building AI defenses at scale: Before the threats emerge
AWS.AMAZON.COM — 07 Apr 2026
🌐
Supply chain integrity risk assessments: Evaluation criteria (ITSAP.10.071)
CYBER.GC.CA — 2026-04-07
📡
Cybersecurity in the Age of Instant Software
SCHNEIER.COM — 2026-04-07
📡
Anthropic debuts preview of powerful new AI model Mythos in new cybersecurity initiative
TECHCRUNCH.COM — 07 Apr 2026
📡
Cloudflare targets 2029 for full post-quantum security
CLOUDFLARE.COM — 07 Apr 2026
📡
Traffic violation scams swap links for QR codes to steal your card details
MALWAREBYTES.COM — 07 Apr 2026
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-35616 - Fortinet FortiClient EMS Improper Access Control Vulnerability This type of vulnerability is a frequent attack vector for malicio…
KEVCISA.GOV — Mon, 06 Apr 26 1
🚨
CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wildExploitation has been observed for CVE-2026-35616, a critical improper access control zero-day vulnerability affecting Fortinet FortiClientEMS devices. Key takeaways: CVE-2026-35616, an improper access control vulnerability, has been exploited in the wild as a zero-day.   Pu…
KEVTENABLE.COM — 06 Apr 2026
🐛
2,000+ FortiClient EMS Instances Exposed Online as Attackers Exploit Active RCE Flaw
GBHACKERS.COM — 06 Apr 2026
🐛
Critical Dgraph Database Flaw Allowed Attackers to Bypass Authentication
GBHACKERS.COM — 06 Apr 2026
🐛
6 ways attackers abuse AI services to hack your business
CSOONLINE.COM — 06 Apr 2026
🐛
New multilingual severity classifiers for vulnerability analysis
INFOSEC.PUB — 6 Apr 2026
🐛
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
KEVCISA.GOV — 06 Apr 2026
🐛
ZDI-26-257: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Apr 2026
🐛
ZDI-26-256: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Apr 2026
🐛
ZDI-26-255: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Apr 2026
🐛
ZDI-26-254: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Apr 2026
⚠️
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
KREBSONSECURITY.COM — 06 Apr 2026
⚠️
36 Malicious Strapi npm Packages Deliver Redis RCE, Persistent C2 Malware
GBHACKERS.COM — 06 Apr 2026
⚠️
Google DeepMind Flags New Threat as Malicious Web Content Puts AI Agents at Risk
GBHACKERS.COM — 06 Apr 2026
⚠️
Hackers Breach ILSpy WordPress Domain to Deliver Malware
GBHACKERS.COM — 06 Apr 2026
⚠️
Apache Traffic Server Flaw Allowed Attackers to Trigger Denial-of-Service Attacks
GBHACKERS.COM — 06 Apr 2026
⚠️
How often are redirects used in phishing in 2026&#x3f;, (Mon, Apr 6th)
ISC.SANS.EDU — 06 Apr 2026
⚠️
Escaping the COTS trap
CSOONLINE.COM — 06 Apr 2026
⚠️
Battling payment fraud with tokenization and executive interviews from RSAC 2026 - ESW #453
YOUTUBE.COM — 2026-04-06
⚠️
Fortinet Rushes Emergency Fixes for Exploited Zero-Day
SECURITYWEEK.COM — 06 Apr 2026
⚠️
Google’s Bug Bounty Program Hits Record $17 Million in 2025 Payouts
GBHACKERS.COM — 06 Apr 2026
⚠️
Authentication is broken: Here’s how security leaders can actually fix it
CSOONLINE.COM — 06 Apr 2026
⚠️
Critical Claude Code Flaw Silently Bypasses User-Configured Security Rules
GBHACKERS.COM — 06 Apr 2026
⚠️
North Korea’s Modular Malware Strategy Hides Attribution, Defies Takedowns
GBHACKERS.COM — 06 Apr 2026
⚠️
North Korean hackers abuse LNKs and GitHub repos in ongoing campaign
CSOONLINE.COM — 06 Apr 2026
⚠️
Hackers exploit React2Shell in automated credential theft campaign
SH.ITJUST.WORKS — 6 Apr 2026
⚠️
A Vulnerability in Fortinet FortiClientEMS Could Allow for Arbitrary Code Execution
SH.ITJUST.WORKS — 6 Apr 2026
⚠️
Your KnowBe4 Fresh Compliance Plus Content Updates | March 2026
KNOWBE4.COM — 06 Apr 2026
⚠️
Google Brings Lazy Loading to Media Files in New Chrome Release
GBHACKERS.COM — 06 Apr 2026
⚠️
⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
THEHACKERNEWS.COM — 06 Apr 2026
⚠️
Google DeepMind Researchers Map Web Attacks Against AI Agents
SECURITYWEEK.COM — 06 Apr 2026
⚠️
CISA orders feds to patch Fortinet flaw exploited in attacks by Friday
KEVBLEEPINGCOMPUTER.COM — 06 Apr 2026
⚠️
North Korea’s hijack of one of the web’s most used open source projects was likely weeks in the making
TECHCRUNCH.COM — 06 Apr 2026
⚠️
Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
MICROSOFT.COM — 06 Apr 2026
⚠️
Microsoft links Medusa ransomware affiliate to zero-day attacks
BLEEPINGCOMPUTER.COM — 06 Apr 2026
⚠️
New Mexico’s Meta Ruling and Encryption
SCHNEIER.COM — 2026-04-06
⚠️
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
BLEEPINGCOMPUTER.COM — 06 Apr 2026
⚠️
Microsoft links Medusa ransomware affiliate to zero-day attacks
SH.ITJUST.WORKS — 6 Apr 2026
⚠️
[local] Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
EXPLOIT-DB.COM — 06 Apr 2026
⚠️
[webapps] WBCE CMS 1.6.4 - Remote Code Execution
EXPLOIT-DB.COM — 06 Apr 2026
⚠️
[webapps] RiteCMS 3.1.0 - Authenticated Remote Code Execution
EXPLOIT-DB.COM — 06 Apr 2026
🔥
Threat Actors Weaponize Fake Microsoft Teams Domains to Target Users
GBHACKERS.COM — 06 Apr 2026
🔥
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
THEHACKERNEWS.COM — 06 Apr 2026
🔥
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
THEHACKERNEWS.COM — 06 Apr 2026
🔥
Alleged REvil Leader ‘UNKN’ Identified by German Authorities in New Takedown Effort
GBHACKERS.COM — 06 Apr 2026
🔥
Drift Protocol Hit in $286M Suspected North Korea-Linked Crypto Heist
GBHACKERS.COM — 06 Apr 2026
🔥
Trojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates Data
GBHACKERS.COM — 06 Apr 2026
🔥
Why Simple Breach Monitoring is No Longer Enough
BLEEPINGCOMPUTER.COM — 06 Apr 2026
🔥
Social Engineering Fraud Explodes
YOUTUBE.COM — 2026-04-06
🔥
Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps
THEHACKERNEWS.COM — 06 Apr 2026
🔥
Why Simple Breach Monitoring is No Longer Enough
SH.ITJUST.WORKS — 6 Apr 2026
🔥
New GPUBreach attack enables system takeover via GPU rowhammer
BLEEPINGCOMPUTER.COM — 06 Apr 2026
🔥
German authorities identify REvil and GangCrab ransomware bosses
BLEEPINGCOMPUTER.COM — 06 Apr 2026
🔥
German authorities identify REvil and GandCrab ransomware bosses
BLEEPINGCOMPUTER.COM — 06 Apr 2026
🕵️
ISC Stormcast For Monday, April 6th, 2026 https://isc.sans.edu/podcastdetail/9880, (Mon, Apr 6th)
ISC.SANS.EDU — 06 Apr 2026
🕵️
ResokerRAT Hijacks Telegram API to Command Infected Windows PCs
GBHACKERS.COM — 06 Apr 2026
🕵️
Poisoned Axios Package Spreads Cross-Platform Malware via Phantom Dependency
GBHACKERS.COM — 06 Apr 2026
🕵️
Google Wants to Transition to Post-Quantum Cryptography by 2029
SCHNEIER.COM — 2026-04-06
🕵️
North Korean Hackers Target High-Profile Node.js Maintainers
SECURITYWEEK.COM — 06 Apr 2026
🕵️
Guardarian Users Targeted With Malicious Strapi NPM Packages
SECURITYWEEK.COM — 06 Apr 2026
🕵️
Fake GitHub CI Update Steals Secrets and Tokens
GBHACKERS.COM — 06 Apr 2026
🕵️
GitHub-Backed Malware Spread via LNK Files in South Korea
GBHACKERS.COM — 06 Apr 2026
🕵️
Traffic violation scams switch to QR codes in new phishing texts
SH.ITJUST.WORKS — 6 Apr 2026
🕵️
How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
THEHACKERNEWS.COM — 06 Apr 2026
🕵️
Detection and Prevention of Misdirected Emails: What to Know
KNOWBE4.COM — 06 Apr 2026
🕵️
Hackers Using Fake "Microsoft Teams" Domains to Attack Users Via Malicious Payload
SH.ITJUST.WORKS — 6 Apr 2026
🕵️
Watch this video of how a job interviewer exposes a North Korean fake IT worker
TECHCRUNCH.COM — 06 Apr 2026
🕵️
Adobe modifies hosts file to detect whether Creative Cloud is installed
INFOSEC.PUB — 6 Apr 2026
🕵️
Inside an AI‑enabled device code phishing campaign
MICROSOFT.COM — 06 Apr 2026
🕵️
Your Behavior Can Expose Fraud
YOUTUBE.COM — 2026-04-06
🌐
Convicted spyware maker Bryan Fleming avoids jail at sentencing
TECHCRUNCH.COM — 06 Apr 2026
🌐
A week in security (March 30 &#8211; April 5)
MALWAREBYTES.COM — 06 Apr 2026
📡
Ticket savings of up to $500 this week for TechCrunch Disrupt 2026
TECHCRUNCH.COM — 06 Apr 2026
📡
Drift $280M crypto theft linked to 6-month in-person operation
BLEEPINGCOMPUTER.COM — 06 Apr 2026
📡
DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
THEHACKERNEWS.COM — 06 Apr 2026
📡
Microsoft removes Support and Recovery Assistant from Windows
BLEEPINGCOMPUTER.COM — 06 Apr 2026
📡
Microsoft fixes Classic Outlook bug causing email delivery issues
BLEEPINGCOMPUTER.COM — 06 Apr 2026
📡
Anthropic Claude Mythos Preview: The More Capable AI Becomes, the More Security It Needs
CROWDSTRIKE.COM — Apr 06, 2026 00:
📡
[local] is-localhost-ip 2.0.0 - SSRF
EXPLOIT-DB.COM — 06 Apr 2026
📡
[webapps] Fortinet FortiWeb v8.0.1 - Auth Bypass
EXPLOIT-DB.COM — 06 Apr 2026
📡
[local] Windows Kernel - Elevation of Privilege
EXPLOIT-DB.COM — 06 Apr 2026
📡
[webapps] ASP.net 8.0.10 - Bypass
EXPLOIT-DB.COM — 06 Apr 2026
📡
[webapps] Grafana 11.6.0 - SSRF
EXPLOIT-DB.COM — 06 Apr 2026
📡
[webapps] Zhiyuan OA - arbitrary file upload leading
EXPLOIT-DB.COM — 06 Apr 2026
📡
[webapps] WordPress Madara - Local File Inclusion
EXPLOIT-DB.COM — 06 Apr 2026
🐛
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
KEVTHEHACKERNEWS.COM — 05 Apr 2026
🐛
CVE-2026-35414
MSRC.MICROSOFT.COM — 05 Apr 2026
🐛
CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)
MSRC.MICROSOFT.COM — 05 Apr 2026
🐛
CVE-2026-27447 OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup
MSRC.MICROSOFT.COM — 05 Apr 2026
🐛
CVE-2026-23473 io_uring/poll: fix multishot recv missing EOF on wakeup race
MSRC.MICROSOFT.COM — 05 Apr 2026
🐛
CVE-2026-31394 mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations
MSRC.MICROSOFT.COM — 05 Apr 2026
🐛
CVE-2026-23468 drm/amdgpu: Limit BO list entry count to prevent resource exhaustion
MSRC.MICROSOFT.COM — 05 Apr 2026
🐛
CVE-2026-23442 ipv6: add NULL checks for idev in SRv6 paths
MSRC.MICROSOFT.COM — 05 Apr 2026
🐛
CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup
MSRC.MICROSOFT.COM — 05 Apr 2026
🐛
CVE-2026-35535
MSRC.MICROSOFT.COM — 05 Apr 2026
🐛
CVE-2026-34979 OpenPrinting CUPS: Heap overflow in `get_options()`
MSRC.MICROSOFT.COM — 05 Apr 2026
🐛
CVE-2026-34980 OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
MSRC.MICROSOFT.COM — 05 Apr 2026
🐛
CVE-2026-34990 OpenPrinting CUPS: Local print admin token disclosure using temporary printers
MSRC.MICROSOFT.COM — 05 Apr 2026
🐛
CVE-2026-23472 serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN
MSRC.MICROSOFT.COM — 05 Apr 2026
🐛
CVE-2026-23444 wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure
MSRC.MICROSOFT.COM — 05 Apr 2026
🐛
Hackers exploit React2Shell in automated credential theft campaign
BLEEPINGCOMPUTER.COM — 05 Apr 2026
⚠️
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
THEHACKERNEWS.COM — 05 Apr 2026
⚠️
New FortiClient EMS flaw exploited in attacks, emergency patch released
KEVBLEEPINGCOMPUTER.COM — 05 Apr 2026
⚠️
New FortiClient EMS flaw exploited in attacks, emergency patch released
KEVBLEEPINGCOMPUTER.COM — 05 Apr 2026
🕵️
WhatsApp malware campaign installs backdoors
INFOSEC.PUB — 5 Apr 2026
🎙️
Killer robots are here. Now what? (Lock and Code S07E07)
MALWAREBYTES.COM — 05 Apr 2026
📡
Traffic violation scams switch to QR codes in new phishing texts
BLEEPINGCOMPUTER.COM — 05 Apr 2026
📡
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
THEHACKERNEWS.COM — 05 Apr 2026
📡
How CrowdStrike Is Accelerating Exposure Evaluation as Adversaries Gain Speed
CROWDSTRIKE.COM — Apr 05, 2026 00:
⚠️
SongTrivia2 - 291,739 breached accounts
HAVEIBEENPWNED.COM — 04 Apr 2026
⚠️
LinkedIn Hidden Code Secretly Scans Users’ Computers for Installed Software
GBHACKERS.COM — 04 Apr 2026
⚠️
Top 10 Best Identity And Access Management (IAM) Companies 2026
GBHACKERS.COM — 04 Apr 2026
⚠️
A Vulnerability in Fortinet FortiClientEMS Could Allow for Arbitrary Code Execution
CISECURITY.ORG — 04 Apr 2026
⚠️
How Attackers Bypass MFA Today
YOUTUBE.COM — 2026-04-04
📢
Top 10 Best Privileged Access Management (PAM) Solutions 2026
GBHACKERS.COM — 04 Apr 2026
📢
Introducing the Landing Zone Accelerator on AWS Universal Configuration and LZA Compliance Workbook
AWS.AMAZON.COM — 04 Apr 2026
🔥
Crunchyroll - 1,195,684 breached accounts
HAVEIBEENPWNED.COM — 04 Apr 2026
🔥
Hackers Launch Social Engineering Offensive Against Key Node.js Maintainers
GBHACKERS.COM — 04 Apr 2026
🔥
European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
SECURITYWEEK.COM — 04 Apr 2026
🕵️
Anthropic Ends Claude Subscription Access for Third-Party Tools Like OpenClaw
GBHACKERS.COM — 04 Apr 2026
🕵️
Stop Committing Your Secrets (You Know Who You Are)
PROGRAMMING.DEV — 4 Apr 2026
🕵️
OpenClaw gives users yet another reason to be freaked out about security
PROGRAMMING.DEV — 4 Apr 2026
🕵️
Axios npm hack used fake Teams error fix to hijack maintainer account
BLEEPINGCOMPUTER.COM — 04 Apr 2026
🌐
After fighting malware for decades, this cybersecurity veteran is now hacking drones
TECHCRUNCH.COM — 04 Apr 2026
📰
Elastic Security Integrations Roundup: Q1 2026
ELASTIC.CO — 04 Apr 2026
📡
Device code phishing attacks surge 37x as new kits spread online
BLEEPINGCOMPUTER.COM — 04 Apr 2026
🚨
CISA Includes TrueConf Security Flaw in KEV Catalog After Exploitation in the WildThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting the TrueConf Client to its Known Exploited Vulnerabilities (KEV) catalog. This addition follows clear evidence that threat actors are actively exploiting the bug in…
KEVGBHACKERS.COM — 03 Apr 2026
🐛
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
THEHACKERNEWS.COM — 03 Apr 2026
🐛
Attackers Abuse React2Shell Flaw to Compromise 700+ Next.js Hosts
GBHACKERS.COM — 03 Apr 2026
🐛
CVE-2026-34073 cryptography has incomplete DNS name constraint enforcement on peer names
MSRC.MICROSOFT.COM — 03 Apr 2026
🐛
14,000+ F5 BIG-IP APM Instances Exposed Online as Attackers Exploit RCE Vulnerability
GBHACKERS.COM — 03 Apr 2026
🐛
CNVD Severity Classification and RMSV Effects: Honest Metrics & Data Leakage
INFOSEC.PUB — 3 Apr 2026
🐛
New Progress ShareFile Flaws Expose Servers to Unauthorized Remote Takeover
GBHACKERS.COM — 03 Apr 2026
🐛
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
CSOONLINE.COM — 03 Apr 2026
🐛
Google patches fourth Chrome zero-day so far this year
CSOONLINE.COM — 03 Apr 2026
🐛
Security lapse lets researchers view React2Shell hackers’ dashboard
CSOONLINE.COM — 03 Apr 2026
⚠️
Cloudflare’s new CMS is not a WordPress killer, it’s a WordPress alternative
CSOONLINE.COM — 03 Apr 2026
⚠️
Microsoft now force upgrades unmanaged Windows 11 24H2 PCs
BLEEPINGCOMPUTER.COM — 03 Apr 2026
⚠️
12 cyber industry trends revealed at RSAC 2026
CSOONLINE.COM — 03 Apr 2026
⚠️
Trusted Platforms Exploited to Steal Philippine Banking Credentials
GBHACKERS.COM — 03 Apr 2026
⚠️
Nigerian romance scammer jailed after being caught out by fellow fraudster
BITDEFENDER.COM — 03 Apr 2026
⚠️
Axios npm compromise traced to targeted social engineering attack
GBHACKERS.COM — 03 Apr 2026
⚠️
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
SECURITYWEEK.COM — 03 Apr 2026
⚠️
Mobile Attack Surface Expands as Enterprises Lose Control
SECURITYWEEK.COM — 03 Apr 2026
⚠️
Critical ShareFile Flaws Lead to Unauthenticated RCE
SECURITYWEEK.COM — 03 Apr 2026
⚠️
Microsoft Forces Unmanaged Windows 11 Devices to Upgrade to Version 24H2
GBHACKERS.COM — 03 Apr 2026
⚠️
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
SECURITYWEEK.COM — 03 Apr 2026
⚠️
Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads
TRENDMICRO.COM — 03 Apr 2026
⚠️
TrueConf Zero-Day Exploited in Asian Government Attacks
SECURITYWEEK.COM — 03 Apr 2026
⚠️
Warning: Phishing Attacks Are Exploiting the War in Iran
KNOWBE4.COM — 03 Apr 2026
⚠️
When Vendors Skip Linux Support
YOUTUBE.COM — 2026-04-03
⚠️
Your KnowBe4 Fresh Content Updates from March 2026
KNOWBE4.COM — 03 Apr 2026
⚠️
Managing open-source vulnerabilities | Kaspersky official blog
KASPERSKY.COM — 03 Apr 2026
⚠️
Claude Code is still vulnerable to an attack Anthropic has already fixed
CSOONLINE.COM — 03 Apr 2026
⚠️
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
THEHACKERNEWS.COM — 03 Apr 2026
⚠️
Internet Bug Bounty program hits pause on payouts
CSOONLINE.COM — 03 Apr 2026
⚠️
The developer credential economy: Why exposure data is the new front line in the supply chain war
TENABLE.COM — 03 Apr 2026
⚠️
Simplifying MBA obfuscation with CoBRA
TRAILOFBITS.COM — 03 Apr 2026
📢
OpenSSH 10.3 Released With Patch for Shell Injection and Other Security Flaws
GBHACKERS.COM — 03 Apr 2026
📢
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
THEHACKERNEWS.COM — 03 Apr 2026
📢
Infrastructure Engineer Pleads Guilty to Locking 254 Windows Servers at Former Employer
GBHACKERS.COM — 03 Apr 2026
📢
A core infrastructure engineer pleads guilty to federal charges in insider attack
CSOONLINE.COM — 03 Apr 2026
🔥
Adobe Data Breach Allegedly Exposes 13 Million Support Tickets
GBHACKERS.COM — 03 Apr 2026
🔥
Qilin Ransomware Deploys Malicious DLL to Disable Most EDR Defenses
GBHACKERS.COM — 03 Apr 2026
🔥
North Korea-Linked Hackers Hit Axios npm in Supply Chain Attack
GBHACKERS.COM — 03 Apr 2026
🔥
CERT-EU: European Commission hack exposes data of 30 EU entities
BLEEPINGCOMPUTER.COM — 03 Apr 2026
🔥
Phorpiex Botnet Fuels Ransomware, Sextortion, and Crypto-Theft Attacks
GBHACKERS.COM — 03 Apr 2026
🔥
Hackers Weaponize Venom Stealer via ClickFix Lures for Massive Data Exfiltration
GBHACKERS.COM — 03 Apr 2026
🔥
T-Mobile Sets the Record Straight on Latest Data Breach Filing
SECURITYWEEK.COM — 03 Apr 2026
🔥
Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture
THEHACKERNEWS.COM — 03 Apr 2026
🔥
TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000&#x2b; SaaS Environments, (Fri, Apr 3rd)
ISC.SANS.EDU — 03 Apr 2026
🔥
Evolution of Ransomware: Multi-Extortion Ransomware Attacks
BLEEPINGCOMPUTER.COM — 03 Apr 2026
🔥
Europe’s cyber agency blames hacking gangs for massive data breach and leak
TECHCRUNCH.COM — 03 Apr 2026
🔥
Die Linke German political party confirms data stolen by Qilin ransomware
BLEEPINGCOMPUTER.COM — 03 Apr 2026
🔥
Hims & Hers warns of data breach after Zendesk support ticket breach
BLEEPINGCOMPUTER.COM — 03 Apr 2026
🔥
Outbound Email Security: Protecting Data and Reputation
KNOWBE4.COM — 03 Apr 2026
🔥
Nation-State Crypto Heists Explained
YOUTUBE.COM — 2026-04-03
🕵️
ISC Stormcast For Friday, April 3rd, 2026 https://isc.sans.edu/podcastdetail/9878, (Fri, Apr 3rd)
ISC.SANS.EDU — 03 Apr 2026
🕵️
North Korea Uses GitHub as C2 in New LNK Phishing Campaign
GBHACKERS.COM — 03 Apr 2026
🕵️
Top 10 Best SaaS Security Posture Management (SSPM) Tools 2026
GBHACKERS.COM — 03 Apr 2026
🕵️
TP-Link Router Flaws Allowed Attackers to Launch DoS Attacks and Cause Crashes
GBHACKERS.COM — 03 Apr 2026
🕵️
AI Models Including Gemini 3 and Claude Haiku 4.5 Secretly Protected Other Models From Removal
GBHACKERS.COM — 03 Apr 2026
🕵️
Malicious Chrome Extension “ChatGPT Ad Blocker” Targets Users, Steals Conversations
GBHACKERS.COM — 03 Apr 2026
🕵️
North Korean Hackers Drain $285 Million From Drift in 10 Seconds
SECURITYWEEK.COM — 03 Apr 2026
🕵️
Kimsuky Uses Malicious LNK Files to Drop Python Backdoor
GBHACKERS.COM — 03 Apr 2026
🕵️
Company that Secretly Records and Publishes Zoom Meetings
SCHNEIER.COM — 2026-04-03
🕵️
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
THEHACKERNEWS.COM — 03 Apr 2026
🕵️
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
THEHACKERNEWS.COM — 03 Apr 2026
🕵️
Friday Squid Blogging: Jurassic Fish Chokes on Squid
SCHNEIER.COM — 2026-04-03
🕵️
DexterBot, Darksword, Eviltokens, Tubular Bells, Claude, Drift, Gmail, Josh Marpet - SWN #569
YOUTUBE.COM — 2026-04-03
🕵️
Don’t let A.I. read your .env files
PROGRAMMING.DEV — 3 Apr 2026
🌐
Electric Vehicles and EV Security - Steve Visconti CEO of Xiid Corporation with David Shipley
CYBERSECURITYTODAY.LIBSYN.COM — 03 Apr 2026
🌐
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
THEHACKERNEWS.COM — 03 Apr 2026
🌐
How the World Got Owned Episode 2: The 1990s, Part One
KEVRISKY.BIZ — 03 Apr 2026
📡
Man admits to locking thousands of Windows devices in extortion plot
BLEEPINGCOMPUTER.COM — 03 Apr 2026
📡
Microsoft still working to fix Exchange Online mailbox access issues
BLEEPINGCOMPUTER.COM — 03 Apr 2026
📡
LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
BLEEPINGCOMPUTER.COM — 03 Apr 2026
📡
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
BLEEPINGCOMPUTER.COM — 03 Apr 2026
📡
Day in the Life: Product Manager at Recorded Future
RECORDEDFUTURE.COM — 03 Apr 2026
📡
How AWS KMS and AWS Encryption SDK overcome symmetric encryption bounds
AWS.AMAZON.COM — 03 Apr 2026
📡
That dream job offer from Coca-Cola or Ferrari? It’s a trap for your passwords
MALWAREBYTES.COM — 03 Apr 2026
📡
Blocking children from social media is a badly executed good idea
MALWAREBYTES.COM — 03 Apr 2026
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its  Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.  CVE-2026-3502  TrueConf Client Download of Code Without Integrity Check Vulnerability  This type of…
KEVCISA.GOV — Thu, 02 Apr 26 1
🐛
Symantec DLP Agent Flaw Exposed Systems to Privilege Escalation Attacks
GBHACKERS.COM — 02 Apr 2026
🐛
Cisco Warns of Critical IMC Vulnerability Enabling Authentication Bypass
GBHACKERS.COM — 02 Apr 2026
🐛
Critical PX4 Autopilot Vulnerability Let Attackers Gain Control of Drones
GBHACKERS.COM — 02 Apr 2026
🐛
Cisco Smart Software Manager Flaw Allowed Arbitrary Command Execution
GBHACKERS.COM — 02 Apr 2026
🐛
CVE-2026-5107 FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CVE-2026-4046 iconv crash due to assertion failure with untrusted input
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CVE-2026-5119 Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CVE-2026-4897 Polkit: polkit: denial of service via unbounded input processing through standard input
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CVE-2026-29785 NATS Server panic via malicious compression on leafnode port
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CVE-2026-4739 Integer overflow vulnerabilities in InsightSoftwareConsortium/ITK
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CVE-2026-33554
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CVE-2026-5201 Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CVE-2026-5121 Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CVE-2026-2100 P11-kit: p11-kit: null dereference via c_derivekey with specific null parameters
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CVE-2026-4732 Out-of-bounds Read Overflow in tildearrow/furnace
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CVE-2026-2436 Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CVE-2026-33216 NATS has MQTT plaintext password disclosure
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CVE-2026-32287 Infinite loop in github.com/antchfx/xpath
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CISA Issues Alert on Chrome Zero-Day Under Active Exploitation
KEVGBHACKERS.COM — 02 Apr 2026
🐛
Cybersecurity in the age of instant software
CSOONLINE.COM — 02 Apr 2026
🐛
Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)
ISC.SANS.EDU — 02 Apr 2026
🐛
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
THEHACKERNEWS.COM — 02 Apr 2026
🐛
Cisco fixes critical IMC auth bypass present in many products
CSOONLINE.COM — 02 Apr 2026
🐛
CVE-2026-32213 Azure AI Foundry Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
Chromium: CVE-2026-5289 Use after free in Navigation
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
Chromium: CVE-2026-5286 Use after free in Dawn
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
Chromium: CVE-2026-5287 Use after free in PDF
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
Chromium: CVE-2026-5285 Use after free in WebGL
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
Chromium: CVE-2026-5284 Use after free in Dawn
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
Chromium: CVE-2026-5283 Inappropriate implementation in ANGLE
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
Chromium: CVE-2026-5281 Use after free in Dawn
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
Chromium: CVE-2026-5280 Use after free in WebCodecs
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
Chromium: CVE-2026-5279 Object corruption in V8
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
Chromium: CVE-2026-5292 Out of bounds read in WebCodecs
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
Chromium: CVE-2026-5290 Use after free in Compositing
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
Chromium: CVE-2026-5277 Integer overflow in ANGLE
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
Chromium: CVE-2026-5276 Insufficient policy enforcement in WebUSB
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
Chromium: CVE-2026-5275 Heap buffer overflow in ANGLE
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
Chromium: CVE-2026-5274 Integer overflow in Codecs
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
Chromium: CVE-2026-5273 Use after free in CSS
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
Chromium: CVE-2026-5272 Heap buffer overflow in GPU
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CVE-2026-32186 Microsoft Bing Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CVE-2026-33107 Azure Databricks Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CVE-2026-33105 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CVE-2026-32173 Azure SRE Agent Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
CVE-2026-32211 Azure MCP Server Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
Chromium: CVE-2026-5291 Inappropriate implementation in WebGL
MSRC.MICROSOFT.COM — 02 Apr 2026
🐛
vSphere and BRICKSTORM Malware: A Defender's Guide
CLOUD.GOOGLE.COM — 02 Apr 2026
🐛
ZDI-26-253: Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 02 Apr 2026
🐛
ZDI-26-252: Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 02 Apr 2026
🐛
ZDI-26-251: Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 02 Apr 2026
🐛
VU#951662: MuPDF by Artifex contains integer overflow vulnerability.
KB.CERT.ORG — 2026-04-02
⚠️
AfterPack: Claude Code's Source Didn't Leak. It Was Already Public for Years.
PROGRAMMING.DEV — 2 Apr 2026
⚠️
Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit
THEHACKERNEWS.COM — 02 Apr 2026
⚠️
Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks
BLEEPINGCOMPUTER.COM — 02 Apr 2026
⚠️
Apple Releases iOS 18.7.7 Update to Defend Against DarkSword Exploit
GBHACKERS.COM — 02 Apr 2026
⚠️
NoVoice on Google Play Exploits 22 Flaws to Hit Millions of Android Users
GBHACKERS.COM — 02 Apr 2026
⚠️
Possible US Government iPhone Hacking Tool Leaked
SCHNEIER.COM — 2026-04-02
⚠️
Hackers exploit TrueConf zero-day to push malicious software updates
SH.ITJUST.WORKS — 2 Apr 2026
⚠️
The State of Trusted Open Source Report
THEHACKERNEWS.COM — 02 Apr 2026
⚠️
Cisco Patches Critical and High-Severity Vulnerabilities
SECURITYWEEK.COM — 02 Apr 2026
⚠️
EvilTokens abuses Microsoft device code flow for account takeovers
CSOONLINE.COM — 02 Apr 2026
⚠️
Akira-Style Ransomware Campaign Hits Windows Users Across South America
GBHACKERS.COM — 02 Apr 2026
⚠️
Matrix Protocol Surveillance and Forensic Analysis Suite
SH.ITJUST.WORKS — 2 Apr 2026
⚠️
New Progress ShareFile flaws can be chained in pre-auth RCE attacks
BLEEPINGCOMPUTER.COM — 02 Apr 2026
⚠️
Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
BLEEPINGCOMPUTER.COM — 02 Apr 2026
⚠️
ICE says it bought Paragon’s spyware to use in drug trafficking cases
TECHCRUNCH.COM — 02 Apr 2026
⚠️
Apple Rolls Out DarkSword Exploit Protection to More Devices
SECURITYWEEK.COM — 02 Apr 2026
⚠️
US Bans All Foreign-Made Consumer Routers
SCHNEIER.COM — 2026-04-02
⚠️
Critical Vulnerability in Claude Code Emerges Days After Source Leak
SECURITYWEEK.COM — 02 Apr 2026
⚠️
Google Workspace’s continuous approach to mitigating indirect prompt injections
SECURITY.GOOGLEBLOG.COM — 2026-04-02
⚠️
Claude Code leak used to push infostealer malware on GitHub
BLEEPINGCOMPUTER.COM — 02 Apr 2026
⚠️
Risks, emerging when developing or using open-source software
KASPERSKY.COM — 02 Apr 2026
⚠️
What Is A Router? (And all things AI) - PSW #920
YOUTUBE.COM — 2026-04-02
⚠️
AI Configures Vulnerabilities for You
YOUTUBE.COM — 2026-04-02
⚠️
Multiple Vulnerabilities in Progress ShareFile Could Allow for Remote Code Execution
CISECURITY.ORG — 02 Apr 2026
⚠️
Multiple Vulnerabilities in Cisco Products Could Allow for Arbitrary Code Execution
CISECURITY.ORG — 02 Apr 2026
⚠️
SightHouse: Automated function identification
QUARKSLAB.COM — 2026-04-02
⚠️
Apple expands “DarkSword” patches to iOS 18.7.7
MALWAREBYTES.COM — 02 Apr 2026
📢
FBI Warns Chinese Mobile Apps Could Expose User Data to Cyberattacks
GBHACKERS.COM — 02 Apr 2026
📢
Variance Raises $21.5M for Compliance Investigation Platform Powered by AI Agents
SECURITYWEEK.COM — 02 Apr 2026
📢
Progress security advisory (AV26-310)
CYBER.GC.CA — 2026-04-02
📢
Cesanta security advisory (AV26-311)
CYBER.GC.CA — 2026-04-02
📢
Drift loses $280 million as hackers seize Security Council powers
BLEEPINGCOMPUTER.COM — 02 Apr 2026
📢
OpenSSH security advisory (AV26-312)
CYBER.GC.CA — 2026-04-02
📢
Drift loses $280 million North Korean hackers seize Security Council powers
BLEEPINGCOMPUTER.COM — 02 Apr 2026
📢
Four security principles for agentic AI systems
AWS.AMAZON.COM — 02 Apr 2026
🔥
Axios npm Supply Chain Breach: Microsoft Shares Mitigation Steps
GBHACKERS.COM — 02 Apr 2026
🔥
Mercor Hit by LiteLLM Supply Chain Attack
SECURITYWEEK.COM — 02 Apr 2026
🔥
UK manufacturers under cyber fire with 80% reporting attacks • The Register
SH.ITJUST.WORKS — 2 Apr 2026
🔥
250,000 Affected by Data Breach at Nacogdoches Memorial Hospital
SECURITYWEEK.COM — 02 Apr 2026
🔥
Iranian Hacker Group Handal Claims Breach of Israeli Defense Firm
GBHACKERS.COM — 02 Apr 2026
🔥
Mercor confirms security incident tied to LiteLLM supply chain attack | The Record from Recorded Future News
SH.ITJUST.WORKS — 2 Apr 2026
🔥
Medtech giant Stryker fully operational after data-wiping attack
BLEEPINGCOMPUTER.COM — 02 Apr 2026
🔥
Crypto platform Drift suspends services after millions stolen in security incident | The Record from Recorded Future News
SH.ITJUST.WORKS — 2 Apr 2026
🔥
Threat actor abuse of AI accelerates from tool to cyberattack surface
MICROSOFT.COM — 02 Apr 2026
🔥
Telehealth giant Hims & Hers says its customer support system was hacked
TECHCRUNCH.COM — 02 Apr 2026
🕵️
ISC Stormcast For Thursday, April 2nd, 2026 https://isc.sans.edu/podcastdetail/9876, (Thu, Apr 2nd)
ISC.SANS.EDU — 02 Apr 2026
🕵️
News Alert: TAC Security surpasses 10,000 customers, scaling global VM and AppSec platform
LASTWATCHDOG.COM — 02 Apr 2026
🕵️
Linx Security Raises $50 Million for Identity Security and Governance
SECURITYWEEK.COM — 02 Apr 2026
🕵️
Remcos RAT Attack Uses Obfuscated Scripts, Trusted Windows Tools
GBHACKERS.COM — 02 Apr 2026
🕵️
WhatsApp Attack Chain Delivers VBS, Cloud Payloads, MSI Backdoor
GBHACKERS.COM — 02 Apr 2026
🕵️
TA416 Broadens Europe Spy Campaign With Web Bugs and Malware
GBHACKERS.COM — 02 Apr 2026
🕵️
New ZAP PTK Add-On Converts Browser Security Findings Into Native ZAP Alerts
GBHACKERS.COM — 02 Apr 2026
🕵️
Sophisticated CrystalX RAT Emerges
SECURITYWEEK.COM — 02 Apr 2026
🕵️
WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
THEHACKERNEWS.COM — 02 Apr 2026
🕵️
RFQ Malware Campaign Uses DOCX, RTF, JS, and Python
GBHACKERS.COM — 02 Apr 2026
🕵️
Fake CERT-UA Site Spreads Go-Based RAT in Phishing Campaign
GBHACKERS.COM — 02 Apr 2026
🕵️
New CrystalRAT malware adds RAT, stealer and prankware features
SH.ITJUST.WORKS — 2 Apr 2026
🕵️
Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
THEHACKERNEWS.COM — 02 Apr 2026
🕵️
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
SH.ITJUST.WORKS — 2 Apr 2026
🕵️
WhatsApp malware campaign uses malicious VBS files to gain persistent access | CSO Online
SH.ITJUST.WORKS — 2 Apr 2026
🕵️
Infrsatructure Attacks With Physical Consequences Down 25%
SH.ITJUST.WORKS — 2 Apr 2026
🕵️
Chinese Hackers Target European Governments in Espionage Campaigns - Infosecurity Magazine
SH.ITJUST.WORKS — 2 Apr 2026
🕵️
The Risk of Negative Self-Talk
YOUTUBE.COM — 2026-04-02
🕵️
Cybersecurity M&A Roundup: 38 Deals Announced in March 2026
SECURITYWEEK.COM — 02 Apr 2026
🕵️
Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments
MICROSOFT.COM — 02 Apr 2026
🕵️
How to Prevent Phishing Emails by Reducing Human Risk
KNOWBE4.COM — 02 Apr 2026
🕵️
From Reactive to Proactive: 5 Steps to SOC Maturity with Threat Intelligence
ANY.RUN — 02 Apr 2026
🌐
ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
THEHACKERNEWS.COM — 02 Apr 2026
🌐
How we caught the Axios supply chain attack
ELASTIC.CO — 02 Apr 2026
🌐
Hooked on Linux: Rootkit Detection Engineering
ELASTIC.CO — 02 Apr 2026
🌐
Malwarebytes Privacy VPN receives full third-party audit
MALWAREBYTES.COM — 02 Apr 2026
📡
Microsoft links Classic Outlook issue to email delivery problems
BLEEPINGCOMPUTER.COM — 02 Apr 2026
📡
Critical Cisco IMC auth bypass gives attackers Admin access
BLEEPINGCOMPUTER.COM — 02 Apr 2026
📡
Suggested organizational security and privacy control and activity profile — Medium impact (ITSP.10.033-01)
CYBER.GC.CA — 2026-04-02
📡
Bulletin de sécurité WatchGuard (AV26-309)
CYBER.GC.CA — 2026-04-02
📡
Residential proxies evaded IP reputation checks in 78% of 4B sessions
BLEEPINGCOMPUTER.COM — 02 Apr 2026
📡
Money transfer app Duc exposed thousands of driver’s licenses and passports to the open web
TECHCRUNCH.COM — 02 Apr 2026
📡
Latin America and the Caribbean Cybercrime Landscape
RECORDEDFUTURE.COM — 02 Apr 2026
📡
Prioritizing Alerts Triage with Higher-Order Detection Rules
ELASTIC.CO — 02 Apr 2026
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-5281 Google Dawn Use-After-Free Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses…
KEVCISA.GOV — Wed, 01 Apr 26 1
🐛
Cisco Breached: Source Code Stolen - Cybersecurity Today
CYBERSECURITYTODAY.LIBSYN.COM — 01 Apr 2026
🐛
Hackers Actively Exploit Critical WebLogic RCE Vulnerabilities in Ongoing Attacks
GBHACKERS.COM — 01 Apr 2026
🐛
TrueConf Vulnerability Under Active Exploitation in Southeast Asia Government Attacks
GBHACKERS.COM — 01 Apr 2026
🐛
CVE-2025-66037 OpenSC: Out of Bounds vulnerability
MSRC.MICROSOFT.COM — 01 Apr 2026
🐛
CVE-2026-34714
MSRC.MICROSOFT.COM — 01 Apr 2026
🐛
CVE-2026-21717
MSRC.MICROSOFT.COM — 01 Apr 2026
🐛
CVE-2026-21715
MSRC.MICROSOFT.COM — 01 Apr 2026
🐛
CVE-2026-21714
MSRC.MICROSOFT.COM — 01 Apr 2026
🐛
CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
MSRC.MICROSOFT.COM — 01 Apr 2026
🐛
CVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthur
MSRC.MICROSOFT.COM — 01 Apr 2026
🐛
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
MSRC.MICROSOFT.COM — 01 Apr 2026
🐛
CVE-2026-4176 Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib
MSRC.MICROSOFT.COM — 01 Apr 2026
🐛
CVE-2026-21710
MSRC.MICROSOFT.COM — 01 Apr 2026
🐛
CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
MSRC.MICROSOFT.COM — 01 Apr 2026
🐛
CVE-2026-21716
MSRC.MICROSOFT.COM — 01 Apr 2026
🐛
CVE-2026-21713
MSRC.MICROSOFT.COM — 01 Apr 2026
🐛
CVE-2026-21711
MSRC.MICROSOFT.COM — 01 Apr 2026
🐛
CVE-2023-52676 bpf: Guard stack limits against 32bit overflow
MSRC.MICROSOFT.COM — 01 Apr 2026
🐛
CVE-2024-35839 netfilter: bridge: replace physindev with physinif in nf_bridge_info
MSRC.MICROSOFT.COM — 01 Apr 2026
🐛
PoC Exploit Code Published for nginx-ui Backup Restore Security Flaw
GBHACKERS.COM — 01 Apr 2026
🐛
CVE-2024-41013 xfs: don't walk off the end of a directory data block
MSRC.MICROSOFT.COM — 01 Apr 2026
🐛
Vim Modeline Vulnerability Opens Door to Arbitrary OS Command Execution
GBHACKERS.COM — 01 Apr 2026
🐛
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
KEVTHEHACKERNEWS.COM — 01 Apr 2026
🐛
Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome
SECURITYWEEK.COM — 01 Apr 2026
🐛
Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both
CSOONLINE.COM — 01 Apr 2026
⚠️
Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project
TECHCRUNCH.COM — 01 Apr 2026
⚠️
Anthropic employee error exposes Claude Code source
CSOONLINE.COM — 01 Apr 2026
⚠️
Google Cloud’s Vertex AI Hit by Vulnerability Enabling Sensitive Data Access
GBHACKERS.COM — 01 Apr 2026
⚠️
Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
THEHACKERNEWS.COM — 01 Apr 2026
⚠️
Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents
SECURITYWEEK.COM — 01 Apr 2026
⚠️
9 ways CISOs can combat AI hallucinations
CSOONLINE.COM — 01 Apr 2026
⚠️
Security awareness is not a control: Rethinking human risk in enterprise security
CSOONLINE.COM — 01 Apr 2026
⚠️
A Taxonomy of Cognitive Security
SCHNEIER.COM — 2026-04-01
⚠️
Google fixes fourth Chrome zero-day exploited in attacks in 2026
BLEEPINGCOMPUTER.COM — 01 Apr 2026
⚠️
Hackers Exploit Hotel Booking Systems to Send Fake Payment Requests to Guests
GBHACKERS.COM — 01 Apr 2026
⚠️
Unrelenting Threats Against Government and Education: Why Human Risk Is the Front Line
KNOWBE4.COM — 01 Apr 2026
⚠️
WhatsApp malware campaign uses malicious VBS files to gain persistent access
CSOONLINE.COM — 01 Apr 2026
⚠️
Cisco Faces Alleged Data Leak as ShinyHunters Claims Responsibility
GBHACKERS.COM — 01 Apr 2026
⚠️
Microsoft Teams to Improve Privacy With EXIF Data Removal Feature
GBHACKERS.COM — 01 Apr 2026
⚠️
Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts
SH.ITJUST.WORKS — 1 Apr 2026
⚠️
TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets - Infosecurity Magazine
SH.ITJUST.WORKS — 1 Apr 2026
⚠️
Google Warns of New Chrome Zero-Day Under Active Exploitation – Users Urged to Update Immediately
KEVGBHACKERS.COM — 01 Apr 2026
⚠️
US Charges Uranium Crypto Exchange Hacker
SECURITYWEEK.COM — 01 Apr 2026
⚠️
Routine Access Is Powering Modern Intrusions, a New Threat Report Finds
BLEEPINGCOMPUTER.COM — 01 Apr 2026
⚠️
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
THEHACKERNEWS.COM — 01 Apr 2026
⚠️
Fireside Chat: AI agents are reshaping mobile attacks — and exposing weak API trust models
LASTWATCHDOG.COM — 01 Apr 2026
⚠️
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
CISECURITY.ORG — 01 Apr 2026
⚠️
Chronic Resource Constraints: Doing More With Less in Public Sector Cybersecurity
KNOWBE4.COM — 01 Apr 2026
⚠️
Hackers exploit TrueConf zero-day to push malicious software updates
BLEEPINGCOMPUTER.COM — 01 Apr 2026
⚠️
RSA 2026: Agentic Future, Analog Fundamentals — The Paradox of Why the Old Guard Still Survives
MEDIUM.COM — 01 Apr 2026
⚠️
Apple expands iOS 18 updates to more iPhones to block DarkSword attacks
KEVBLEEPINGCOMPUTER.COM — 01 Apr 2026
⚠️
TrendAI Insight: New U.S. National Cyber Strategy
TRENDMICRO.COM — 01 Apr 2026
⚠️
6 critical mistakes that undermine cyber resilience (and how to fix them)
CSOONLINE.COM — 01 Apr 2026
⚠️
6 metrics IT leaders can’t afford to ignore for business resilience
CSOONLINE.COM — 01 Apr 2026
⚠️
5 critical steps to achieve business resilience in cybersecurity
CSOONLINE.COM — 01 Apr 2026
⚠️
7 ways to improve your business resilience with backup and recovery
CSOONLINE.COM — 01 Apr 2026
⚠️
5 Steps to break free from alert fatigue and build resilient security operations
CSOONLINE.COM — 01 Apr 2026
⚠️
5 essential steps to bulletproof your endpoint security (and avoid the biggest mistakes)
CSOONLINE.COM — 01 Apr 2026
⚠️
Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069
TENABLE.COM — 01 Apr 2026
⚠️
Securing the open source supply chain across GitHub
GITHUB.BLOG — 01 Apr 2026
⚠️
Mutation testing for the agentic era
TRAILOFBITS.COM — 01 Apr 2026
⚠️
Risky Business #831 -- The AI bugpocalypse begins
KEVRISKY.BIZ — 01 Apr 2026
📋
Apple releases security fix for older iPhones and iPads to protect against DarkSword attacks
TECHCRUNCH.COM — 01 Apr 2026
📢
Closing the Gap by Enhancing Visibility and Mitigating Risks
PALOALTONETWORKS.COM — 01 Apr 2026
📢
Executive Paralysis and Two Pre-Recorded RSAC 2026 Interviews from DigiCert and Okta - BSW #441
YOUTUBE.COM — 2026-04-01
📢
Google Chrome security advisory (AV26-306)
CYBER.GC.CA — 2026-04-01
📢
Cisco security advisory (AV26-307)
CYBER.GC.CA — 2026-04-01
📢
Drupal security advisory (AV26-308)
CYBER.GC.CA — 2026-04-01
🔥
Google Drive ransomware detection now on by default for paying users
BLEEPINGCOMPUTER.COM — 01 Apr 2026
🔥
North Korean Hackers Breach Axios Package, Target Windows, macOS, and Linux Systems
GBHACKERS.COM — 01 Apr 2026
🔥
SUCCESS - 253,510 breached accounts
HAVEIBEENPWNED.COM — 01 Apr 2026
🔥
Axios NPM Package Breached in North Korean Supply Chain Attack
SECURITYWEEK.COM — 01 Apr 2026
🔥
Webinar Today: Agentic AI vs. Identity’s Last Mile Problem
SECURITYWEEK.COM — 01 Apr 2026
🔥
TeamPCP Supply Chain Campaign: Update 005 - First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows, (Wed, Apr 1st)
ISC.SANS.EDU — 01 Apr 2026
🔥
When Crisis Plans Fail to Act
YOUTUBE.COM — 2026-04-01
🔥
Hasbro says it was hacked, and may take ‘several weeks’ to recover
TECHCRUNCH.COM — 01 Apr 2026
🔥
Toy Giant Hasbro Hit by Cyberattack
SECURITYWEEK.COM — 01 Apr 2026
🔥
Is “Hackback” Official US Cybersecurity Strategy?
SCHNEIER.COM — 2026-04-01
🔥
Leadership or Career Risk
YOUTUBE.COM — 2026-04-01
🔥
Smashing Security podcast #461: This man hid $400 million in a fishing rod. Then it vanished
GRAHAMCLULEY.COM — 01 Apr 2026
🔥
Major Cyber Attacks in March 2026: OAuth Phishing, SVG Smuggling, Magecart, and More
ANY.RUN — 01 Apr 2026
🕵️
ISC Stormcast For Wednesday, April 1st, 2026 https://isc.sans.edu/podcastdetail/9874, (Wed, Apr 1st)
ISC.SANS.EDU — 01 Apr 2026
🕵️
XLoader malware Sharpens Obfuscation, Masks C2 Traffic via Decoy Servers
GBHACKERS.COM — 01 Apr 2026
🕵️
NPM Supply Chain Attack Uses undicy-http to Deploy RAT
GBHACKERS.COM — 01 Apr 2026
🕵️
PyPI Telnyx Python SDK Backdoored to Steal Credentials on Windows, macOS, and Linux
GBHACKERS.COM — 01 Apr 2026
🕵️
Windows 11 Update Fixes Critical Installation Loop Problem
GBHACKERS.COM — 01 Apr 2026
🕵️
CrewAI Hit by Critical Vulnerabilities Enabling Sandbox Escape and Host Compromise
GBHACKERS.COM — 01 Apr 2026
🕵️
Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
THEHACKERNEWS.COM — 01 Apr 2026
🕵️
Cybersecurity Firm TAC Security Hits 10,000 Clients, Enters Top 5 in Global VM & AppSec
GBHACKERS.COM — 01 Apr 2026
🕵️
CrystalX Malware-as-a-Service Spreads via Telegram With Stealer, RAT Tools
GBHACKERS.COM — 01 Apr 2026
🕵️
Hacker zielen auf Exilportal Iranwire
CSOONLINE.COM — 01 Apr 2026
🕵️
3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
THEHACKERNEWS.COM — 01 Apr 2026
🕵️
GIGABYTE Control Center vulnerable to arbitrary file write flaw
SH.ITJUST.WORKS — 1 Apr 2026
🕵️
CrewAI Vulnerabilities Expose Devices to Hacking - SecurityWeek
SH.ITJUST.WORKS — 1 Apr 2026
🕵️
Ethereum-Based EtherRAT, EtherHiding Power Stealthy Malware Campaigns
GBHACKERS.COM — 01 Apr 2026
🕵️
WA local gov entity lost $350,000 in phishing attack - iTnews
SH.ITJUST.WORKS — 1 Apr 2026
🕵️
Axios npm supply chain attack: Malicious updates add remote access trojan | news | SC Media
SH.ITJUST.WORKS — 1 Apr 2026
🕵️
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
THEHACKERNEWS.COM — 01 Apr 2026
🕵️
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
THEHACKERNEWS.COM — 01 Apr 2026
🕵️
FBI Warns of Data Security Risks From China-Made Mobile Apps
SECURITYWEEK.COM — 01 Apr 2026
🕵️
New DeepLoad Malware Dropped in ClickFix Attacks
SECURITYWEEK.COM — 01 Apr 2026
🕵️
Depthfirst Raises $80 Million in Series B Funding
SECURITYWEEK.COM — 01 Apr 2026
🕵️
Mitigating the Axios npm supply chain compromise
MICROSOFT.COM — 01 Apr 2026
🌐
Alleged RedLine malware developer extradited to United States
BITDEFENDER.COM — 01 Apr 2026
🌐
Malicious Script That Gets Rid of ADS, (Wed, Apr 1st)
ISC.SANS.EDU — 01 Apr 2026
🌐
CrystalX RAT: a Trojan for pranks, remote access, and cryptocurrency theft | Kaspersky official blog
KASPERSKY.COM — 01 Apr 2026
🌐
WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware
TECHCRUNCH.COM — 01 Apr 2026
🌐
'NoVoice' Android malware on Google Play infected 2.3 million devices
BLEEPINGCOMPUTER.COM — 01 Apr 2026
🌐
New CrystalRAT malware adds RAT, stealer and prankware features
BLEEPINGCOMPUTER.COM — 01 Apr 2026
🌐
The Shift: An Era of Quantum Geopolitics
RECORDEDFUTURE.COM — 01 Apr 2026
🌐
Inside the Axios supply chain compromise - one RAT to rule them all
ELASTIC.CO — 01 Apr 2026
🌐
Elastic releases detections for the Axios supply chain compromise
ELASTIC.CO — 01 Apr 2026
🌐
A laughing RAT: CrystalX combines spyware, stealer, and prankware features
SECURELIST.COM — 01 Apr 2026
📡
Weekly Threat Bulletin – April 1st, 2026
F5.COM — 01 Apr 2026
📡
New Windows 11 emergency update fixes preview update install issues
BLEEPINGCOMPUTER.COM — 01 Apr 2026
📡
Im Fokus: IT-Leadership
DE.RESOURCES.CSOONLINE.COM — 01 Apr 2026
📡
FBI warns against using Chinese mobile apps due to privacy risks
BLEEPINGCOMPUTER.COM — 01 Apr 2026
📡
Block the Prompt, Not the Work: The End of "Doctor No"
THEHACKERNEWS.COM — 01 Apr 2026
📡
New EvilTokens service fuels Microsoft device code phishing attacks
BLEEPINGCOMPUTER.COM — 01 Apr 2026
📡
De-fi platform Drift suspends deposits and withdrawals after millions in crypto stolen in hack
TECHCRUNCH.COM — 01 Apr 2026
📡
Digital assets after death: Managing risks to your loved one’s digital estate
WELIVESECURITY.COM — 01 Apr 2026
📡
STARDUST CHOLLIMA Likely Compromises Axios npm Package
CROWDSTRIKE.COM — Apr 01, 2026 00:
📡
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management
CROWDSTRIKE.COM — Apr 01, 2026 00:
📡
Industrialization of the Fraud Ecosystem Blog
RECORDEDFUTURE.COM — 01 Apr 2026
📡
AI Security Risks: Proofpoint CSO Ryan Kalember, Live at RSAC 2026
PROOFPOINT.COM — 01 Apr 2026
🚨
5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wildA vulnerability misclassified five months ago as a denial-of-service issue in F5 BIG-IP Access Policy Manager (APM) turned out to be a critical pre-authentication remote code execution flaw that is now under active exploitation. Hackers are using it to deploy a persistent malware…
KEVCSOONLINE.COM — 31 Mar 2026
🐛
AL26-006 - Vulnerability impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2026-3055
CYBER.GC.CA — 2026-03-31
🐛
TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
KEVTHEHACKERNEWS.COM — 31 Mar 2026
🐛
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2025-67030
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-21712
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-34353
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-33938 Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-33916 Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
CVE-2026-33940 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
Chromium: CVE-2026-4676 Use after free in Dawn
MSRC.MICROSOFT.COM — 31 Mar 2026
🐛
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse
CROWDSTRIKE.COM — Mar 31, 2026 00:
🐛
ZDI-26-250: Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 31 Mar 2026
⚠️
CISA orders feds to patch actively exploited Citrix flaw by Thursday
KEVBLEEPINGCOMPUTER.COM — 31 Mar 2026
⚠️
CrewAI Vulnerabilities Expose Devices to Hacking
SECURITYWEEK.COM — 31 Mar 2026
⚠️
Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption
SECURITYWEEK.COM — 31 Mar 2026
⚠️
Exploitation of Critical Fortinet FortiClient EMS Flaw Begins
SECURITYWEEK.COM — 31 Mar 2026
⚠️
StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs
SECURITYWEEK.COM — 31 Mar 2026
⚠️
Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts
THEHACKERNEWS.COM — 31 Mar 2026
⚠️
The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority
THEHACKERNEWS.COM — 31 Mar 2026
⚠️
Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains
THEHACKERNEWS.COM — 31 Mar 2026
⚠️
The New Playground for Cybercriminals: Securing the Microsoft Teams Frontier
KNOWBE4.COM — 31 Mar 2026
⚠️
PNG Vulnerabilities Allow Attackers to Trigger Crashes and Leak Sensitive Data
GBHACKERS.COM — 31 Mar 2026
⚠️
Apple Adds ClickFix Attack Warnings in New macOS Tahoe Security Feature
GBHACKERS.COM — 31 Mar 2026
⚠️
Tax Filing Scams Used to Deliver Malware in New Cybercrime Campaigns
GBHACKERS.COM — 31 Mar 2026
⚠️
CareCloud Data Breach Exposes Patient Data After Hackers Access IT Systems
GBHACKERS.COM — 31 Mar 2026
⚠️
Hacker hijacks Axios open-source project, used by millions, to push malware
TECHCRUNCH.COM — 31 Mar 2026
⚠️
Iranian hackers breach FBI director’s personal email, and post his CV and photos online
BITDEFENDER.COM — 31 Mar 2026
⚠️
VRP 2025 Year in Review
SECURITY.GOOGLEBLOG.COM — 2026-03-31
⚠️
OpenAI patches twin leaks as Codex slips and ChatGPT spills
CSOONLINE.COM — 31 Mar 2026
⚠️
8 ways to bolster your security posture on the cheap
CSOONLINE.COM — 31 Mar 2026
⚠️
The external pressures redefining cybersecurity risk
CSOONLINE.COM — 31 Mar 2026
⚠️
6 key takeaways from RSA Conference 2026
KEVCSOONLINE.COM — 31 Mar 2026
⚠️
Developing the Skills Needed for Modern Software Development - Keith Hoodlet, Ron Rasi... - ASW #376
YOUTUBE.COM — 2026-03-31
⚠️
Vulnerability Research Is Cooked — Quarrelsome
INFOSEC.PUB — 31 Mar 2026
⚠️
Cybercriminals Exploit Tax Season With New Phishing Tactics - Infosecurity Magazine
SH.ITJUST.WORKS — 31 Mar 2026
⚠️
Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now
SH.ITJUST.WORKS — 31 Mar 2026
⚠️
Cisco source code stolen in Trivy-linked dev environment breach
BLEEPINGCOMPUTER.COM — 31 Mar 2026
⚠️
Android Developer Verification Rollout Begins Ahead of September Enforcement
THEHACKERNEWS.COM — 31 Mar 2026
⚠️
Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack
CSOONLINE.COM — 31 Mar 2026
⚠️
Beyond the Hype: Cyber Readiness, Zero Trust, and an Unscripted Conversation - SWN #568
YOUTUBE.COM — 2026-03-31
⚠️
Claude AI finds Vim, Emacs RCE bugs that trigger on file open
BLEEPINGCOMPUTER.COM — 31 Mar 2026
⚠️
Cisco source code stolen in Trivy-linked dev environment breach
SH.ITJUST.WORKS — 31 Mar 2026
⚠️
Claude Code source code accidentally leaked in NPM package
BLEEPINGCOMPUTER.COM — 31 Mar 2026
⚠️
Multiple Vulnerabilities in Apple Products Could Allow for Privilege Escalation
CISECURITY.ORG — 31 Mar 2026
⚠️
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
CLOUD.GOOGLE.COM — 31 Mar 2026
⚠️
Supply chain attack on Axios npm package: Scope, impact, and remediations
TENABLE.COM — 31 Mar 2026
⚠️
What’s new in Tenable Cloud Security: Custom policies, AWS ABAC, and research-driven protection
TENABLE.COM — 31 Mar 2026
⚠️
How we made Trail of Bits AI-native (so far)
TRAILOFBITS.COM — 31 Mar 2026
📋
Lloyds Data Security Incident Impacts 450,000 Individuals
SECURITYWEEK.COM — 31 Mar 2026
📢
Nokia security advisory (AV26-302)
CYBER.GC.CA — 2026-03-31
📢
Docker security advisory (AV26–301)
CYBER.GC.CA — 2026-03-31
📢
Roundcube security advisory (AV26-300)
CYBER.GC.CA — 2026-03-31
📢
Hitachi security advisory (AV26-299)
CYBER.GC.CA — 2026-03-31
📢
Red Hat security advisory (AV26-298)
CYBER.GC.CA — 2026-03-31
📢
[Control systems] CISA ICS security advisories (AV26-297)
CYBER.GC.CA — 2026-03-31
📢
Ubuntu security advisory (AV26-296)
CYBER.GC.CA — 2026-03-31
📢
Dell security advisory (AV26-295)
CYBER.GC.CA — 2026-03-31
📢
IBM security advisory (AV26-294)
CYBER.GC.CA — 2026-03-31
📢
Fortinet security advisory (AV26-096) – Update 1
CYBER.GC.CA — 2026-03-31
📢
Dutch Finance Ministry takes treasury banking portal offline after breach
BLEEPINGCOMPUTER.COM — 31 Mar 2026
📢
Windows Tools Abused to Kill AV Ahead of Ransomware Attacks
GBHACKERS.COM — 31 Mar 2026
📢
Dutch Finance Ministry Responds to Cyberattack by Taking Systems Offline
GBHACKERS.COM — 31 Mar 2026
📢
Dutch Finance Ministry takes treasury banking portal offline after breach
SH.ITJUST.WORKS — 31 Mar 2026
📢
[Control systems] ABB security advisory (AV26-303)
CYBER.GC.CA — 2026-03-31
📢
Symantec security advisory (AV26-304)
CYBER.GC.CA — 2026-03-31
📢
HPE security advisory (AV26-305)
CYBER.GC.CA — 2026-03-31
📢
New compliance guide available: ISO/IEC 27001:2022 on AWS
AWS.AMAZON.COM — 31 Mar 2026
🔥
The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust
SECURITYWEEK.COM — 31 Mar 2026
🔥
Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks
SECURITYWEEK.COM — 31 Mar 2026
🔥
Weekly Update 497
TROYHUNT.COM — 31 Mar 2026
🔥
Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
THEHACKERNEWS.COM — 31 Mar 2026
🔥
Application Control Bypass for Data Exfiltration, (Tue, Mar 31st)
ISC.SANS.EDU — 31 Mar 2026
🔥
TeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released, (Mon, Mar 30th)
ISC.SANS.EDU — 31 Mar 2026
🔥
WhatsApp malware campaign delivers VBScript and MSI backdoors
MICROSOFT.COM — 31 Mar 2026
🔥
Axios NPM Packages Breached in Ongoing Supply Chain Attack
GBHACKERS.COM — 31 Mar 2026
🔥
Telegram-Based ResokerRAT Adds Screenshot Capture and Persistence
GBHACKERS.COM — 31 Mar 2026
🔥
Google Introduces Advanced Ransomware Defense and Recovery Features in Drive
GBHACKERS.COM — 31 Mar 2026
🔥
Cuties AI - 144,250 breached accounts
HAVEIBEENPWNED.COM — 31 Mar 2026
🔥
Fahndung nach Cyberkriminellen – 130 Firmen attackiert
CSOONLINE.COM — 31 Mar 2026
🔥
Why ransomware is now after your data — and how to protect your home storage | Kaspersky official blog
KASPERSKY.COM — 31 Mar 2026
🔥
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
PROGRAMMING.DEV — 31 Mar 2026
🔥
Behind the Curtain: AI's looming cyber nightmare
SH.ITJUST.WORKS — 31 Mar 2026
🔥
Incident response
CYBER.GC.CA — 2026-03-31
🔥
Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads
TRENDMICRO.COM — 31 Mar 2026
🕵️
Inventors of Quantum Cryptography Win Turing Award
SCHNEIER.COM — 2026-03-31
🕵️
Censys Raises $70 Million for Internet Intelligence Platform
SECURITYWEEK.COM — 31 Mar 2026
🕵️
Venom Stealer Raises Stakes With Continuous Credential Harvesting
SECURITYWEEK.COM — 31 Mar 2026
🕵️
TeamPCP Moves From OSS to AWS Environments
SECURITYWEEK.COM — 31 Mar 2026
🕵️
ISC Stormcast For Tuesday, March 31st, 2026 https://isc.sans.edu/podcastdetail/9872, (Tue, Mar 31st)
ISC.SANS.EDU — 31 Mar 2026
🕵️
The threat to critical infrastructure has changed. Has your readiness?
MICROSOFT.COM — 31 Mar 2026
🕵️
Applying security fundamentals to AI: Practical advice for CISOs
MICROSOFT.COM — 31 Mar 2026
🕵️
CyberheistNews Vol 16 #13 The 'Urgency Trap': Why Time Pressure is Your Biggest Email Red Flag
KNOWBE4.COM — 31 Mar 2026
🕵️
World Backup Day: Because “It Won’t Happen to Me” Often Means It Will
KNOWBE4.COM — 31 Mar 2026
🕵️
EvilTokens Launches New Phishing Service Targeting Microsoft Accounts
GBHACKERS.COM — 31 Mar 2026
🕵️
Five Browser and AI Security Questions Keeping CxOs up at Night
PALOALTONETWORKS.COM — 31 Mar 2026
🕵️
Can Small LLMs Solve Security Flaws?
YOUTUBE.COM — 2026-03-31
🕵️
Supply chain attack hits 300 million-download Axios npm package
INFOSEC.PUB — 31 Mar 2026
🕵️
P2P WhatsApp Clone – No Setup or Signup
SH.ITJUST.WORKS — 31 Mar 2026
🕵️
Healthcare tech firm CareCloud says hackers stole patient data
SH.ITJUST.WORKS — 31 Mar 2026
🕵️
OpenAI ChatGPT fixes DNS data smuggling flaw • The Register
SH.ITJUST.WORKS — 31 Mar 2026
🕵️
Master These Tools or Potentially Get Left Behind
YOUTUBE.COM — 2026-03-31
🕵️
Release Notes: Cross-Platform Threat Analysis with macOS, SSL Decryption, and 1,300+ New Detections
ANY.RUN — 31 Mar 2026
🌐
EtherHiding: The trojan in your toolchain
CYBER.GC.CA — 2026-03-31
🌐
Hackers compromise Axios npm package to drop cross-platform malware
BLEEPINGCOMPUTER.COM — 31 Mar 2026
🌐
Supply chain risk management
CYBER.GC.CA — 2026-03-31
🌐
Axios Future of Cybersecurity: Russians suspected of using iPhone spyware
PROOFPOINT.COM — 31 Mar 2026
📡
How to Categorize AI Agents and Prioritize Risk
BLEEPINGCOMPUTER.COM — 31 Mar 2026
📡
Microsoft fixes Outlook Classic crashes caused by Teams Meeting add-in
BLEEPINGCOMPUTER.COM — 31 Mar 2026
📡
Hacker charged with stealing $53 million from Uranium crypto exchange
BLEEPINGCOMPUTER.COM — 31 Mar 2026
📡
Health data giant CareCloud says hackers accessed patients’ medical records
TECHCRUNCH.COM — 31 Mar 2026
📡
TrendAI™ Research at RSAC 2026: Advancing Defense Across AI‑Driven and Cyber‑Physical Threats
TRENDMICRO.COM — 31 Mar 2026
📡
QBDI vs TritonDSE against a VM: who will be the fastest?
QUARKSLAB.COM — 2026-03-31
📡
Media protection
CYBER.GC.CA — 2026-03-31
📡
Maintenance
CYBER.GC.CA — 2026-03-31
📡
Identification and authentication
CYBER.GC.CA — 2026-03-31
📡
Contingency planning
CYBER.GC.CA — 2026-03-31
📡
Configuration management
CYBER.GC.CA — 2026-03-31
📡
Assessment, authorization, and monitoring
CYBER.GC.CA — 2026-03-31
📡
Audit and accountability
CYBER.GC.CA — 2026-03-31
📡
Awareness and training
CYBER.GC.CA — 2026-03-31
📡
Access control
CYBER.GC.CA — 2026-03-31
📡
The controls and assurance activities families
CYBER.GC.CA — 2026-03-31
📡
Concepts and structure
CYBER.GC.CA — 2026-03-31
📡
Foreword, Overview, Introduction
CYBER.GC.CA — 2026-03-31
📡
Security and privacy controls and assurance activities catalogue (ITSP.10.033)
CYBER.GC.CA — 2026-03-31
📡
Cyber security and privacy risk management: A lifecycle approach
CYBER.GC.CA — 2026-03-31
📡
System and information integrity
CYBER.GC.CA — 2026-03-31
📡
System and communications protection
CYBER.GC.CA — 2026-03-31
📡
System and services acquisition
CYBER.GC.CA — 2026-03-31
📡
Risk assessment
CYBER.GC.CA — 2026-03-31
📡
Personal information handling and transparency
CYBER.GC.CA — 2026-03-31
📡
Personnel security
CYBER.GC.CA — 2026-03-31
📡
Program management
CYBER.GC.CA — 2026-03-31
📡
Planning
CYBER.GC.CA — 2026-03-31
📡
Physical and environmental protection
CYBER.GC.CA — 2026-03-31
📡
The Real Risk of Vibecoding
TRENDMICRO.COM — 31 Mar 2026
📡
GIGABYTE Control Center vulnerable to arbitrary file write flaw
BLEEPINGCOMPUTER.COM — 31 Mar 2026
📡
Proton launches new "Meet" privacy-focused conferencing platform
BLEEPINGCOMPUTER.COM — 31 Mar 2026
📡
Google now allows you to change your @gmail.com address
BLEEPINGCOMPUTER.COM — 31 Mar 2026
📡
This month in security with Tony Anscombe – March 2026 edition
WELIVESECURITY.COM — 31 Mar 2026
📡
AWS Security Agent on-demand penetration testing now generally available
AWS.AMAZON.COM — 31 Mar 2026
📡
Fake Installers to Monero: A Multi-Tool Mining Operation
ELASTIC.CO — 31 Mar 2026
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-3055 Citrix NetScaler Out-of-Bounds Read Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors …
KEVCISA.GOV — Mon, 30 Mar 26 1
🐛
Critical Citrix NetScaler memory flaw actively exploited in attacks
KEVBLEEPINGCOMPUTER.COM — 30 Mar 2026
🐛
Fortinet hit by another exploited cybersecurity flaw
KEVCSOONLINE.COM — 30 Mar 2026
🐛
LangChain path traversal bug adds to input validation woes in AI pipelines
CSOONLINE.COM — 30 Mar 2026
🐛
Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521) - Help Net Security
SH.ITJUST.WORKS — 30 Mar 2026
🐛
ZDI-26-249: NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-248: NoMachine External Control of File Path Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-247: NoMachine External Control of File Path Arbitrary File Deletion Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-246: (0Day) aws-mcp-server Command Injection Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-245: (0Day) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-244: (Pwn2Own) QNAP QHora-322 miro_webserver_controllers_api_login_singIn Authentication Bypass Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-243: (Pwn2Own) QNAP TS-453E write_file_to_svr External Control of File Path Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-242: (Pwn2Own) QNAP TS-453E server_handlers.pyc rr2s.kwargs Error Message Information Disclosure Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-241: (Pwn2Own) QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-240: (Pwn2Own) QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-239: (Pwn2Own) QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-238: Linux Kernel AoE Driver Use-After-Free Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-237: (Pwn2Own) QNAP QHora-322 ip6_wanifset Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-236: Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-235: Digilent DASYLab DSA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-234: Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-233: Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-232: (Pwn2Own) Red Hat Enterprise Linux vmwgfx Driver Integer Overflow Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-231: Apple macOS Exposure of Sensitive Information to Unauthorized Sphere Information Disclosure Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-230: Apple macOS CoreMedia Framework Out-Of-Bounds Write Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-229: OpenClaw Client PKCE Verifier Information Disclosure Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-228: OpenClaw Canvas Authentication Bypass Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
ZDI-26-227: OpenClaw Canvas Path Traversal Information Disclosure Vulnerability
ZERODAYINITIATIVE.COM — 30 Mar 2026
🐛
VU#221883: CrewAI contains multiple vulnerabilities including SSRF, RCE and local file read
KB.CERT.ORG — 2026-03-30
⚠️
Russian State Hackers Go After IoS Devices
CYBERSECURITYTODAY.LIBSYN.COM — 30 Mar 2026
⚠️
A Vulnerability in F5 Products Could Allow for Remote Code Execution
CISECURITY.ORG — 30 Mar 2026
⚠️
Multiple Vulnerabilities in NetScaler ADC and NetScaler Gateway Could Allow for Memory Overread
CISECURITY.ORG — 30 Mar 2026
⚠️
Healthcare tech firm CareCloud says hackers stole patient data
BLEEPINGCOMPUTER.COM — 30 Mar 2026
⚠️
Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now
BLEEPINGCOMPUTER.COM — 30 Mar 2026
⚠️
Critical Fortinet Forticlient EMS flaw now exploited in attacks
BLEEPINGCOMPUTER.COM — 30 Mar 2026
⚠️
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
THEHACKERNEWS.COM — 30 Mar 2026
⚠️
⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More
THEHACKERNEWS.COM — 30 Mar 2026
⚠️
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
THEHACKERNEWS.COM — 30 Mar 2026
⚠️
Report: There Are Nearly 66 Billion Stolen Identity Records on Criminal Forums
KNOWBE4.COM — 30 Mar 2026
⚠️
Leak reveals Anthropic’s ‘Mythos,’ a powerful AI model aimed at cybersecurity use cases
CSOONLINE.COM — 30 Mar 2026
⚠️
APIs are the new perimeter: Here’s how CISOs are securing them
CSOONLINE.COM — 30 Mar 2026
⚠️
Why Kubernetes controllers are the perfect backdoor
CSOONLINE.COM — 30 Mar 2026
⚠️
Oops, all Interviews: Switching to Cyber, CISO Reflections, and the State of TPCRM - ESW #452
YOUTUBE.COM — 2026-03-30
⚠️
VU#655822: Kyverno is vulnerable to server-side request forgery (SSRF)
KB.CERT.ORG — 2026-03-30
⚠️
Cloudflare Client-Side Security: smarter detection, now open to everyone
CLOUDFLARE.COM — 30 Mar 2026
📢
Popular AI gateway startup LiteLLM ditches controversial startup Delve
TECHCRUNCH.COM — 30 Mar 2026
📢
Automated Audits vs. Manual: The Binary Choice
YOUTUBE.COM — 2026-03-30
🔥
New RoadK1ll WebSocket implant used to pivot on breached networks
BLEEPINGCOMPUTER.COM — 30 Mar 2026
🔥
European Commission confirms data breach after Europa.eu hack
BLEEPINGCOMPUTER.COM — 30 Mar 2026
🔥
HIBP Mega Update: Passkeys, k-Anonymity Searches, Massive Speed Enhancements and a Bulk Domain Verification API
TROYHUNT.COM — 30 Mar 2026
🔥
Dutch Police discloses security breach after phishing attack
SH.ITJUST.WORKS — 30 Mar 2026
🕵️
Apple’s Camera Indicator Lights
SCHNEIER.COM — 2026-03-30
🕵️
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
THEHACKERNEWS.COM — 30 Mar 2026
🕵️
ISC Stormcast For Monday, March 30th, 2026 https://isc.sans.edu/podcastdetail/9870, (Mon, Mar 30th)
ISC.SANS.EDU — 30 Mar 2026
🕵️
Addressing the OWASP Top 10 Risks in Agentic AI with Microsoft Copilot Studio
MICROSOFT.COM — 30 Mar 2026
🕵️
Criminals Are Selling Stolen Tax Forms for Cheap on the Dark Web
KNOWBE4.COM — 30 Mar 2026
🕵️
FIRESIDE CHAT: AI gives rise to a semantic attack surface, forcing a new class of network defense
LASTWATCHDOG.COM — 30 Mar 2026
🕵️
Security Leadership Styles: Builder, Fixer, or Scale Operator
YOUTUBE.COM — 2026-03-30
🕵️
Mentorship Monday - Discussions for career and learning!
INFOSEC.PUB — 30 Mar 2026
🕵️
Security boffins harvest bumper crop of API keys from web • The Register
SH.ITJUST.WORKS — 30 Mar 2026
🕵️
DevSecOps Tools?
SH.ITJUST.WORKS — 30 Mar 2026
🕵️
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
SH.ITJUST.WORKS — 30 Mar 2026
🕵️
TeamPCP Targets Telnyx Package in Latest Software Supply Chain Attack - Infosecurity Magazine
SH.ITJUST.WORKS — 30 Mar 2026
🕵️
China Upgrades the Backdoor It Uses to Spy on Telcos Globally
SH.ITJUST.WORKS — 30 Mar 2026
🕵️
ANY.RUN at RSAC™ 2026: Highlights & Industry Recognition
ANY.RUN — 30 Mar 2026
🌐
TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM
TRENDMICRO.COM — 30 Mar 2026
📡
Apple adds macOS Terminal warning to block ClickFix attacks
BLEEPINGCOMPUTER.COM — 30 Mar 2026
📡
How to Evaluate AI SOC Agents: 7 Questions Gartner Says You Should Be Asking
BLEEPINGCOMPUTER.COM — 30 Mar 2026
📡
Microsoft pulls KB5079391 Windows update over install issues
BLEEPINGCOMPUTER.COM — 30 Mar 2026
📡
3 SOC Process Fixes That Unlock Tier 1 Productivity
THEHACKERNEWS.COM — 30 Mar 2026
📡
Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
THEHACKERNEWS.COM — 30 Mar 2026
📡
The State of Secrets Sprawl 2026: 9 Takeaways for CISOs
THEHACKERNEWS.COM — 30 Mar 2026
📡
DShield (Cowrie) Honeypot Stats and When Sessions Disconnect, (Mon, Mar 30th)
ISC.SANS.EDU — 30 Mar 2026
📡
Apple will hide your email address from apps and websites, but not cops
TECHCRUNCH.COM — 30 Mar 2026
📡
An iron curtain for AI: how to improve autonomous AI agent security | Kaspersky official blog
KASPERSKY.COM — 30 Mar 2026
📡
15 Top Cybersecurity CEOs On The Future Of AI Agents: RSAC 2026
PROOFPOINT.COM — 30 Mar 2026
🐛
CVE-2026-3104 Memory leak in code preparing DNSSEC proofs of non-existence
MSRC.MICROSOFT.COM — 29 Mar 2026
🐛
CVE-2026-3591 A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass
MSRC.MICROSOFT.COM — 29 Mar 2026
🐛
CVE-2026-23399 nf_tables: nft_dynset: fix possible stateful expression memleak in error path
MSRC.MICROSOFT.COM — 29 Mar 2026
🐛
CVE-2025-70888
MSRC.MICROSOFT.COM — 29 Mar 2026
🐛
CVE-2026-1519 Excessive NSEC3 iterations cause high CPU load during insecure delegation validation
MSRC.MICROSOFT.COM — 29 Mar 2026
🐛
CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection
MSRC.MICROSOFT.COM — 29 Mar 2026
🐛
CVE-2026-3119 Authenticated query containing a TKEY record may cause named to terminate unexpectedly
MSRC.MICROSOFT.COM — 29 Mar 2026
🐛
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers
MSRC.MICROSOFT.COM — 29 Mar 2026
🐛
CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
MSRC.MICROSOFT.COM — 29 Mar 2026
🐛
CVE-2026-4833 Orc discount Markdown markdown.c compile recursion
MSRC.MICROSOFT.COM — 29 Mar 2026
🔥
ShinyHunters says it stole 350GB+ of data in a cyberattack on the European Commission, detected on March 24; the EC says its internal systems were not affected
INFOSEC.PUB — 29 Mar 2026
🔥
ShinyHunters says it stole 350GB+ of data in a cyberattack on the European Commission, detected on March 24; the EC says its internal systems were not affected
PROGRAMMING.DEV — 29 Mar 2026
🔥
ShinyHunters says it stole 350GB+ of data in a cyberattack on the European Commission, detected on March 24; the EC says its internal systems were not affected
SH.ITJUST.WORKS — 29 Mar 2026
🚨
CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM ExploitationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is…
KEVTHEHACKERNEWS.COM — 28 Mar 2026
🐛
CVE-2026-33343 etcd: Nested etcd transactions bypass RBAC authorization checks
MSRC.MICROSOFT.COM — 28 Mar 2026
🐛
CVE-2026-33413 etcd: Authorization bypasses in multiple APIs
MSRC.MICROSOFT.COM — 28 Mar 2026
🐛
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
THEHACKERNEWS.COM — 28 Mar 2026
⚠️
Open VSX Scanner Vulnerability Lets Malicious Extensions Go Live
GBHACKERS.COM — 28 Mar 2026
⚠️
TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
THEHACKERNEWS.COM — 28 Mar 2026
⚠️
New Infinity Stealer malware grabs macOS data via ClickFix lures
BLEEPINGCOMPUTER.COM — 28 Mar 2026
🔥
Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild
INFOSEC.PUB — 28 Mar 2026
🔥
Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild
PROGRAMMING.DEV — 28 Mar 2026
🔥
Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild
SH.ITJUST.WORKS — 28 Mar 2026
🔥
European Commission Confirms Cyberattack After AWS Account Breach
GBHACKERS.COM — 28 Mar 2026
🔥
Fake Certificate Loader Hides BlankGrabber Malware Chain
GBHACKERS.COM — 28 Mar 2026
🔥
TeamPCP Supply Chain Campaign: Update 003 - Operational Tempo Shift as Campaign Enters Monetization Phase With No New Compromises in 48 Hours, (Sat, Mar 28th)
ISC.SANS.EDU — 28 Mar 2026
🔥
Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
THEHACKERNEWS.COM — 28 Mar 2026
🕵️
Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs
SECURITYWEEK.COM — 28 Mar 2026
🕵️
Malicious Browser Extensions Hijack Users’ AI Chats in New “Prompt Poaching” Attack
GBHACKERS.COM — 28 Mar 2026
🕵️
What Are You Giving Up?
YOUTUBE.COM — 2026-03-28
🎙️
RSAC Recap: Agentic AI and Interview With Commvault CISO Bill O'Connell
CYBERSECURITYTODAY.LIBSYN.COM — 28 Mar 2026
🚨
CISA Adds Critical Aquasecurity Trivy Scanner Vulnerability to KEV CatalogThe Cybersecurity and Infrastructure Security Agency (CISA) has urgently added a critical flaw affecting Aquasecurity’s Trivy scanner to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-33634, this security weakness involves embedded malicious code that targ…
KEVGBHACKERS.COM — 27 Mar 2026
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-53521 F5 BIG-IP Remote Code Execution Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and…
KEVCISA.GOV — Fri, 27 Mar 26 1
🐛
ISC Issues Critical Warning Over Kea DHCP Vulnerability That Could Remotely Crash Services
GBHACKERS.COM — 27 Mar 2026
🐛
Windows Error Reporting Vulnerability Exposes Systems to Privilege Escalation, Allowing SYSTEM Access
GBHACKERS.COM — 27 Mar 2026
🐛
CVE-2026-28753 NGINX ngx_mail_proxy_module vulnerability
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2026-32647 NGINX ngx_http_mp4_module vulnerability
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2026-23398 icmp: fix NULL pointer dereference in icmp_tag_validation()
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2026-23396 wifi: mac80211: fix NULL deref in mesh_matches_local()
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2026-4645 Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2026-34085
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2026-33526 Squid vulnerable to Denial of Service in ICP Request handling
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2026-33515 Squid has issues in ICP message handling
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2026-32748 Squid has Denial of Service in ICP Response handling
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2026-27651 NGINX ngx_mail_auth_http_module vulnerability
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2026-27654 NGINX ngx_http_dav_module vulnerability
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2026-27784 NGINX ngx_http_mp4_module vulnerability
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2026-28755 NGINX ngx_stream_ssl_module vulnerability
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2026-23397 nfnetlink_osf: validate individual option lengths in fingerprints
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2026-4647 Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2026-4746 Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2026-4775 Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2026-23068 spi: spi-sprd-adi: Fix double free in probe error path
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2025-71183 btrfs: always detect conflicting inodes when logging inode refs
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2025-71184 btrfs: fix NULL dereference on root when tracing inode eviction
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2026-23004 dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list()
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CISA Flags Critical PTC Vulnerability That Had German Police Mobilized
SECURITYWEEK.COM — 27 Mar 2026
🐛
Attackers exploit critical Langflow RCE within hours as CISA sounds alarm
KEVCSOONLINE.COM — 27 Mar 2026
🐛
Rapid Exploitation of CVE-2026-21962 Hits Oracle WebLogic - Infosecurity Magazine
SH.ITJUST.WORKS — 27 Mar 2026
🐛
Chromium: CVE-2026-4673 Heap buffer overflow in WebAudio
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
Chromium: CVE-2026-4680 Use after free in FedCM
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
Chromium: CVE-2026-4677 Out of bounds read in WebAudio
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
Chromium: CVE-2026-4675 Heap buffer overflow in WebGL
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
Chromium: CVE-2026-4679 Integer overflow in Fonts
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
Chromium: CVE-2026-4674 Out of bounds read in CSS
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
Chromium: CVE-2026-4442 Heap buffer overflow in CSS
MSRC.MICROSOFT.COM — 27 Mar 2026
🐛
CVE-2026-32187 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
MSRC.MICROSOFT.COM — 27 Mar 2026
⚠️
Google: The quantum apocalypse is coming sooner than we thought
CSOONLINE.COM — 27 Mar 2026
⚠️
BreachForums Verion 5 - 339,778 breached accounts
HAVEIBEENPWNED.COM — 27 Mar 2026
⚠️
Red Hat Warns of Malware Embedded in Popular Linux Tool, Opening Doors for Unauthorized Access
GBHACKERS.COM — 27 Mar 2026
⚠️
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
THEHACKERNEWS.COM — 27 Mar 2026
⚠️
TeamPCP Hackers Focus on AI Developers, Planting Malicious Code to Disrupt Projects
GBHACKERS.COM — 27 Mar 2026
⚠️
8 steps CISOs can take to empower their teams
CSOONLINE.COM — 27 Mar 2026
⚠️
Coruna iOS Exploit Kit Likely an Update to Operation Triangulation
SECURITYWEEK.COM — 27 Mar 2026
⚠️
CISA: New Langflow flaw actively exploited to hijack AI workflows
KEVSH.ITJUST.WORKS — 27 Mar 2026
⚠️
BIND 9 Security Flaws Allow Attackers to Bypass Security Controls and Crash Servers
GBHACKERS.COM — 27 Mar 2026
⚠️
A forensic intelligence suite for Matrix investigators
SH.ITJUST.WORKS — 27 Mar 2026
⚠️
Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
THEHACKERNEWS.COM — 27 Mar 2026
⚠️
Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits
THEHACKERNEWS.COM — 27 Mar 2026
⚠️
A Matrix forensic intelligence suite for investigators
SH.ITJUST.WORKS — 27 Mar 2026
⚠️
Custom Fonts Can Trick AI Assistants Into Approving Phishing Sites
KNOWBE4.COM — 27 Mar 2026
⚠️
Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets
PROGRAMMING.DEV — 27 Mar 2026
⚠️
European Commission data stolen in a cyberattack on the infrastructure hosting its web sites
CSOONLINE.COM — 27 Mar 2026
⚠️
Spot Scam Red Flags Fast
YOUTUBE.COM — 2026-03-27
📢
WatchGuard security advisory (AV26-289)
CYBER.GC.CA — 2026-03-27
📢
Ericsson security advisory (AV26-292)
CYBER.GC.CA — 2026-03-27
📢
FreeBSD security advisory (AV26-291)
CYBER.GC.CA — 2026-03-27
📢
[Control systems] Siemens security advisory (AV26-290)
CYBER.GC.CA — 2026-03-27
📢
Microsoft Edge security advisory (AV26-293)
CYBER.GC.CA — 2026-03-27
🔥
Iran Targeted by Self-Propagating Malware in Supply-Chain Cyberattacks
INFOSEC.PUB — 27 Mar 2026
🔥
Anonymous Tip System Breach May Expose Tipsters
CYBERSECURITYTODAY.LIBSYN.COM — 27 Mar 2026
🔥
Dutch Police discloses security breach after phishing attack
BLEEPINGCOMPUTER.COM — 27 Mar 2026
🔥
Silver Fox Cyberattack Targets Japanese Businesses with Tax-Themed Phishing Scams
GBHACKERS.COM — 27 Mar 2026
🔥
Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware
THEHACKERNEWS.COM — 27 Mar 2026
🔥
Cyberangriff auf die Linke
CSOONLINE.COM — 27 Mar 2026
🔥
European Commission investigating breach after Amazon cloud hack
BLEEPINGCOMPUTER.COM — 27 Mar 2026
🔥
Hightower Holding Data Breach Impacts 130,000 - SecurityWeek
SH.ITJUST.WORKS — 27 Mar 2026
🔥
In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline
SECURITYWEEK.COM — 27 Mar 2026
🔥
TeamPCP Supply Chain Campaign: Update 002 - Telnyx PyPI Compromise, Vect Ransomware Mass Affiliate Program, and First Named Victim Claim, (Fri, Mar 27th)
ISC.SANS.EDU — 27 Mar 2026
🔥
Apple says no one using Lockdown Mode has been hacked with spyware
TECHCRUNCH.COM — 27 Mar 2026
🔥
Iranian hackers claim breach of FBI director Kash Patel’s personal email account
TECHCRUNCH.COM — 27 Mar 2026
🔥
European Commission investigating breach after Amazon cloud account hack
BLEEPINGCOMPUTER.COM — 27 Mar 2026
🔥
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
THEHACKERNEWS.COM — 27 Mar 2026
🔥
Lloyds Bank reveals how IT bug exposed transaction data
CSOONLINE.COM — 27 Mar 2026
🔥
European Commission confirms cyberattack after hackers claim data breach
TECHCRUNCH.COM — 27 Mar 2026
🔥
The telnyx packages on PyPI have been compromised
INFOSEC.PUB — 27 Mar 2026
🔥
Compromised telnyx on PyPI: WAV Steganography and Credential Theft
PROGRAMMING.DEV — 27 Mar 2026
🔥
Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
BLEEPINGCOMPUTER.COM — 27 Mar 2026
🔥
Iranian-linked hackers claimed responsibility for the breach of FBI Direct Kash Patel’s personal email account
INFOSEC.PUB — 27 Mar 2026
🔥
Iranian-linked hackers claimed responsibility for the breach of FBI Direct Kash Patel’s personal email account
PROGRAMMING.DEV — 27 Mar 2026
🔥
Iranian-linked hackers claimed responsibility for the breach of FBI Direct Kash Patel’s personal email account
SH.ITJUST.WORKS — 27 Mar 2026
🕵️
ISC Stormcast For Friday, March 27th, 2026 https://isc.sans.edu/podcastdetail/9868, (Fri, Mar 27th)
ISC.SANS.EDU — 27 Mar 2026
🕵️
Off-Topic Friday
INFOSEC.PUB — 27 Mar 2026
🕵️
Fake Cloudflare CAPTCHA Pages Deliver Infiniti Stealer Malware on macOS
GBHACKERS.COM — 27 Mar 2026
🕵️
Hackers Implant Stealthy BPFdoor Backdoors in Telecom Networks for Persistent Access
GBHACKERS.COM — 27 Mar 2026
🕵️
Phishing ZIP Files Used to Deploy PXA Stealer Targeting Financial Firms
GBHACKERS.COM — 27 Mar 2026
🕵️
Hackers Deploy USB Malware, RATs, and Stealers in Southeast Asian Government Attacks
GBHACKERS.COM — 27 Mar 2026
🕵️
Hackers Target South Asian Financial Firm with BRUSHWORM and BRUSHLOGGER Attacks
GBHACKERS.COM — 27 Mar 2026
🕵️
RSAC 2026 Conference Announcements Summary (Days 3-4)
SECURITYWEEK.COM — 27 Mar 2026
🕵️
TP-Link Patches High-Severity Router Vulnerabilities
SECURITYWEEK.COM — 27 Mar 2026
🕵️
How Adaptive Email Security Helps Navigate Threats in the Age of AI
KNOWBE4.COM — 27 Mar 2026
🕵️
Invoice Fraud Costs UK Construction Sector Millions, NCA Warns - Infosecurity Magazine
SH.ITJUST.WORKS — 27 Mar 2026
🕵️
AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
THEHACKERNEWS.COM — 27 Mar 2026
🕵️
NYC Health Notifying Patients of 2 Third-Party Hacks
SH.ITJUST.WORKS — 27 Mar 2026
🕵️
OpenAI Launches Bug Bounty Program for Abuse and Safety Risks
SECURITYWEEK.COM — 27 Mar 2026
🕵️
The Post-Quantum Visibility Problem
YOUTUBE.COM — 2026-03-27
🕵️
Pro-Iranian Hacking group Claims Credit for Hack of FBI Director Kash Patel’s Personal Account
SECURITYWEEK.COM — 27 Mar 2026
🕵️
Hackers have exposed more than 8.3 million supposedly confidential reports to tip lines like Crime Stoppers
INFOSEC.PUB — 27 Mar 2026
🕵️
Hackers have exposed more than 8.3 million supposedly confidential reports to tip lines like Crime Stoppers
PROGRAMMING.DEV — 27 Mar 2026
🕵️
Hackers have exposed more than 8.3 million supposedly confidential reports to tip lines like Crime Stoppers
SH.ITJUST.WORKS — 27 Mar 2026
🕵️
Introducing Our KnowBe4 AI Agents
KNOWBE4.COM — 27 Mar 2026
🕵️
Friday Squid Blogging: Bioluminescent Bacteria in Squid
SCHNEIER.COM — 2026-03-27
🕵️
How Microsoft Defender protects high-value assets in real-world attack scenarios
MICROSOFT.COM — 27 Mar 2026
🕵️
Scam Baiting, AI, and the New Grift Economy, Part 2 - Rinoa Poison - SWN #567
YOUTUBE.COM — 2026-03-27
🕵️
RSAC 2026: No easy fixes for expanding AI attack surface, but a coordinated response is emerging
LASTWATCHDOG.COM — 27 Mar 2026
🌐
Fake VS Code alerts on GitHub spread malware to developers
BLEEPINGCOMPUTER.COM — 27 Mar 2026
🌐
Elastic Security Labs uncovers BRUSHWORM and BRUSHLOGGER
ELASTIC.CO — 27 Mar 2026
🎙️
Soap Box: Red teaming AI systems with SpecterOps
RISKY.BIZ — 27 Mar 2026
📡
Windows 11 KB5079391 update rolls out Smart App Control improvements
BLEEPINGCOMPUTER.COM — 27 Mar 2026
📡
Anti-piracy coalition takes down AnimePlay app with 5 million users
BLEEPINGCOMPUTER.COM — 27 Mar 2026
📡
We Are At War
THEHACKERNEWS.COM — 27 Mar 2026
📡
Agentic GRC: Teams Get the Tech. The Mindset Shift Is What's Missing.
BLEEPINGCOMPUTER.COM — 27 Mar 2026
📡
Most notable supply-chain attacks of 2025 | Kaspersky official blog
KASPERSKY.COM — 27 Mar 2026
📡
RSAC 2026 wrap-up – Week in security with Tony Anscombe
WELIVESECURITY.COM — 27 Mar 2026
📡
A cunning predator: How Silver Fox preys on Japanese firms this tax season
WELIVESECURITY.COM — 27 Mar 2026
📡
How AI Agents Are Redefining the Insider Risk Threat Model
PROOFPOINT.COM — 27 Mar 2026
🚨
TeamPCP Supply Chain Campaign: Update 001 &#x3f; Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th)This is the first update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026). That report covers the full campaign from the February 28 initial access through …
KEVISC.SANS.EDU — 26 Mar 2026
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-33634 Aqua Security Trivy Embedded Malicious Code Vulnerability This type of vulnerability is a frequent attack vector for malicious cybe…
KEVCISA.GOV — Thu, 26 Mar 26 1
🐛
Cisco Secure Firewall Vulnerability Exposes Systems to Remote Code Execution by Attackers
GBHACKERS.COM — 26 Mar 2026
🐛
Microsoft Unveils New Guidance to Detect and Defend Against Trivy Supply Chain Attack
GBHACKERS.COM — 26 Mar 2026
🐛
CVE-2026-2297 SourcelessFileLoader does not use io.open_code()
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2025-66413 Git for Windows leaks NTLM hash when cloning from an attacker-controlled server
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-29111 systemd: Local unprivileged user can trigger an assert
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23382 HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23359 bpf: Fix stack-out-of-bounds write in devmap
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23325 wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211()
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23313 i40e: Fix preempt count leak in napi poll tracepoint
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23306 scsi: pm8001: Fix use-after-free in pm8001_queue_command()
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23307 can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23348 cxl: Fix race of nvdimm_bus object when creating nvdimm objects
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23378 net/sched: act_ife: Fix metalist update behavior
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23352 x86/efi: defer freeing of boot services memory
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23298 can: ucan: Fix infinite loop from zero-length messages
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23340 net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23351 netfilter: nft_set_pipapo: split gc into unlink and reclaim phase
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23319 bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23300 net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23293 net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23343 xdp: produce a warning when calculated tailroom is negative
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23389 ice: Fix memory leak in ice_set_ringparam()
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23324 can: usb: etas_es58x: correctly anchor the urb in the read bulk callback
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23365 net: usb: kalmia: validate USB endpoints
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23284 net: ethernet: mtk_eth_soc: Reset prog ptr to old_prog in case of error in mtk_xdp_setup()
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-33186 gRPC-Go has an authorization bypass via missing leading slash in :path
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-33412 Vim affected by Command injection via newline in glob()
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23370 platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23333 netfilter: nft_set_rbtree: validate open interval overlap
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23372 nfc: rawsock: cancel tx_work before socket teardown
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23315 wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23312 net: usb: kaweth: validate USB endpoints
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23330 nfc: nci: complete pending data exchange on device close
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23285 drbd: fix null-pointer dereference on local read error
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23296 scsi: core: Fix refcount leak for tagset_refcnt
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23392 netfilter: nf_tables: release flowtable after rcu grace period on error
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23318 ALSA: usb-audio: Use correct version for UAC3 header validation
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23388 Squashfs: check metadata block offset is within range
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23286 atm: lec: fix null-ptr-deref in lec_arp_clear_vccs
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23368 net: phy: register phy led_triggers during probe to avoid AB-BA deadlock
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23390 tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23292 scsi: target: Fix recursive locking in __configfs_open_file()
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23364 ksmbd: Compare MACs in constant time
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23346 arm64: io: Extract user memory type in ioremap_prot()
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23334 can: usb: f81604: handle short interrupt urb messages properly
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23303 smb: client: Don't log plaintext credentials in cifs_set_cifscreds
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23304 ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23320 usb: gadget: f_ncm: align net_device lifecycle with bind/unbind
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23290 net: usb: pegasus: validate USB endpoints
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23339 nfc: nci: free skb on nci_transceive early error paths
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23335 RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23302 net: annotate data-races around sk->sk_{data_ready,write_space}
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23386 gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23308 pinctrl: equilibrium: fix warning trace on load
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23291 nfc: pn533: properly drop the usb interface reference on disconnect
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23357 can: mcp251x: fix deadlock in error path of mcp251x_open
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23287 irqchip/sifive-plic: Fix frozen interrupt due to affinity setting
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23336 wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23281 wifi: libertas: fix use-after-free in lbs_free_adapter()
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23381 net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23395 Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23374 blktrace: fix __this_cpu_read/write in preemptible context
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23289 IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23317 drm/vmwgfx: Return the correct value in vmw_translate_ptr functions
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23347 can: usb: f81604: correctly anchor the urb in the read bulk callback
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23310 bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23356 drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23327 cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed()
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23367 wifi: radiotap: reject radiotap with unknown bits
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23279 wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame()
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23379 net/sched: ets: fix divide by zero in the offload path
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
CVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletion
MSRC.MICROSOFT.COM — 26 Mar 2026
🐛
IDrive for Windows Vulnerability Allows Attackers to Escalate Privileges and Gain Unauthorized Access
GBHACKERS.COM — 26 Mar 2026
🐛
CISA Issues Urgent Warning on Langflow Code Injection Vulnerability Actively Exploited in Attacks
KEVGBHACKERS.COM — 26 Mar 2026
🐛
CISA: New Langflow flaw actively exploited to hijack AI workflows
KEVBLEEPINGCOMPUTER.COM — 26 Mar 2026
🐛
Coruna: the framework used in Operation Triangulation
SECURELIST.COM — 26 Mar 2026
⚠️
Delve did the security compliance on LiteLLM, an AI project hit by malware
TECHCRUNCH.COM — 26 Mar 2026
⚠️
Sound Radix - 292,993 breached accounts
HAVEIBEENPWNED.COM — 26 Mar 2026
⚠️
Node.js Releases Urgent Patches for Multiple Vulnerabilities Exposing Systems to DoS and Crashes
GBHACKERS.COM — 26 Mar 2026
⚠️
Fake VS Code Security Alerts on GitHub Spread Malware in Massive Phishing Attack
GBHACKERS.COM — 26 Mar 2026
⚠️
LeakBase Forum Admin Arrested by Russian Authorities in Global Cybercrime Operation
GBHACKERS.COM — 26 Mar 2026
⚠️
Fake npm Install Messages Conceal RAT Malware in New Open Source Supply Chain Attack
GBHACKERS.COM — 26 Mar 2026
⚠️
Preventing Account Takeovers: A Practical Guide to Detection and Response
GBHACKERS.COM — 26 Mar 2026
⚠️
Synology DiskStation Manager Vulnerability Puts Users at Risk of Remote Command Execution Attacks
GBHACKERS.COM — 26 Mar 2026
⚠️
WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites
THEHACKERNEWS.COM — 26 Mar 2026
⚠️
Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks
THEHACKERNEWS.COM — 26 Mar 2026
⚠️
Critical NVIDIA Vulnerabilities Risk Remote Code Execution and Denial-of-Service Attacks
GBHACKERS.COM — 26 Mar 2026
⚠️
Silver Fox Tax Audit Phishing Campaign Shifts from RATs to Python Stealers
GBHACKERS.COM — 26 Mar 2026
⚠️
GitHub phishers use fake OpenClaw tokens to drain crypto wallets
CSOONLINE.COM — 26 Mar 2026
⚠️
Critical Ivanti EPMM Vulnerabilities Expose Systems to Arbitrary Code Execution Attacks
KEVGBHACKERS.COM — 26 Mar 2026
⚠️
Cisco Patches Multiple Vulnerabilities in IOS Software
SECURITYWEEK.COM — 26 Mar 2026
⚠️
Databricks pitches Lakewatch as a cheaper SIEM — but is it really?
CSOONLINE.COM — 26 Mar 2026
⚠️
Coruna iOS exploit framework linked to Triangulation attacks
BLEEPINGCOMPUTER.COM — 26 Mar 2026
⚠️
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
THEHACKERNEWS.COM — 26 Mar 2026
⚠️
University Donor Data Under Attack
YOUTUBE.COM — 2026-03-26
⚠️
New ClickFix Attack Exploits Windows Run Dialog and macOS Terminal to Deploy Malware
GBHACKERS.COM — 26 Mar 2026
⚠️
Great Patching Lessons To Learn From The Zero Day Clock
KNOWBE4.COM — 26 Mar 2026
⚠️
In WAF we (should not) trust
QUARKSLAB.COM — 2026-03-26
⚠️
AI is the Top Cyber Priority for Defenders as Criminals Exploit it - Infosecurity Magazine
SH.ITJUST.WORKS — 26 Mar 2026
⚠️
The CISO’s guide to responding to shadow AI
CSOONLINE.COM — 26 Mar 2026
⚠️
Report: Attackers Can Trick AI Assistants Into Displaying Phishing Messages
KNOWBE4.COM — 26 Mar 2026
⚠️
Ajax football club hack exposed fan data, enabled ticket hijack
BLEEPINGCOMPUTER.COM — 26 Mar 2026
⚠️
Scanning The Internet with Linux Tools - PSW #919
YOUTUBE.COM — 2026-03-26
⚠️
Uncover prompt injection, insider threats with the Tenable One Model Refusal Detection
TENABLE.COM — 26 Mar 2026
⚠️
A year of open source vulnerability trends: CVEs, advisories, and malware
GITHUB.BLOG — 26 Mar 2026
⚠️
Active Magecart Campaign Targets Spain, Steals Card Data via Hijacked eStores for Bank Fraud
ANY.RUN — 26 Mar 2026
📢
Alleged RedLine Malware Administrator Extradited to US
SECURITYWEEK.COM — 26 Mar 2026
📢
TeamPCP deploys CanisterWorm on NPM following Trivy compromise
PROGRAMMING.DEV — 26 Mar 2026
📢
As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters
SCHNEIER.COM — 2026-03-26
📢
Aqua Security security advisory (AV26-283)
CYBER.GC.CA — 2026-03-26
📢
PTC security advisory (AV26-282)
CYBER.GC.CA — 2026-03-26
📢
Squid security advisory (AV26-284)
CYBER.GC.CA — 2026-03-26
📢
Grafana security advisory (AV26-285)
CYBER.GC.CA — 2026-03-26
📢
[Control systems] ABB security advisory (AV26-286)
CYBER.GC.CA — 2026-03-26
📢
Spring security advisory (AV26-288)
CYBER.GC.CA — 2026-03-26
📢
HPE security advisory (AV26-287)
CYBER.GC.CA — 2026-03-26
🔥
Scuf Gaming - 128,683 breached accounts
HAVEIBEENPWNED.COM — 26 Mar 2026
🔥
Torg Grabber Malware Shifts from Telegram Exfiltration to Encrypted REST API for C2
GBHACKERS.COM — 26 Mar 2026
🔥
Russia arrests suspected owner of LeakBase cybercrime forum
BLEEPINGCOMPUTER.COM — 26 Mar 2026
🔥
Ransomware attack disrupts operation at major Spanish fishing port | The Record from Recorded Future News
SH.ITJUST.WORKS — 26 Mar 2026
🔥
Hightower Holding Data Breach Impacts 130,000
SECURITYWEEK.COM — 26 Mar 2026
🔥
UK sanctions Xinbi marketplace linked to Asian scam centers
BLEEPINGCOMPUTER.COM — 26 Mar 2026
🔥
Iran-Linked Pay2Key Ransomware Group Re-Emerges - Infosecurity Magazine
SH.ITJUST.WORKS — 26 Mar 2026
🔥
Why Financial Firms are Outgrowing Traditional Email Security
KNOWBE4.COM — 26 Mar 2026
🔥
Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise
TRENDMICRO.COM — 26 Mar 2026
🕵️
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
INFOSEC.PUB — 26 Mar 2026
🕵️
ISC Stormcast For Thursday, March 26th, 2026 https://isc.sans.edu/podcastdetail/9866, (Thu, Mar 26th)
ISC.SANS.EDU — 26 Mar 2026
🕵️
Thousands of websites are accidentally broadcasting sensitive data
INFOSEC.PUB — 26 Mar 2026
🕵️
Thousands of websites are accidentally broadcasting sensitive data
PROGRAMMING.DEV — 26 Mar 2026
🕵️
Thousands of websites are accidentally broadcasting sensitive data
SH.ITJUST.WORKS — 26 Mar 2026
🕵️
Kiss Loader Malware Targets with Early Bird APC Injection in New Attack Campaign
GBHACKERS.COM — 26 Mar 2026
🕵️
Dell and HP Roll Out Quantum-Resistant Device Security and AI-Era Cyber Resilience
SECURITYWEEK.COM — 26 Mar 2026
🕵️
Fake Screenshot Lures Target Web3 Support Staff with Multi-Stage Malware Attack
GBHACKERS.COM — 26 Mar 2026
🕵️
[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
THEHACKERNEWS.COM — 26 Mar 2026
🕵️
Hackers claim to have accessed data tied to millions of crime tipsters
SH.ITJUST.WORKS — 26 Mar 2026
🕵️
PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials | CSO Online
SH.ITJUST.WORKS — 26 Mar 2026
🕵️
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
SH.ITJUST.WORKS — 26 Mar 2026
🕵️
Enterprise Cybersecurity Software Fails 20% of the Time, Warns Report - Infosecurity Magazine
SH.ITJUST.WORKS — 26 Mar 2026
🕵️
TP-Link warns users to patch critical router auth bypass flaw
SH.ITJUST.WORKS — 26 Mar 2026
🕵️
Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure
SECURITYWEEK.COM — 26 Mar 2026
🕵️
GhostClaw AI Malware Targets macOS Users with Credential-Stealing Payloads
GBHACKERS.COM — 26 Mar 2026
🕵️
New Torg Grabber infostealer malware targets 728 crypto wallets
SH.ITJUST.WORKS — 26 Mar 2026
🕵️
BIND Updates Patch High-Severity Vulnerabilities
SECURITYWEEK.COM — 26 Mar 2026
🕵️
VoidLink Rootkit Leverages eBPF and Kernel Modules to Stealthily Infiltrate Linux Systems
GBHACKERS.COM — 26 Mar 2026
🕵️
TikTok for Business accounts targeted in new phishing campaign
BLEEPINGCOMPUTER.COM — 26 Mar 2026
🕵️
Leak Bazaar Converts Stolen Corporate Data Into Organized Criminal Marketplace
GBHACKERS.COM — 26 Mar 2026
🕵️
Scammers Abuse Calendar Invites to Plant Phony Subscription Notices
KNOWBE4.COM — 26 Mar 2026
🕵️
Google bumps up Q Day deadline to 2029, far sooner than previously thought
INFOSEC.PUB — 26 Mar 2026
🕵️
A nearly undetectable LLM attack needs only a handful of poisoned samples - Help Net Security
SH.ITJUST.WORKS — 26 Mar 2026
🕵️
China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
THEHACKERNEWS.COM — 26 Mar 2026
🕵️
LLMs Solve Firmware Upgrade Chaos
YOUTUBE.COM — 2026-03-26
🕵️
ANY.RUN Recognized for Innovations and Market Leadership at Global InfoSec Awards 2026
ANY.RUN — 26 Mar 2026
🌐
Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities
TRENDMICRO.COM — 26 Mar 2026
🌐
How scammers use legitimate surveys to link to malicious sites | Kaspersky official blog
KASPERSKY.COM — 26 Mar 2026
🌐
Suspected RedLine infostealer malware admin extradited to US
BLEEPINGCOMPUTER.COM — 26 Mar 2026
🌐
Apple made strides with iOS 26 security, but leaked hacking tools still leave millions exposed to spyware attacks
TECHCRUNCH.COM — 26 Mar 2026
🌐
Illuminating VoidLink: Technical analysis of the VoidLink rootkit framework
ELASTIC.CO — 26 Mar 2026
🌐
An AI gateway designed to steal your data
SECURELIST.COM — 26 Mar 2026
🎙️
Smashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfie
GRAHAMCLULEY.COM — 26 Mar 2026
📡
Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception
THEHACKERNEWS.COM — 26 Mar 2026
📡
ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories
THEHACKERNEWS.COM — 26 Mar 2026
📡
Conntour raises $7M from General Catalyst, YC to build an AI search engine for security video systems
TECHCRUNCH.COM — 26 Mar 2026
📡
Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers
BLEEPINGCOMPUTER.COM — 26 Mar 2026
📡
WhatsApp rolls out more AI features, iOS multi-account support
BLEEPINGCOMPUTER.COM — 26 Mar 2026
📡
A major hacking tool has leaked online, putting millions of iPhones at risk. Here’s what you need to know
TECHCRUNCH.COM — 26 Mar 2026
📡
World Leaks data extortion: What you need to know
FORTRA.COM — 26 Mar 2026
📡
Preparing for agentic AI: A financial services approach
AWS.AMAZON.COM — 26 Mar 2026
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-33017 Langflow Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses s…
KEVCISA.GOV — Wed, 25 Mar 26 1
🐛
CVE-2026-4426 Libarchive: libarchive: denial of service via malformed iso file processing
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-4395 Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-1005 Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-3549 ECH parsing heap buffer overflow
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-25075 strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-4424 Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-3099 Libsoup: libsoup: authentication bypass via digest authentication replay attack
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-2369 Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-0819 Stack buffer overflow in PKCS7 SignedData encoding with custom signed attributes
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-4159 wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-3580 Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-3849 Buffer Overflow in HPKE via Oversized ECH Config
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-3579 Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-3229 Integer Overflow in Certificate Chain Allocation
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-3230 Improper key_share validation in TLS 1.3 HelloRetryRequest
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-3503 Fault injection attack with ML-DSA and ML-KEM on ARM
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-3548 Buffer overflow in CRL number parsing in wolfSSL
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-2645 Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-3547 wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-2646 Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2025-69720
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-32141 flatted: Unbounded recursion DoS in parse() revive phase
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-33228 flatted: Prototype Pollution via parse()
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-4519 webbrowser.open() allows leading dashes in URLs
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-2443 Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-27623 Valkey has Pre-Authentication DOS from malformed RESP request
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
CVE-2026-0716 Libsoup: out-of-bounds read in libsoup websocket frame processing
MSRC.MICROSOFT.COM — 25 Mar 2026
🐛
F5 NGINX Plus & Open‑Source Flaw Lets Attackers Execute Code via MP4 File
GBHACKERS.COM — 25 Mar 2026
🐛
GoHarbor Issues Urgent Patch for Harbor Flaw Allowing Full Registry Compromise
GBHACKERS.COM — 25 Mar 2026
🐛
Chained vulnerabilities in Cisco Catalyst switches could induce denial-of-service
CSOONLINE.COM — 25 Mar 2026
🐛
New critical Citrix NetScaler hole of similar severity to CitrixBleed2, says expert
CSOONLINE.COM — 25 Mar 2026
🐛
Security for AI: A guide to managing the risks of vibe coding and AI in software development
TENABLE.COM — 25 Mar 2026
⚠️
Aqua Security’s Trivy Scanner Hit by Supply Chain Attack, Threatening Software Integrity
GBHACKERS.COM — 25 Mar 2026
⚠️
HackerOne Confirms Employee Data Stolen Following Linked Navia Hack
GBHACKERS.COM — 25 Mar 2026
⚠️
Compromised LiteLLM Package With 95M Downloads Tied to TeamPCP, After Trivy & KICS Hacks
GBHACKERS.COM — 25 Mar 2026
⚠️
AI is breaking traditional security models — Here’s where they fail first
CSOONLINE.COM — 25 Mar 2026
⚠️
Say Easy, Do Hard - Crypto-Agility - BSW #440
YOUTUBE.COM — 2026-03-25
⚠️
6 key trends reshaping the IAM market
CSOONLINE.COM — 25 Mar 2026
⚠️
ClawHub Vulnerability Lets Attackers Manipulate Rankings to Become Top Skill
GBHACKERS.COM — 25 Mar 2026
⚠️
Hackers Exploiting Magento Flaw to Execute Remote Code and Seize Full Account Access
GBHACKERS.COM — 25 Mar 2026
⚠️
PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials
CSOONLINE.COM — 25 Mar 2026
⚠️
PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug
SH.ITJUST.WORKS — 25 Mar 2026
⚠️
Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave
CSOONLINE.COM — 25 Mar 2026
⚠️
The Kill Chain Is Obsolete When Your AI Agent Is the Threat
THEHACKERNEWS.COM — 25 Mar 2026
⚠️
VulnMCP 1.0.0 released
INFOSEC.PUB — 25 Mar 2026
⚠️
Security for the Quantum Era: Implementing Post-Quantum Cryptography in Android
SECURITY.GOOGLEBLOG.COM — 2026-03-25
⚠️
Citrix urges admins to patch NetScaler flaws as soon as possible
BLEEPINGCOMPUTER.COM — 25 Mar 2026
⚠️
Trojanization of Trivy, Checkmarx, and LiteLLM solutions | Kaspersky official blog
KASPERSKY.COM — 25 Mar 2026
⚠️
LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace
THEHACKERNEWS.COM — 25 Mar 2026
⚠️
Matrix forensic toolset for tracing membership events
SH.ITJUST.WORKS — 25 Mar 2026
⚠️
Why Your Human Risk Management Strategy Can’t Ignore AI
KNOWBE4.COM — 25 Mar 2026
⚠️
Apple Patches (almost) everything again. March 2026 edition., (Wed, Mar 25th)
ISC.SANS.EDU — 25 Mar 2026
⚠️
PolyShell attacks target 56% of all vulnerable Magento stores
BLEEPINGCOMPUTER.COM — 25 Mar 2026
⚠️
GitHub adds AI-powered bug detection to expand security coverage
BLEEPINGCOMPUTER.COM — 25 Mar 2026
⚠️
ClickFix Campaigns Targeting Windows and macOS
RECORDEDFUTURE.COM — 25 Mar 2026
⚠️
Try our new dimensional analysis Claude plugin
TRAILOFBITS.COM — 25 Mar 2026
⚠️
Risky Business #830 -- LiteLLM and security scanner supply chains compromised
RISKY.BIZ — 25 Mar 2026
📢
Sen. Wyden Warns of Another Section 702 Abuse
SCHNEIER.COM — 2026-03-25
📢
Dutch Finance Ministry probing cyber breach affecting internal systems | The Record from Recorded Future News
SH.ITJUST.WORKS — 25 Mar 2026
📢
Nodejs security advisory (AV26-277)
CYBER.GC.CA — 2026-03-25
📢
GitLab security advisory (AV26-276)
CYBER.GC.CA — 2026-03-25
📢
n8n security advisory (AV26-278)
CYBER.GC.CA — 2026-03-25
📢
Russia arrests alleged owner of cybercrime forum LeakBase, report says
TECHCRUNCH.COM — 25 Mar 2026
📢
ISC BIND security advisory (AV26-280)
CYBER.GC.CA — 2026-03-25
📢
Hitachi security advisory (AV26-279)
CYBER.GC.CA — 2026-03-25
📢
Cisco security advisory (AV26-281)
CYBER.GC.CA — 2026-03-25
📢
Convicted spyware chief hints that Greece’s government was behind dozens of phone hacks
TECHCRUNCH.COM — 25 Mar 2026
🔥
Five Malicious npm Packages Target Crypto Developers, Steal Wallet Keys via Telegram
GBHACKERS.COM — 25 Mar 2026
🔥
HackerOne Employee Data Exposed in Massive Navia Breach
SECURITYWEEK.COM — 25 Mar 2026
🔥
Manager of botnet used in ransomware attacks gets 2 years in prison
BLEEPINGCOMPUTER.COM — 25 Mar 2026
🔥
New Study Reveals How Infostealer Infections Lead to Dark Web Exposure in Just 48 Hours
GBHACKERS.COM — 25 Mar 2026
🔥
US Prisons Russian Access Broker for Aiding Ransomware Attacks
SECURITYWEEK.COM — 25 Mar 2026
🔥
SmartApeSG ClickFix Campaign Spreads Remcos, NetSupport RAT, StealC, Sectop RAT
GBHACKERS.COM — 25 Mar 2026
🔥
Linux Ransomware Pay2Key Targets Servers, Virtualization Hosts, and Cloud Workloads
GBHACKERS.COM — 25 Mar 2026
🔥
From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
SECURITYWEEK.COM — 25 Mar 2026
🔥
3.1 Million Impacted by QualDerm Data Breach - SecurityWeek
SH.ITJUST.WORKS — 25 Mar 2026
🔥
Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks
THEHACKERNEWS.COM — 25 Mar 2026
🔥
When Encryption Suddenly Fails
YOUTUBE.COM — 2026-03-25
🔥
Identity security is the new pressure point for modern cyberattacks
MICROSOFT.COM — 25 Mar 2026
🔥
Your AI Stack Just Handed Over Your Root Keys: Inside the litellm PyPI Breach
TRENDMICRO.COM — 25 Mar 2026
🔥
Anatomy of a Cyber World Global Report 2026
SECURELIST.COM — 25 Mar 2026
🕵️
Guidance for detecting, investigating, and defending against the Trivy supply chain compromise
MICROSOFT.COM — 25 Mar 2026
🕵️
ISC Stormcast For Wednesday, March 25th, 2026 https://isc.sans.edu/podcastdetail/9864, (Wed, Mar 25th)
ISC.SANS.EDU — 25 Mar 2026
🕵️
RSAC Presenter Says "Time to Kill One of Cybersecurity's Most Overworked Terms"
CYBERSECURITYTODAY.LIBSYN.COM — 25 Mar 2026
🕵️
Google Authenticator’s Hidden Passkey Design May Expose New Passwordless Attack Vectors
GBHACKERS.COM — 25 Mar 2026
🕵️
FCC Blocks New Foreign Consumer Router Models Citing Serious Security Risks
GBHACKERS.COM — 25 Mar 2026
🕵️
Kali Linux 2026.1 Launches With 8 New Hacking Tools for Penetration Testers
GBHACKERS.COM — 25 Mar 2026
🕵️
AI-Driven ‘OpenClaw Trap’ Campaign Targets Developers and Gamers via Trojanized GitHub Repos
GBHACKERS.COM — 25 Mar 2026
🕵️
Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit
SH.ITJUST.WORKS — 25 Mar 2026
🕵️
Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities - Infosecurity Magazine
SH.ITJUST.WORKS — 25 Mar 2026
🕵️
Mozilla Releases Firefox 149.0 With Free Built‑In VPN Offering 50 GB Monthly Data
GBHACKERS.COM — 25 Mar 2026
🕵️
RSAC 2026 Conference Announcements Summary (Day 2)
SECURITYWEEK.COM — 25 Mar 2026
🕵️
Mirai Botnets Evolve Into Major DDoS and Proxy Abuse Threats
GBHACKERS.COM — 25 Mar 2026
🕵️
FCC Bans New Routers Made Outside the US Over National Security Risks
SECURITYWEEK.COM — 25 Mar 2026
🕵️
Obfuscated VBS and PNG Loaders Power New Open Directory Malware Campaign with RAT Payloads
GBHACKERS.COM — 25 Mar 2026
🕵️
iOS, macOS 26.4 Roll Out With Fresh Security Patches
SECURITYWEEK.COM — 25 Mar 2026
🕵️
China-Backed Hackers Target Southeast Asian Military Systems in Ongoing Spy Campaign
GBHACKERS.COM — 25 Mar 2026
🕵️
What are You Working on Wednesday
INFOSEC.PUB — 25 Mar 2026
🕵️
AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link
SECURITYWEEK.COM — 25 Mar 2026
🕵️
Russian Cybercriminal Gets 2-Year Prison Sentence in US
SECURITYWEEK.COM — 25 Mar 2026
🕵️
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
THEHACKERNEWS.COM — 25 Mar 2026
🕵️
2026 Cybersecurity Excellence Awards Winners Announced during RSA Conference as AI Security Dominates
GBHACKERS.COM — 25 Mar 2026
🕵️
MY YAKE: A decade of cyber collaboration, built under Obama, is now hostage to a political grudge
LASTWATCHDOG.COM — 25 Mar 2026
🕵️
Onit Security Raises $11 Million for Exposure Management Platform
SECURITYWEEK.COM — 25 Mar 2026
🕵️
AI Expands the Scam Target Pool
YOUTUBE.COM — 2026-03-25
🕵️
Bubble AI app builder abused to steal Microsoft account credentials
BLEEPINGCOMPUTER.COM — 25 Mar 2026
🕵️
You Don’t Know Your Assets
YOUTUBE.COM — 2026-03-25
🌐
FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns
THEHACKERNEWS.COM — 25 Mar 2026
🌐
Paid AI Accounts Are Now a Hot Underground Commodity
BLEEPINGCOMPUTER.COM — 25 Mar 2026
🌐
New Torg Grabber infostealer malware targets 728 crypto wallets
BLEEPINGCOMPUTER.COM — 25 Mar 2026
📡
Weekly Threat Bulletin – March 25th, 2026
F5.COM — 25 Mar 2026
📡
SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2), (Wed, Mar 25th)
ISC.SANS.EDU — 25 Mar 2026
📡
How one man used 10,000 bots to steal $8,000,000 from music artists
BITDEFENDER.COM — 25 Mar 2026
📡
TP-Link warns users to patch critical router auth bypass flaw
BLEEPINGCOMPUTER.COM — 25 Mar 2026
📡
Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
THEHACKERNEWS.COM — 25 Mar 2026
📡
Kali Linux 2026.1 released with 8 new tools, new BackTrack mode
BLEEPINGCOMPUTER.COM — 25 Mar 2026
📡
Joint guidance on securing space and cyber security for low earth orbit satellite communications
CYBER.GC.CA — 2026-03-25
📡
Virtual machines, virtually everywhere – and with real security gaps
WELIVESECURITY.COM — 25 Mar 2026
📡
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem
CROWDSTRIKE.COM — Mar 25, 2026 00:
📡
5 Ways To Protect Enterprise Value During A Merger Or Acquisition
PROOFPOINT.COM — 25 Mar 2026
🐛
Critical NetScaler ADC and Gateway Flaws Expose Systems to Remote Attacks
GBHACKERS.COM — 24 Mar 2026
🐛
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
THEHACKERNEWS.COM — 24 Mar 2026
🐛
VU#330121: IDrive for Windows contains local privilege escalation vulnerability
KB.CERT.ORG — 2026-03-24
⚠️
Palo Alto updates security platform to discover AI agents
CSOONLINE.COM — 24 Mar 2026
⚠️
Chrome Security Update Fixes 8 Vulnerabilities That Could Enable Remote Code Execution
GBHACKERS.COM — 24 Mar 2026
⚠️
Roundcube Releases Urgent Security Update to Fix Critical Bugs
GBHACKERS.COM — 24 Mar 2026
⚠️
NIST Releases Quick-Start Guide Linking Cybersecurity, Enterprise Risk, and Workforce Management
GBHACKERS.COM — 24 Mar 2026
⚠️
Why CISOs should embrace AI honeypots
CSOONLINE.COM — 24 Mar 2026
⚠️
Founder of CoinDCX Arrested Amid Serious Fraud and Cheating Charges
GBHACKERS.COM — 24 Mar 2026
⚠️
Streamline physical security to enable data center growth in the era of AI
CSOONLINE.COM — 24 Mar 2026
⚠️
Why Proactive Security Is Far Better Than Patching - Erik Nost - ASW #375
YOUTUBE.COM — 2026-03-24
⚠️
Autonomous AI adoption is on the rise, but it’s risky
CSOONLINE.COM — 24 Mar 2026
⚠️
Threat Actors Target MS-SQL Servers to Deploy ICE Cloud Scanner Malware
GBHACKERS.COM — 24 Mar 2026
⚠️
Multiple Vulnerabilities in TP-Link Devices Enable Arbitrary Command Execution
GBHACKERS.COM — 24 Mar 2026
⚠️
Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn
SECURITYWEEK.COM — 24 Mar 2026
⚠️
Dell Wyse Management Flaws Could Lead to Full System Compromise
GBHACKERS.COM — 24 Mar 2026
⚠️
New ‘StoatWaffle’ malware auto‑executes attacks on developers
CSOONLINE.COM — 24 Mar 2026
⚠️
DarkSword Exploit Chain Leaked Online, Posing Risk to Millions of iPhones
GBHACKERS.COM — 24 Mar 2026
⚠️
Tycoon2FA Operators Resume Cloud Account Phishing Following Infrastructure
GBHACKERS.COM — 24 Mar 2026
⚠️
HP launches TPM Guard to help defeat physical TPM attacks
CSOONLINE.COM — 24 Mar 2026
⚠️
News alert: DDoS attacks surge 150%—Gcore analysis shows faster, cheaper more frequent attacks
LASTWATCHDOG.COM — 24 Mar 2026
⚠️
Best Practices for Implementing AI Agents
KNOWBE4.COM — 24 Mar 2026
⚠️
Your Attack Surface Just Expanded
YOUTUBE.COM — 2026-03-24
⚠️
100,000+ New Vulnerabilities This Year and Most Will Be Zero-Days Exploited Faster
KNOWBE4.COM — 24 Mar 2026
⚠️
PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug
BLEEPINGCOMPUTER.COM — 24 Mar 2026
⚠️
Cloud workload security: Mind the gaps
WELIVESECURITY.COM — 24 Mar 2026
⚠️
ZDI-26-226: (0Day) Microsoft Azure MCP AzureCliService Command Injection Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 24 Mar 2026
⚠️
Meet Tenable Hexa AI: Agentic AI for exposure management
TENABLE.COM — 24 Mar 2026
⚠️
VU#577436: Hard coded credentials vulnerability in GoHarbor's Harbor
KB.CERT.ORG — 2026-03-24
⚠️
Spotting issues in DeFi with dimensional analysis
TRAILOFBITS.COM — 24 Mar 2026
📢
Delve halts demos, Insight Partners scrubs investment post amid ‘fake compliance’ allegations
TECHCRUNCH.COM — 24 Mar 2026
📢
Delve - Fake Compliance as a Service
INFOSEC.PUB — 24 Mar 2026
📢
Delve - Fake Compliance as a Service
PROGRAMMING.DEV — 24 Mar 2026
📢
TeamPCP Unleashes Iran-Targeted CanisterWorm Kubernetes Wiper
GBHACKERS.COM — 24 Mar 2026
📢
Dutch Ministry of Finance discloses breach affecting employees
BLEEPINGCOMPUTER.COM — 24 Mar 2026
📢
HackerOne discloses employee data breach after Navia hack
BLEEPINGCOMPUTER.COM — 24 Mar 2026
📢
Mozilla security advisory (AV26-271)
CYBER.GC.CA — 2026-03-24
📢
Google Chrome security advisory (AV26-270)
CYBER.GC.CA — 2026-03-24
📢
VMware security advisory (AV26-272)
CYBER.GC.CA — 2026-03-24
📢
[Control systems] Helmholz security advisory (AV26-274)
CYBER.GC.CA — 2026-03-24
📢
F5 security advisory (AV26-273)
CYBER.GC.CA — 2026-03-24
📢
Apple security advisory (AV26-275)
CYBER.GC.CA — 2026-03-24
🔥
US State Department launches the Bureau of Emerging Threats to tackle current and future threats, including cyberattacks and AI weaponization by adversaries
INFOSEC.PUB — 24 Mar 2026
🔥
US State Department launches the Bureau of Emerging Threats to tackle current and future threats, including cyberattacks and AI weaponization by adversaries
PROGRAMMING.DEV — 24 Mar 2026
🔥
US State Department launches the Bureau of Emerging Threats to tackle current and future threats, including cyberattacks and AI weaponization by adversaries
SH.ITJUST.WORKS — 24 Mar 2026
🔥
Weekly Update 496
TROYHUNT.COM — 24 Mar 2026
🔥
New Leak Site Tied to Active Initial Access Broker Emerges on Underground Forums
GBHACKERS.COM — 24 Mar 2026
🔥
U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage
THEHACKERNEWS.COM — 24 Mar 2026
🔥
Russian Access Broker Jailed for Facilitating Ransomware Attacks Targeting U.S. Companies
GBHACKERS.COM — 24 Mar 2026
🔥
Mazda Says Employee, Partner Information Stolen in Cyberattack
SECURITYWEEK.COM — 24 Mar 2026
🔥
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
THEHACKERNEWS.COM — 24 Mar 2026
🔥
3.1 Million Impacted by QualDerm Data Breach
SECURITYWEEK.COM — 24 Mar 2026
🔥
Yanluowang ransomware access broker gets 81 months in prison
BLEEPINGCOMPUTER.COM — 24 Mar 2026
🔥
Infinite Campus warns of breach after ShinyHunters claims data theft
BLEEPINGCOMPUTER.COM — 24 Mar 2026
🔥
Extortion Group Claims It Hacked AstraZeneca
SECURITYWEEK.COM — 24 Mar 2026
🔥
SQL Server Ransomware Attacks: How They Work and How to Harden Your Database
GBHACKERS.COM — 24 Mar 2026
🔥
Crunchyroll confirms data breach after hacker claims unauthorized access
TECHCRUNCH.COM — 24 Mar 2026
🔥
Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector
SECURITYWEEK.COM — 24 Mar 2026
🔥
TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise
THEHACKERNEWS.COM — 24 Mar 2026
🔥
Popular LiteLLM PyPI package compromised in TeamPCP supply chain attack
BLEEPINGCOMPUTER.COM — 24 Mar 2026
🕵️
ISC Stormcast For Tuesday, March 24th, 2026 https://isc.sans.edu/podcastdetail/9862, (Tue, Mar 24th)
ISC.SANS.EDU — 24 Mar 2026
🕵️
The US bans all new foreign-made network routers
SH.ITJUST.WORKS — 24 Mar 2026
🕵️
Fake ChatGPT Invites Target Android Users With Malware
GBHACKERS.COM — 24 Mar 2026
🕵️
SilentConnect Uses Fake Invites to Deploy ScreenConnect RAT
GBHACKERS.COM — 24 Mar 2026
🕵️
Microsoft Unveils New GenAI Security Protections in Azure AI Foundry
GBHACKERS.COM — 24 Mar 2026
🕵️
Google Forms Job Scam Spreads PureHVNC Malware
GBHACKERS.COM — 24 Mar 2026
🕵️
Stryker Says Malicious File Found During Probe Into Iran-Linked Attack
SECURITYWEEK.COM — 24 Mar 2026
🕵️
Gcore Radar report reveals 150% surge in DDoS attacks year-on-year
GBHACKERS.COM — 24 Mar 2026
🕵️
Team Mirai and Democracy
SCHNEIER.COM — 2026-03-24
🕵️
Iran Built a Vast Camera Network to Control Dissent. Israel Turned It Into a Targeting Tool
SECURITYWEEK.COM — 24 Mar 2026
🕵️
Webinar Today: Putting CIS Controls and Benchmarks into Practice
SECURITYWEEK.COM — 24 Mar 2026
🕵️
Chrome 146 Update Patches High-Severity Vulnerabilities
SECURITYWEEK.COM — 24 Mar 2026
🕵️
Detecting IP KVMs, (Tue, Mar 24th)
ISC.SANS.EDU — 24 Mar 2026
🕵️
The Hardest Part of Security
YOUTUBE.COM — 2026-03-24
🕵️
DDoS-Angriffe haben sich verdoppelt
CSOONLINE.COM — 24 Mar 2026
🕵️
RSAC 2026 Conference Announcements Summary (Day 1)
SECURITYWEEK.COM — 24 Mar 2026
🕵️
Supply Chain Attack in litellm 1.82.8 on PyPI
INFOSEC.PUB — 24 Mar 2026
🕵️
CyberheistNews Vol 16 #12 [Keep An Eye Out] Why Unsecured Outlook Email Is Risky
KNOWBE4.COM — 24 Mar 2026
🕵️
I Didn’t Revoke my API Keys Because Claude Called Me An Idiot
KNOWBE4.COM — 24 Mar 2026
🕵️
Governing AI agent behavior: Aligning user, developer, role, and organizational intent
TECHCOMMUNITY.MICROSOFT.COM — 24 Mar 2026
🕵️
Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw
SECURITYWEEK.COM — 24 Mar 2026
🕵️
DoE Publishes 5-Year Energy Security Plan
SECURITYWEEK.COM — 24 Mar 2026
🕵️
Scam Baiting, AI, and the New Grift Economy, Part 1 - Rinoa Poison - SWN #566
YOUTUBE.COM — 2026-03-24
🕵️
When Virtual Machines Fail You
YOUTUBE.COM — 2026-03-24
🕵️
Mandiant Global Median Dwell Time Deteriorates from 11 to 14 Days
TAOSECURITY.BLOGSPOT.COM — 2026-03-24
🌐
Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR
THEHACKERNEWS.COM — 24 Mar 2026
🌐
Investigating from the Endpoint Across Your Environment with Elastic Security XDR
ELASTIC.CO — 24 Mar 2026
📡
The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills
THEHACKERNEWS.COM — 24 Mar 2026
📡
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
THEHACKERNEWS.COM — 24 Mar 2026
📡
5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents
THEHACKERNEWS.COM — 24 Mar 2026
📡
Bubble’s role in phishing scams | Kaspersky official blog
KASPERSKY.COM — 24 Mar 2026
📡
Zero Trust: Bridging the Gap Between Authentication and Trust
BLEEPINGCOMPUTER.COM — 24 Mar 2026
📡
FCC bans import of new consumer routers made overseas, citing security risks
TECHCRUNCH.COM — 24 Mar 2026
📡
Microsoft fixes bug causing Classic Outlook sync issues with Gmail
BLEEPINGCOMPUTER.COM — 24 Mar 2026
📡
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
THEHACKERNEWS.COM — 24 Mar 2026
📡
Firefox now has a free built-in VPN with 50GB monthly data limit
BLEEPINGCOMPUTER.COM — 24 Mar 2026
📡
FCC bans new routers made outside the USA over security risks
BLEEPINGCOMPUTER.COM — 24 Mar 2026
📡
CrowdStrike Flex for Services Expands Access to Elite Security Expertise
CROWDSTRIKE.COM — Mar 24, 2026 00:
📡
Falcon Data Security Secures Data Wherever It Lives and Moves
CROWDSTRIKE.COM — Mar 24, 2026 00:
📡
CrowdStrike Advances CNAPP with Industry-First Adversary-Informed Risk Prioritization
CROWDSTRIKE.COM — Mar 24, 2026 00:
📡
CrowdStrike Services and Agentic MDR Put the Agentic SOC in Reach
CROWDSTRIKE.COM — Mar 24, 2026 00:
📡
Sumit Dhawan on the importance of intent-based AI security
PROOFPOINT.COM — 24 Mar 2026
📡
20 Coolest AI And Security Products At RSAC 2026
PROOFPOINT.COM — 24 Mar 2026
📡
Security Automation with Elastic Workflows: From Alert to Response
ELASTIC.CO — 24 Mar 2026
📡
Streamlining the Security Analyst Experience
ELASTIC.CO — 24 Mar 2026
📡
Supercharge Your SOC
ELASTIC.CO — 24 Mar 2026
🐛
AL26-005 – Critical vulnerability impacting Microsoft SharePoint Server – CVE-2026-20963
CYBER.GC.CA — 2026-03-23
🐛
Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability
KEVSECURITYWEEK.COM — 23 Mar 2026
🐛
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
THEHACKERNEWS.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4464 Integer overflow in ANGLE
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4463 Heap buffer overflow in WebRTC
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4462 Out of bounds read in Blink
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4461 Inappropriate implementation in V8
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4456 Use after free in Digital Credentials API
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4460 Out of bounds read in Skia
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4457 Type Confusion in V8
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4446 Use after free in WebRTC
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4449 Use after free in Blink
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4445 Use after free in WebRTC
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4451 Insufficient validation of untrusted input in Navigation
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4447 Inappropriate implementation in V8
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4444 Stack buffer overflow in WebRTC
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4455 Heap buffer overflow in PDFium
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4452 Integer overflow in ANGLE
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4443 Heap buffer overflow in WebAudio
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4448 Heap buffer overflow in ANGLE
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4441 Use after free in Base
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
CVE-2026-4438 gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4454 Use after free in Network
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4450 Out of bounds write in V8
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
CVE-2026-4437 gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4458 Use after free in Extensions
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Chromium: CVE-2026-4440 Out of bounds read and write in WebGL
MSRC.MICROSOFT.COM — 23 Mar 2026
🐛
Hackers Exploit Quest KACE SMA Flaw to Harvest Credentials
GBHACKERS.COM — 23 Mar 2026
🐛
CISA Warns of Craft CMS Code Injection Flaw Exploited in Active Attacks
KEVGBHACKERS.COM — 23 Mar 2026
🐛
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
SH.ITJUST.WORKS — 23 Mar 2026
🐛
ZDI-26-225: (Pwn2Own) Samsung Galaxy S25 Samsung Account Open Redirect Security Bypass Vulnerability
ZERODAYINITIATIVE.COM — 23 Mar 2026
🐛
ZDI-26-224: (Pwn2Own) Samsung Galaxy S25 Samsung Account Cross-Site Scripting Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 23 Mar 2026
🐛
ZDI-26-223: (Pwn2Own) Samsung Galaxy S25 Smart Touch Call Application Protection Mechanism Failure Information Disclosure Vulnerability
ZERODAYINITIATIVE.COM — 23 Mar 2026
🐛
ZDI-26-222: (Pwn2Own) Canon imageCLASS MF654Cdw BJNP Memory Corruption Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 23 Mar 2026
⚠️
Microsoft Xbox One Hacked
SCHNEIER.COM — 2026-03-23
⚠️
Startup Accused Of Helping Fake Privacy and Security Audits
CYBERSECURITYTODAY.LIBSYN.COM — 23 Mar 2026
⚠️
CISA orders feds to patch DarkSword iOS flaws exploited attacks
BLEEPINGCOMPUTER.COM — 23 Mar 2026
⚠️
Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack
SECURITYWEEK.COM — 23 Mar 2026
⚠️
QNAP Patches Four Vulnerabilities Exploited at Pwn2Own
SECURITYWEEK.COM — 23 Mar 2026
⚠️
Tycoon 2FA Fully Operational Despite Law Enforcement Takedown
SECURITYWEEK.COM — 23 Mar 2026
⚠️
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
THEHACKERNEWS.COM — 23 Mar 2026
⚠️
We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them
THEHACKERNEWS.COM — 23 Mar 2026
⚠️
The ‘Urgency Trap’: Why Time Pressure is Your Biggest Email Red Flag
KNOWBE4.COM — 23 Mar 2026
⚠️
Critical QNAP QVR Pro Flaw Could Let Remote Attackers Access Systems
GBHACKERS.COM — 23 Mar 2026
⚠️
Faster attacks and ‘recovery denial’ ransomware reshape threat landscape
CSOONLINE.COM — 23 Mar 2026
⚠️
Chrome ABE bypass discovered: New VoidStealer malware steals passwords and cookies
CSOONLINE.COM — 23 Mar 2026
⚠️
Behavioral XDR and threat intel nab North Korean fake IT worker within 10 days of hire
CSOONLINE.COM — 23 Mar 2026
⚠️
Why US companies must be ready for quantum by 2030: A practical roadmap
CSOONLINE.COM — 23 Mar 2026
⚠️
The insider threat rises again
CSOONLINE.COM — 23 Mar 2026
⚠️
cpe-guesser 2.0 released
INFOSEC.PUB — 23 Mar 2026
⚠️
Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw
SH.ITJUST.WORKS — 23 Mar 2026
⚠️
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack | CSO Online
SH.ITJUST.WORKS — 23 Mar 2026
⚠️
Why One-Time Pen Testing Isn’t Enough
YOUTUBE.COM — 2026-03-23
⚠️
Someone has publicly leaked an exploit kit that can hack millions of iPhones
TECHCRUNCH.COM — 23 Mar 2026
⚠️
A Vulnerability in Oracle Products Could Allow for Remote Code Execution
CISECURITY.ORG — 23 Mar 2026
⚠️
I Built 7 MCP Servers for Security Tools. The Protocol Was the Easy Part.
SH.ITJUST.WORKS — 23 Mar 2026
⚠️
Someone has publicly leaked an exploit kit that can hack millions of iPhones
INFOSEC.PUB — 23 Mar 2026
⚠️
Securing the AI Enterprise — Introducing Prisma AIRS 3.0
PALOALTONETWORKS.COM — 23 Mar 2026
⚠️
The Cryptographic Reset Has Begun
PALOALTONETWORKS.COM — 23 Mar 2026
⚠️
M-Trends 2026: Data, Insights, and Strategies From the Frontlines
CLOUD.GOOGLE.COM — 23 Mar 2026
⚠️
IAM policy types: How and when to use them
AWS.AMAZON.COM — 23 Mar 2026
📋
511,000+ End-of-Life IIS Instances Found Online, Raising Security Risks
GBHACKERS.COM — 23 Mar 2026
📢
VMware security advisory (AV26-269)
CYBER.GC.CA — 2026-03-23
📢
Microsoft Edge security advisory (AV26-268)
CYBER.GC.CA — 2026-03-23
📢
Citrix security advisory (AV26-267)
CYBER.GC.CA — 2026-03-23
📢
Red Hat security advisory (AV26-266)
CYBER.GC.CA — 2026-03-23
📢
[Control systems] CISA ICS security advisories (AV26–265)
CYBER.GC.CA — 2026-03-23
📢
Ubuntu security advisory (AV26-264)
CYBER.GC.CA — 2026-03-23
📢
Dell security advisory (AV26-263)
CYBER.GC.CA — 2026-03-23
📢
IBM security advisory (AV26-262)
CYBER.GC.CA — 2026-03-23
📢
Oracle security advisory (AV26-261)
CYBER.GC.CA — 2026-03-23
📢
Kubernetes security advisory (AV26-260)
CYBER.GC.CA — 2026-03-23
📢
FBI warns of Handala hackers using Telegram in malware attacks
BLEEPINGCOMPUTER.COM — 23 Mar 2026
📢
‘CanisterWorm’ Springs Wiper Attack Targeting Iran
KREBSONSECURITY.COM — 23 Mar 2026
📢
Reflections from the Second NIST Cyber AI Profile Workshop
NIST.GOV — 23 Mar 2026
📢
Federal immigration agents filmed making airport arrests as Trump calls in ICE to ease security line delays
TECHCRUNCH.COM — 23 Mar 2026
📢
CISA orders feds to patch max-severity Cisco flaw by Sunday
SH.ITJUST.WORKS — 23 Mar 2026
🔥
M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds
SECURITYWEEK.COM — 23 Mar 2026
🔥
Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware
SECURITYWEEK.COM — 23 Mar 2026
🔥
Case study: How predictive shielding in Defender stopped GPO-based ransomware before it started
MICROSOFT.COM — 23 Mar 2026
🔥
Libyan Refinery Targeted in Prolonged Spy Campaign With AsyncRAT
GBHACKERS.COM — 23 Mar 2026
🔥
Can AI help critical infrastructure, the state of the cyber market, and weekly news - ESW #451
YOUTUBE.COM — 2026-03-23
🔥
Trivy Compromised by "TeamPCP" | Wiz Blog
INFOSEC.PUB — 23 Mar 2026
🔥
Navia Data Breach Impacts 2.7 Million - SecurityWeek
SH.ITJUST.WORKS — 23 Mar 2026
🔥
Crunchyroll probes breach after hacker claims to steal 6.8M users' data
BLEEPINGCOMPUTER.COM — 23 Mar 2026
🔥
Mazda discloses security breach exposing employee and partner data
BLEEPINGCOMPUTER.COM — 23 Mar 2026
🔥
RuneScape Boards - 222,762 breached accounts
HAVEIBEENPWNED.COM — 23 Mar 2026
🕵️
RSAC 2026 Conference Announcements Summary (Pre-Event)
SECURITYWEEK.COM — 23 Mar 2026
🕵️
ISC Stormcast For Monday, March 23rd, 2026 https://isc.sans.edu/podcastdetail/9860, (Mon, Mar 23rd)
ISC.SANS.EDU — 23 Mar 2026
🕵️
Tax Scam Google Ads Push BYOVD EDR Killer, Huntress Finds
GBHACKERS.COM — 23 Mar 2026
🕵️
SEO Poisoning Campaign Uses Fake Popular Apps to Deliver AsyncRAT
GBHACKERS.COM — 23 Mar 2026
🕵️
MioLab MacOS Stealer Expands With ClickFix, Wallet Theft, Team APIs
GBHACKERS.COM — 23 Mar 2026
🕵️
Oblivion RAT Masquerades as Play Store Update to Spy on Android Users
GBHACKERS.COM — 23 Mar 2026
🕵️
$30 IP-KVM Flaws Could Enable BIOS-Level Enterprise Network Attacks
GBHACKERS.COM — 23 Mar 2026
🕵️
FBI says Iranian hackers are using Telegram to steal data in malware attacks
TECHCRUNCH.COM — 23 Mar 2026
🕵️
AI-First Security Is Mostly Hype
YOUTUBE.COM — 2026-03-23
🕵️
Burp Anonymizer
INFOSEC.PUB — 23 Mar 2026
🕵️
Thousands of Magento Sites Hit in Ongoing Defacement Campaign - SecurityWeek
SH.ITJUST.WORKS — 23 Mar 2026
🕵️
BurpAnonymizer
SH.ITJUST.WORKS — 23 Mar 2026
🕵️
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
THEHACKERNEWS.COM — 23 Mar 2026
🕵️
Securing the Era of Agentic AI with Prisma SASE
PALOALTONETWORKS.COM — 23 Mar 2026
🕵️
Prisma Browser for Business — A Secure Workspace for Small Business
PALOALTONETWORKS.COM — 23 Mar 2026
🕵️
GitHub expands application security coverage with AI‑powered detections
GITHUB.BLOG — 23 Mar 2026
🌐
Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
THEHACKERNEWS.COM — 23 Mar 2026
🌐
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
THEHACKERNEWS.COM — 23 Mar 2026
📡
Trivy supply-chain attack spreads to Docker, GitHub repos
BLEEPINGCOMPUTER.COM — 23 Mar 2026
📡
Varonis Atlas: Securing AI and the Data That Powers It
BLEEPINGCOMPUTER.COM — 23 Mar 2026
📡
Microsoft Exchange Online service change causes email access issues
BLEEPINGCOMPUTER.COM — 23 Mar 2026
📡
New KB5085516 emergency update fixes Microsoft account sign-in
BLEEPINGCOMPUTER.COM — 23 Mar 2026
📡
Russian authorities block paywall removal site Archive.today
TECHCRUNCH.COM — 23 Mar 2026
📡
TeamPCP deploys Iran-targeted wiper in Kubernetes attacks
BLEEPINGCOMPUTER.COM — 23 Mar 2026
📡
Tool updates: lots of security and logic fixes, (Mon, Mar 23rd)
ISC.SANS.EDU — 23 Mar 2026
📡
Tycoon2FA phishing platform returns after recent police disruption
BLEEPINGCOMPUTER.COM — 23 Mar 2026
📡
OpenAI rolls out ChatGPT Library to store your personal files
BLEEPINGCOMPUTER.COM — 23 Mar 2026
📡
Proofpoint Redefines Email and Data Security for the Agentic Workspace
PROOFPOINT.COM — 23 Mar 2026
⚠️
FIRESIDE CHAT: In the AI age, your MFA, authentication apps can be compromised in minutes
KEVLASTWATCHDOG.COM — 22 Mar 2026
📢
Delve accused of misleading customers with ‘fake compliance’
TECHCRUNCH.COM — 22 Mar 2026
🌐
VoidStealer malware steals Chrome master key via debugger trick
BLEEPINGCOMPUTER.COM — 22 Mar 2026
🐛
Critical Quest KACE Vulnerability Potentially Exploited in Attacks
SECURITYWEEK.COM — 21 Mar 2026
🐛
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
THEHACKERNEWS.COM — 21 Mar 2026
🐛
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
KEVTHEHACKERNEWS.COM — 21 Mar 2026
🐛
CVE-2026-23204 net/sched: cls_u32: use skb_header_pointer_careful()
MSRC.MICROSOFT.COM — 21 Mar 2026
🐛
CVE-2026-23274 netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
MSRC.MICROSOFT.COM — 21 Mar 2026
🐛
CVE-2026-23278 netfilter: nf_tables: always walk all pending catchall elements
MSRC.MICROSOFT.COM — 21 Mar 2026
🐛
CVE-2026-23272 netfilter: nf_tables: unconditionally bump set->nelems before insertion
MSRC.MICROSOFT.COM — 21 Mar 2026
🐛
CVE-2026-23276 net: add xmit recursion limit to tunnel xmit functions
MSRC.MICROSOFT.COM — 21 Mar 2026
🐛
CVE-2026-3634 Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type header
MSRC.MICROSOFT.COM — 21 Mar 2026
🐛
CVE-2026-3632 Libsoup: libsoup: http smuggling and server-side request forgery via malformed hostnames
MSRC.MICROSOFT.COM — 21 Mar 2026
🐛
CVE-2026-3479 pkgutil.get_data() does not enforce documented restrictions
MSRC.MICROSOFT.COM — 21 Mar 2026
🐛
CVE-2026-27135 nghttp2 Denial of service: Assertion failure due to the missing state validation
MSRC.MICROSOFT.COM — 21 Mar 2026
🐛
CVE-2026-23277 net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit
MSRC.MICROSOFT.COM — 21 Mar 2026
🐛
CVE-2026-23271 perf: Fix __perf_event_overflow() vs perf_remove_from_context() race
MSRC.MICROSOFT.COM — 21 Mar 2026
🐛
CVE-2026-32766 astral-tokio-tar insufficiently validates PAX extensions during extraction
MSRC.MICROSOFT.COM — 21 Mar 2026
🐛
CVE-2026-3633 Libsoup: libsoup: header and http request injection via crlf injection
MSRC.MICROSOFT.COM — 21 Mar 2026
🐛
CVE-2026-30922 pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
MSRC.MICROSOFT.COM — 21 Mar 2026
⚠️
The Fundamental Mistake in Cybersecurity Risk Management
CYBERSECURITYTODAY.LIBSYN.COM — 21 Mar 2026
⚠️
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
BLEEPINGCOMPUTER.COM — 21 Mar 2026
⚠️
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
CSOONLINE.COM — 21 Mar 2026
⚠️
Linux Telnet Vulnerability Exposed
YOUTUBE.COM — 2026-03-21
📢
FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
THEHACKERNEWS.COM — 21 Mar 2026
📢
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
THEHACKERNEWS.COM — 21 Mar 2026
🔥
Are nations ready to be the cybersecurity insurers of last resort?
CSOONLINE.COM — 21 Mar 2026
🕵️
MY TAKE: As RSAC 2026 opens, AI has bifurcated cybersecurity into two wars—the clock is running
LASTWATCHDOG.COM — 21 Mar 2026
📡
Google adds ‘Advanced Flow’ for safe APK sideloading on Android
BLEEPINGCOMPUTER.COM — 21 Mar 2026
📡
Microsoft Azure Monitor alerts abused for callback phishing attacks
BLEEPINGCOMPUTER.COM — 21 Mar 2026
🚨
CISA Adds Five Known Exploited Vulnerabilities to CatalogCISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-31277 Apple Multiple Products Buffer Overflow Vulnerability CVE-2025-32432 Craft CMS Code Injection Vulnerability CVE-2025-43510 Apple…
KEVCISA.GOV — Fri, 20 Mar 26 1
🚨
Vulneratility-Lookup 4.2.0submitted by cm0002 to cybersecurity 3 points | 0 comments https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v4.2.0 It is our honour to announce the release of Vulnerability-Lookup 4.2.0 ! This version brings a large number of new CSAF-based vulnerability …
KEVINFOSEC.PUB — 20 Mar 2026
🐛
Oracle pushes emergency fix for critical Identity Manager RCE flaw
BLEEPINGCOMPUTER.COM — 20 Mar 2026
🐛
CISA orders feds to patch max-severity Cisco flaw by Sunday
BLEEPINGCOMPUTER.COM — 20 Mar 2026
🐛
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
THEHACKERNEWS.COM — 20 Mar 2026
🐛
CVE-2026-23214 btrfs: reject new transactions if the fs is fully read-only
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23221 bus: fsl-mc: fix use-after-free in driver_override_show()
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2025-71221 dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue()
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23110 scsi: core: Wake up the error handler when final completions race against each other
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23171 bonding: fix use-after-free due to enslave fail after slave array update
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23213 drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2025-71225 md: suspend array while updating raid_disks via sysfs
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2025-71227 wifi: mac80211: don't WARN for connections on invalid channels
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2025-71233 PCI: endpoint: Avoid creating sub-groups asynchronously
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2025-71236 scsi: qla2xxx: Validate sp before freeing associated memory
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23227 drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23207 spi: tegra210-quad: Protect curr_xfer check in IRQ handler
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23113 io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23118 rxrpc: Fix data-race warning and potential load/store tearing
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23126 netdevsim: fix a race issue related to the operation on bpf_bound_progs list
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23154 net: fix segmentation of forwarding fraglist GRO
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23157 btrfs: do not strictly require dirty metadata threshold for metadata writepages
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23169 mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23191 ALSA: aloop: Fix racy access at PCM trigger
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23208 ALSA: usb-audio: Prevent excessive number of frames
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23269 apparmor: validate DFA start states are in bounds in unpack_pdb
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23259 io_uring/rw: free potentially allocated iovec on cache put failure
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23268 apparmor: fix unprivileged local user can do privileged policy management
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23266 fbdev: rivafb: fix divide error in nv3_arb()
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23265 f2fs: fix to do sanity check on node footer in {read,write}_end_io
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2006-10002 XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23255 net: add proper RCU protection to /proc/net/ptype
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23253 media: dvb-core: fix wrong reinitialization of ringbuffer on reopen
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2025-71269 btrfs: do not free data reservation in fallback from inline due to -ENOSPC
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2026-23267 f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes
MSRC.MICROSOFT.COM — 20 Mar 2026
🐛
CVE-2006-10003 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack
MSRC.MICROSOFT.COM — 20 Mar 2026
⚠️
54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security
THEHACKERNEWS.COM — 20 Mar 2026
⚠️
Proton Mail Shared User Information with the Police
SCHNEIER.COM — 2026-03-20
⚠️
FBI Seizes Iran-Linked Handala Leak Site After Stryker Intune Wipe Attack: Cybersecurity Today
KEVCYBERSECURITYTODAY.LIBSYN.COM — 20 Mar 2026
⚠️
Police take down 373,000 fake CSAM sites in Operation Alice
BLEEPINGCOMPUTER.COM — 20 Mar 2026
⚠️
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
THEHACKERNEWS.COM — 20 Mar 2026
⚠️
Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
THEHACKERNEWS.COM — 20 Mar 2026
⚠️
DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks
THEHACKERNEWS.COM — 20 Mar 2026
⚠️
Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
THEHACKERNEWS.COM — 20 Mar 2026
⚠️
All aboard: the NIST Cybersecurity for IoT Program is headed to our next stop! Share your input on where we’re headed during our Future Directions Two-Day Workshop on March 31st.
NIST.GOV — 20 Mar 2026
⚠️
GSocket Backdoor Delivered Through Bash Script, (Fri, Mar 20th)
ISC.SANS.EDU — 20 Mar 2026
⚠️
CTI-REALM: A new benchmark for end-to-end detection rule generation with AI agents
MICROSOFT.COM — 20 Mar 2026
⚠️
Stop using AI to submit bug reports, says Google
CSOONLINE.COM — 20 Mar 2026
⚠️
The espionage reality: Your infrastructure is already in the collection path
CSOONLINE.COM — 20 Mar 2026
⚠️
Ahab and Peewee Herman, Zoom, Vibe Hacking, SharePoint, Meta, AgeID, Josh Marpet - SWN #565
YOUTUBE.COM — 2026-03-20
⚠️
Unexpected Flaw in Laundry Cards
YOUTUBE.COM — 2026-03-20
⚠️
Cryptographers engage in war of words over RustSec bug reports and subsequent ban
INFOSEC.PUB — 20 Mar 2026
⚠️
An Android physical security tool
SH.ITJUST.WORKS — 20 Mar 2026
⚠️
Intego X9: Never trust my updates
QUARKSLAB.COM — 2026-03-20
📢
US accuses Iran’s government of operating hacktivist group that hacked Stryker
TECHCRUNCH.COM — 20 Mar 2026
📢
DDoS-Attacken: Schlag gegen internationale Cyberkriminelle
CSOONLINE.COM — 20 Mar 2026
🔥
FBI links Signal phishing attacks to Russian intelligence services
BLEEPINGCOMPUTER.COM — 20 Mar 2026
🔥
How CISOs Can Survive the Era of Geopolitical Cyberattacks
BLEEPINGCOMPUTER.COM — 20 Mar 2026
🔥
In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting
SECURITYWEEK.COM — 20 Mar 2026
🔥
Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
KREBSONSECURITY.COM — 20 Mar 2026
🔥
The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
THEHACKERNEWS.COM — 20 Mar 2026
🔥
Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers
THEHACKERNEWS.COM — 20 Mar 2026
🔥
Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US
TECHCRUNCH.COM — 20 Mar 2026
🔥
Denver’s crosswalks hacked to broadcast anti-Trump messages
BITDEFENDER.COM — 20 Mar 2026
🔥
LeakNet ransomware: what you need to know
FORTRA.COM — 20 Mar 2026
🔥
Water utilities strengthen cybersecurity through cooperation
CSOONLINE.COM — 20 Mar 2026
🔥
DoJ has taken down botnets behind the largest-ever DDoS attack
INFOSEC.PUB — 20 Mar 2026
🔥
DoJ has taken down botnets behind the largest-ever DDoS attack
PROGRAMMING.DEV — 20 Mar 2026
🔥
DoJ has taken down botnets behind the largest-ever DDoS attack
SH.ITJUST.WORKS — 20 Mar 2026
🔥
Move fast and save things: A quick guide to recovering a hacked account
WELIVESECURITY.COM — 20 Mar 2026
🕵️
Friday Squid Blogging: Jumbo Flying Squid in the South Pacific
SCHNEIER.COM — 2026-03-20
🕵️
3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China
SECURITYWEEK.COM — 20 Mar 2026
🕵️
ISC Stormcast For Friday, March 20th, 2026 https://isc.sans.edu/podcastdetail/9858, (Fri, Mar 20th)
ISC.SANS.EDU — 20 Mar 2026
🕵️
Secure agentic AI end-to-end
MICROSOFT.COM — 20 Mar 2026
🕵️
Inside Our 'Human Risk: In-Person Experience' in Leeds
KNOWBE4.COM — 20 Mar 2026
🕵️
Digital Cleanup: It’s Not Just Your Files, It’s Your Brain
KNOWBE4.COM — 20 Mar 2026
🕵️
GUEST ESSAY: Executives trust AI security even as security teams confront blind spots, new risks
LASTWATCHDOG.COM — 20 Mar 2026
🕵️
Discord Age Verification Rollback
YOUTUBE.COM — 2026-03-20
🕵️
French aircraft carrier Charles de Gaulle tracked via Strava activity in OPSEC failure
INFOSEC.PUB — 20 Mar 2026
🌐
Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
THEHACKERNEWS.COM — 20 Mar 2026
🌐
Predator spyware disables iOS camera and microphone indicators | Kaspersky official blog
KASPERSKY.COM — 20 Mar 2026
📡
A French Navy officer accidentally leaked the location of an aircraft carrier by logging his run on Strava
TECHCRUNCH.COM — 20 Mar 2026
📡
Linux & Cloud Detection Engineering - TeamPCP Container Attack Scenario
ELASTIC.CO — 20 Mar 2026
🚨
CISA Adds Exploited Zimbra Collaboration Suite Flaw to Warning ListThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies and organizations using the platform must apply the nece…
KEVGBHACKERS.COM — 19 Mar 2026
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.  CVE-2026-20131 Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserializa…
KEVCISA.GOV — Thu, 19 Mar 26 1
🐛
CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
KEVTHEHACKERNEWS.COM — 19 Mar 2026
🐛
CVE-2026-23233 f2fs: fix to avoid mapping wrong physical block for swapfile
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-23242 RDMA/siw: Fix potential NULL pointer dereference in header processing
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-23245 net/sched: act_gate: snapshot parameters with RCU on replace
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2025-71266 fs: ntfs3: check return value of indx_find to avoid infinite loop
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2025-71267 fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-23244 nvme: fix memory allocation in nvme_pr_read_keys()
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-23243 RDMA/umad: Reject negative data_len in ib_umad_write
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-4224 Stack overflow parsing XML with deeply nested DTD content models
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-3644 Incomplete control character validation in http.cookies
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-23248 perf/core: Fix refcount bug and potential UAF in perf_mmap
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-23246 wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-23247 tcp: secure_seq: add back ports to TS offset
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2025-71265 fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-27448 pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-27459 pyOpenSSL DTLS cookie callback buffer overflow
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CISA Warns of Attacks Exploiting Recent SharePoint Vulnerability
KEVSECURITYWEEK.COM — 19 Mar 2026
🐛
Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
SH.ITJUST.WORKS — 19 Mar 2026
🐛
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE
SH.ITJUST.WORKS — 19 Mar 2026
🐛
Telnet vulnerability opens door to remote code execution as root
CSOONLINE.COM — 19 Mar 2026
🐛
Ransomware group exploited Cisco firewall vulnerability as a zero day, weeks before a patch appeared
CSOONLINE.COM — 19 Mar 2026
🐛
CVE-2026-32169 Azure Cloud Shell Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-26139 Microsoft Purview Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-26138 Microsoft Purview Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-32191 Microsoft Bing Images Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-23658 Azure DevOps: msazure Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-26120 Microsoft Bing Tampering Vulnerability
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-23659 Azure Data Factory Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-24299 M365 Copilot Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-26136 Microsoft Copilot Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-26137 Microsoft 365 Copilot BizChat Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
CVE-2026-32194 Microsoft Bing Images Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 19 Mar 2026
🐛
ZDI-26-221: GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 19 Mar 2026
🐛
ZDI-26-220: GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 19 Mar 2026
🐛
ZDI-26-219: GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 19 Mar 2026
🐛
ZDI-26-218: GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 19 Mar 2026
🐛
ZDI-26-217: GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 19 Mar 2026
⚠️
Interesting Message Stored in Cowrie Logs, (Wed, Mar 18th)
ISC.SANS.EDU — 19 Mar 2026
⚠️
Cisco Firewall Zero-Day Actively Exploited to Deliver Interlock Ransomware
KEVGBHACKERS.COM — 19 Mar 2026
⚠️
New iOS Exploit Uses Advanced iPhone Hacking Tools to Steal Personal Data
GBHACKERS.COM — 19 Mar 2026
⚠️
ScreenConnect Flaw Lets Hackers Steal Machine Keys and Hijack Sessions
GBHACKERS.COM — 19 Mar 2026
⚠️
Aura Confirms Data Breach Exposing 900,000 Customer Records
GBHACKERS.COM — 19 Mar 2026
⚠️
Anthropic ban heralds new era of supply chain risk — with no clear playbook
CSOONLINE.COM — 19 Mar 2026
⚠️
Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks
SECURITYWEEK.COM — 19 Mar 2026
⚠️
Your MFA isn’t broken — it’s being bypassed, and your employees can’t tell the difference
CSOONLINE.COM — 19 Mar 2026
⚠️
Hacking a Robot Vacuum
SCHNEIER.COM — 2026-03-19
⚠️
DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover
THEHACKERNEWS.COM — 19 Mar 2026
⚠️
Critical Microsoft SharePoint flaw now exploited in attacks
BLEEPINGCOMPUTER.COM — 19 Mar 2026
⚠️
Pyronut Package Backdoors Telegram Bots With RCE
GBHACKERS.COM — 19 Mar 2026
⚠️
The multi-billion dollar mistake: Why cloud misconfigurations are your biggest security threat
CSOONLINE.COM — 19 Mar 2026
⚠️
CISA urges US orgs to secure Microsoft Intune systems after Stryker breach
BLEEPINGCOMPUTER.COM — 19 Mar 2026
⚠️
Claude Vulnerabilities Allow Data Exfiltration and Malicious Redirect Attacks
GBHACKERS.COM — 19 Mar 2026
⚠️
CISA orders feds to patch Zimbra XSS flaw exploited in attacks
SH.ITJUST.WORKS — 19 Mar 2026
⚠️
Russian APT Exploits Zimbra Vulnerability Against Ukraine
SECURITYWEEK.COM — 19 Mar 2026
⚠️
New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data
THEHACKERNEWS.COM — 19 Mar 2026
⚠️
7 Ways to Prevent Privilege Escalation via Password Resets
BLEEPINGCOMPUTER.COM — 19 Mar 2026
⚠️
Cybersecurity Responsibility Is Shifting
YOUTUBE.COM — 2026-03-19
⚠️
ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More
THEHACKERNEWS.COM — 19 Mar 2026
⚠️
Russian hackers exploit Zimbra flaw in Ukrainian govt attacks
BLEEPINGCOMPUTER.COM — 19 Mar 2026
⚠️
Beijing wants its own quantum-resistant encryption standards rather than adopt NIST’s
CSOONLINE.COM — 19 Mar 2026
⚠️
Critical ScreenConnect Vulnerability Exposes Machine Keys
SECURITYWEEK.COM — 19 Mar 2026
⚠️
Privacy Platform Cloaked Raises $375M to Expand Consumer Tools and Enterprise Reach
SECURITYWEEK.COM — 19 Mar 2026
⚠️
News alert: SpyCloud study reveal stolen tokens, session data fuel surge in non-human identity attacks
LASTWATCHDOG.COM — 19 Mar 2026
⚠️
Anton’s Security Blog Quarterly Q1 2026
KEVMEDIUM.COM — 19 Mar 2026
⚠️
CISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian group
CSOONLINE.COM — 19 Mar 2026
⚠️
That cheap KVM device could expose your network to remote compromise
CSOONLINE.COM — 19 Mar 2026
⚠️
SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft
CSOONLINE.COM — 19 Mar 2026
⚠️
Hacking IP KVMs & Reversing with Radare2 - Sergi Àlvarez - PSW #918
YOUTUBE.COM — 2026-03-19
⚠️
Building an Adversarial Consensus Engine | Multi-Agent LLMs for Automated Malware Analysis
SENTINELONE.COM — 19 Mar 2026
⚠️
Linux & Cloud Detection Engineering - Getting Started with Defend for Containers (D4C)
ELASTIC.CO — 19 Mar 2026
📢
5 key priorities for your RSAC 2026 agenda
CSOONLINE.COM — 19 Mar 2026
📢
CISA Calls on Organizations to Strengthen Microsoft Intune Security After Stryker Incident
GBHACKERS.COM — 19 Mar 2026
📢
Ubiquiti security advisory (AV26-258)
CYBER.GC.CA — 2026-03-19
📢
CISA urges companies to secure Microsoft Intune systems after hackers mass-wipe Stryker devices
TECHCRUNCH.COM — 19 Mar 2026
📢
Microsoft security advisory – January 2026 monthly rollup (AV26-024) – Update 2
CYBER.GC.CA — 2026-03-19
📢
Spring security advisory (AV26-259)
CYBER.GC.CA — 2026-03-19
🔥
Raven Emerges From Stealth With $20 Million in Funding
SECURITYWEEK.COM — 19 Mar 2026
🔥
Aura confirms data breach exposing 900,000 marketing contacts
SH.ITJUST.WORKS — 19 Mar 2026
🔥
Security Firm Aura Discloses Data Breach Impacting 900,000 Records
SECURITYWEEK.COM — 19 Mar 2026
🔥
Marquis Data Breach Affects 672,000 Individuals
SECURITYWEEK.COM — 19 Mar 2026
🔥
FBI seizes pro-Iranian hacking group’s websites after destructive Stryker hack
TECHCRUNCH.COM — 19 Mar 2026
🔥
Iran Readied Cyberattack Capabilities for Response Prior to Epic Fury
SECURITYWEEK.COM — 19 Mar 2026
🔥
FBI seizes Handala data leak site after Stryker cyberattack
BLEEPINGCOMPUTER.COM — 19 Mar 2026
🔥
When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures
MICROSOFT.COM — 19 Mar 2026
🔥
Bitrefill blames North Korean Lazarus group for cyberattack
BLEEPINGCOMPUTER.COM — 19 Mar 2026
🔥
1stProtect Emerges From Stealth With $20 Million in Funding
SECURITYWEEK.COM — 19 Mar 2026
🔥
Millions of iPhones can be hacked with a new tool found in the wild
ARSTECHNICA.COM — 19 Mar 2026
🕵️
ISC Stormcast For Thursday, March 19th, 2026 https://isc.sans.edu/podcastdetail/9856, (Thu, Mar 19th)
ISC.SANS.EDU — 19 Mar 2026
🕵️
SnappyClient Implant Blends Remote Access, Data Theft, and Stealth Evasion
GBHACKERS.COM — 19 Mar 2026
🕵️
WaterPlum Unleashes “StoatWaffle” Malware in VSCode Supply Chain Attack
GBHACKERS.COM — 19 Mar 2026
🕵️
Iran-Linked Botnet Exposed After Open Directory Leak Reveals 15-Node Relay Network
GBHACKERS.COM — 19 Mar 2026
🕵️
Open VSX Extension Delivers RAT and Stealer via GitHub Downloader
GBHACKERS.COM — 19 Mar 2026
🕵️
Researchers disclose vulnerabilities in IP KVMs from four manufacturers
SH.ITJUST.WORKS — 19 Mar 2026
🕵️
Horabot Returns in Mexico, Spreading via Phishing and Email Worm Attacks
GBHACKERS.COM — 19 Mar 2026
🕵️
OpenWebUI Servers Targeted in Attacks Using AI Payloads to Steal Data
GBHACKERS.COM — 19 Mar 2026
🕵️
Fake Tools and CDNs Power New “Vibe-Coded” Malware Campaign
GBHACKERS.COM — 19 Mar 2026
🕵️
ConnectWise patches new flaw allowing ScreenConnect hijacking
SH.ITJUST.WORKS — 19 Mar 2026
🕵️
Average Number of Daily API Attacks Up 113% Annually - Infosecurity Magazine
SH.ITJUST.WORKS — 19 Mar 2026
🕵️
Hacker Conversations: Ben Harris, from Unintentional Young Hacker to Intentional Adult CEO
SECURITYWEEK.COM — 19 Mar 2026
🕵️
CISO Whisperer Names 11 Vendors Leading the Shift from Tools to Outcomes at RSA Conference 2026
GBHACKERS.COM — 19 Mar 2026
🕵️
Oasis Security Raises $120 Million for Agentic Access Management
SECURITYWEEK.COM — 19 Mar 2026
🕵️
Our KnowBe4 Community Is One of Our Greatest Strengths
KNOWBE4.COM — 19 Mar 2026
🕵️
New tools and guidance: Announcing Zero Trust for AI
MICROSOFT.COM — 19 Mar 2026
🕵️
Securing the Enterprise AI Ecosystem with ServiceNow and Prisma AIRS
PALOALTONETWORKS.COM — 19 Mar 2026
🕵️
App Stores Aren’t Actually Safe
YOUTUBE.COM — 2026-03-19
🕵️
PC MLA says hackers accessed and shared intimate images on his devices
INFOSEC.PUB — 19 Mar 2026
🌐
New ‘Perseus’ Android malware checks user notes for secrets
BLEEPINGCOMPUTER.COM — 19 Mar 2026
🌐
2025 Year in Review: Malicious, Infrastructure
RECORDEDFUTURE.COM — 19 Mar 2026
🎙️
Smashing Security podcast #459: This clever scam nearly hijacked a tech CEO’s Apple ID
GRAHAMCLULEY.COM — 19 Mar 2026
📡
IndonesianFoods Spam Campaign: 89 000 junk packages in npm
KASPERSKY.COM — 19 Mar 2026
📡
How Ceros Gives Security Teams Visibility and Control in Claude Code
THEHACKERNEWS.COM — 19 Mar 2026
📡
Max severity Ubiquiti UniFi flaw may allow account takeover
BLEEPINGCOMPUTER.COM — 19 Mar 2026
📡
Consumer-focused privacy company Cloaked raises $375M as it expands to enterprise
TECHCRUNCH.COM — 19 Mar 2026
📡
Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries
TRENDMICRO.COM — 19 Mar 2026
📡
EDR killers explained: Beyond the drivers
WELIVESECURITY.COM — 19 Mar 2026
📡
From Invitation to Infection: How SILENTCONNECT Delivers ScreenConnect
ELASTIC.CO — 19 Mar 2026
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-66376 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability This type of vulnerability is a frequent attack vector …
KEVCISA.GOV — Wed, 18 Mar 26 1
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-20963 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector for mal…
KEVCISA.GOV — Wed, 18 Mar 26 1
🐛
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
THEHACKERNEWS.COM — 18 Mar 2026
🐛
FortiClient Hit by Severe SQL Injection Vulnerability Enabling Database Intrusion
GBHACKERS.COM — 18 Mar 2026
🐛
Researchers Disclose ‘RegPwn,’ a Windows Registry Weakness Allowing SYSTEM Access
GBHACKERS.COM — 18 Mar 2026
🐛
New Kubernetes NFS CSI Vulnerability Enables Unauthorized Directory Deletion and Changes
GBHACKERS.COM — 18 Mar 2026
🐛
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
THEHACKERNEWS.COM — 18 Mar 2026
🐛
CVE-2026-23241 audit: add missing syscalls to read class
MSRC.MICROSOFT.COM — 18 Mar 2026
🐛
CVE-2025-71239 audit: add fchmodat2() to change attributes class
MSRC.MICROSOFT.COM — 18 Mar 2026
🐛
Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
THEHACKERNEWS.COM — 18 Mar 2026
🐛
Ubuntu Desktop Vulnerability Lets Attackers Escalate Privileges to Full Root Access
GBHACKERS.COM — 18 Mar 2026
🐛
Critical Telnetd Vulnerability Enables Remote Code Execution Attacks
GBHACKERS.COM — 18 Mar 2026
🐛
Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
THEHACKERNEWS.COM — 18 Mar 2026
🐛
The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors
CLOUD.GOOGLE.COM — 18 Mar 2026
🐛
Amazon threat intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls
AWS.AMAZON.COM — 18 Mar 2026
⚠️
Another Medicat Device Firm Hit
CYBERSECURITYTODAY.LIBSYN.COM — 18 Mar 2026
⚠️
AWS Bedrock AgentCore Sandbox Bypass Enables Stealthy C2 and Data Exfiltration
GBHACKERS.COM — 18 Mar 2026
⚠️
Fake Telegram Download Site Delivers Stealthy In-Memory Malware Loader
GBHACKERS.COM — 18 Mar 2026
⚠️
CISOs rethink their data protection strategies
CSOONLINE.COM — 18 Mar 2026
⚠️
Aura - 903,080 breached accounts
HAVEIBEENPWNED.COM — 18 Mar 2026
⚠️
From Misconfigured Spring Boot Actuator to SharePoint Exfiltration: How Stolen Credentials Bypass MFA
TRENDMICRO.COM — 18 Mar 2026
⚠️
Cybersecurity and privacy priorities for 2026: The legal risk map
CSOONLINE.COM — 18 Mar 2026
⚠️
ClickFix treibt neue Infostealer-Kampagnen an
CSOONLINE.COM — 18 Mar 2026
⚠️
Can you prove the person on the other side is real?
CSOONLINE.COM — 18 Mar 2026
⚠️
Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t Patch
SECURITYWEEK.COM — 18 Mar 2026
⚠️
ForceMemo Hijacks GitHub Accounts, Backdoors Python Repos
GBHACKERS.COM — 18 Mar 2026
⚠️
Reco targets AI agent blind spots with new security capability
CSOONLINE.COM — 18 Mar 2026
⚠️
Apple WebKit Security Flaw Exposes iOS and macOS Users to Content-Based Bypass Attacks
GBHACKERS.COM — 18 Mar 2026
⚠️
Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records | The Record from Recorded Future News
SH.ITJUST.WORKS — 18 Mar 2026
⚠️
The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms
BLEEPINGCOMPUTER.COM — 18 Mar 2026
⚠️
New “Darksword” iOS exploit used in infostealer attack on iPhones
BLEEPINGCOMPUTER.COM — 18 Mar 2026
⚠️
‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors
SECURITYWEEK.COM — 18 Mar 2026
⚠️
Ransomware gang exploits Cisco flaw in zero-day attacks since January
BLEEPINGCOMPUTER.COM — 18 Mar 2026
⚠️
AI Reinforces Your Bias
YOUTUBE.COM — 2026-03-18
⚠️
ConnectWise patches new flaw allowing ScreenConnect hijacking
BLEEPINGCOMPUTER.COM — 18 Mar 2026
⚠️
Shipping-Themed Phishing Scams Target the Middle East and Africa
KNOWBE4.COM — 18 Mar 2026
⚠️
The Collapse of Predictive Security in the Age of Machine-Speed Attacks
SECURITYWEEK.COM — 18 Mar 2026
⚠️
CISA orders feds to patch Zimbra XSS flaw exploited in attacks
KEVBLEEPINGCOMPUTER.COM — 18 Mar 2026
⚠️
CISA Urges Endpoint Management System Hardening After Cyberattack Against US Organization
CISA.GOV — Wed, 18 Mar 26 1
📋
Apple Debuts Background Security Improvements With Fresh WebKit Patches
SECURITYWEEK.COM — 18 Mar 2026
📢
[Control Systems] Phoenix Contact Security Advisory (AV26-247)
CYBER.GC.CA — 2026-03-18
📢
Apple security advisory (AV26-248)
CYBER.GC.CA — 2026-03-18
📢
GNU security advisory (AV26-249)
CYBER.GC.CA — 2026-03-18
📢
Mitel security advisory (AV26-250)
CYBER.GC.CA — 2026-03-18
📢
VMware security advisory (AV26-252)
CYBER.GC.CA — 2026-03-18
📢
Atlassian security advisory (AV26-251)
CYBER.GC.CA — 2026-03-18
📢
Citrix security advisory (AV26-253)
CYBER.GC.CA — 2026-03-18
📢
Roundcube security advisory (AV26-254)
CYBER.GC.CA — 2026-03-18
📢
Jenkins security advisory (AV26-255)
CYBER.GC.CA — 2026-03-18
📢
Google Chrome security advisory (AV26-256)
CYBER.GC.CA — 2026-03-18
📢
ConnectWise security advisory (AV26-257)
CYBER.GC.CA — 2026-03-18
🔥
Microsoft Teams-Based Vishing Attack Tricks Victims Into Quick Assist Takeover
GBHACKERS.COM — 18 Mar 2026
🔥
LeakNet boosts ransomware with ClickFix lures, stealthy Deno loader
GBHACKERS.COM — 18 Mar 2026
🔥
Less Lucrative Ransomware Market Makes Attackers Alter Methods
SH.ITJUST.WORKS — 18 Mar 2026
🔥
9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors
THEHACKERNEWS.COM — 18 Mar 2026
🔥
Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach
SECURITYWEEK.COM — 18 Mar 2026
🔥
Robotic Surgery Giant Intuitive Discloses Cyberattack - SecurityWeek
SH.ITJUST.WORKS — 18 Mar 2026
🔥
Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches
SECURITYWEEK.COM — 18 Mar 2026
🔥
Marquis says over 672,000 people had personal and financial data stolen in ransomware attack
TECHCRUNCH.COM — 18 Mar 2026
🔥
Marquis: Ransomware gang stole data of 672K people in cyberattack
BLEEPINGCOMPUTER.COM — 18 Mar 2026
🔥
Aura confirms data breach exposing 900,000 marketing contacts
BLEEPINGCOMPUTER.COM — 18 Mar 2026
🕵️
News alert: GitGuardian study shows AI coding tools double leak rates as 29M credentials hit GitHub
LASTWATCHDOG.COM — 18 Mar 2026
🕵️
News alert: Orchid Security brings Zero-Trust to AI Agent identities, earns Gartner recognition
LASTWATCHDOG.COM — 18 Mar 2026
🕵️
Judicial Targets Hit by COVERT RAT via Court Docs and GitHub Payloads
GBHACKERS.COM — 18 Mar 2026
🕵️
Boggy Serpens Hits Diplomats, Critical Infrastructure in Espionage Waves
GBHACKERS.COM — 18 Mar 2026
🕵️
Vidar Stealer 2.0 Spreads via Fake Game Cheats Shared on GitHub and Reddit
GBHACKERS.COM — 18 Mar 2026
🕵️
Language of the Board as CISO-Board Time Falls Short and CISOs Struggle with Risk - BSW #439
YOUTUBE.COM — 2026-03-18
🕵️
Iran Cyber Ops Merge With PsyOps and EW Amid Escalating Conflict
GBHACKERS.COM — 18 Mar 2026
🕵️
OpenAI Introduces GPT-5.4 Mini and Nano for Faster, Lightweight AI Performance
GBHACKERS.COM — 18 Mar 2026
🕵️
BSI moniert Software-Sicherheit im Gesundheitswesen
CSOONLINE.COM — 18 Mar 2026
🕵️
Meta’s AI Glasses and Privacy
SCHNEIER.COM — 2026-03-18
🕵️
ISC Stormcast For Wednesday, March 18th, 2026 https://isc.sans.edu/podcastdetail/9854, (Wed, Mar 18th)
ISC.SANS.EDU — 18 Mar 2026
🕵️
Android OS-Level Attack Bypasses Mobile Payment Security - Infosecurity Magazine
SH.ITJUST.WORKS — 18 Mar 2026
🕵️
Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish
SH.ITJUST.WORKS — 18 Mar 2026
🕵️
CursorJack’ Attack Path Exposes Code Execution Risk in AI Development - Infosecurity Magazine
SH.ITJUST.WORKS — 18 Mar 2026
🕵️
UIDAI Introduces Bug Bounty Program to Strengthen Aadhaar Defenses
GBHACKERS.COM — 18 Mar 2026
🕵️
Scans for "adminer", (Wed, Mar 18th)
ISC.SANS.EDU — 18 Mar 2026
🕵️
FancyBear Server Leak Exposes Stolen Credentials, 2FA Secrets, NATO Targets
GBHACKERS.COM — 18 Mar 2026
🕵️
Manifold Raises $8 Million for AI Detection and Response
SECURITYWEEK.COM — 18 Mar 2026
🕵️
The Lost Art of BIA
YOUTUBE.COM — 2026-03-18
🕵️
Russians caught stealing personal data from Ukrainians with new advanced iPhone hacking tools
TECHCRUNCH.COM — 18 Mar 2026
🕵️
Virtual Summit Today: Supply Chain & Third-Party Risk Summit
SECURITYWEEK.COM — 18 Mar 2026
🕵️
EU Sanctions Chinese, Iranian Firms Supporting Hacking Operations
SECURITYWEEK.COM — 18 Mar 2026
🕵️
Cloud Security Startup Native Exits Stealth With $42 Million in Funding
SECURITYWEEK.COM — 18 Mar 2026
🕵️
Observability for AI Systems: Strengthening visibility for proactive risk detection
MICROSOFT.COM — 18 Mar 2026
🕵️
OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs
THEHACKERNEWS.COM — 18 Mar 2026
🕵️
Autonomous Offensive Security Firm XBOW Raises $120M at $1B+ Valuation
SECURITYWEEK.COM — 18 Mar 2026
🕵️
Who Really Owns AI Decisions
YOUTUBE.COM — 2026-03-18
🕵️
How NextWave’s Evolution Drives Shared Success
PALOALTONETWORKS.COM — 18 Mar 2026
🎙️
Risky Business #829 -- Sneaky lobsters: Why AI is the new insider threat
RISKY.BIZ — 18 Mar 2026
📡
Weekly Threat Bulletin – March 18th, 2026
F5.COM — 18 Mar 2026
📡
Why East-West Visibility Matters for Grid Security
TRENDMICRO.COM — 18 Mar 2026
📡
Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels
THEHACKERNEWS.COM — 18 Mar 2026
📡
Claude Code Security and Magecart: Getting the Threat Model Right
THEHACKERNEWS.COM — 18 Mar 2026
📡
Nordstrom's email system abused to send crypto scams to customers
BLEEPINGCOMPUTER.COM — 18 Mar 2026
📡
FBI is buying location data to track US citizens, director confirms
TECHCRUNCH.COM — 18 Mar 2026
📡
Proofpoint Pursues FedRAMP High Authorization Process for Collaboration Security
PROOFPOINT.COM — 18 Mar 2026
📡
The SOC Files: Time to “Sapecar”. Unpacking a new Horabot campaign in Mexico
SECURELIST.COM — 18 Mar 2026
🐛
CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
KEVTHEHACKERNEWS.COM — 17 Mar 2026
🐛
CVE-2026-32775
MSRC.MICROSOFT.COM — 17 Mar 2026
🐛
CVE-2026-23941 Request smuggling via first-wins Content-Length parsing in inets httpd
MSRC.MICROSOFT.COM — 17 Mar 2026
🐛
CVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflate
MSRC.MICROSOFT.COM — 17 Mar 2026
🐛
CVE-2025-69647
MSRC.MICROSOFT.COM — 17 Mar 2026
🐛
CVE-2025-69648
MSRC.MICROSOFT.COM — 17 Mar 2026
🐛
CVE-2026-32249 NFA regex engine NULL pointer dereference affects Vim < 9.2.0137
MSRC.MICROSOFT.COM — 17 Mar 2026
🐛
CVE-2026-32776
MSRC.MICROSOFT.COM — 17 Mar 2026
🐛
CVE-2026-32778
MSRC.MICROSOFT.COM — 17 Mar 2026
🐛
CVE-2026-32777
MSRC.MICROSOFT.COM — 17 Mar 2026
🐛
CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd
MSRC.MICROSOFT.COM — 17 Mar 2026
🐛
CVE-2026-4111 Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive
MSRC.MICROSOFT.COM — 17 Mar 2026
🐛
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
MSRC.MICROSOFT.COM — 17 Mar 2026
🐛
CVE-2026-4105 Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method
MSRC.MICROSOFT.COM — 17 Mar 2026
🐛
CVE-2026-23066 rxrpc: Fix recvmsg() unconditional requeue
MSRC.MICROSOFT.COM — 17 Mar 2026
🐛
CVE-2026-1703 Limited path traversal when installing wheel archives
MSRC.MICROSOFT.COM — 17 Mar 2026
🐛
CVE-2026-23069 vsock/virtio: fix potential underflow in virtio_transport_get_credit()
MSRC.MICROSOFT.COM — 17 Mar 2026
🐛
Angular XSS Vulnerability Threatens Thousands of Web Applications
GBHACKERS.COM — 17 Mar 2026
🐛
CISA Flags Year-Old Wing FTP Vulnerability as Exploited
SECURITYWEEK.COM — 17 Mar 2026
🐛
Nvidia NemoClaw promises to run OpenClaw agents securely
CSOONLINE.COM — 17 Mar 2026
🐛
Apple pushes first Background Security Improvements update to fix WebKit flaw
BLEEPINGCOMPUTER.COM — 17 Mar 2026
🐛
ZDI-26-216: (Pwn2Own) QNAP TS-453E smbd domain_name Argument Injection Authentication Bypass Vulnerability
ZERODAYINITIATIVE.COM — 17 Mar 2026
⚠️
GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
THEHACKERNEWS.COM — 17 Mar 2026
⚠️
New CondiBot Variant and ‘Monaco’ Miner Target More Network Devices
GBHACKERS.COM — 17 Mar 2026
⚠️
CISA Alerts Users to Exploited Chrome 0-Day Flaws
KEVGBHACKERS.COM — 17 Mar 2026
⚠️
Runtime: The new frontier of AI agent security
CSOONLINE.COM — 17 Mar 2026
⚠️
WebFiling Flaw at UK Companies House Exposed Director Data for Months
GBHACKERS.COM — 17 Mar 2026
⚠️
CISA Issues Alert on Wing FTP Server Vulnerability Used in Attacks
KEVGBHACKERS.COM — 17 Mar 2026
⚠️
Creating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374
YOUTUBE.COM — 2026-03-17
⚠️
South Korean Police Accidentally Post Cryptocurrency Wallet Password
SCHNEIER.COM — 2026-03-17
⚠️
Microsoft Launches AI-Driven Troubleshooting for Purview Data Lifecycle Tools
GBHACKERS.COM — 17 Mar 2026
⚠️
AWS Bedrock’s ‘isolated’ sandbox comes with a DNS escape hatch
CSOONLINE.COM — 17 Mar 2026
⚠️
GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
SH.ITJUST.WORKS — 17 Mar 2026
⚠️
LeakNet ransomware uses ClickFix and Deno runtime for stealthy attacks
BLEEPINGCOMPUTER.COM — 17 Mar 2026
⚠️
CISA flags Wing FTP Server flaw as actively exploited in attacks
KEVSH.ITJUST.WORKS — 17 Mar 2026
⚠️
174 Vulnerabilities Targeted by RondoDox Botnet
SECURITYWEEK.COM — 17 Mar 2026
⚠️
Iranian Hackers Use Compromised Cameras for Regional Surveillance
GBHACKERS.COM — 17 Mar 2026
⚠️
Microsoft stops force-installing the Microsoft 365 Copilot app
BLEEPINGCOMPUTER.COM — 17 Mar 2026
⚠️
Outdated OWASP Advice
YOUTUBE.COM — 2026-03-17
⚠️
UK Companies House Exposed Details of Millions of Firms
SECURITYWEEK.COM — 17 Mar 2026
⚠️
Tech Giants Invest $12.5 Million in Open Source Security
SECURITYWEEK.COM — 17 Mar 2026
⚠️
AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
THEHACKERNEWS.COM — 17 Mar 2026
⚠️
End / Collapse: New Code, New Risks
YOUTUBE.COM — 2026-03-17
⚠️
Apple rolls out first ‘background security’ update for iPhones, iPads, and Macs to fix Safari bug
TECHCRUNCH.COM — 17 Mar 2026
⚠️
Anton’s Vibe Coding Experience: A Reflection on Risk Decisions
MEDIUM.COM — 17 Mar 2026
⚠️
Malware Hiding on Steam
YOUTUBE.COM — 2026-03-17
⚠️
LABScon25 Replay | Your Apps May Be Gone, But the Hackers Made $9 Billion and They’re Still Here
SENTINELONE.COM — 17 Mar 2026
⚠️
Investing in the people shaping open source and securing the future together
GITHUB.BLOG — 17 Mar 2026
⚠️
Get started with Elastic Security from your AI agent
ELASTIC.CO — 17 Mar 2026
📢
Windows 11 25H2/24H2 Update Addresses Bluetooth Device Visibility Issues
GBHACKERS.COM — 17 Mar 2026
📢
Spring security advisory (AV26-245)
CYBER.GC.CA — 2026-03-17
📢
Stryker says it’s restoring systems after pro-Iran hackers wiped thousands of employee devices
TECHCRUNCH.COM — 17 Mar 2026
📢
GitHub security advisory (AV26-246)
CYBER.GC.CA — 2026-03-17
🔥
Weekly Update 495
TROYHUNT.COM — 17 Mar 2026
🔥
Stryker Targeted by Large-Scale Wiper Attack, Tens of Thousands of Devices Lost
GBHACKERS.COM — 17 Mar 2026
🔥
Hackers Abuse Trusted Websites in New Attacks on Microsoft Teams Users
GBHACKERS.COM — 17 Mar 2026
🔥
Payload ransomware hits Windows and ESXi with Babuk-style encryption
GBHACKERS.COM — 17 Mar 2026
🔥
AI, APIs and DDoS Collide in New Era of Coordinated Cyberattacks
SECURITYWEEK.COM — 17 Mar 2026
🔥
Google Warns Ransomware Groups Shift to Data Theft as Profits Decline
GBHACKERS.COM — 17 Mar 2026
🔥
Robotic Surgery Giant Intuitive Discloses Cyberattack
SECURITYWEEK.COM — 17 Mar 2026
🔥
LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
THEHACKERNEWS.COM — 17 Mar 2026
🔥
Europe sanctions Chinese and Iranian firms for cyberattacks
BLEEPINGCOMPUTER.COM — 17 Mar 2026
🕵️
ISC Stormcast For Tuesday, March 17th, 2026 https://isc.sans.edu/podcastdetail/9852, (Tue, Mar 17th)
ISC.SANS.EDU — 17 Mar 2026
🕵️
LiveChat Support Tools Abused in SaaS Phishing Scheme
GBHACKERS.COM — 17 Mar 2026
🕵️
Malicious NPM Packages Spread PylangGhost RAT in Supply Chain Attack
GBHACKERS.COM — 17 Mar 2026
🕵️
Researchers Uncover Ways to Decrypt Palo Alto Cortex XDR BIOC Rules for Evasion
GBHACKERS.COM — 17 Mar 2026
🕵️
Hackers Leverage Safe Links and URL Rewriting to Evade Detection
GBHACKERS.COM — 17 Mar 2026
🕵️
What is Integrated Cloud Email Security (ICES) and Why do you Need It?
KNOWBE4.COM — 17 Mar 2026
🕵️
Packagist Themes Deliver Trojanized jQuery in OphimCMS Supply Chain Attack
GBHACKERS.COM — 17 Mar 2026
🕵️
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
THEHACKERNEWS.COM — 17 Mar 2026
🕵️
Glassworm Malware Infects Popular React Native npm Packages
GBHACKERS.COM — 17 Mar 2026
🕵️
Microsoft Issues Emergency Patch for Critical Windows 11 RRAS Vulnerabilities
SH.ITJUST.WORKS — 17 Mar 2026
🕵️
IPv4 Mapped IPv6 Addresses, (Tue, Mar 17th)
ISC.SANS.EDU — 17 Mar 2026
🕵️
Tracebit Raises $20M for Cloud-Native Deception Technology
SECURITYWEEK.COM — 17 Mar 2026
🕵️
Microsoft shares fix for Windows C: drive access issues on Samsung PCs
BLEEPINGCOMPUTER.COM — 17 Mar 2026
🕵️
Google, Meta, Microsoft Among Signatories of Pact to Combat Scams
SECURITYWEEK.COM — 17 Mar 2026
🕵️
Security Flaw in AWS Bedrock Code Interpreter Raises Alarms - Infosecurity Magazine
SH.ITJUST.WORKS — 17 Mar 2026
🕵️
Cyber-Attacken fluten Eon-Netz: Angriffe verzehnfacht
CSOONLINE.COM — 17 Mar 2026
🕵️
UK Agency Exposed Corporate Executive Data - BankInfoSecurity
SH.ITJUST.WORKS — 17 Mar 2026
🕵️
GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secrets Hit Public GitHub
GBHACKERS.COM — 17 Mar 2026
🕵️
Orchid Security Recognized by Gartner® as a Representative Vendor of Guardian Agents
GBHACKERS.COM — 17 Mar 2026
🕵️
Surf AI Raises $57 Million for Agentic Security Operations Platform
SECURITYWEEK.COM — 17 Mar 2026
🕵️
CyberheistNews Vol 16 #11 9 Must-Know Best Practices for Email Security
KNOWBE4.COM — 17 Mar 2026
🕵️
We don't need to hack your AI Agent to hack your AI Agent - SRLabs Research
INFOSEC.PUB — 17 Mar 2026
🕵️
We don't need to hack your AI Agent to hack your AI Agent - SRLabs Research
INFOSEC.PUB — 17 Mar 2026
🕵️
Switzerland built an alternative to BGP. Nobody noticed
INFOSEC.PUB — 17 Mar 2026
🕵️
Switzerland built an alternative to BGP. Nobody noticed
SH.ITJUST.WORKS — 17 Mar 2026
🕵️
From Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures
SH.ITJUST.WORKS — 17 Mar 2026
🕵️
New font-rendering trick hides malicious commands from AI tools
SH.ITJUST.WORKS — 17 Mar 2026
🕵️
From Phishing to AI Agents: Can We Design for Digital Mindfulness?
KNOWBE4.COM — 17 Mar 2026
🕵️
So Many AI Attacks, It Made Quantum Seem Easy
KNOWBE4.COM — 17 Mar 2026
🕵️
AI Spicy Mode, Steam, Glassworm, Samsung, Stryker, Waymo, Cole Porter, and More - SWN #564
YOUTUBE.COM — 2026-03-17
🌐
AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds
THEHACKERNEWS.COM — 17 Mar 2026
🌐
GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
BLEEPINGCOMPUTER.COM — 17 Mar 2026
📡
Microsoft: Enabling Teams Meeting add-in breaks Outlook Classic
BLEEPINGCOMPUTER.COM — 17 Mar 2026
📡
New Windows 11 hotpatch fixes Bluetooth device visibility issue
BLEEPINGCOMPUTER.COM — 17 Mar 2026
📡
New font-rendering trick hides malicious commands from AI tools
BLEEPINGCOMPUTER.COM — 17 Mar 2026
📡
Top 5 Things CISOs Need to Do Today to Secure AI Agents
BLEEPINGCOMPUTER.COM — 17 Mar 2026
📡
Researchers disclose vulnerabilities in IP KVMs from four manufacturers
ARSTECHNICA.COM — 17 Mar 2026
📡
How World ID wants to put a unique human identity on every AI agent
ARSTECHNICA.COM — 17 Mar 2026
📡
AWS completes the second GDV community audit with participant insurers in Germany
AWS.AMAZON.COM — 17 Mar 2026
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.  CVE-2025-47813 Wing FTP Server Information Disclosure Vulnerability This type of vulnerability is a frequent attack vector for malicious cyb…
KEVCISA.GOV — Mon, 16 Mar 26 1
🐛
FortiGate Firewall Exploitation Fuels Network Breaches in New Attack Wave
GBHACKERS.COM — 16 Mar 2026
🐛
Nine critical vulnerabilities in Linux AppArmor put over 12M enterprise systems at risk
CSOONLINE.COM — 16 Mar 2026
🐛
Chromium: CVE-2026-3909 Out of bounds write in Skia
MSRC.MICROSOFT.COM — 16 Mar 2026
🐛
Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape
CLOUD.GOOGLE.COM — 16 Mar 2026
🐛
ZDI-26-215: KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-214: GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-213: GIMP LBM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-212: Schneider Electric EcoStruxure Data Center Expert Hard-coded Password Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-211: Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-210: (Pwn2Own) Samsung Galaxy S25 Samsung Members Security Feature Bypass Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-209: (Pwn2Own) Samsung Galaxy S25 Samsung Members Open Redirect Security Bypass Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-208: (Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Integer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-207: (Pwn2Own) Canon imageCLASS MF654Cdw dtdc_addr_importSub Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-206: (Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-205: (Pwn2Own) Canon imageCLASS MF654Cdw PJCC Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-204: (Pwn2Own) Canon imageCLASS MF654Cdw XPS Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-203: (Pwn2Own) Canon imageCLASS MF654Cdw XML SOAP Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-202: (Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin query_original_file_size SQL Injection Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-201: (Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin Hard-Coded Credentials Authentication Bypass Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-200: (Pwn2Own) QNAP TS-453E nvrlog_event_add msg SQL Injection Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-199: (Pwn2Own) QNAP TS-453E conn_log_tool Format String Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-198: (Pwn2Own) QNAP TS-453E malware_remover Code Injection Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-197: (Pwn2Own) ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-196: (Pwn2Own) ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-195: (Pwn2Own) ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-194: Microsoft Exchange InterceptorSmtpAgent Improper Input Validation Security Feature Bypass Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-193: (Pwn2Own) Linux Kernel nf_tables_newset Out-Of-Bounds Write Information Disclosure Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-192: Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-191: (Pwn2Own) Linux Kernel nf_tables Use-After-Free Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-190: (Pwn2Own) VMware Workstation PVSCSI Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-189: (Pwn2Own) VMware ESXi VMXNET3 Integer Overflow Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-188: (Pwn2Own) VMware ESXi VMCI Integer Underflow Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
🐛
ZDI-26-187: (Pwn2Own) Synology DiskStation Manager Netatalk Library Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 16 Mar 2026
⚠️
Notorious Hacker Group "The Comm," Operation Synergia Takedown, Stryker Cyberattack Update & More
CYBERSECURITYTODAY.LIBSYN.COM — 16 Mar 2026
⚠️
Microsoft Issues Out-of-Band Patch for Critical Windows 11 RRAS RCE Flaws
GBHACKERS.COM — 16 Mar 2026
⚠️
Attackers Exploit Teams, Quick Assist to Deploy Stealthy A0Backdoor
GBHACKERS.COM — 16 Mar 2026
⚠️
ClickFix techniques evolve in new infostealer campaigns
CSOONLINE.COM — 16 Mar 2026
⚠️
What it takes to win that CSO role
CSOONLINE.COM — 16 Mar 2026
⚠️
AI Governance, new book (Code War) from Allie Mellen, and the weekly news! - ESW #450
YOUTUBE.COM — 2026-03-16
⚠️
DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
THEHACKERNEWS.COM — 16 Mar 2026
⚠️
MEA Shipment Phishing Scams Surge, Stealing Banking Data in Real Time
GBHACKERS.COM — 16 Mar 2026
⚠️
Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse
CSOONLINE.COM — 16 Mar 2026
⚠️
ForceMemo: Python Repositories Compromised in GlassWorm Aftermath
SECURITYWEEK.COM — 16 Mar 2026
⚠️
Betterleaks Launches as Open-Source Tool for Scanning Files, Directories, and Git Repositories
GBHACKERS.COM — 16 Mar 2026
⚠️
RondoDox Botnet Scales Up, Exploiting 174 Vulnerabilities via Residential IPs
GBHACKERS.COM — 16 Mar 2026
⚠️
Why Security Validation Is Becoming Agentic
THEHACKERNEWS.COM — 16 Mar 2026
⚠️
ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
THEHACKERNEWS.COM — 16 Mar 2026
⚠️
Chrome 146 Update Patches Two Exploited Zero-Days - SecurityWeek
SH.ITJUST.WORKS — 16 Mar 2026
⚠️
Handala Hackers Exploit RDP and NetBird in Coordinated Wiper Attacks
GBHACKERS.COM — 16 Mar 2026
⚠️
Why Cyber Attribution Gets Complicated
YOUTUBE.COM — 2026-03-16
⚠️
⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More
THEHACKERNEWS.COM — 16 Mar 2026
⚠️
CISA flags Wing FTP Server flaw as actively exploited in attacks
KEVBLEEPINGCOMPUTER.COM — 16 Mar 2026
⚠️
TrendAI™ Supports Global Law Enforcement Efforts
TRENDMICRO.COM — 16 Mar 2026
⚠️
VU#624941: LibreChat RAG API contains a log-injection vulnerability
KB.CERT.ORG — 2026-03-16
📢
Dell security advisory (AV26-238)
CYBER.GC.CA — 2026-03-16
📢
IBM security advisory (AV26-237)
CYBER.GC.CA — 2026-03-16
📢
Ubuntu security advisory (AV26-239)
CYBER.GC.CA — 2026-03-16
📢
Google Chrome security advisory (AV26-240)
CYBER.GC.CA — 2026-03-16
📢
Red Hat security advisory (AV26-242)
CYBER.GC.CA — 2026-03-16
📢
[Control systems] CISA ICS security advisories (AV26–241)
CYBER.GC.CA — 2026-03-16
📢
Microsoft Edge security advisory (AV26-243)
CYBER.GC.CA — 2026-03-16
📢
HPE security advisory (AV26-244)
CYBER.GC.CA — 2026-03-16
🔥
OpenClaw AI Agents Vulnerable to Indirect Prompt Injection, Causing Data Leaks
GBHACKERS.COM — 16 Mar 2026
🔥
IBM Discovers ‘Slopoly’ AI-Generated Malware Linked to Hive0163 Ransomware
GBHACKERS.COM — 16 Mar 2026
🔥
Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack
TRENDMICRO.COM — 16 Mar 2026
🔥
Google Unveils Android 17 Advanced Protection Mode to Stop Malicious Services
GBHACKERS.COM — 16 Mar 2026
🔥
Google Looker Studio Vulnerabilities Allow Attackers to Exfiltrate Data from Google Services
GBHACKERS.COM — 16 Mar 2026
🔥
China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation
SECURITYWEEK.COM — 16 Mar 2026
🔥
Cyberattack Hits Poland’s Nuclear Research Center
GBHACKERS.COM — 16 Mar 2026
🔥
CamelClone Uses Public File-Sharing Sites in Government Cyberattacks
GBHACKERS.COM — 16 Mar 2026
🔥
Poland's nuclear research centre targeted by cyberattack
SH.ITJUST.WORKS — 16 Mar 2026
🔥
Security Firm Executive Targeted in Sophisticated Phishing Attack
SECURITYWEEK.COM — 16 Mar 2026
🔥
Stryker attack wiped tens of thousands of devices, no malware needed
BLEEPINGCOMPUTER.COM — 16 Mar 2026
🔥
2025 Identity Threat Landscape Report: Inside the Infostealer Economy: Credential Threats in 2025
RECORDEDFUTURE.COM — 16 Mar 2026
🕵️
ISC Stormcast For Monday, March 16th, 2026 https://isc.sans.edu/podcastdetail/9850, (Mon, Mar 16th)
ISC.SANS.EDU — 16 Mar 2026
🕵️
Meta Permanently Disables End-to-End Encryption for Instagram DMs
GBHACKERS.COM — 16 Mar 2026
🕵️
Konni Hijacks KakaoTalk Accounts in Spear-Phishing Malware Campaign
GBHACKERS.COM — 16 Mar 2026
🕵️
ACRStealer Variant Deploys Syscall Evasion, TLS C2, Secondary Payloads
GBHACKERS.COM — 16 Mar 2026
🕵️
Hacking Attempt Reported at Poland’s Nuclear Research Center
SECURITYWEEK.COM — 16 Mar 2026
🕵️
Creating Noise: The Emerging Obfuscation Technique Designed to Evade Email Security NLP Detection Capabilities
KNOWBE4.COM — 16 Mar 2026
🕵️
Fake FileZilla Downloads Spread RAT via Stealthy Multi-Stage Loader
GBHACKERS.COM — 16 Mar 2026
🕵️
Possible New Result in Quantum Factorization
SCHNEIER.COM — 2026-03-16
🕵️
Fake enterprise VPN sites used to steal company credentials
SH.ITJUST.WORKS — 16 Mar 2026
🕵️
Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation
SH.ITJUST.WORKS — 16 Mar 2026
🕵️
Threat Actor Targeting VPN Users in New Credential Theft Campaign
SECURITYWEEK.COM — 16 Mar 2026
🕵️
Mentorship Monday - Discussions for career and learning!
INFOSEC.PUB — 16 Mar 2026
🕵️
AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code
SH.ITJUST.WORKS — 16 Mar 2026
🕵️
Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact
SECURITYWEEK.COM — 16 Mar 2026
🕵️
Help on the line: How a Microsoft Teams support call led to compromise
MICROSOFT.COM — 16 Mar 2026
🕵️
New Microsoft Purview innovations for Fabric to safely accelerate your AI transformation
TECHCOMMUNITY.MICROSOFT.COM — 16 Mar 2026
🕵️
AI Hallucinations Become Security’s Problem
YOUTUBE.COM — 2026-03-16
🌐
Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
THEHACKERNEWS.COM — 16 Mar 2026
🌐
Free real estate: GoPix, the banking Trojan living off your memory
SECURELIST.COM — 16 Mar 2026
📡
Microsoft pulls Samsung app blocking Windows C: drive from Store
BLEEPINGCOMPUTER.COM — 16 Mar 2026
📡
/proxy/ URL scans with IP addresses, (Mon, Mar 16th)
ISC.SANS.EDU — 16 Mar 2026
📡
Shadow AI is everywhere. Here’s how to find and secure it.
BLEEPINGCOMPUTER.COM — 16 Mar 2026
📡
When AI hallucinations turn fatal: how to stay grounded in reality | Kaspersky official blog
KASPERSKY.COM — 16 Mar 2026
📡
Microsoft Exchange Online outage blocks access to mailboxes
BLEEPINGCOMPUTER.COM — 16 Mar 2026
📡
UK’s Companies House confirms security flaw exposed business data
BLEEPINGCOMPUTER.COM — 16 Mar 2026
📡
Free parking in Russia after Distributed Denial-of-Service attack knocks city’s parking system offline
BITDEFENDER.COM — 16 Mar 2026
📡
Securing Autonomous AI Agents with TrendAI & NVIDIA OpenShell
TRENDMICRO.COM — 16 Mar 2026
⚠️
Divine Skins - 105,814 breached accounts
HAVEIBEENPWNED.COM — 15 Mar 2026
⚠️
How do I Send a Secure Email in Outlook?
KNOWBE4.COM — 15 Mar 2026
⚠️
Betterleaks, a new open-source secrets scanner to replace Gitleaks
BLEEPINGCOMPUTER.COM — 15 Mar 2026
🔥
Baydöner - 1,266,822 breached accounts
HAVEIBEENPWNED.COM — 15 Mar 2026
🔥
Loblaw Data Breach Impacts Customer Information
SECURITYWEEK.COM — 15 Mar 2026
📡
Wiz investor unpacks Google’s $32B acquisition
TECHCRUNCH.COM — 15 Mar 2026
📡
OpenAI says ChatGPT ads are not rolling out globally for now
BLEEPINGCOMPUTER.COM — 15 Mar 2026
🐛
CVE-2026-31802 node-tar Symlink Path Traversal via Drive-Relative Linkpath
MSRC.MICROSOFT.COM — 14 Mar 2026
🐛
CVE-2026-3381 Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib
MSRC.MICROSOFT.COM — 14 Mar 2026
🐛
CVE-2026-27171 zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.
MSRC.MICROSOFT.COM — 14 Mar 2026
⚠️
Global Authorities Take Down 45,000 Malicious IPs Used in Ransomware Campaigns
GBHACKERS.COM — 14 Mar 2026
⚠️
Critical HPE AOS-CX Vulnerability Allows Admin Password Resets
SECURITYWEEK.COM — 14 Mar 2026
⚠️
Hidden Risk: Windows LNK & Archive Attack Surface
YOUTUBE.COM — 2026-03-14
⚠️
CrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root
SH.ITJUST.WORKS — 14 Mar 2026
⚠️
CrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root
INFOSEC.PUB — 14 Mar 2026
⚠️
OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration
THEHACKERNEWS.COM — 14 Mar 2026
⚠️
Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw
BLEEPINGCOMPUTER.COM — 14 Mar 2026
⚠️
Deploy AWS applications and access AWS accounts across multiple Regions with IAM Identity Center
AWS.AMAZON.COM — 14 Mar 2026
🔥
Received Someone Else’s Confidential Email? Here’s What To Do.
KNOWBE4.COM — 14 Mar 2026
🕵️
GlassWorm Spreads via 72 Malicious Open VSX Extensions Hidden in Transitive Dependencies
GBHACKERS.COM — 14 Mar 2026
🕵️
GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers
THEHACKERNEWS.COM — 14 Mar 2026
🕵️
Upcoming Speaking Engagements
SCHNEIER.COM — 2026-03-14
🕵️
MY TAKE: The AI magic is back — whether it endured depends on Amazon’s next moves
LASTWATCHDOG.COM — 14 Mar 2026
🎙️
AI Anxiety: Cybersecurity Today with Special Guest Krish Banerjee, Managing Director (Partner) & Canada Lead - Data & AI - Accenture
CYBERSECURITYTODAY.LIBSYN.COM — 14 Mar 2026
📡
SmartApeSG campaign uses ClickFix page to push Remcos RAT, (Sat, Mar 14th)
ISC.SANS.EDU — 14 Mar 2026
📡
AppsFlyer Web SDK used to spread crypto stealer JavaScript code
BLEEPINGCOMPUTER.COM — 14 Mar 2026
🚨
CISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-3909 Google Skia Out-of-Bounds Write Vulnerability CVE-2026-3910 Google Chromium V8 Unspecified Vulnerability These types of vulnerabil…
KEVCISA.GOV — Fri, 13 Mar 26 1
🐛
OpenSSH GSSAPI Flaw Can Be Exploited to Crash SSH Child Processes
GBHACKERS.COM — 13 Mar 2026
🐛
Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution
THEHACKERNEWS.COM — 13 Mar 2026
🐛
Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
KEVTHEHACKERNEWS.COM — 13 Mar 2026
🐛
CVE-2026-3904
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
CVE-2026-3805 use after free in SMB connection reuse
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Two Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious Code
KEVGBHACKERS.COM — 13 Mar 2026
🐛
Veeam warns admins to patch now as critical RCE flaws hit Backup & Replication
KEVCSOONLINE.COM — 13 Mar 2026
🐛
New Critical AdGuard Home Flaw Lets Attackers Bypass Authentication
GBHACKERS.COM — 13 Mar 2026
🐛
Google warns of two actively exploited Chrome zero days
KEVCSOONLINE.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3942 Incorrect security UI in PictureInPicture
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3931 Heap buffer overflow in Skia
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3941 Insufficient policy enforcement in DevTools
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3940 Insufficient policy enforcement in DevTools
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3939 Use after free in WebView
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3938 Insufficient policy enforcement in Clipboard
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3937 Incorrect security UI in Downloads
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3935 Incorrect security UI in WebAppInstalls
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3934 Insufficient policy enforcement in ChromeDriver
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3932 Insufficient policy enforcement in PDF
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3925 Incorrect security UI in LookalikeChecks
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3915 Heap buffer overflow in WebML
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3936 Use after free in WebView
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3929 Side-channel information leakage in ResourceTiming
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3928 Insufficient policy enforcement in Extensions
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3927 Incorrect security UI in PictureInPicture
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3926 Out of bounds read in V8
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3924 Use after free in WindowDialog
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3923 Use after free in WebMIDI
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3922 Use after free in MediaStream
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3921 Use after free in TextEncoding
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3920 Out of bounds memory access in WebML
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3919 Use after free in Extensions
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3918 Use after free in WebMCP
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3917 Use after free in Agents
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3916 Out of bounds read in Web Speech
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3914 Integer overflow in WebML
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3913 Heap buffer overflow in WebML
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
CVE-2026-0385 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3930 Unsafe navigation in Navigation
MSRC.MICROSOFT.COM — 13 Mar 2026
🐛
Chromium: CVE-2026-3910 Inappropriate implementation in V8
MSRC.MICROSOFT.COM — 13 Mar 2026
⚠️
Telus Digital hit with massive data breach
CSOONLINE.COM — 13 Mar 2026
⚠️
Starbucks discloses data breach affecting hundreds of employees
BLEEPINGCOMPUTER.COM — 13 Mar 2026
⚠️
Google fixes two new Chrome zero-days exploited in attacks
BLEEPINGCOMPUTER.COM — 13 Mar 2026
⚠️
Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet
SECURITYWEEK.COM — 13 Mar 2026
⚠️
Chrome 146 Update Patches Two Exploited Zero-Days
SECURITYWEEK.COM — 13 Mar 2026
⚠️
Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation
THEHACKERNEWS.COM — 13 Mar 2026
⚠️
Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
THEHACKERNEWS.COM — 13 Mar 2026
⚠️
Authorities Shut Down Proxy Service Linked to Malware Campaign Targeting Thousands of Users
GBHACKERS.COM — 13 Mar 2026
⚠️
Starbucks Data Breach Exposes Personal Data of Hundreds of Users
GBHACKERS.COM — 13 Mar 2026
⚠️
Storm-2561 Uses SEO Poisoning, Fake Signed VPN Apps to Steal Enterprise Credentials
GBHACKERS.COM — 13 Mar 2026
⚠️
Iran War Bait Fuels TA453, TA473 Phishing Campaigns
GBHACKERS.COM — 13 Mar 2026
⚠️
Apple Releases Emergency iOS 15.8.7 Update to Block ‘Coruna’ Exploit Kit
GBHACKERS.COM — 13 Mar 2026
⚠️
Critical CrackArmor Vulnerabilities Expose 12.6 Million Linux Servers to Full Root Takeover
GBHACKERS.COM — 13 Mar 2026
⚠️
Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind
CSOONLINE.COM — 13 Mar 2026
⚠️
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
CSOONLINE.COM — 13 Mar 2026
⚠️
The cyber perimeter was never dead. We just abandoned it.
CSOONLINE.COM — 13 Mar 2026
⚠️
Police sinkholes 45,000 IP addresses in cybercrime crackdown
BLEEPINGCOMPUTER.COM — 13 Mar 2026
⚠️
AI May Speed Zero-Day Discovery
YOUTUBE.COM — 2026-03-13
⚠️
In Other News: N8n Flaw Exploited, Slopoly Malware, Interpol Cybercrime Crackdown
SECURITYWEEK.COM — 13 Mar 2026
⚠️
Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials
THEHACKERNEWS.COM — 13 Mar 2026
⚠️
INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime
THEHACKERNEWS.COM — 13 Mar 2026
⚠️
Cyber criminals too are working from home… your home
CSOONLINE.COM — 13 Mar 2026
⚠️
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
CISECURITY.ORG — 13 Mar 2026
📋
Microsoft: Windows 11 users can't access C: drive on some Samsung PCs
BLEEPINGCOMPUTER.COM — 13 Mar 2026
📢
Google Chrome security advisory (AV26-235)
CYBER.GC.CA — 2026-03-13
📢
[Control systems] ABB security advisory (AV26-236)
CYBER.GC.CA — 2026-03-13
🔥
AI Agent Hacks McKinsey Chatbot in 2 Hours
CYBERSECURITYTODAY.LIBSYN.COM — 13 Mar 2026
🔥
Fileless Remcos RAT Attack Uses JavaScript and PowerShell to Slip Past Detection
GBHACKERS.COM — 13 Mar 2026
🔥
A React-based phishing page with credential exfiltration via EmailJS, (Fri, Mar 13th)
ISC.SANS.EDU — 13 Mar 2026
🔥
PsExec and Renamed Backup Tools Enabled Data Theft Before INC Ransomware Attack
GBHACKERS.COM — 13 Mar 2026
🔥
Six Packagist Packages Linked to Trojanized jQuery Campaign
GBHACKERS.COM — 13 Mar 2026
🔥
Iran-Linked Hackers Take Aim at US and Other Targets, Raising Risk of Cyberattacks During War
SECURITYWEEK.COM — 13 Mar 2026
🔥
Starbucks Data Breach Impacts Employees
SECURITYWEEK.COM — 13 Mar 2026
🔥
Poland's nuclear research centre targeted by cyberattack
BLEEPINGCOMPUTER.COM — 13 Mar 2026
🔥
Exposed: Bank Leak, Copilot Zero-Click, AI Agent Hijacks, Stryker Wipe & Josh Marpet - SWN #563
YOUTUBE.COM — 2026-03-13
🕵️
ISC Stormcast For Friday, March 13th, 2026 https://isc.sans.edu/podcastdetail/9848, (Fri, Mar 13th)
ISC.SANS.EDU — 13 Mar 2026
🕵️
Off-Topic Friday
INFOSEC.PUB — 13 Mar 2026
🕵️
Microsoft Copilot Email and Teams Summarization Flaw Opens Door to Phishing Attacks
GBHACKERS.COM — 13 Mar 2026
🕵️
Academia and the “AI Brain Drain”
SCHNEIER.COM — 2026-03-13
🕵️
Bold Security Emerges From Stealth With $40 Million in Funding
SECURITYWEEK.COM — 13 Mar 2026
🕵️
Google Paid Out $17 Million in Bug Bounty Rewards in 2025
SECURITYWEEK.COM — 13 Mar 2026
🕵️
Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and Shipping
SECURITYWEEK.COM — 13 Mar 2026
🕵️
Onyx Security Launches With $40 Million in Funding
SECURITYWEEK.COM — 13 Mar 2026
🕵️
Email DLP: Everything You Need to Know
KNOWBE4.COM — 13 Mar 2026
🕵️
AI-HealthTech Innovator Humata Health Partners with AccuKnox for Zero Trust CNAPP
GBHACKERS.COM — 13 Mar 2026
🕵️
Fake enterprise VPN downloads used to steal company credentials
BLEEPINGCOMPUTER.COM — 13 Mar 2026
🕵️
45,000 malicious IP addresses taken down in international cyber operation
INFOSEC.PUB — 13 Mar 2026
🕵️
Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
THEHACKERNEWS.COM — 13 Mar 2026
🕵️
Supply-chain attack using invisible code hits GitHub and other repositories
INFOSEC.PUB — 13 Mar 2026
🕵️
Friday Squid Blogging: Increased Squid Population in the Falklands
SCHNEIER.COM — 2026-03-13
🕵️
Anthropic Refused Pentagon AI Request
YOUTUBE.COM — 2026-03-13
🕵️
CyberRisk TV Live Coverage from RSAC 2026 - Day 4
YOUTUBE.COM — 2026-03-13
🕵️
CyberRisk TV Live Coverage from RSAC 2026 - Day 3
YOUTUBE.COM — 2026-03-13
🕵️
CyberRisk TV Live Coverage from RSAC 2026 - Day 2
YOUTUBE.COM — 2026-03-13
🕵️
CyberRisk TV Live Coverage from RSAC 2026 - Day 1
YOUTUBE.COM — 2026-03-13
🕵️
Risky Biz Soap Box: It took a decade, but allowlisting is cool again
RISKY.BIZ — 13 Mar 2026
🌐
Investigating a New Click-Fix Variant
THEHACKERNEWS.COM — 13 Mar 2026
🌐
The FBI is investigating malware hidden inside games hosted on Steam
TECHCRUNCH.COM — 13 Mar 2026
🌐
FBI seeks victims of Steam games used to spread malware
BLEEPINGCOMPUTER.COM — 13 Mar 2026
📡
From VMware to what’s next: Protecting data during hypervisor migration
BLEEPINGCOMPUTER.COM — 13 Mar 2026
📡
Microsoft investigates classic Outlook sync and connection issues
BLEEPINGCOMPUTER.COM — 13 Mar 2026
📡
Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026
THEHACKERNEWS.COM — 13 Mar 2026
📡
Face value: What it takes to fool facial recognition
WELIVESECURITY.COM — 13 Mar 2026
📡
Managing Elastic Security Detection Rules with Terraform
ELASTIC.CO — 13 Mar 2026
🐛
CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
KEVTHEHACKERNEWS.COM — 12 Mar 2026
🐛
“Zombie ZIP”: Neue Angriffstechnik täuscht Virenscanner
CSOONLINE.COM — 12 Mar 2026
🐛
CVE-2026-25679 Incorrect parsing of IPv6 host literals in net/url
MSRC.MICROSOFT.COM — 12 Mar 2026
🐛
CVE-2026-23868
MSRC.MICROSOFT.COM — 12 Mar 2026
🐛
CVE-2026-3783 token leak with redirect and netrc
MSRC.MICROSOFT.COM — 12 Mar 2026
🐛
CVE-2026-23239 espintcp: Fix race condition in espintcp_close()
MSRC.MICROSOFT.COM — 12 Mar 2026
🐛
CVE-2026-23240 tls: Fix race condition in tls_sw_cancel_work_tx()
MSRC.MICROSOFT.COM — 12 Mar 2026
🐛
CVE-2026-1965 bad reuse of HTTP Negotiate connection
MSRC.MICROSOFT.COM — 12 Mar 2026
🐛
CVE-2026-3784 wrong proxy connection reuse with credentials
MSRC.MICROSOFT.COM — 12 Mar 2026
🐛
Splunk RCE Vulnerability Exposes Systems to Arbitrary Shell Command Execution by Attackers
GBHACKERS.COM — 12 Mar 2026
🐛
Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit
THEHACKERNEWS.COM — 12 Mar 2026
🐛
Palo Alto Cortex XDR Broker Vulnerability Exposes Systems to Sensitive Information Theft and Modification
GBHACKERS.COM — 12 Mar 2026
🐛
CVE-2026-26133 M365 Copilot Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 12 Mar 2026
🐛
Looking at the SmarterMail API Vulnerability CVE-2026-24423
F5.COM — 12 Mar 2026
🐛
VU#665416: SGLang (sglang) is vulnerable to code execution attacks via unsafe pickle deserialization
KB.CERT.ORG — 2026-03-12
⚠️
Chrome Update Addresses 29 Vulnerabilities, Mitigating Remote Code Execution Threats
GBHACKERS.COM — 12 Mar 2026
⚠️
Cisco IOS XR Vulnerability Exposes Systems to Root Command Execution by Attackers
GBHACKERS.COM — 12 Mar 2026
⚠️
AI use is changing how much companies pay for cyber insurance
CSOONLINE.COM — 12 Mar 2026
⚠️
Splunk, Zoom Patch Severe Vulnerabilities
SECURITYWEEK.COM — 12 Mar 2026
⚠️
4,000+ Routers Compromised by KadNap Malware Exploiting Vulnerabilities
GBHACKERS.COM — 12 Mar 2026
⚠️
New ClickFix Attacks Target macOS Users with MacSync Infostealer
GBHACKERS.COM — 12 Mar 2026
⚠️
Hackers Exploit Remote Management Tools to Gain Initial Access to Corporate Networks
GBHACKERS.COM — 12 Mar 2026
⚠️
Hackers Exploit CloudFlare Anti-Security to Steal Microsoft 365 Login Credentials
GBHACKERS.COM — 12 Mar 2026
⚠️
North Korean fake IT worker tradecraft exposed
CSOONLINE.COM — 12 Mar 2026
⚠️
CISA orders feds to patch n8n RCE flaw exploited in attacks
SH.ITJUST.WORKS — 12 Mar 2026
⚠️
Apple patches older iPhones and iPads against Coruna exploits
BLEEPINGCOMPUTER.COM — 12 Mar 2026
⚠️
How Do I Send a Secure Email in Outlook?
KNOWBE4.COM — 12 Mar 2026
⚠️
Apple Updates Legacy iOS Versions to Patch Coruna Exploits
SECURITYWEEK.COM — 12 Mar 2026
⚠️
Google paid $17.1 million for vulnerability reports in 2025
BLEEPINGCOMPUTER.COM — 12 Mar 2026
⚠️
A Nerd's Life: Weeks of Firmware Teardown to Prove We Were Right
QUARKSLAB.COM — 2026-03-12
⚠️
US disrupts SocksEscort proxy network powered by Linux malware
BLEEPINGCOMPUTER.COM — 12 Mar 2026
⚠️
Law enforcement shuts down botnet made of tens of thousands of hacked routers
TECHCRUNCH.COM — 12 Mar 2026
⚠️
Veeam warns of critical flaws exposing backup servers to RCE attacks
BLEEPINGCOMPUTER.COM — 12 Mar 2026
⚠️
Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
THEHACKERNEWS.COM — 12 Mar 2026
⚠️
Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks
THEHACKERNEWS.COM — 12 Mar 2026
⚠️
Vulnerability Mis-Management - PSW #917
YOUTUBE.COM — 2026-03-12
⚠️
Fraudsters are using public planning records to target permit applicants
FORTRA.COM — 12 Mar 2026
⚠️
VU#907705: Graphql-upload-minimal has a prototype pollution vulnerability.
KB.CERT.ORG — 2026-03-12
📢
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
THEHACKERNEWS.COM — 12 Mar 2026
📢
Splunk security advisory (AV26-227)
CYBER.GC.CA — 2026-03-12
📢
Palo Alto Networks security advisory (AV26-228)
CYBER.GC.CA — 2026-03-12
📢
Veeam security advisory (AV26-229)
CYBER.GC.CA — 2026-03-12
📢
Zoom security advisory (AV26-231)
CYBER.GC.CA — 2026-03-12
📢
GitHub security advisory (AV26-230)
CYBER.GC.CA — 2026-03-12
📢
[Control systems] ABB security advisory (AV26-232)
CYBER.GC.CA — 2026-03-12
📢
Apple security advisory (AV26-233)
CYBER.GC.CA — 2026-03-12
📢
Medical giant Stryker crippled after Iranian hackers remotely wipe computers
CSOONLINE.COM — 12 Mar 2026
📢
HPE security advisory (AV26-234)
CYBER.GC.CA — 2026-03-12
📢
iPhones and iPads Approved for NATO Classified Data
SCHNEIER.COM — 2026-03-12
📢
FBI: Phishing Attacks Are Impersonating City and County Officials
KNOWBE4.COM — 12 Mar 2026
📢
Aruba Switch Auth Bypass Risk
YOUTUBE.COM — 2026-03-12
📢
How to manage the lifecycle of Amazon Machine Images using AMI Lineage for AWS
AWS.AMAZON.COM — 12 Mar 2026
🔥
Stryker Faces Cyber Attack as Hackers Report System Breach and Device Destruction
GBHACKERS.COM — 12 Mar 2026
🔥
Ericsson US Hit by Cyber Attack, Hackers Steal Personal Data of Employees and Customers
GBHACKERS.COM — 12 Mar 2026
🔥
US charges another ransomware negotiator linked to BlackCat attacks
BLEEPINGCOMPUTER.COM — 12 Mar 2026
🔥
Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea
SECURITYWEEK.COM — 12 Mar 2026
🔥
Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload
THEHACKERNEWS.COM — 12 Mar 2026
🔥
PhantomRaven returns to npm with 88 bad packages
CSOONLINE.COM — 12 Mar 2026
🔥
INC Ransomware Group Holds Healthcare Hostage in Oceania
SH.ITJUST.WORKS — 12 Mar 2026
🔥
France's Cybersecurity Agency Reports Ransomware Attack Drop in 2025 - Infosecurity Magazine
SH.ITJUST.WORKS — 12 Mar 2026
🔥
AI-Driven Phishing Attacks Bypass Email Filters, Land in Inboxes
GBHACKERS.COM — 12 Mar 2026
🔥
States Can't Handle Nation-State Cyber Attacks
YOUTUBE.COM — 2026-03-12
🔥
Telus Digital confirms breach after hacker claims 1 petabyte data theft
BLEEPINGCOMPUTER.COM — 12 Mar 2026
🔥
ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More
THEHACKERNEWS.COM — 12 Mar 2026
🔥
AI-generated Slopoly malware used in Interlock ransomware attack
BLEEPINGCOMPUTER.COM — 12 Mar 2026
🔥
England Hockey investigating ransomware data breach
BLEEPINGCOMPUTER.COM — 12 Mar 2026
🔥
Canadian retail giant Loblaw notifies customers of data breach
BLEEPINGCOMPUTER.COM — 12 Mar 2026
🕵️
When your IoT Device Logs in as Admin, It&#x3f;s too Late&#x21; &#x5b;Guest Diary&#x5d;, (Wed, Mar 11th)
ISC.SANS.EDU — 12 Mar 2026
🕵️
ISC Stormcast For Thursday, March 12th, 2026 https://isc.sans.edu/podcastdetail/9846, (Thu, Mar 12th)
ISC.SANS.EDU — 12 Mar 2026
🕵️
Google Finalizes $32 Billion Deal to Acquire Wiz, Strengthening Cloud Security
GBHACKERS.COM — 12 Mar 2026
🕵️
Meta Unveils New Anti-Scam Tools for WhatsApp, Facebook, and Messenger
GBHACKERS.COM — 12 Mar 2026
🕵️
Iran‑Linked Hackers Tap Criminal Ecosystem to Bolster State Cyber Ops
GBHACKERS.COM — 12 Mar 2026
🕵️
CastleRAT Attack Leverages Deno JavaScript Runtime to Bypass Enterprise Defenses
GBHACKERS.COM — 12 Mar 2026
🕵️
The Human IOC: Why Security Professionals Struggle with Social Vetting
SECURITYWEEK.COM — 12 Mar 2026
🕵️
Cisco Patches High-Severity IOS XR Vulnerabilities
SECURITYWEEK.COM — 12 Mar 2026
🕵️
Critical N8n Vulnerabilities Allowed Server Takeover
SECURITYWEEK.COM — 12 Mar 2026
🕵️
Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentials | CSO Online
SH.ITJUST.WORKS — 12 Mar 2026
🕵️
SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites
SH.ITJUST.WORKS — 12 Mar 2026
🕵️
Only 24% Of organizations Test Identity Recovery Every Six Months - Infosecurity Magazine
SH.ITJUST.WORKS — 12 Mar 2026
🕵️
Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks
SECURITYWEEK.COM — 12 Mar 2026
🕵️
Medtech giant Stryker offline after Iran-linked wiper malware attack
SH.ITJUST.WORKS — 12 Mar 2026
🕵️
Meta Launches New Protection Tools as It Helps Disrupt Scam Centers
SECURITYWEEK.COM — 12 Mar 2026
🕵️
Detecting and analyzing prompt abuse in AI tools
MICROSOFT.COM — 12 Mar 2026
🕵️
Exposing the Kroll Crypto Wallet Scam
KNOWBE4.COM — 12 Mar 2026
🕵️
From transparency to action: What the latest Microsoft email security benchmark reveals
MICROSOFT.COM — 12 Mar 2026
🕵️
Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft
MICROSOFT.COM — 12 Mar 2026
🕵️
AMOS and Amatera disguised as AI agents | Kaspersky official blog
KASPERSKY.COM — 12 Mar 2026
🎙️
Smashing Security podcast #458: How not to steal $46 million from the US government
GRAHAMCLULEY.COM — 12 Mar 2026
📡
Cyber Security Today Special Report: Attack from Iran
CYBERSECURITYTODAY.LIBSYN.COM — 12 Mar 2026
📡
Your Signal account is safe – unless you fall for this trick
BITDEFENDER.COM — 12 Mar 2026
📡
Going the Extra Mile: Travel Rewards Turn into Underground Currency.
BLEEPINGCOMPUTER.COM — 12 Mar 2026
📡
How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs
THEHACKERNEWS.COM — 12 Mar 2026
📡
Cyber fallout from the Iran war: What to have on your radar
WELIVESECURITY.COM — 12 Mar 2026
📡
February 2026 CVE Landscape: 13 Critical Vulnerabilities Mark 43% Drop from January
RECORDEDFUTURE.COM — 12 Mar 2026
📡
Announcing Cloudflare Account Abuse Protection: prevent fraudulent attacks from bots and humans
CLOUDFLARE.COM — 12 Mar 2026
🚨
Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentialsHPE Aruba Networking has released patches for five vulnerabilities in its AOS-CX switch software, the most severe of which could let a remote attacker take administrative control of enterprise network switches without any credentials. The critical flaw, CVE-2026-23813, scored 9.8…
KEVCSOONLINE.COM — 11 Mar 2026
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-68613 n8n Improper Control of Dynamically-Managed Code Resources Vulnerability This type of vulnerability is a frequent attack vector for…
KEVCISA.GOV — Wed, 11 Mar 26 1
🐛
Fake Claude Code Installs, Arpa Phishing, Iranian and Russian Teams Mount Cyber Retaliation
CYBERSECURITYTODAY.LIBSYN.COM — 11 Mar 2026
🐛
Microsoft SQL Server Zero-Day Exposes Privilege Escalation Risk for Users
GBHACKERS.COM — 11 Mar 2026
🐛
Fortinet FortiManager fgtupdates Flaw Enables Attackers to Execute Malicious Commands Remotely
GBHACKERS.COM — 11 Mar 2026
🐛
Microsoft .NET 0-Day Flaw Opens Doors for Denial of Service Attacks
GBHACKERS.COM — 11 Mar 2026
🐛
CVE-2026-26017 CoreDNS ACL Bypass
MSRC.MICROSOFT.COM — 11 Mar 2026
🐛
CVE-2026-26018 CoreDNS Loop Detection Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 11 Mar 2026
🐛
CVE-2026-3731 libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds
MSRC.MICROSOFT.COM — 11 Mar 2026
🐛
CVE-2025-69646 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.
MSRC.MICROSOFT.COM — 11 Mar 2026
🐛
CVE-2025-69652 GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.
MSRC.MICROSOFT.COM — 11 Mar 2026
🐛
CVE-2025-69645 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.
MSRC.MICROSOFT.COM — 11 Mar 2026
🐛
CVE-2025-69649 GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed.
MSRC.MICROSOFT.COM — 11 Mar 2026
🐛
CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template
MSRC.MICROSOFT.COM — 11 Mar 2026
🐛
CVE-2026-3713 pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow
MSRC.MICROSOFT.COM — 11 Mar 2026
🐛
CVE-2026-27139 FileInfo can escape from a Root in os
MSRC.MICROSOFT.COM — 11 Mar 2026
🐛
CVE-2024-14027 xattr: switch to CLASS(fd)
MSRC.MICROSOFT.COM — 11 Mar 2026
🐛
CVE-2026-29786 node-tar: Hardlink Path Traversal via Drive-Relative Linkpath
MSRC.MICROSOFT.COM — 11 Mar 2026
🐛
CVE-2025-69650 GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service.
MSRC.MICROSOFT.COM — 11 Mar 2026
🐛
CVE-2025-69651 GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service.
MSRC.MICROSOFT.COM — 11 Mar 2026
🐛
CVE-2025-69644 An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file.
MSRC.MICROSOFT.COM — 11 Mar 2026
🐛
CVE-2026-27137 Incorrect enforcement of email constraints in crypto/x509
MSRC.MICROSOFT.COM — 11 Mar 2026
🐛
CVE-2026-27138 Panic in name constraint checking for malformed certificates in crypto/x509
MSRC.MICROSOFT.COM — 11 Mar 2026
🐛
Microsoft Active Directory Flaw Allows Attackers to Escalate Privileges
GBHACKERS.COM — 11 Mar 2026
🐛
Analyzing "Zombie Zip" Files (CVE-2026-0866), (Wed, Mar 11th)
ISC.SANS.EDU — 11 Mar 2026
🐛
Critical Vulnerability in Microsoft Office Allows Malicious Code to Run Remotely
GBHACKERS.COM — 11 Mar 2026
🐛
Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
THEHACKERNEWS.COM — 11 Mar 2026
🐛
Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
THEHACKERNEWS.COM — 11 Mar 2026
🐛
PageJack in Action: CVE-2022-0995 exploit
QUARKSLAB.COM — 2026-03-11
🐛
Chromium: CVE-2026-3537 Object lifecycle issue in PowerVR
MSRC.MICROSOFT.COM — 11 Mar 2026
🐛
CISA warns of actively exploited Ivanti EPM and Cisco SD-WAN flaws
KEVCSOONLINE.COM — 11 Mar 2026
🐛
Six mistakes in ERC-4337 smart accounts
TRAILOFBITS.COM — 11 Mar 2026
⚠️
Microsoft Patch Tuesday, March 2026 Edition
KREBSONSECURITY.COM — 11 Mar 2026
⚠️
Jack & Jill went up the hill — and an AI tried to hack them
CSOONLINE.COM — 11 Mar 2026
⚠️
Microsoft Fixes 79 Vulnerabilities in March 2026 Patch Tuesday, Mitigating Two Exploited 0-Days
GBHACKERS.COM — 11 Mar 2026
⚠️
Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
THEHACKERNEWS.COM — 11 Mar 2026
⚠️
HR Departments Targeted by Multi-Layered BlackSanta EDR Killer Malware
GBHACKERS.COM — 11 Mar 2026
⚠️
12 ways attackers abuse cloud services to hack your enterprise
CSOONLINE.COM — 11 Mar 2026
⚠️
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
THEHACKERNEWS.COM — 11 Mar 2026
⚠️
Being Exploitable While Your Risk Tolerance Changes and You Unblock Innovation - BSW #438
YOUTUBE.COM — 2026-03-11
⚠️
Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
THEHACKERNEWS.COM — 11 Mar 2026
⚠️
A 5-step approach to taming shadow AI
CSOONLINE.COM — 11 Mar 2026
⚠️
Why zero trust breaks down in IoT and OT environments
CSOONLINE.COM — 11 Mar 2026
⚠️
Did cybersecurity recently have its Gatling gun moment?
CSOONLINE.COM — 11 Mar 2026
⚠️
Salesforce confirms ShinyHunters exploited Experience Cloud sites | news | SC Media
SH.ITJUST.WORKS — 11 Mar 2026
⚠️
Overly permissive ‘guest’ settings put Salesforce customers at risk
CSOONLINE.COM — 11 Mar 2026
⚠️
FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
SH.ITJUST.WORKS — 11 Mar 2026
⚠️
Fortinet, Ivanti, Intel Patch High-Severity Vulnerabilities
SECURITYWEEK.COM — 11 Mar 2026
⚠️
How to 10x Your Vulnerability Management Program in the Agentic Era
SECURITYWEEK.COM — 11 Mar 2026
⚠️
CISA: Recently patched Ivanti EPM flaw now actively exploited
KEVSH.ITJUST.WORKS — 11 Mar 2026
⚠️
What Boards Must Demand in the Age of AI-Automated Exploitation
THEHACKERNEWS.COM — 11 Mar 2026
⚠️
AWS expands Security Hub for multicloud security operations
CSOONLINE.COM — 11 Mar 2026
⚠️
UNC6426 Hackers Exploit NPM Package to Gain AWS Admin Access in 72 Hours
GBHACKERS.COM — 11 Mar 2026
⚠️
Managing Python on Servers
YOUTUBE.COM — 2026-03-11
⚠️
CISA orders feds to patch n8n RCE flaw exploited in attacks
KEVBLEEPINGCOMPUTER.COM — 11 Mar 2026
⚠️
SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites
BLEEPINGCOMPUTER.COM — 11 Mar 2026
⚠️
Contagious Interview: Malware delivered through fake developer job interviews
MICROSOFT.COM — 11 Mar 2026
⚠️
Resumés with malicious ISO attachments are circulating, says Aryaka
CSOONLINE.COM — 11 Mar 2026
⚠️
Risky Business #828 -- The Coruna exploits are truly exquisite
RISKY.BIZ — 11 Mar 2026
📋
ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Moxa, Mitsubishi Electric
SECURITYWEEK.COM — 11 Mar 2026
📢
Canada Needs Nationalized, Public AI
SCHNEIER.COM — 2026-03-11
📢
Canadian retailer Loblaw investigates data breach
SH.ITJUST.WORKS — 11 Mar 2026
📢
[Control systems] Hitachi security advisory (AV26-218)
CYBER.GC.CA — 2026-03-11
📢
VMware security advisory (AV26-221)
CYBER.GC.CA — 2026-03-11
📢
Google Chrome security advisory (AV26-220)
CYBER.GC.CA — 2026-03-11
📢
Intel security advisory (AV26-219)
CYBER.GC.CA — 2026-03-11
📢
GitLab security advisory (AV26-222)
CYBER.GC.CA — 2026-03-11
📢
HPE security advisory (AV26-224)
CYBER.GC.CA — 2026-03-11
📢
Cisco security advisory (AV26-223)
CYBER.GC.CA — 2026-03-11
📢
Drupal security advisory (AV26-225)
CYBER.GC.CA — 2026-03-11
📢
JetBrains security advisory (AV26-226)
CYBER.GC.CA — 2026-03-11
🔥
Trojanized Red Alert App Targets Israeli Users in SMS Scam to Steal Sensitive Data
GBHACKERS.COM — 11 Mar 2026
🔥
‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload
SECURITYWEEK.COM — 11 Mar 2026
🔥
Michelin Confirms Data Breach Linked to Oracle EBS Attack
SECURITYWEEK.COM — 11 Mar 2026
🔥
238,000 Impacted by Bell Ambulance Data Breach
SECURITYWEEK.COM — 11 Mar 2026
🔥
Hacker broke into FBI and compromised Epstein files, report says
TECHCRUNCH.COM — 11 Mar 2026
🔥
New PhantomRaven NPM attack wave steals dev data via 88 packages
BLEEPINGCOMPUTER.COM — 11 Mar 2026
🔥
Ransomware Attacks Surge by 50% Even as Payments Drop
KNOWBE4.COM — 11 Mar 2026
🔥
Cork Stryker plants hit by suspected global Iranian-linked cyberattack | Cork Beo
SH.ITJUST.WORKS — 11 Mar 2026
🔥
AI Agent Hacks McKinsey
INFOSEC.PUB — 11 Mar 2026
🕵️
ISC Stormcast For Wednesday, March 11th, 2026 https://isc.sans.edu/podcastdetail/9844, (Wed, Mar 11th)
ISC.SANS.EDU — 11 Mar 2026
🕵️
PhantomRaven Malware Resurfaces, Targets npm Supply Chain to Steal Developer Secrets
GBHACKERS.COM — 11 Mar 2026
🕵️
What are You Working on Wednesday
INFOSEC.PUB — 11 Mar 2026
🕵️
BeatBanker Trojan Spreads via Phishing, Deploys Crypto Miner and RAT on Targeted Devices
GBHACKERS.COM — 11 Mar 2026
🕵️
Google Warns of AI‑Driven Adaptive Malware Rewriting Its Own Code
GBHACKERS.COM — 11 Mar 2026
🕵️
Quantro Security Emerges From Stealth With $2.5 Million in Funding
SECURITYWEEK.COM — 11 Mar 2026
🕵️
Instagram Down: Global Outage Prevents Users from Posting and Messaging
GBHACKERS.COM — 11 Mar 2026
🕵️
UK plans to shift fraud fight onto telecoms, tech companies | The Record from Recorded Future News
SH.ITJUST.WORKS — 11 Mar 2026
🕵️
OpenAI to Acquire AI Security Startup Promptfoo
SECURITYWEEK.COM — 11 Mar 2026
🕵️
Scanner Raises $22 Million for AI-Powered Threat Hunting
SECURITYWEEK.COM — 11 Mar 2026
🕵️
New 'Zombie ZIP' technique lets malware slip past security tools
SH.ITJUST.WORKS — 11 Mar 2026
🕵️
CISO Conversations: Aimee Cardwell
SECURITYWEEK.COM — 11 Mar 2026
🕵️
Balancing LLMs and SLMs for Data Security
YOUTUBE.COM — 2026-03-11
🕵️
Teen crew caught selling DDoS attack tools - Help Net Security
SH.ITJUST.WORKS — 11 Mar 2026
🕵️
Wiz Joins Google Cloud as Landmark Acquisition Closes
SECURITYWEEK.COM — 11 Mar 2026
🕵️
Asus routers hijacked to power dangerous cybercrime proxy network
SH.ITJUST.WORKS — 11 Mar 2026
🕵️
MedTech Giant Stryker Crippled by Iran-Linked Hacker Attack
SECURITYWEEK.COM — 11 Mar 2026
🕵️
Senate Confirms Joshua Rudd to Lead NSA and US Cyber Command
SECURITYWEEK.COM — 11 Mar 2026
🕵️
Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown
SH.ITJUST.WORKS — 11 Mar 2026
🕵️
New ‘BlackSanta’ EDR killer spotted targeting HR departments
SH.ITJUST.WORKS — 11 Mar 2026
🕵️
News alert: Qevlar AI raises $30M to turn security alerts into actionable defense insights across SOCs
LASTWATCHDOG.COM — 11 Mar 2026
🕵️
CISO Tenure Has Doubled
YOUTUBE.COM — 2026-03-11
🌐
BeatBanker and BTMOB trojans: infection techniques and how to stay safe | Kaspersky official blog
KASPERSKY.COM — 11 Mar 2026
🌐
Medtech giant Stryker offline after Iran-linked wiper malware attack
BLEEPINGCOMPUTER.COM — 11 Mar 2026
📡
Weekly Threat Bulletin – March 11th, 2026
F5.COM — 11 Mar 2026
📡
Google completes $32B acquisition of Wiz
TECHCRUNCH.COM — 11 Mar 2026
📡
Meta adds new WhatsApp, Facebook, and Messenger anti-scam tools
BLEEPINGCOMPUTER.COM — 11 Mar 2026
📡
Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown
THEHACKERNEWS.COM — 11 Mar 2026
📡
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
KREBSONSECURITY.COM — 11 Mar 2026
📡
Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes
THEHACKERNEWS.COM — 11 Mar 2026
📡
Pro-Iran hacktivist group says it is behind attack on medical tech giant Stryker
TECHCRUNCH.COM — 11 Mar 2026
📡
WhatsApp introduces parent-managed accounts for pre-teens
BLEEPINGCOMPUTER.COM — 11 Mar 2026
📡
AI Security for Apps is now generally available
CLOUDFLARE.COM — 11 Mar 2026
🚨
3 New Actively Exploited Flaws to PatchCISA recently added three new vulnerabilities to the Known Exploited Vulnerabilities catalog (KEV), signaling active exploitation in the wild. These flaws impact critical software including Workspace ONE UEM, SolarWinds help desk, and Ivanti Endpoint Manager, allowing remote atta…
KEVYOUTUBE.COM — 2026-03-10
🐛
CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited
KEVTHEHACKERNEWS.COM — 10 Mar 2026
🐛
CVE-2026-3494 MariaDB Server Audit Plugin Comment Handling Bypass
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
Cloudflare Pingora Flaws Enable Request Smuggling and Cache Poisoning Attacks
GBHACKERS.COM — 10 Mar 2026
🐛
Gogs Flaw Could Let Attackers Quietly Overwrite Large File Storage Data
GBHACKERS.COM — 10 Mar 2026
🐛
CISA Alerts on Ivanti Endpoint Manager Vulnerability Auth Bypass Exploited in the Wild
KEVGBHACKERS.COM — 10 Mar 2026
🐛
CVE-2026-21262 SQL Server Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-23660 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-23664 Azure IoT Explorer Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-23667 Broadcast DVR Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-23668 Windows Graphics Component Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-23669 Windows Print Spooler Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-23671 Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-23672 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-23673 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-24282 Push message Routing Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-24283 Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-24285 Win32k Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-24287 Windows Kernel Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-24288 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-24289 Windows Kernel Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-24290 Windows Projected File System Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-24291 Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-24292 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-24293 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-24294 Windows SMB Server Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-24295 Windows Device Association Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-24296 Windows Device Association Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-24297 Windows Kerberos Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25165 Performance Counters for Windows Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25166 Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25167 Microsoft Brokering File System Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25168 Windows Graphics Component Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25169 Windows Graphics Component Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25170 Windows Hyper-V Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25171 Windows Authentication Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25172 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25173 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25174 Windows Extensible File Allocation Table Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25175 Windows NTFS Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25176 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25177 Active Directory Domain Services Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25178 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25179 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25180 Windows Graphics Component Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25181 GDI+ Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25185 Windows Shell Link Processing Spoofing Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25186 Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25187 Winlogon Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25188 Windows Telephony Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25189 Windows DWM Core Library Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-25190 GDI Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26105 Microsoft SharePoint Server Spoofing Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26111 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26112 Microsoft Excel Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26113 Microsoft Office Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26114 Microsoft SharePoint Server Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-23656 Windows App Installer Spoofing Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-20967 System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26121 Azure IOT Explorer Spoofing Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26115 SQL Server Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26116 SQL Server Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26128 Windows SMB Server Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26131 .NET Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26132 Windows Kernel Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26134 Microsoft Office Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26127 .NET Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-23674 MapUrlToZone Security Feature Bypass Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26148 Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-23654 GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-23661 Azure IoT Explorer Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-23662 Azure IoT Explorer Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-23665 Linux Azure Diagnostic extension (LAD) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26106 Microsoft SharePoint Server Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26107 Microsoft Excel Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26108 Microsoft Excel Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26109 Microsoft Excel Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26110 Microsoft Office Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26117 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26118 Azure MCP Server Tools Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26123 Microsoft Authenticator Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26130 ASP.NET Core Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26141 Hybrid Worker Extension (Arc‑enabled Windows VMs) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26144 Microsoft Excel Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
CVE-2026-26030 GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable
MSRC.MICROSOFT.COM — 10 Mar 2026
🐛
March Patch Tuesday: Three high severity holes in Microsoft Office
CSOONLINE.COM — 10 Mar 2026
🐛
ZDI-26-186: Fortinet FortiClient Link Following Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 10 Mar 2026
🐛
ZDI-26-185: Microsoft Windows GDI Bitmap Parsing Out-Of-Bound Read Information Disclosure Vulnerability
ZERODAYINITIATIVE.COM — 10 Mar 2026
🐛
ZDI-26-184: Microsoft Windows NDIS Driver Use-After-Free Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 10 Mar 2026
🐛
ZDI-26-183: Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 10 Mar 2026
🐛
ZDI-26-182: Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 10 Mar 2026
🐛
ZDI-26-181: Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 10 Mar 2026
🐛
ZDI-26-180: Microsoft Windows cdd Improper Locking Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 10 Mar 2026
🐛
ZDI-26-179: Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 10 Mar 2026
🐛
ZDI-26-178: Microsoft Windows cdd Improper Locking Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 10 Mar 2026
🐛
ZDI-26-177: Array Networks MotionPro ArrayInstallManager Incorrect Permission Assignment Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 10 Mar 2026
🐛
ZDI-26-176: Apple macOS libusd_ms Alembic File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 10 Mar 2026
🐛
ZDI-26-175: Apple macOS ImageIO SGI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZERODAYINITIATIVE.COM — 10 Mar 2026
🐛
ZDI-26-174: Apple macOS ImageIO SGI File Parsing Integer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 10 Mar 2026
🐛
ZDI-26-173: Apple macOS Audio APAC Frame Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 10 Mar 2026
⚠️
An iPhone-hacking toolkit used by Russian spies likely came from U.S military contractor
TECHCRUNCH.COM — 10 Mar 2026
⚠️
Hacker abusing .arpa domain to evade phishing detection, says Infoblox
CSOONLINE.COM — 10 Mar 2026
⚠️
Chinese APT Campaign Uses Middle East Lures to Target Qatar With PlugX
GBHACKERS.COM — 10 Mar 2026
⚠️
When AI safety constrains defenders more than attackers
CSOONLINE.COM — 10 Mar 2026
⚠️
I replaced manual pen tests with automation. Here’s what I learned.
CSOONLINE.COM — 10 Mar 2026
⚠️
Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool
THEHACKERNEWS.COM — 10 Mar 2026
⚠️
iPhone Hacking Toolkit Tied to Russian Espionage May Have Originated in the U.S.
GBHACKERS.COM — 10 Mar 2026
⚠️
Making Medical Devices Secure - Tamil Mathi - ASW #373
YOUTUBE.COM — 2026-03-10
⚠️
Why access decisions are becoming the weakest link in identity security
CSOONLINE.COM — 10 Mar 2026
⚠️
OpenAI to acquire Promptfoo to strengthen AI agent security testing
CSOONLINE.COM — 10 Mar 2026
⚠️
APT28 hackers deploy customized variant of Covenant open-source tool
BLEEPINGCOMPUTER.COM — 10 Mar 2026
⚠️
The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix
CSOONLINE.COM — 10 Mar 2026
⚠️
OpenClaw Advisory Surge Highlights Blind Spot Between GitHub and CVE Vulnerability Tracking
GBHACKERS.COM — 10 Mar 2026
⚠️
SIM Swaps Expose a Critical Flaw in Identity Security
SECURITYWEEK.COM — 10 Mar 2026
⚠️
Devs looking for OpenClaw get served a GhostClaw RAT
CSOONLINE.COM — 10 Mar 2026
⚠️
CISA: Recently patched Ivanti EPM flaw now actively exploited
KEVBLEEPINGCOMPUTER.COM — 10 Mar 2026
⚠️
Recent Ivanti Endpoint Manager Flaw Exploited in Attacks
KEVSECURITYWEEK.COM — 10 Mar 2026
⚠️
The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction
THEHACKERNEWS.COM — 10 Mar 2026
⚠️
SAP Releases Patches for Security Flaws Allowing Remote Code Execution
GBHACKERS.COM — 10 Mar 2026
⚠️
ShinyHunters claims ongoing Salesforce Aura data theft attacks
SH.ITJUST.WORKS — 10 Mar 2026
⚠️
OpenAI Rolls Out Codex Security Vulnerability Scanner
SECURITYWEEK.COM — 10 Mar 2026
⚠️
Kevin Mandia’s Armadin Launches With $190 Million in Funding
KEVSECURITYWEEK.COM — 10 Mar 2026
⚠️
Hundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign
SECURITYWEEK.COM — 10 Mar 2026
⚠️
New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries
THEHACKERNEWS.COM — 10 Mar 2026
⚠️
Announcing the Custom SAPA Agent: Security Awareness Measurement Built for Your Environment
KNOWBE4.COM — 10 Mar 2026
⚠️
Attackers Use Malformed ZIP Archives to Evade Antivirus and EDR Tools
GBHACKERS.COM — 10 Mar 2026
⚠️
Top 10 Best Anti-Phishing Tools in 2026
GBHACKERS.COM — 10 Mar 2026
⚠️
AI Medical Devices Attack Surface
YOUTUBE.COM — 2026-03-10
⚠️
FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
THEHACKERNEWS.COM — 10 Mar 2026
⚠️
Microsoft Patch Tuesday March 2026, (Tue, Mar 10th)
ISC.SANS.EDU — 10 Mar 2026
⚠️
Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws
BLEEPINGCOMPUTER.COM — 10 Mar 2026
⚠️
Microsoft releases Windows 10 KB5078885 extended security update
BLEEPINGCOMPUTER.COM — 10 Mar 2026
⚠️
Adobe Patches 80 Vulnerabilities Across Eight Products
SECURITYWEEK.COM — 10 Mar 2026
⚠️
Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws
SH.ITJUST.WORKS — 10 Mar 2026
⚠️
Microsoft Patches 83 Vulnerabilities
KEVSECURITYWEEK.COM — 10 Mar 2026
⚠️
The CSO role is evolving fast with AI in Cyber Defense strategy
CSOONLINE.COM — 10 Mar 2026
⚠️
Threat intelligence by ESET is a game changer
CSOONLINE.COM — 10 Mar 2026
⚠️
Google Cloud Security Threat Horizons Report #13 (H1 2026) Is Out!
MEDIUM.COM — 10 Mar 2026
⚠️
New ‘BlackSanta’ EDR killer spotted targeting HR departments
BLEEPINGCOMPUTER.COM — 10 Mar 2026
⚠️
Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution
CISECURITY.ORG — 10 Mar 2026
⚠️
Critical Patches Issued for Microsoft Products, March 10, 2026
CISECURITY.ORG — 10 Mar 2026
⚠️
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
CISECURITY.ORG — 10 Mar 2026
📋
Microsoft to enable Windows hotpatch security updates by default
BLEEPINGCOMPUTER.COM — 10 Mar 2026
📢
Jailbreaking the F-35 Fighter Jet
SCHNEIER.COM — 2026-03-10
📢
PwC got hacked
INFOSEC.PUB — 10 Mar 2026
📢
PwC got hacked
PROGRAMMING.DEV — 10 Mar 2026
📢
PwC got hacked
SH.ITJUST.WORKS — 10 Mar 2026
📢
Kubernetes security advisory (AV26-208)
CYBER.GC.CA — 2026-03-10
📢
My nephew says he hacked PwC's Saas vendor
PROGRAMMING.DEV — 10 Mar 2026
📢
[Control systems] Schneider Electric security advisory (AV26-210)
CYBER.GC.CA — 2026-03-10
📢
SAP security advisory – March 2026 monthly rollup (AV26-209)
CYBER.GC.CA — 2026-03-10
📢
Mozilla security advisory (AV26-211)
CYBER.GC.CA — 2026-03-10
📢
[Control systems] Siemens security advisory (AV26-212)
CYBER.GC.CA — 2026-03-10
📢
Ivanti security advisory (AV26-214)
CYBER.GC.CA — 2026-03-10
📢
Microsoft security advisory – March 2026 monthly rollup (AV26-213)
CYBER.GC.CA — 2026-03-10
📢
DOGE employee stole Social Security data and put it on a thumb drive, report says
TECHCRUNCH.COM — 10 Mar 2026
📢
HPE security advisory (AV26-217)
CYBER.GC.CA — 2026-03-10
📢
Fortinet security advisory (AV26-216)
CYBER.GC.CA — 2026-03-10
📢
Adobe security advisory (AV26-215)
CYBER.GC.CA — 2026-03-10
📢
Precious Bodily Fluids, InstallFix, CISA, Claude, Overtime, Sim Swaps, Aaran Leyland - SWN #562
YOUTUBE.COM — 2026-03-10
📢
AWS European Sovereign Cloud achieves first compliance milestone: SOC 2 and C5 reports plus seven ISO certifications
AWS.AMAZON.COM — 10 Mar 2026
🔥
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
THEHACKERNEWS.COM — 10 Mar 2026
🔥
Weekly Update 494
TROYHUNT.COM — 10 Mar 2026
🔥
GhostClaw Masquerades as OpenClaw in Bid to Plunder Developer Data
GBHACKERS.COM — 10 Mar 2026
🔥
Signal Confirms Sophisticated Phishing Scheme Caused Account Compromises
GBHACKERS.COM — 10 Mar 2026
🔥
SurxRAT Android Malware Uses LLMs for Phishing and Data Theft
GBHACKERS.COM — 10 Mar 2026
🔥
TriZetto Provider Solutions Breach Hits 3.4 Million Patients - Infosecurity Magazine
SH.ITJUST.WORKS — 10 Mar 2026
🔥
Ericsson US discloses data breach after service provider hack
SH.ITJUST.WORKS — 10 Mar 2026
🔥
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
SH.ITJUST.WORKS — 10 Mar 2026
🔥
Thousands Affected by Ericsson Data Breach
SECURITYWEEK.COM — 10 Mar 2026
🔥
Through the Lens of MDR: Analysis of KongTuke’s ClickFix Abuse of Compromised WordPress Sites
TRENDMICRO.COM — 10 Mar 2026
🕵️
ISC Stormcast For Tuesday, March 10th, 2026 https://isc.sans.edu/podcastdetail/9842, (Tue, Mar 10th)
ISC.SANS.EDU — 10 Mar 2026
🕵️
Hackers Use Microsoft Teams to Manipulate Employees Into Allowing Remote Access
GBHACKERS.COM — 10 Mar 2026
🕵️
Anthropic Files Lawsuit Against U.S. Government Over Claude Risk Designation
GBHACKERS.COM — 10 Mar 2026
🕵️
Cylake Raises $45 Million to Secure Organizations Barred From Cloud
SECURITYWEEK.COM — 10 Mar 2026
🕵️
Signed malware posing as Teams and Zoom apps drops RMM backdoors
GBHACKERS.COM — 10 Mar 2026
🕵️
OpenAI to Acquire Promptfoo to Address Vulnerabilities in AI Systems
GBHACKERS.COM — 10 Mar 2026
🕵️
Leading Myanmar Fleet Management Company Yoma Fleet Selects AccuKnox SIEM to Replace Legacy Tools
GBHACKERS.COM — 10 Mar 2026
🕵️
Escape Raises $18 Million to Automate Pentesting
SECURITYWEEK.COM — 10 Mar 2026
🕵️
APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military
THEHACKERNEWS.COM — 10 Mar 2026
🕵️
Microsoft Teams phishing targets employees with A0Backdoor malware
SH.ITJUST.WORKS — 10 Mar 2026
🕵️
Dutch Intel Warns of Russian Hackers Hijacking Signal, WhatsApp Attacks
SH.ITJUST.WORKS — 10 Mar 2026
🕵️
SAP Patches Critical FS-QUO, NetWeaver Vulnerabilities
SECURITYWEEK.COM — 10 Mar 2026
🕵️
Kai Emerges From Stealth With $125M in Funding for AI Platform Bridging IT and OT Security
SECURITYWEEK.COM — 10 Mar 2026
🕵️
Webinar Today: Securing Fragile OT in an Exposed World
SECURITYWEEK.COM — 10 Mar 2026
🕵️
CyberheistNews Vol 16 #10 How to Spot a Phishing Website Before It Steals Your Data
KNOWBE4.COM — 10 Mar 2026
🕵️
Jazz Emerges From Stealth With $61M in Funding for AI-Powered DLP
SECURITYWEEK.COM — 10 Mar 2026
🕵️
Readable Code Might Improve Security
YOUTUBE.COM — 2026-03-10
🕵️
Yes, You Need AI to Defeat AI
KNOWBE4.COM — 10 Mar 2026
🕵️
Sednit reloaded: Back in the trenches
WELIVESECURITY.COM — 10 Mar 2026
🌐
The New Turing Test: How Threats Use Geometry to Prove 'Humanness'
BLEEPINGCOMPUTER.COM — 10 Mar 2026
🌐
New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network
BLEEPINGCOMPUTER.COM — 10 Mar 2026
🌐
KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet
THEHACKERNEWS.COM — 10 Mar 2026
🌐
New 'Zombie ZIP' technique lets malware slip past security tools
BLEEPINGCOMPUTER.COM — 10 Mar 2026
🌐
New BeatBanker Android malware poses as Starlink app to hijack devices
BLEEPINGCOMPUTER.COM — 10 Mar 2026
🌐
BeatBanker: A dual‑mode Android Trojan
SECURELIST.COM — 10 Mar 2026
📡
CISOs in a Pinch: A Security Analysis of OpenClaw
TRENDMICRO.COM — 10 Mar 2026
📡
How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows
THEHACKERNEWS.COM — 10 Mar 2026
📡
Microsoft brings phishing-resistant Windows sign-ins via Entra passkeys
BLEEPINGCOMPUTER.COM — 10 Mar 2026
📡
Twitter suspended 800 million accounts last year – so why does manipulation remain so rampant?
BITDEFENDER.COM — 10 Mar 2026
📡
Windows 11 KB5079473 & KB5078883 cumulative updates released
BLEEPINGCOMPUTER.COM — 10 Mar 2026
📡
HPE warns of critical AOS-CX flaw allowing admin password resets
BLEEPINGCOMPUTER.COM — 10 Mar 2026
📡
Mental health apps are leaking your private thoughts. How do you protect yourself? | Kaspersky official blog
KASPERSKY.COM — 10 Mar 2026
📡
Mandiant’s founder just raised $190M for his autonomous AI agent security startup
TECHCRUNCH.COM — 10 Mar 2026
📡
Investigating multi-vector attacks in Log Explorer
CLOUDFLARE.COM — 10 Mar 2026
📡
Security is a team sport: AWS at RSAC 2026 Conference
AWS.AMAZON.COM — 10 Mar 2026
📡
AWS Security Hub is expanding to unify security operations across multicloud environments
AWS.AMAZON.COM — 10 Mar 2026
🚨
Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalogsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/03/hikvision-and-rockwell-automation-cvss.html
KEVSH.ITJUST.WORKS — 9 Mar 2026
🚨
CISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2021-22054 Omnissa Workspace ONE Server-Side Request Forgery CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Vul…
KEVCISA.GOV — Mon, 09 Mar 26 1
🐛
Critical ExifTool Vulnerability Allows Malicious Images to Execute Code on macOS
GBHACKERS.COM — 09 Mar 2026
🐛
Nginx UI Vulnerabilities Let Attackers Download Full System Backups
GBHACKERS.COM — 09 Mar 2026
🐛
1-Click ZITADEL Vulnerability Could Allow Full System Takeover
GBHACKERS.COM — 09 Mar 2026
🐛
Apache ZooKeeper Flaw Exposes Sensitive Data to Attackers
GBHACKERS.COM — 09 Mar 2026
🐛
Vaultwarden Vulnerabilities Enable Privilege Escalation and Data Exposure
GBHACKERS.COM — 09 Mar 2026
🐛
CVE program funding secured, easing fears of repeat crisis
CSOONLINE.COM — 09 Mar 2026
🐛
ZDI-26-172: Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability
ZERODAYINITIATIVE.COM — 09 Mar 2026
🐛
ZDI-26-171: Unraid Update Request Path Traversal Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 09 Mar 2026
🐛
VU#976247: Retraction of "Antivirus and Endpoint Detection and Response Archive Scanning Engines may not properly scan malformed ZIP archives"
KB.CERT.ORG — 2026-03-09
⚠️
Coruna iOS Exploit Kit Goes Mass-Market: Cybersecurity Today for March 9, 2026 with David Shipley
CYBERSECURITYTODAY.LIBSYN.COM — 09 Mar 2026
⚠️
CISA Alerts Users to Actively Exploited Vulnerabilities Impacting macOS and iOS
KEVGBHACKERS.COM — 09 Mar 2026
⚠️
WiFi Signals Can Track Human Activity Through Walls by Mapping Body Keypoints
GBHACKERS.COM — 09 Mar 2026
⚠️
TrendAI™ at [un]prompted 2026: From KYC Exploits to Agentic Defense
TRENDMICRO.COM — 09 Mar 2026
⚠️
PQC roadmap remains hazy as vendors race for early advantage
CSOONLINE.COM — 09 Mar 2026
⚠️
Hikvision Multiple Product Vulnerability Could Let Attackers Escalate Privileges
KEVGBHACKERS.COM — 09 Mar 2026
⚠️
ExifTool Vulnerability Lets Malicious Images Trigger macOS Code Execution
GBHACKERS.COM — 09 Mar 2026
⚠️
4 ways to prepare your SOC for agentic AI
CSOONLINE.COM — 09 Mar 2026
⚠️
Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure
THEHACKERNEWS.COM — 09 Mar 2026
⚠️
Rogues gallery: 15 worst ransomware groups active today
CSOONLINE.COM — 09 Mar 2026
⚠️
Breaking in with CrashFix, supply chain security, and CMMC phase 1 - ESW #449
YOUTUBE.COM — 2026-03-09
⚠️
New Attack Against Wi-Fi
SCHNEIER.COM — 2026-03-09
⚠️
Cyber Espionage Group CL-UNK-1068 Linked to China Targets Asian Infrastructure
GBHACKERS.COM — 09 Mar 2026
⚠️
OpenAI says Codex Security found 11,000 high-impact bugs in a month
CSOONLINE.COM — 09 Mar 2026
⚠️
CISA warns feds to patch iOS flaws exploited in crypto-theft attacks
SH.ITJUST.WORKS — 9 Mar 2026
⚠️
⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware
THEHACKERNEWS.COM — 09 Mar 2026
⚠️
Open-source tool Sage puts a security layer between AI agents and the OS
SH.ITJUST.WORKS — 9 Mar 2026
⚠️
Open-source tool Sage puts a security layer between AI agents and the OS
SH.ITJUST.WORKS — 9 Mar 2026
⚠️
ShinyHunters claims ongoing Salesforce Aura data theft attacks
BLEEPINGCOMPUTER.COM — 09 Mar 2026
⚠️
Ericsson US discloses data breach after service provider hack
BLEEPINGCOMPUTER.COM — 09 Mar 2026
⚠️
Google: Cloud attacks exploit flaws more than weak credentials
BLEEPINGCOMPUTER.COM — 09 Mar 2026
⚠️
My Really Fun RSA 2026 Presentations!
MEDIUM.COM — 09 Mar 2026
⚠️
Fixing request smuggling vulnerabilities in Pingora OSS deployments
CLOUDFLARE.COM — 09 Mar 2026
⚠️
Active defense: introducing a stateful vulnerability scanner for APIs
CLOUDFLARE.COM — 09 Mar 2026
📢
Tarnung als Taktik: Warum Ransomware-Angriffe raffinierter werden
CSOONLINE.COM — 09 Mar 2026
📢
Your KnowBe4 Fresh Compliance Plus Content Updates | February 2026
KNOWBE4.COM — 09 Mar 2026
📢
CMMC Is Now In Contracts
YOUTUBE.COM — 2026-03-09
📢
IBM security advisory (AV26-200)
CYBER.GC.CA — 2026-03-09
📢
Red Hat security advisory (AV26-202)
CYBER.GC.CA — 2026-03-09
📢
Ubuntu security advisory (AV26-201)
CYBER.GC.CA — 2026-03-09
📢
[Control systems] CISA ICS security advisories (AV26–204)
CYBER.GC.CA — 2026-03-09
📢
Dell security advisory (AV26-203)
CYBER.GC.CA — 2026-03-09
📢
[Control Systems] Moxa security advisory (AV26-205)
CYBER.GC.CA — 2026-03-09
📢
Mozilla security advisory (AV26-207)
CYBER.GC.CA — 2026-03-09
📢
Microsoft Edge security advisory (AV26-206)
CYBER.GC.CA — 2026-03-09
📢
From Alerts to Action: Making Public–Private Threat Intel Actually Useful - Ian Washburn - CSP #222
YOUTUBE.COM — 2026-03-09
📢
9 Must-Know Best Practices for Email Security
KNOWBE4.COM — 09 Mar 2026
📢
Ivanti security advisory (AV26-113) – Update 1
CYBER.GC.CA — 2026-03-09
🔥
Countries with Most Personal Records Leaked in Data Breaches (2004-2025)
INFOSEC.PUB — 9 Mar 2026
🔥
Countries with Most Personal Records Leaked in Data Breaches (2004-2025)
PROGRAMMING.DEV — 9 Mar 2026
🔥
Countries with Most Personal Records Leaked in Data Breaches (2004-2025)
SH.ITJUST.WORKS — 9 Mar 2026
🔥
Microsoft: Fake AI Extensions Breached Chat Histories in 20,000+ Enterprise Tenants
GBHACKERS.COM — 09 Mar 2026
🔥
Why Password Audits Miss the Accounts Attackers Actually Want
BLEEPINGCOMPUTER.COM — 09 Mar 2026
🔥
Russian-backed hackers have gained access to Signal and WhatsApp accounts used ‌by officials, military personnel and journalists, as claimed by two intelligence agencies in the Netherlands.
INFOSEC.PUB — 9 Mar 2026
🔥
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
THEHACKERNEWS.COM — 09 Mar 2026
🔥
Salt Typhoon is hacking the world’s phone and internet giants. Here’s everywhere that’s been hit.
TECHCRUNCH.COM — 09 Mar 2026
🕵️
ISC Stormcast For Monday, March 9th, 2026 https://isc.sans.edu/podcastdetail/9840, (Mon, Mar 9th)
ISC.SANS.EDU — 09 Mar 2026
🕵️
Transparent Tribe’s ‘Vibeware’ Move Points to AI-Made Malware at Scale
GBHACKERS.COM — 09 Mar 2026
🕵️
Cybercrime Group in Vietnam Enables Massive Fraudulent Signups
GBHACKERS.COM — 09 Mar 2026
🕵️
ClipXDaemon Malware Targets Crypto Users in Linux X11 Sessions
GBHACKERS.COM — 09 Mar 2026
🕵️
NIS-2: Tausende reißen BSI-Frist und riskieren Strafen
CSOONLINE.COM — 09 Mar 2026
🕵️
MaaS VIP Keylogger Campaign Uses Steganography to Steal Credentials at Scale
GBHACKERS.COM — 09 Mar 2026
🕵️
Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign
SECURITYWEEK.COM — 09 Mar 2026
🕵️
Iran-Linked Hackers Target U.S. Critical Infrastructure Amid Rising Cyber Threats
GBHACKERS.COM — 09 Mar 2026
🕵️
Internet Infrastructure TLD .arpa Abused in Phishing Attacks
SECURITYWEEK.COM — 09 Mar 2026
🕵️
Iran-linked APT targets US critical sectors with new backdoors - Help Net Security
SH.ITJUST.WORKS — 9 Mar 2026
🕵️
BoryptGrab Malware Abuses GitHub to Steal Browser and Crypto Wallet Data
GBHACKERS.COM — 09 Mar 2026
🕵️
Mentorship Monday - Discussions for career and learning!
INFOSEC.PUB — 9 Mar 2026
🕵️
ClickFix Attack Uses Windows Terminal to Evade Detection
SECURITYWEEK.COM — 09 Mar 2026
🕵️
900+ Certificates Used by Fortune 500, Governments Exposed by Key Leaks
SH.ITJUST.WORKS — 9 Mar 2026
🕵️
Fake CleanMyMac Site Spreads SHub Stealer, Targets Crypto Wallets
GBHACKERS.COM — 09 Mar 2026
🕵️
FBI Investigating ‘Suspicious’ Cyber Activity on System Holding Sensitive Surveillance Information - SecurityWeek
SH.ITJUST.WORKS — 9 Mar 2026
🕵️
Secure agentic AI for your Frontier Transformation
MICROSOFT.COM — 09 Mar 2026
🕵️
Security Risk Advisors Releases “The Purple Perspective 2026” Report
GBHACKERS.COM — 09 Mar 2026
🕵️
Cybersecurity M&A Roundup: 42 Deals Announced in February 2026
SECURITYWEEK.COM — 09 Mar 2026
🕵️
AI-to-AI Communication and Secret AI Code Must Be Stopped At All Costs
KNOWBE4.COM — 09 Mar 2026
🕵️
Stop Credential Stealers With This
YOUTUBE.COM — 2026-03-09
🕵️
Announcing Prisma AIRS Availability in Singapore Region
PALOALTONETWORKS.COM — 09 Mar 2026
🕵️
From Narrative to Knowledge Graph | LLM-Driven Information Extraction in Cyber Threat Intelligence
SENTINELONE.COM — 09 Mar 2026
🌐
Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
THEHACKERNEWS.COM — 09 Mar 2026
🌐
Can the Security Platform Finally Deliver for the Mid-Market?
THEHACKERNEWS.COM — 09 Mar 2026
🌐
Microsoft Teams phishing targets employees with backdoors
BLEEPINGCOMPUTER.COM — 09 Mar 2026
📡
Ring’s Jamie Siminoff has been trying to calm privacy fears since the Super Bowl, but his answers may not help
TECHCRUNCH.COM — 09 Mar 2026
📡
Microsoft still working to fix Windows Explorer white flashes
BLEEPINGCOMPUTER.COM — 09 Mar 2026
📡
Encrypted Client Hello: Ready for Prime Time&#x3f;, (Mon, Mar 9th)
ISC.SANS.EDU — 09 Mar 2026
📡
FBI warns of phishing attacks impersonating US city, county officials
BLEEPINGCOMPUTER.COM — 09 Mar 2026
📡
Russian government hackers targeting Signal and WhatsApp users, Dutch spies warn
TECHCRUNCH.COM — 09 Mar 2026
📡
Microsoft Teams will tag third-party bots trying to join meetings
BLEEPINGCOMPUTER.COM — 09 Mar 2026
📡
OpenAI acquires Promptfoo to secure its AI agents
TECHCRUNCH.COM — 09 Mar 2026
📡
Dutch govt warns of Signal, WhatsApp account hijacking attacks
BLEEPINGCOMPUTER.COM — 09 Mar 2026
🐛
Recent Cisco Catalyst SD-WAN Vulnerability Now Widely Exploited
SECURITYWEEK.COM — 08 Mar 2026
⚠️
Feds take notice of iOS vulnerabilities exploited under mysterious circumstances
SH.ITJUST.WORKS — 8 Mar 2026
📢
Brazilian Federal Police can reportedly reverse WhatsApp's "view once" messages
SH.ITJUST.WORKS — 8 Mar 2026
🕵️
Hackers abuse .arpa DNS and ipv6 to evade phishing defenses
BLEEPINGCOMPUTER.COM — 08 Mar 2026
📡
EU court adviser says banks must immediately refund phishing victims
BLEEPINGCOMPUTER.COM — 08 Mar 2026
📡
How AI Assistants are Moving the Security Goalposts
KREBSONSECURITY.COM — 08 Mar 2026
⚠️
Claude AI Exposes 22 Firefox Vulnerabilities in Just Two Weeks
GBHACKERS.COM — 07 Mar 2026
⚠️
Cybersecurity Today Month in Review: World In Turmoil
CYBERSECURITYTODAY.LIBSYN.COM — 07 Mar 2026
⚠️
OpenAI’s Codex Security Built to Automate Vulnerability Discovery and Remediation
GBHACKERS.COM — 07 Mar 2026
⚠️
What Is OSINT?
KNOWBE4.COM — 07 Mar 2026
🔥
Microsoft: Hackers abusing AI at every stage of cyberattacks
BLEEPINGCOMPUTER.COM — 07 Mar 2026
🔥
Termite ransomware breaches linked to ClickFix CastleRAT attacks
BLEEPINGCOMPUTER.COM — 07 Mar 2026
🕵️
FBI Investigating ‘Suspicious’ Cyber Activity on System Holding Sensitive Surveillance Information
SECURITYWEEK.COM — 07 Mar 2026
🕵️
YARA-X 1.14.0 Release, (Sat, Mar 7th)
ISC.SANS.EDU — 07 Mar 2026
🕵️
Malicious Browser Add‑on Targets imToken Users’ Private Keys
GBHACKERS.COM — 07 Mar 2026
🕵️
Pentagon’s Chief Tech Officer Says He Clashed With AI Company Anthropic Over Autonomous Warfare
SECURITYWEEK.COM — 07 Mar 2026
🕵️
Over 100 GitHub Repositories Distributing BoryptGrab Stealer
SECURITYWEEK.COM — 07 Mar 2026
🕵️
Android Devices Shipping With Malware
YOUTUBE.COM — 2026-03-07
🕵️
US Cyber Strategy Targets Adversaries, Critical Infrastructure, and Emerging Technologies
SECURITYWEEK.COM — 07 Mar 2026
📡
Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
THEHACKERNEWS.COM — 07 Mar 2026
📡
OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues
THEHACKERNEWS.COM — 07 Mar 2026
🚨
Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV CatalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The critical-severity vulnerabi…
KEVTHEHACKERNEWS.COM — 06 Mar 2026
🚨
CISA Adds iOS Flaws From Coruna Exploit Kit to KEV ListThe nation-state-grade iOS exploit kit targets 23 vulnerabilities affecting iOS 13 to 17.2.1. The post CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List appeared first on SecurityWeek .
KEVSECURITYWEEK.COM — 06 Mar 2026
🐛
WordPress Membership Plugin Flaw Lets Attackers Create Admin Accounts
GBHACKERS.COM — 06 Mar 2026
🐛
Zero-day exploits hit enterprises faster and harder
CSOONLINE.COM — 06 Mar 2026
🐛
Apache ActiveMQ Flaw Enables DoS Attacks via Malformed Network Packets
GBHACKERS.COM — 06 Mar 2026
🐛
AVideo Platform Vulnerability Allows Hackers to Hijack Streams via Zero-Click Command Injection
GBHACKERS.COM — 06 Mar 2026
🐛
ZDI-26-170: GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
🐛
ZDI-26-169: GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
🐛
ZDI-26-168: GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
🐛
ZDI-26-167: GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
🐛
ZDI-26-166: GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
🐛
ZDI-26-165: GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
🐛
ZDI-26-164: GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
🐛
ZDI-26-163: GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
🐛
ZDI-26-162: GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
🐛
ZDI-26-161: GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
🐛
ZDI-26-160: (Pwn2Own) Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
🐛
ZDI-26-159: (Pwn2Own) Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
🐛
ZDI-26-158: (Pwn2Own) Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
🐛
ZDI-26-157: (Pwn2Own) Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
🐛
ZDI-26-156: (Pwn2Own) Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
🐛
ZDI-26-155: (Pwn2Own) Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
🐛
ZDI-26-154: (Pwn2Own) Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
🐛
ZDI-26-153: (Pwn2Own) Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
🐛
ZDI-26-152: Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
🐛
ZDI-26-151: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 06 Mar 2026
⚠️
LeakBase marketplace unplugged by cops in 14 countries
CSOONLINE.COM — 06 Mar 2026
⚠️
Europa im Visier von Cyber-Identitätsdieben
CSOONLINE.COM — 06 Mar 2026
⚠️
Google Uncovers 90 Zero-Day Vulnerabilities Under Active Exploitation in 2025
KEVGBHACKERS.COM — 06 Mar 2026
⚠️
FBI Detains U.S. Government Contractor in Massive $46 Million Fraud Scheme
GBHACKERS.COM — 06 Mar 2026
⚠️
Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer
THEHACKERNEWS.COM — 06 Mar 2026
⚠️
Challenges and projects for the CISO in 2026
CSOONLINE.COM — 06 Mar 2026
⚠️
AWS-LC Flaw Exposes Amazon Users to Attacks by Bypassing Certificate Chain Validation
GBHACKERS.COM — 06 Mar 2026
⚠️
Teenage hacker myth primed for a middle-age criminal makeover
CSOONLINE.COM — 06 Mar 2026
⚠️
Claude Used to Hack Mexican Government
SCHNEIER.COM — 2026-03-06
⚠️
Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks
SECURITYWEEK.COM — 06 Mar 2026
⚠️
Google: Half of 2025's 90 Exploited Zero-Days Aimed at Enterprises - SecurityWeek
SH.ITJUST.WORKS — 6 Mar 2026
⚠️
RMM Tools Crucial for IT Operations, But Growing Threat as Attackers Weaponize Them
GBHACKERS.COM — 06 Mar 2026
⚠️
Targeted advertising is also targeting malware
CSOONLINE.COM — 06 Mar 2026
⚠️
Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities
SH.ITJUST.WORKS — 6 Mar 2026
⚠️
WordPress membership plugin bug exploited to create admin accounts
SH.ITJUST.WORKS — 6 Mar 2026
⚠️
Your KnowBe4 Fresh Content Updates from February 2026
KNOWBE4.COM — 06 Mar 2026
⚠️
What Tools Do Hackers Use to Weaponize Emails?
KNOWBE4.COM — 06 Mar 2026
⚠️
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
BLEEPINGCOMPUTER.COM — 06 Mar 2026
⚠️
Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
THEHACKERNEWS.COM — 06 Mar 2026
⚠️
CISA warns of Apple flaws exploited in spyware, crypto-theft attacks
BLEEPINGCOMPUTER.COM — 06 Mar 2026
⚠️
OAuth vulnerability in n8n automation platform could lead to system compromise
CSOONLINE.COM — 06 Mar 2026
⚠️
How hackers bypassed MFA with a $120 phishing kit – until a global takedown shut it down
BITDEFENDER.COM — 06 Mar 2026
⚠️
Only 30 minutes per quarter on cyber risk: Why CISO-board conversations are falling short
CSOONLINE.COM — 06 Mar 2026
⚠️
ClickFix attackers using new tactic to evade detection, says Microsoft
CSOONLINE.COM — 06 Mar 2026
⚠️
Iran vs Everyone: 2FA-Bypass Phish, APT41 Drive, iOS 0days, Josh Marpet, and More - SWN #561
YOUTUBE.COM — 2026-03-06
⚠️
Trump’s cyber strategy emphasizes offensive operations, deregulation, AI
CSOONLINE.COM — 06 Mar 2026
⚠️
Proactive Preparation and Hardening Against Destructive Attacks: 2026 Edition
CLOUD.GOOGLE.COM — 06 Mar 2026
⚠️
How to scan for vulnerabilities with GitHub Security Lab’s open source AI-powered framework
GITHUB.BLOG — 06 Mar 2026
📢
France's health ministry has confirmed a data breach involving the exposure of administrative information for 15.8 million patients and sensitive doctors' notes for approximately 165,000 individuals
PROGRAMMING.DEV — 6 Mar 2026
📢
France's health ministry has confirmed a data breach involving the exposure of administrative information for 15.8 million patients and sensitive doctors' notes for approximately 165,000 individuals
SH.ITJUST.WORKS — 6 Mar 2026
📢
Wikipedia Hit By JavaScript Worm, ICE Contractor Data Base Leaked and more...
CYBERSECURITYTODAY.LIBSYN.COM — 06 Mar 2026
📢
Microsoft 365 Backup to add file-level restore for faster recovery
BLEEPINGCOMPUTER.COM — 06 Mar 2026
📢
FBI wiretap system tapped by hackers
CSOONLINE.COM — 06 Mar 2026
📢
Friday Squid Blogging: Squid in Byzantine Monk Cooking
SCHNEIER.COM — 2026-03-06
🔥
A ransomware attack on August 31, 2025, compromised the data of 1.2 million at the University of Hawaiʻi Cancer Center, targeting research servers but sparing clinical operations
PROGRAMMING.DEV — 6 Mar 2026
🔥
A ransomware attack on August 31, 2025, compromised the data of 1.2 million at the University of Hawaiʻi Cancer Center, targeting research servers but sparing clinical operations
SH.ITJUST.WORKS — 6 Mar 2026
🔥
FBI investigates breach of surveillance and wiretap systems
BLEEPINGCOMPUTER.COM — 06 Mar 2026
🔥
Iranian APT Hacked US Airport, Bank, Software Company
SECURITYWEEK.COM — 06 Mar 2026
🔥
FBI investigating ‘suspicious’ cyber activities on critical surveillance network | CNN Politics
INFOSEC.PUB — 6 Mar 2026
🔥
TriZetto confirms 3.4M people’s health and personal data was stolen during breach
TECHCRUNCH.COM — 06 Mar 2026
🔥
Ransomware Before Windows Even Starts
YOUTUBE.COM — 2026-03-06
🔥
In Other News: FBI Hacked, US Security Pro Killed in Iran War, Hijacked Cameras Used in Khamenei Strike
SECURITYWEEK.COM — 06 Mar 2026
🔥
Cognizant TriZetto breach exposes health data of 3.4 million patients
BLEEPINGCOMPUTER.COM — 06 Mar 2026
🔥
Data Loss Prevention (DLP): What It Is, Types, and Solutions
KNOWBE4.COM — 06 Mar 2026
🔥
Ransomware attacks on schools and colleges | Kaspersky official blog
KASPERSKY.COM — 06 Mar 2026
🕵️
ISC Stormcast For Friday, March 6th, 2026 https://isc.sans.edu/podcastdetail/9838, (Fri, Mar 6th)
ISC.SANS.EDU — 06 Mar 2026
🕵️
Microsoft, working with Europol, authorities from 6 countries, and 11 security organizations, disrupted the Tycoon 2FA phishing-as-a-service platform on seizing 330 domains
PROGRAMMING.DEV — 6 Mar 2026
🕵️
Microsoft, working with Europol, authorities from 6 countries, and 11 security organizations, disrupted the Tycoon 2FA phishing-as-a-service platform on seizing 330 domains
SH.ITJUST.WORKS — 6 Mar 2026
🕵️
China-Nexus Hackers Target Telecommunication Providers with New Malware Attack
GBHACKERS.COM — 06 Mar 2026
🕵️
New Linux Rootkits Leverage Advanced eBPF and io_uring Techniques for Stealthy Attacks
GBHACKERS.COM — 06 Mar 2026
🕵️
Data Security Firm Evervault Raises $25 Million in Series B Funding
SECURITYWEEK.COM — 06 Mar 2026
🕵️
China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
THEHACKERNEWS.COM — 06 Mar 2026
🕵️
James ‘Aaron’ Bishop Tapped to Serve as New Pentagon CISO
SECURITYWEEK.COM — 06 Mar 2026
🕵️
Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware
SH.ITJUST.WORKS — 6 Mar 2026
🕵️
PleaseFix Flaw Lets Hackers Access 1Password Vault via Comet AI Browser
SH.ITJUST.WORKS — 6 Mar 2026
🕵️
2024 TfL hack affected around 10 million people, BBC can reveal
SH.ITJUST.WORKS — 6 Mar 2026
🕵️
Off-Topic Friday
INFOSEC.PUB — 6 Mar 2026
🕵️
Fake Claude Code install guides push infostealers in InstallFix attacks
BLEEPINGCOMPUTER.COM — 06 Mar 2026
🕵️
Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India
THEHACKERNEWS.COM — 06 Mar 2026
🕵️
ArmorCode Raises $16 Million for Exposure Management Platform
SECURITYWEEK.COM — 06 Mar 2026
🕵️
Anthropic and the Pentagon
SCHNEIER.COM — 2026-03-06
🕵️
AI as tradecraft: How threat actors operationalize AI
MICROSOFT.COM — 06 Mar 2026
🕵️
Fake Calendar Invitations Move to Microsoft Outlook
KNOWBE4.COM — 06 Mar 2026
🕵️
How the National Cyber Strategy Secures Our Digital Way of Life
PALOALTONETWORKS.COM — 06 Mar 2026
🕵️
APT Attack Hiding In Plain Sight
YOUTUBE.COM — 2026-03-06
🌐
Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor
THEHACKERNEWS.COM — 06 Mar 2026
📡
Ghanain man pleads guilty to role in $100 million fraud ring
BLEEPINGCOMPUTER.COM — 06 Mar 2026
📡
The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity
THEHACKERNEWS.COM — 06 Mar 2026
📡
Anthropic’s Claude found 22 vulnerabilities in Firefox over two weeks
TECHCRUNCH.COM — 06 Mar 2026
📡
What cybersecurity actually does for your business
WELIVESECURITY.COM — 06 Mar 2026
🚨
CISA Adds Five Known Exploited Vulnerabilities to CatalogCISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2017-7921 Hikvision Multiple Products Improper Authentication Vulnerability CVE-2021-22681 Rockwell Multiple Products Insufficient Protecte…
KEVCISA.GOV — Thu, 05 Mar 26 1
🐛
14 old software bugs that took way too long to squash
CSOONLINE.COM — 05 Mar 2026
🐛
Cisco Secure Firewall Management Flaw Allows Remote Code Execution
GBHACKERS.COM — 05 Mar 2026
🐛
CVE-2026-23234 f2fs: fix to avoid UAF in f2fs_write_end_io()
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
CVE-2026-23235 f2fs: fix out-of-bounds access in sysfs attribute read/write
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
CVE-2026-23237 platform/x86: classmate-laptop: Add missing NULL pointer checks
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
CVE-2026-23238 romfs: check sb_set_blocksize() return value
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
CVE-2026-3336 PKCS7_verify Certificate Chain Validation Bypass in AWS-LC
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
CVE-2026-0038 In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
CVE-2026-23865 An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
CVE-2026-23236 fbdev: smscufx: properly copy ioctl memory to kernelspace
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
CVE-2025-71238 scsi: qla2xxx: Fix bsg_done() causing double free
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
CVE-2026-23231 netfilter: nf_tables: fix use-after-free in nf_tables_addchain()
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
CVE-2026-3338 PKCS7_verify Signature Validation Bypass in AWS-LC
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
Critical pac4j-jwt Authentication Bypass Vulnerability Allows Attackers to Impersonate Any User
GBHACKERS.COM — 05 Mar 2026
🐛
CVE-2025-8732 libxml2 xmlcatalog xmlParseSGMLCatalog recursion
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the Wild
KEVSECURITYWEEK.COM — 05 Mar 2026
🐛
CVE-2026-24821 A heap-based buffer over-read that might affect a system that compiles untrusted Lua code in turanszkij/WickedEngine.
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
CVE-2025-68121 Unexpected session resumption in crypto/tls
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
PoC Exploit for Cisco SD-WAN 0-Day Vulnerability Now Released, Actively Exploited in the Wild
KEVGBHACKERS.COM — 05 Mar 2026
🐛
New MongoDB Vulnerability Allows Attackers to Crash Servers, Exposing Critical Data
GBHACKERS.COM — 05 Mar 2026
🐛
Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities
THEHACKERNEWS.COM — 05 Mar 2026
🐛
Cisco issues emergency patches for critical firewall vulnerabilities
CSOONLINE.COM — 05 Mar 2026
🐛
CVE-2026-23651 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
CVE-2026-21536 Microsoft Devices Pricing Program Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
CVE-2026-26124 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
CVE-2026-26125 Payment Orchestrator Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
CVE-2026-26122 Microsoft ACI Confidential Containers Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 05 Mar 2026
🐛
Look What You Made Us Patch: 2025 Zero-Days in Review
KEVCLOUD.GOOGLE.COM — 05 Mar 2026
⚠️
Smashing Security podcast #457: How a cybersecurity boss framed his own employee
GRAHAMCLULEY.COM — 05 Mar 2026
⚠️
Microsoft leads takedown of Tycoon2FA phishing service infrastructure
CSOONLINE.COM — 05 Mar 2026
⚠️
Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks
SECURITYWEEK.COM — 05 Mar 2026
⚠️
Operation Leak: Authorities Dismantle LeakBase Forum, Secure User Data and IP Logs
GBHACKERS.COM — 05 Mar 2026
⚠️
Cisco Catalyst SD-WAN Flaws Expose Devices to Root Access, Threatening Network Security
GBHACKERS.COM — 05 Mar 2026
⚠️
State-affiliated hackers set up for critical OT attacks that operators may not detect
CSOONLINE.COM — 05 Mar 2026
⚠️
Cisco Secure Firewall Vulnerability Exposes Networks to Authentication Bypass Attacks
GBHACKERS.COM — 05 Mar 2026
⚠️
Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks
THEHACKERNEWS.COM — 05 Mar 2026
⚠️
FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials
THEHACKERNEWS.COM — 05 Mar 2026
⚠️
RedAlert Mobile Espionage Campaign Exploits Trojanized Rocket Alert App to Spy on Civilians
GBHACKERS.COM — 05 Mar 2026
⚠️
Reclaim Security Raises $26M to Eliminate the 27-Day Remediation Gap
GBHACKERS.COM — 05 Mar 2026
⚠️
Google Rolls Out Emergency Chrome Update to Patch 10 Critical Security Vulnerabilities
GBHACKERS.COM — 05 Mar 2026
⚠️
ClickFix Campaign Exploits Fake LinkedIn VCs to Spread Malware Among Crypto and Web3 Experts
GBHACKERS.COM — 05 Mar 2026
⚠️
Top 10 Best Cybersecurity Marketing Agencies to Watch in 2026
GBHACKERS.COM — 05 Mar 2026
⚠️
Cisco flags more SD-WAN flaws as actively exploited in attacks
KEVBLEEPINGCOMPUTER.COM — 05 Mar 2026
⚠️
APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine
THEHACKERNEWS.COM — 05 Mar 2026
⚠️
Where Multi-Factor Authentication Stops and Credential Abuse Starts
THEHACKERNEWS.COM — 05 Mar 2026
⚠️
DPRK Hackers Target Crypto Firms, Steal Keys and Cloud Assets in Coordinated Attacks
GBHACKERS.COM — 05 Mar 2026
⚠️
Police dismantles online gambling ring exploiting Ukrainian women
BLEEPINGCOMPUTER.COM — 05 Mar 2026
⚠️
Threat Actors Exploit Fake Claude Code Downloads to Deploy Infostealer Malware
GBHACKERS.COM — 05 Mar 2026
⚠️
Coruna iOS exploit kit moved from spy tool to mass criminal campaign in under a year
CSOONLINE.COM — 05 Mar 2026
⚠️
Google: Half of 2025’s 90 Exploited Zero-Days Aimed at Enterprises
SECURITYWEEK.COM — 05 Mar 2026
⚠️
Google says 90 zero-days were exploited in attacks last year
KEVBLEEPINGCOMPUTER.COM — 05 Mar 2026
⚠️
Google says half of all zero-days it tracked in 2025 targeted buggy enterprise tech
TECHCRUNCH.COM — 05 Mar 2026
⚠️
WordPress membership plugin bug exploited to create admin accounts
BLEEPINGCOMPUTER.COM — 05 Mar 2026
⚠️
Email Security: What It Is, How It Works, and Best Protection Methods
KNOWBE4.COM — 05 Mar 2026
⚠️
A Vulnerability in pac4j-jwt (JwtAuthenticator) Could Allow for Authentication Bypass
CISECURITY.ORG — 05 Mar 2026
⚠️
Multiple Vulnerabilities in Cisco Products Could Allow for Remote Code Execution
CISECURITY.ORG — 05 Mar 2026
⚠️
On the Effectiveness of Mutational Grammar Fuzzing
PROJECTZERO.GOOGLE — 2026-03-05
📢
Differentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning &#x5b;Guest Diary&#x5d;, (Wed, Mar 4th)
ISC.SANS.EDU — 05 Mar 2026
📢
Phobos ransomware admin pleads guilty to wire fraud conspiracy
BLEEPINGCOMPUTER.COM — 05 Mar 2026
📢
Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware
THEHACKERNEWS.COM — 05 Mar 2026
📢
OpenText security advisory (AV26-199)
CYBER.GC.CA — 2026-03-05
🔥
Cyberattack Alert: Hackers Impersonate LastPass Support to Steal Vault Passwords
GBHACKERS.COM — 05 Mar 2026
🔥
Hacked App Part of US/Israeli Propaganda Campaign Against Iran
SCHNEIER.COM — 2026-03-05
🔥
Russian Ransomware Operator Pleads Guilty in US
SECURITYWEEK.COM — 05 Mar 2026
🔥
Israel Hacked Traffic Cameras in Iran
SCHNEIER.COM — 2026-03-05
🔥
Wikipedia hit by self-propagating JavaScript worm that vandalized pages
BLEEPINGCOMPUTER.COM — 05 Mar 2026
🔥
Italian prosecutors confirm journalist was hacked with Paragon spyware
TECHCRUNCH.COM — 05 Mar 2026
🕵️
Online ads surpassed email as the primary malware channel in 2025, accounting for 60%+ of all observed malware and phishing campaigns
PROGRAMMING.DEV — 5 Mar 2026
🕵️
Online ads surpassed email as the primary malware channel in 2025, accounting for 60%+ of all observed malware and phishing campaigns
SH.ITJUST.WORKS — 5 Mar 2026
🕵️
Authorities from 14 countries shut down LeakBase, seize its domains, and arrest multiple people allegedly tied to the cybercrime forum, which had 142K+ members
PROGRAMMING.DEV — 5 Mar 2026
🕵️
Authorities from 14 countries shut down LeakBase, seize its domains, and arrest multiple people allegedly tied to the cybercrime forum, which had 142K+ members
SH.ITJUST.WORKS — 5 Mar 2026
🕵️
Tycoon 2FA Phishing Operation Dismantled in Joint Raid by Microsoft and Europol
GBHACKERS.COM — 05 Mar 2026
🕵️
Threat Actors Intensify Targeting of IP Cameras Across the Middle East Amid Ongoing Conflict
GBHACKERS.COM — 05 Mar 2026
🕵️
Cisco Patches Critical Vulnerabilities in Enterprise Networking Products
SECURITYWEEK.COM — 05 Mar 2026
🕵️
LeakBase Cybercrime Forum Shut Down, Suspects Arrested
SECURITYWEEK.COM — 05 Mar 2026
🕵️
Reclaim Security Raises $20 Million to Accelerate Remediation
SECURITYWEEK.COM — 05 Mar 2026
🕵️
ISC Stormcast For Thursday, March 5th, 2026 https://isc.sans.edu/podcastdetail/9836, (Thu, Mar 5th)
ISC.SANS.EDU — 05 Mar 2026
🕵️
RingH23 Threat Actors Target MacCMS and CDN Infrastructure with New Arsenal
GBHACKERS.COM — 05 Mar 2026
🕵️
Europol schließt riesigen Markt für gestohlene Daten
CSOONLINE.COM — 05 Mar 2026
🕵️
Europol: Großer Markt für gestohlene Daten geschlossen
CSOONLINE.COM — 05 Mar 2026
🕵️
Spear Phishing Attacks: Top 7 Signs to Watch For
KNOWBE4.COM — 05 Mar 2026
🕵️
I Wrote a Book About AI Sycophancy. I Didn’t Use AI to Write It.
INFOSEC.PUB — 5 Mar 2026
🕵️
Embrace Every Choice You Make
YOUTUBE.COM — 2026-03-05
🕵️
Navigating the U.S. Public Sector’s Unrelenting Cyber Crisis
KNOWBE4.COM — 05 Mar 2026
🕵️
Google Safe Browsing missed 84% of phishing sites we found in February
INFOSEC.PUB — 5 Mar 2026
🕵️
Malicious AI Assistant Extensions Harvest LLM Chat Histories
MICROSOFT.COM — 05 Mar 2026
🕵️
Women’s History Month: Encouraging women in cybersecurity at every career stage
MICROSOFT.COM — 05 Mar 2026
🕵️
riverside bios embedded edge zero footprint enterprise security
YOUTUBE.COM — 2026-03-05
🕵️
Threat Actors Abuse Messaging Platforms to Launch Phishing Attacks
KNOWBE4.COM — 05 Mar 2026
🕵️
Airsnitch, Claude, Hacking Firewalls - PSW #916
YOUTUBE.COM — 2026-03-05
🕵️
The Weak Spot in Encrypted WiFi
YOUTUBE.COM — 2026-03-05
🕵️
Chinese state hackers target telcos with new malware toolkit
BLEEPINGCOMPUTER.COM — 05 Mar 2026
🌐
ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine & More
THEHACKERNEWS.COM — 05 Mar 2026
🌐
New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages
TRENDMICRO.COM — 05 Mar 2026
🌐
Joint guidance on supply chain risks and mitigations for artificial intelligence and machine learning
CYBER.GC.CA — 2026-03-05
🌐
Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware
BLEEPINGCOMPUTER.COM — 05 Mar 2026
📡
How to disable unwanted AI assistants and features on your PC and smartphone | Kaspersky official blog
KASPERSKY.COM — 05 Mar 2026
📡
Preparing for the Quantum Era: Post-Quantum Cryptography Webinar for Security Leaders
THEHACKERNEWS.COM — 05 Mar 2026
📡
2026 Browser Data Reveals Major Enterprise Security Blind Spots
BLEEPINGCOMPUTER.COM — 05 Mar 2026
📡
Bypassing debug password protection on the RH850 family using fault injection
QUARKSLAB.COM — 2026-03-05
📡
Top 10 artificial intelligence security actions: A primer - ITSAP.10.049
CYBER.GC.CA — 2026-03-05
📡
CASI Leaderboard Shifts: Sugar-Coated Poison, and the Expanding AI Attack Surface
F5.COM — 05 Mar 2026
📡
FBI arrests suspect linked to $46M crypto theft from US Marshals
BLEEPINGCOMPUTER.COM — 05 Mar 2026
📡
FYI: Impersonators are (still) targeting companies with fake TechCrunch outreach
TECHCRUNCH.COM — 05 Mar 2026
📡
FBI investigating hack on its wiretap and surveillance systems: report
TECHCRUNCH.COM — 05 Mar 2026
📡
How SMBs use threat research and MDR to build a defensive edge
WELIVESECURITY.COM — 05 Mar 2026
📡
VU#772695: A flawed TLS handshake implementation affects Viber Proxy in multiple platforms
KB.CERT.ORG — 2026-03-05
📡
AWS completes the 2026 annual Dubai Electronic Security Centre (DESC) certification audit
AWS.AMAZON.COM — 05 Mar 2026
📡
2025 ISO and CSA STAR certificates are now available with one additional service and one new region
AWS.AMAZON.COM — 05 Mar 2026
🚨
CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV CatalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation in the wild. The high-severity vulnerabi…
KEVTHEHACKERNEWS.COM — 04 Mar 2026
🐛
VMware Aria Operations Vulnerability Exploited in the Wild
KEVSECURITYWEEK.COM — 04 Mar 2026
🐛
CISA Warns of VMware Aria Operations Vulnerability Actively Exploited in Attacks
KEVGBHACKERS.COM — 04 Mar 2026
🐛
CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve
MSRC.MICROSOFT.COM — 04 Mar 2026
🐛
CISA Warns Qualcomm Chipsets Memory Corruption Vulnerability Is Actively Exploited in Attacks
KEVGBHACKERS.COM — 04 Mar 2026
⚠️
AI-powered attack kits go open source, and CyberStrikeAI may be just the beginning
CSOONLINE.COM — 04 Mar 2026
⚠️
Malicious Laravel Packages Deploy PHP RAT, Grant Remote Access to Attackers
GBHACKERS.COM — 04 Mar 2026
⚠️
Thousands of iPhones Compromised in Massive Hack via Coruna Exploit Kit with 23 Vulnerabilities
GBHACKERS.COM — 04 Mar 2026
⚠️
AI Driven Warare
CYBERSECURITYTODAY.LIBSYN.COM — 04 Mar 2026
⚠️
Silver Dragon APT Group Exploits Google Drive for Covert Attacks on Europe, Asia
GBHACKERS.COM — 04 Mar 2026
⚠️
Microsoft Alerts Customers to New Phishing Attack Exploiting OAuth in Entra ID to Bypass Detection
GBHACKERS.COM — 04 Mar 2026
⚠️
How to know you’re a real-deal CSO — and whether that job opening truly seeks one
CSOONLINE.COM — 04 Mar 2026
⚠️
APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
THEHACKERNEWS.COM — 04 Mar 2026
⚠️
IPVanish VPN for macOS Flaw Enables Privilege Escalation and Code Execution
GBHACKERS.COM — 04 Mar 2026
⚠️
Critical FreeScout Vulnerability Leads to Full Server Compromise
SECURITYWEEK.COM — 04 Mar 2026
⚠️
Anthropic AI ultimatums and IP theft: The unspoken risk
CSOONLINE.COM — 04 Mar 2026
⚠️
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
THEHACKERNEWS.COM — 04 Mar 2026
⚠️
Want More XWorm&#x3f;, (Wed, Mar 4th)
ISC.SANS.EDU — 04 Mar 2026
⚠️
Perplexity’s Comet Browser Breached Through Calendar Invite Attack
GBHACKERS.COM — 04 Mar 2026
⚠️
Manipulating AI Summarization Features
SCHNEIER.COM — 2026-03-04
⚠️
New Threat Report: AI Accelerates High-Velocity Cyber Attacks
GBHACKERS.COM — 04 Mar 2026
⚠️
Honeywell Controllers Widely Exposed Without Authentication
GBHACKERS.COM — 04 Mar 2026
⚠️
Iranian cyberattacks fail to materialize but threat remains acute
CSOONLINE.COM — 04 Mar 2026
⚠️
Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1
THEHACKERNEWS.COM — 04 Mar 2026
⚠️
How a Brute Force Attack Unmasked a Ransomware Infrastructure Network
BLEEPINGCOMPUTER.COM — 04 Mar 2026
⚠️
Europol-coordinated action disrupts Tycoon2FA phishing platform
BLEEPINGCOMPUTER.COM — 04 Mar 2026
⚠️
Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations
TRENDMICRO.COM — 04 Mar 2026
⚠️
Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks
BLEEPINGCOMPUTER.COM — 04 Mar 2026
⚠️
Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers
BLEEPINGCOMPUTER.COM — 04 Mar 2026
⚠️
Enhanced access denied error messages with policy ARNs
AWS.AMAZON.COM — 04 Mar 2026
⚠️
Risky Business #827 -- Iranian cyber threat actors are down but not out
RISKY.BIZ — 04 Mar 2026
📋
Cisco warns of max severity Secure FMC flaws giving root access
BLEEPINGCOMPUTER.COM — 04 Mar 2026
📢
Windows 11 23H2 to 25H2 Upgrade Reportedly Disrupts Internet Connectivity for Users
GBHACKERS.COM — 04 Mar 2026
📢
AzCopy Utility Misused for Data Exfiltration in Ongoing Ransomware Attacks
GBHACKERS.COM — 04 Mar 2026
📢
Iran‑Linked “Dust Specter” APT Deploys AI‑Aided Malware Against Iraqi Officials
GBHACKERS.COM — 04 Mar 2026
📢
Google Chrome security advisory (AV26-194)
CYBER.GC.CA — 2026-03-04
📢
Tenable security advisory (AV26-195)
CYBER.GC.CA — 2026-03-04
📢
HPE security advisory (AV26-196)
CYBER.GC.CA — 2026-03-04
📢
Cisco security advisory (AV26-197)
CYBER.GC.CA — 2026-03-04
📢
Drupal security advisory (AV26-198)
CYBER.GC.CA — 2026-03-04
🔥
Hacktivist group “Department of Peace” claims to have breached a DHS tech‑procurement office, leaking ICE contract records involving over 6,000 vendors, including major defense and surveillance firms
PROGRAMMING.DEV — 4 Mar 2026
🔥
Hacktivist group “Department of Peace” claims to have breached a DHS tech‑procurement office, leaking ICE contract records involving over 6,000 vendors, including major defense and surveillance firms
SH.ITJUST.WORKS — 4 Mar 2026
🔥
LexisNexis Faces Data Breach After 2.04 GB of Data Allegedly Stolen
GBHACKERS.COM — 04 Mar 2026
🔥
Iranian APT Groups Intensify Cyberattacks on Critical Infrastructure Amid Rising Geopolitical Tensions
GBHACKERS.COM — 04 Mar 2026
🔥
VoidLink Malware Framework Targets Kubernetes and AI Workloads in New Cyber Attack Wave
GBHACKERS.COM — 04 Mar 2026
🔥
LastPass Warns of New Phishing Campaign
SECURITYWEEK.COM — 04 Mar 2026
🔥
Ransomware attack exposes 1.2 million University of Hawaii Cancer Center records | news | SC Media
SH.ITJUST.WORKS — 4 Mar 2026
🔥
How Pirated Software Turns Helpful Employees Into Malware Delivery Agents
SECURITYWEEK.COM — 04 Mar 2026
🔥
Paint maker giant AkzoNobel confirms cyberattack on U.S. site
SH.ITJUST.WORKS — 4 Mar 2026
🔥
LexisNexis says hackers accessed legacy data in contained breach | The Record from Recorded Future News
SH.ITJUST.WORKS — 4 Mar 2026
🔥
Mississippi medical center reopens clinics hit by ransomware attack
BLEEPINGCOMPUTER.COM — 04 Mar 2026
🔥
FBI seizes LeakBase cybercrime forum, data of 142,000 members
BLEEPINGCOMPUTER.COM — 04 Mar 2026
🔥
New LexisNexis Data Breach Confirmed After Hackers Leak Files
SECURITYWEEK.COM — 04 Mar 2026
🔥
AI Agents and the Revival of Hacking
YOUTUBE.COM — 2026-03-04
🔥
U.S. and EU police shut down LeakBase, a site accused of sharing stolen passwords and hacking tools
TECHCRUNCH.COM — 04 Mar 2026
🔥
Why AI, Zero Trust, and modern security require deep visibility
CSOONLINE.COM — 04 Mar 2026
🔥
AI Is Supercharging Phishing
YOUTUBE.COM — 2026-03-04
🕵️
ISC Stormcast For Wednesday, March 4th, 2026 https://isc.sans.edu/podcastdetail/9834, (Wed, Mar 4th)
ISC.SANS.EDU — 04 Mar 2026
🕵️
A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals
PROGRAMMING.DEV — 4 Mar 2026
🕵️
A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals
SH.ITJUST.WORKS — 4 Mar 2026
🕵️
Phishing Campaign Uses Google Cloud to Host Malicious Redirects via GCS Bucket
GBHACKERS.COM — 04 Mar 2026
🕵️
Building Trusted Automation as Leaders Struggle with AI Adoption and CISOs Hire - BSW #437
YOUTUBE.COM — 2026-03-04
🕵️
Global Coalition Publishes 6G Security and Resilience Principles
SECURITYWEEK.COM — 04 Mar 2026
🕵️
Webinar Today: Designing an OT SOC for Safety, Reliability, and Business Continuity
SECURITYWEEK.COM — 04 Mar 2026
🕵️
Google Plans Two-Week Release Schedule for Chrome
SECURITYWEEK.COM — 04 Mar 2026
🕵️
Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks - Infosecurity Magazine
SH.ITJUST.WORKS — 4 Mar 2026
🕵️
Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
SH.ITJUST.WORKS — 4 Mar 2026
🕵️
AI Security Firm JetStream Launches With $34 Million in Seed Funding
SECURITYWEEK.COM — 04 Mar 2026
🕵️
Threat actors weaponize OAuth redirection logic to deliver malware - Help Net Security
SH.ITJUST.WORKS — 4 Mar 2026
🕵️
How to Identify a Phishing Website
KNOWBE4.COM — 04 Mar 2026
🕵️
What are You Working on Wednesday
INFOSEC.PUB — 4 Mar 2026
🕵️
Hacker Conversations: Inti De Ceukelaire, Raging Against the Machine Creatively
SECURITYWEEK.COM — 04 Mar 2026
🕵️
Weird server requests
SH.ITJUST.WORKS — 4 Mar 2026
🕵️
Who’s Really in Control of AI?
YOUTUBE.COM — 2026-03-04
🕵️
Zurich Acquires Beazley in $11 Billion Deal to Lead Cyberinsurance
SECURITYWEEK.COM — 04 Mar 2026
🕵️
MY TAKE: ChatGPT is turning into Microsoft Office — and power users are paying the price
LASTWATCHDOG.COM — 04 Mar 2026
🕵️
Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale
MICROSOFT.COM — 04 Mar 2026
🕵️
Revolutionizing Linux Maintenance with Update Scripts
YOUTUBE.COM — 2026-03-04
🕵️
Phishing Simulation: How It Works to Reduce Risk
KNOWBE4.COM — 04 Mar 2026
🕵️
Hacker mass-mails HungerRush extortion emails to restaurant patrons
BLEEPINGCOMPUTER.COM — 04 Mar 2026
🕵️
Tycoon 2FA Phishing Platform Dismantled in Global Takedown
SECURITYWEEK.COM — 04 Mar 2026
🕵️
The 10-hour problem: How visibility gaps are burning out the SOC
CSOONLINE.COM — 04 Mar 2026
🕵️
TurboTax SMS Scam
KNOWBE4.COM — 04 Mar 2026
🕵️
Protecting education: How MDR can tip the balance in favor of schools
WELIVESECURITY.COM — 04 Mar 2026
📡
New RFP Template for AI Usage Control and AI Governance
THEHACKERNEWS.COM — 04 Mar 2026
📡
What a browser-in-the-browser attack is, and how to spot a fake login window | Kaspersky official blog
KASPERSKY.COM — 04 Mar 2026
📡
149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict
THEHACKERNEWS.COM — 04 Mar 2026
📡
Fake LastPass support email threads try to steal vault passwords
BLEEPINGCOMPUTER.COM — 04 Mar 2026
📡
Windows 10 KB5075039 update fixes broken Recovery Environment
BLEEPINGCOMPUTER.COM — 04 Mar 2026
📡
Bitwarden adds support for passkey login on Windows 11
BLEEPINGCOMPUTER.COM — 04 Mar 2026
🚨
CISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-21385 Qualcomm Multiple Chipsets Memory Corruption Vulnerability CVE-2026-22719 Broadcom VMware Aria Operations Command Injection Vulne…
KEVCISA.GOV — Tue, 03 Mar 26 1
🚨
CISA flags VMware Aria Operations RCE flaw as exploited in attacksThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. [...]
KEVBLEEPINGCOMPUTER.COM — 03 Mar 2026
🐛
Chrome Gemini Vulnerability Lets Attackers Access Victims’ Camera and Microphone Remotely
GBHACKERS.COM — 03 Mar 2026
🐛
Angular i18n Flaw Lets Hackers Execute Malicious Code via Critical XSS Vulnerability
GBHACKERS.COM — 03 Mar 2026
🐛
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
KEVTHEHACKERNEWS.COM — 03 Mar 2026
🐛
MS-Agent Vulnerability Exposes AI Agents to Remote Hijacking, Granting Full System Control
GBHACKERS.COM — 03 Mar 2026
🐛
CVE-2026-23217 riscv: trace: fix snapshot deadlock with sbi ecall
MSRC.MICROSOFT.COM — 03 Mar 2026
🐛
CVE-2026-1979 mruby JMPNOT-to-JMPIF Optimization vm.c mrb_vm_exec use after free
MSRC.MICROSOFT.COM — 03 Mar 2026
🐛
HPE AutoPass Vulnerability Allows Remote Attackers to Bypass Authentication
GBHACKERS.COM — 03 Mar 2026
🐛
Zerobot Malware Exploits Tenda Command Injection Vulnerabilities to Deploy Malicious Payloads
GBHACKERS.COM — 03 Mar 2026
🐛
APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday
SH.ITJUST.WORKS — 3 Mar 2026
🐛
Bruteforce Scans for CrushFTP , (Tue, Mar 3rd)
KEVISC.SANS.EDU — 03 Mar 2026
🐛
Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
CLOUD.GOOGLE.COM — 03 Mar 2026
🐛
ZDI-26-150: Docker Desktop for Mac Docker Model Runner Exposed Dangerous Function Denial-of-Service Vulnerability
ZERODAYINITIATIVE.COM — 03 Mar 2026
🐛
ZDI-26-149: Trend Micro Cleaner One Pro Link Following Denial-of-Service Vulnerability
ZERODAYINITIATIVE.COM — 03 Mar 2026
🐛
ZDI-26-148: Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 03 Mar 2026
🐛
ZDI-26-147: Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 03 Mar 2026
🐛
ZDI-26-146: Trend Micro Apex Central Manual Update Server-Side Request Forgery Vulnerability
ZERODAYINITIATIVE.COM — 03 Mar 2026
🐛
ZDI-26-145: Trend Micro Apex Central Scheduled Update Server-Side Request Forgery Vulnerability
ZERODAYINITIATIVE.COM — 03 Mar 2026
🐛
ZDI-26-144: Trend Micro Apex Central Hub Server Server-Side Request Forgery Vulnerability
ZERODAYINITIATIVE.COM — 03 Mar 2026
🐛
ZDI-26-143: Trend Micro Apex One Security Agent TmSelfProtect Origin Validation Error Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 03 Mar 2026
🐛
ZDI-26-142: Trend Micro Apex One Security Agent Cache Mechanism Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 03 Mar 2026
🐛
ZDI-26-141: Trend Micro Apex One Security Agent iCore Service Signature Verification Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 03 Mar 2026
🐛
ZDI-26-140: Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 03 Mar 2026
🐛
ZDI-26-139: Trend Micro Apex One Security Agent iCore Service Origin Validation Error Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 03 Mar 2026
🐛
ZDI-26-138: Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 03 Mar 2026
🐛
ZDI-26-137: Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 03 Mar 2026
🐛
ZDI-26-136: Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 03 Mar 2026
🐛
ZDI-26-135: LangChain LangGraph BaseCache Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 03 Mar 2026
🐛
ZDI-26-134: Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability
ZERODAYINITIATIVE.COM — 03 Mar 2026
🐛
ZDI-26-133: (Pwn2Own) Music Assistant _update_library_item External Control of File Path Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 03 Mar 2026
⚠️
Cyberattackers Exploit OpenVSX Aqua Trivy with Malicious AI Prompts to Hijack Coding Tools
GBHACKERS.COM — 03 Mar 2026
⚠️
Android Security Update Fixes 129 Flaws and Tackles Actively Exploited Zero-Day Flaw
KEVGBHACKERS.COM — 03 Mar 2026
⚠️
Google Chrome Introduces Merkle Tree Certificates to Protect HTTPS from Quantum Attacks
GBHACKERS.COM — 03 Mar 2026
⚠️
Hackerbot-Claw Bot Exploits GitHub Actions CI/CD Flaw to Attack Microsoft and DataDog
GBHACKERS.COM — 03 Mar 2026
⚠️
7 factors impacting the cyber skills gap
CSOONLINE.COM — 03 Mar 2026
⚠️
171: Melody Fraud
DARKNETDIARIES.COM — 03 Mar 2026
⚠️
Android gets patches for Qualcomm zero-day exploited in attacks
KEVBLEEPINGCOMPUTER.COM — 03 Mar 2026
⚠️
Provecho - 712,904 breached accounts
HAVEIBEENPWNED.COM — 03 Mar 2026
⚠️
Epic Fury introduces new layer of enterprise risk
CSOONLINE.COM — 03 Mar 2026
⚠️
Hackers Exploit Telegram for Initial Access to Corporate VPN, RDP, and Cloud Systems
GBHACKERS.COM — 03 Mar 2026
⚠️
Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise
SECURITYWEEK.COM — 03 Mar 2026
⚠️
Fortinet FortiGate Devices Targeted by CyberStrikeAI, Allowing Hackers to Bypass Security
GBHACKERS.COM — 03 Mar 2026
⚠️
New ‘StegaBin’ Campaign Deploys Multi-Stage Credential Stealer via 26 Malicious npm Packages
GBHACKERS.COM — 03 Mar 2026
⚠️
Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
THEHACKERNEWS.COM — 03 Mar 2026
⚠️
Malicious “RedAlert - Rocket Alerts” Application Targets Israeli Phone Calls, SMS, and User Information | Cloudflare
SH.ITJUST.WORKS — 3 Mar 2026
⚠️
Android Update Patches Exploited Qualcomm Zero-Day
SECURITYWEEK.COM — 03 Mar 2026
⚠️
Shannon: Autonomous AI Tool with Nmap Integration Can Uncover and Exploit Security Flaws
GBHACKERS.COM — 03 Mar 2026
⚠️
Vulnerability Allowed Hijacking Chrome's Gemini Live AI Assistant - SecurityWeek
SH.ITJUST.WORKS — 3 Mar 2026
⚠️
Malvertising Actor ‘D-Shortiez’ Exploits WebKit Back-Button Hijack in Forced-Redirect Campaign
GBHACKERS.COM — 03 Mar 2026
⚠️
OAuth phishers make ‘check where the link points’ advice ineffective
CSOONLINE.COM — 03 Mar 2026
⚠️
Google addresses actively exploited Qualcomm zero-day in fresh batch of 129 Android vulnerabilities | CyberScoop
KEVSH.ITJUST.WORKS — 3 Mar 2026
⚠️
SloppyLemming Espionage Campaign Targets Pakistan, Bangladesh with BurrowShell Backdoor and Rust RAT
GBHACKERS.COM — 03 Mar 2026
⚠️
New ‘AirSnitch’ Attack Shows Wi-Fi Client Isolation Could be a False Sense of Security
SECURITYWEEK.COM — 03 Mar 2026
⚠️
UK reduces cyberattack fix times from two months to eight days - Help Net Security
SH.ITJUST.WORKS — 3 Mar 2026
⚠️
Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries
THEHACKERNEWS.COM — 03 Mar 2026
⚠️
Why AppSec Wastes 70% of Its Time
YOUTUBE.COM — 2026-03-03
⚠️
Honeywell, Researcher Clash Over Impact of Building Controller Vulnerability
SECURITYWEEK.COM — 03 Mar 2026
⚠️
Archipelo and Checkmarx Announce Partnership Connecting AppSec Detection with DevSPM
GBHACKERS.COM — 03 Mar 2026
⚠️
Hacked traffic cams and hijacked TVs: How cyber operations supported the war against Iran
TECHCRUNCH.COM — 03 Mar 2026
⚠️
Iranian Strikes on Amazon Data Centers Highlight Industry’s Vulnerability to Physical Disasters
SECURITYWEEK.COM — 03 Mar 2026
⚠️
Malicious NPM Packages Target Developers
YOUTUBE.COM — 2026-03-03
⚠️
A suite of government hacking tools targeting iPhones is now being used by cybercriminals
TECHCRUNCH.COM — 03 Mar 2026
⚠️
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
CISECURITY.ORG — 03 Mar 2026
⚠️
[webapps] Easy File Sharing Web Server v7.2 - Buffer Overflow
EXPLOIT-DB.COM — 03 Mar 2026
⚠️
2025 FINMA ISAE 3000 Type II attestation report available with 183 services in scope
AWS.AMAZON.COM — 03 Mar 2026
📢
Jetzt Staats-CISO werden – für unter 160.000 Euro
CSOONLINE.COM — 03 Mar 2026
📢
WatchGuard security advisory (AV26-189)
CYBER.GC.CA — 2026-03-03
📢
Qualcomm security advisory – March 2026 monthly rollup (AV26-190)
CYBER.GC.CA — 2026-03-03
📢
[Control systems] Mitsubishi Electric security advisory (AV26-191)
CYBER.GC.CA — 2026-03-03
📢
Samsung mobile security advisory (AV26-192)
CYBER.GC.CA — 2026-03-03
📢
Django security advisory (AV26-193)
CYBER.GC.CA — 2026-03-03
📢
Can LLMs Really Prioritize AppSec?
YOUTUBE.COM — 2026-03-03
🔥
UH Cancer Center data breach affects nearly 1.2 million people
BLEEPINGCOMPUTER.COM — 03 Mar 2026
🔥
Star Citizen game dev discloses breach affecting user data
BLEEPINGCOMPUTER.COM — 03 Mar 2026
🔥
Pakistan’s Top News Channels Hacked and Hijacked With Anti-Military Messages
SH.ITJUST.WORKS — 3 Mar 2026
🔥
1.2 Million Affected by University of Hawaii Cancer Center Data Breach
SECURITYWEEK.COM — 03 Mar 2026
🔥
Compromised Site Management Panels are a Hot Item in Cybercrime Markets
BLEEPINGCOMPUTER.COM — 03 Mar 2026
🔥
LexisNexis confirms data breach as hackers leak stolen files
BLEEPINGCOMPUTER.COM — 03 Mar 2026
🔥
Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
THEHACKERNEWS.COM — 03 Mar 2026
🔥
Paint maker giant AkzoNobel confirms cyberattack on U.S. site
BLEEPINGCOMPUTER.COM — 03 Mar 2026
🔥
Latin America's Cybersecurity Turning Point: From Reactive Defense to Threat Intelligence
RECORDEDFUTURE.COM — 03 Mar 2026
🕵️
Google quantum-proofs HTTPS by squeezing 15kB of data into 700-byte space
PROGRAMMING.DEV — 3 Mar 2026
🕵️
ISC Stormcast For Tuesday, March 3rd, 2026 https://isc.sans.edu/podcastdetail/9832, (Tue, Mar 3rd)
ISC.SANS.EDU — 03 Mar 2026
🕵️
New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises
SH.ITJUST.WORKS — 3 Mar 2026
🕵️
AuraStealer Infostealer Targeting Users with 48 C2 Domains in Ongoing Campaigns
GBHACKERS.COM — 03 Mar 2026
🕵️
Malvertising Campaign Spreads AMOS ‘malext’ macOS Infostealer via Fake Text-Sharing Ads
GBHACKERS.COM — 03 Mar 2026
🕵️
Researchers Uncover Method to Track Cars via Tire Sensors
SECURITYWEEK.COM — 03 Mar 2026
🕵️
Studie: Hacker legen Betrieb bei vielen Unternehmen lahm
CSOONLINE.COM — 03 Mar 2026
🕵️
Epic Fury Cyber Shock: Iran’s Internet Down, Hacktivists Hit Back
GBHACKERS.COM — 03 Mar 2026
🕵️
Modern AppSec that keeps pace with AI development - James Wickett - ASW #372
YOUTUBE.COM — 2026-03-03
🕵️
On Moltbook
SCHNEIER.COM — 2026-03-03
🕵️
Iran Cyber Front: Hacktivist Activity Rises, but State-Sponsored Attacks Stay Low
SECURITYWEEK.COM — 03 Mar 2026
🕵️
New Starkiller Phishing Framework Uses Real Login Pages to Bypass MFA Security
GBHACKERS.COM — 03 Mar 2026
🕵️
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
SH.ITJUST.WORKS — 3 Mar 2026
🕵️
How Risky is Sending a Sensitive Work Email to the Wrong Person?
KNOWBE4.COM — 03 Mar 2026
🕵️
Quantum Decryption of RSA is Much Closer than Expected
SECURITYWEEK.COM — 03 Mar 2026
🕵️
CyberheistNews Vol 16 #09 Fake Video Meeting Invites Trick Users Into Installing RMM Tools
KNOWBE4.COM — 03 Mar 2026
🕵️
Geekery: Bookending the COROS Security Debacle of 2025
PROGRAMMING.DEV — 3 Mar 2026
🕵️
Fig Security Launches With $38 Million to Bolster SecOps Resilience
SECURITYWEEK.COM — 03 Mar 2026
🕵️
The Banality of AI (Hallucination → Bomb School?)
SH.ITJUST.WORKS — 3 Mar 2026
🕵️
LLMs can unmask pseudonymous users at scale with surprising accuracy
SH.ITJUST.WORKS — 3 Mar 2026
🕵️
North Korea, DOJ, APT 28, Anthropic, OpenClaw, Supply Chain, Josh Marpet, and More - SWN #560
YOUTUBE.COM — 2026-03-03
🕵️
Signed malware impersonating workplace apps deploys RMM backdoors
MICROSOFT.COM — 03 Mar 2026
🌐
SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains
THEHACKERNEWS.COM — 03 Mar 2026
🌐
Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets
THEHACKERNEWS.COM — 03 Mar 2026
🌐
Microsoft: Hackers abuse OAuth error flows to spread malware
BLEEPINGCOMPUTER.COM — 03 Mar 2026
📡
CISOs in a Pinch: A Security Analysis of OpenClaw
TRENDMICRO.COM — 03 Mar 2026
📡
Amazon: Drone strikes damaged AWS data centers in Middle East
BLEEPINGCOMPUTER.COM — 03 Mar 2026
📡
With developer verification, Google's Apple envy threatens to dismantle Android's open legacy
ARSTECHNICA.COM — 03 Mar 2026
📡
AI Agents: The Next Wave Identity Dark Matter - Powerful, Invisible, and Unmanaged
THEHACKERNEWS.COM — 03 Mar 2026
📡
Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow
THEHACKERNEWS.COM — 03 Mar 2026
📡
Fig Security emerges from stealth with $38M to help security teams deal with change
TECHCRUNCH.COM — 03 Mar 2026
📡
Weekly Threat Bulletin – March 4th, 2026
F5.COM — 03 Mar 2026
📡
Avira: Deserialize, Delete and Escalate - The Proper Way to Use an AV
QUARKSLAB.COM — 2026-03-03
📡
They seized $4.8m in crypto… then gave the master key to the internet
BITDEFENDER.COM — 03 Mar 2026
📡
AI assistant in Kaspersky Container Security
KASPERSKY.COM — 03 Mar 2026
📡
Google Chrome shifts to two-week release cycle for increased stability
BLEEPINGCOMPUTER.COM — 03 Mar 2026
📡
Facebook accounts unavailable in worldwide outage
BLEEPINGCOMPUTER.COM — 03 Mar 2026
📡
Claude Code Security set the Cybersecurity Stocks on Fire - Here's the Signal in the Smoke
TRENDMICRO.COM — 03 Mar 2026
📡
[webapps] WordPress Backup Migration 1.3.7 - Remote Command Execution
EXPLOIT-DB.COM — 03 Mar 2026
📡
[webapps] mailcow 2025-01a - Host Header Password Reset Poisoning
EXPLOIT-DB.COM — 03 Mar 2026
📡
[webapps] WeGIA 3.5.0 - SQL Injection
EXPLOIT-DB.COM — 03 Mar 2026
📡
[webapps] Boss Mini v1.4.0 - Local File Inclusion (LFI)
EXPLOIT-DB.COM — 03 Mar 2026
📡
How Cloudy translates complex security into human action
CLOUDFLARE.COM — 03 Mar 2026
📡
From reactive to proactive: closing the phishing gap with LLMs
CLOUDFLARE.COM — 03 Mar 2026
🚨
Vulnerability Report - February 2026submitted by cm0002 to cybersecurity 1 points | 0 comments https://www.vulnerability-lookup.org/2026/03/02/vulnerability-report-february-2026/ Introduction This vulnerability report has been generated using data aggregated on Vulnerability-Lookup , with contributions from the pla…
KEVINFOSEC.PUB — 2 Mar 2026
🐛
Angular SSR Flaw Enables Unauthorized Server-Side Requests in Web Apps
GBHACKERS.COM — 02 Mar 2026
🐛
APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday
THEHACKERNEWS.COM — 02 Mar 2026
🐛
Langflow CSV Agent Flaw Could Let Attackers Execute Arbitrary Code
GBHACKERS.COM — 02 Mar 2026
🐛
OneUptime Command Injection Vulnerability Poses Major Risk of Full System Takeover
GBHACKERS.COM — 02 Mar 2026
🐛
Proof-of-Concept Released for Windows ALPC Privilege Escalation via Error Reporting
GBHACKERS.COM — 02 Mar 2026
🐛
MSHTML Zero-Day in Windows Exploited by APT28 Prior to Feb 2026 Security Update
KEVGBHACKERS.COM — 02 Mar 2026
🐛
CVE-2026-3102: macOS ExifTool image-processing vulnerability | Kaspersky official blog
KASPERSKY.COM — 02 Mar 2026
🐛
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
THEHACKERNEWS.COM — 02 Mar 2026
🐛
VU#431821: MS-Agent does not properly sanitize commands sent to its shell tool, allowing for RCE
KB.CERT.ORG — 2026-03-02
⚠️
OpenClaw 0-Click Flaw Lets Malicious Websites Hijack Developer AI Agents
GBHACKERS.COM — 02 Mar 2026
⚠️
Pixel Perfect Browser Extension Exploited for Stealth Script Injection and Security Header Stripping
GBHACKERS.COM — 02 Mar 2026
⚠️
How CISOs can build a resilient workforce
CSOONLINE.COM — 02 Mar 2026
⚠️
CISA Leadership Shakeup, OpenClaw Hijack, Robot Vacuums and More
CYBERSECURITYTODAY.LIBSYN.COM — 02 Mar 2026
⚠️
Middle East AWS Outage Sends Shockwaves Through Cloud Infrastructure Service
GBHACKERS.COM — 02 Mar 2026
⚠️
CISA Alerts on RESURGE Malware Exploiting Ivanti Connect Secure Zero-Days
GBHACKERS.COM — 02 Mar 2026
⚠️
Hackers Launch Massive SonicWall Firewall Attack Using 4,000+ IP Addresses
GBHACKERS.COM — 02 Mar 2026
⚠️
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
THEHACKERNEWS.COM — 02 Mar 2026
⚠️
Project Compass Operation Cracks Down on “The Com” Cybercrime Collective – 30 Arrested, 179 Suspects Identified
GBHACKERS.COM — 02 Mar 2026
⚠️
A scorecard for cyber and risk culture
CSOONLINE.COM — 02 Mar 2026
⚠️
Innovation without exposure: A CISO’s secure-by-design framework for business outcomes
CSOONLINE.COM — 02 Mar 2026
⚠️
GTFire Phishing Campaign Exploits Google Services to Bypass Detection and Harvest Credentials
GBHACKERS.COM — 02 Mar 2026
⚠️
UXSS Vulnerability in DuckDuckGo Browser’s AutoConsent JS Bridge Allows Cross-Origin Attacks
GBHACKERS.COM — 02 Mar 2026
⚠️
TPMS Flaw in Toyota, Mercedes, and Other Major Brands Enables Covert Vehicle Tracking
GBHACKERS.COM — 02 Mar 2026
⚠️
⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More
THEHACKERNEWS.COM — 02 Mar 2026
⚠️
OpenClaw Vulnerability Allowed Websites to Hijack AI Agents
SECURITYWEEK.COM — 02 Mar 2026
⚠️
hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions
INFOSEC.PUB — 2 Mar 2026
⚠️
Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant
SECURITYWEEK.COM — 02 Mar 2026
⚠️
Vulnerability monitoring service secures public-sector websites faster
CSOONLINE.COM — 02 Mar 2026
⚠️
New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises
INFOSEC.PUB — 2 Mar 2026
⚠️
CyberStrikeAI tool adopted by hackers for AI-powered attacks
BLEEPINGCOMPUTER.COM — 02 Mar 2026
📢
OT Security/business resilience, lack of incentives for securing software & the news - ESW #448
YOUTUBE.COM — 2026-03-02
📢
Nick Andersen Appointed Acting Director of CISA
SECURITYWEEK.COM — 02 Mar 2026
📢
CISA warns that RESURGE malware can be dormant on Ivanti devices
SH.ITJUST.WORKS — 2 Mar 2026
📢
UK warns of Iranian cyberattack risks amid Middle-East conflict
BLEEPINGCOMPUTER.COM — 02 Mar 2026
📢
IBM security advisory (AV26-180)
CYBER.GC.CA — 2026-03-02
📢
Ubuntu security advisory (AV26-182)
CYBER.GC.CA — 2026-03-02
📢
Dell security advisory (AV26-181)
CYBER.GC.CA — 2026-03-02
📢
[Control systems] CISA ICS security advisories (AV26–183)
CYBER.GC.CA — 2026-03-02
📢
Red Hat security advisory (AV26-184)
CYBER.GC.CA — 2026-03-02
📢
VMware security advisory (AV26-186)
CYBER.GC.CA — 2026-03-02
📢
HPE security advisory (AV26-185)
CYBER.GC.CA — 2026-03-02
📢
Veeam security advisory (AV26-188)
CYBER.GC.CA — 2026-03-02
📢
Android security advisory – March 2026 monthly rollup (AV26-187)
CYBER.GC.CA — 2026-03-02
🔥
KomikoAI - 1,060,191 breached accounts
HAVEIBEENPWNED.COM — 02 Mar 2026
🔥
Israel hacked BadeSaba, a popular Iranian prayer app with 5M+ installs on Google Play, to send messages urging Iranian military personnel to defect
PROGRAMMING.DEV — 2 Mar 2026
🔥
Israel hacked BadeSaba, a popular Iranian prayer app with 5M+ installs on Google Play, to send messages urging Iranian military personnel to defect
SH.ITJUST.WORKS — 2 Mar 2026
🔥
Quitbro - 22,874 breached accounts
HAVEIBEENPWNED.COM — 02 Mar 2026
🔥
Prayer App Used by Millions Hacked to Broadcast Defection Messages Amid U.S.-Israel Strikes on Iran
GBHACKERS.COM — 02 Mar 2026
🔥
Weekly Update 493
TROYHUNT.COM — 02 Mar 2026
🔥
Hacker erpressen weniger Lösegeld
CSOONLINE.COM — 02 Mar 2026
🔥
Lovora - 495,556 breached accounts
HAVEIBEENPWNED.COM — 02 Mar 2026
🔥
GUEST ESSAY: Real cyber risks arise when small flaws combine and alerts are viewed in isolation
LASTWATCHDOG.COM — 02 Mar 2026
🔥
US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates
SECURITYWEEK.COM — 02 Mar 2026
🔥
Canadian Tire Data Breach Impacts 38 Million Accounts - SecurityWeek
SH.ITJUST.WORKS — 2 Mar 2026
🔥
900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks
SH.ITJUST.WORKS — 2 Mar 2026
🔥
Hackers Weaponize Claude Code in Mexican Government Cyberattack - SecurityWeek
SH.ITJUST.WORKS — 2 Mar 2026
🔥
Madison Square Garden Data Breach Confirmed Months After Hacker Attack
SECURITYWEEK.COM — 02 Mar 2026
🔥
When the Worst Actually Happens
YOUTUBE.COM — 2026-03-02
🔥
Hacktivists claim to have hacked Homeland Security to release ICE contract data
TECHCRUNCH.COM — 02 Mar 2026
🕵️
ISC Stormcast For Monday, March 2nd, 2026 https://isc.sans.edu/podcastdetail/9830, (Mon, Mar 2nd)
ISC.SANS.EDU — 02 Mar 2026
🕵️
OCRFix Botnet Uses ClickFix Phishing and EtherHiding to Mask Blockchain C2 Infrastructure
GBHACKERS.COM — 02 Mar 2026
🕵️
Quick Howto: ZIP Files Inside RTF, (Mon, Mar 2nd)
ISC.SANS.EDU — 02 Mar 2026
🕵️
Wireshark 4.6.4 Released, (Mon, Mar 2nd)
ISC.SANS.EDU — 02 Mar 2026
🕵️
Google Working Towards Quantum-Safe Chrome HTTPS Certificates
SECURITYWEEK.COM — 02 Mar 2026
🕵️
North Korean APT Targets Air-Gapped Systems in Recent Campaign
SECURITYWEEK.COM — 02 Mar 2026
🕵️
LLM-Assisted Deanonymization
SCHNEIER.COM — 2026-03-02
🕵️
Hackers Use 1Campaign to Hide Malicious Ads From Google Reviewers
SH.ITJUST.WORKS — 2 Mar 2026
🕵️
AWS Expands Security Hub Into a Cross-Domain Security Platform
SECURITYWEEK.COM — 02 Mar 2026
🕵️
The Case for Behavioral AI in Legal Email Security
KNOWBE4.COM — 02 Mar 2026
🕵️
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
SH.ITJUST.WORKS — 2 Mar 2026
🕵️
Mentorship Monday - Discussions for career and learning!
INFOSEC.PUB — 2 Mar 2026
🕵️
Link11 Releases European Cyber Report 2026: DDoS Attacks Become a Constant Threat
GBHACKERS.COM — 02 Mar 2026
🕵️
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
THEHACKERNEWS.COM — 02 Mar 2026
🕵️
An App That Detects Smart Glasses
YOUTUBE.COM — 2026-03-02
🕵️
OAuth redirection abuse enables phishing and malware delivery
MICROSOFT.COM — 02 Mar 2026
🕵️
News alert: DDoS attacks surge 75% in 2025; Link11 says attacks now sustained, not sporadic
LASTWATCHDOG.COM — 02 Mar 2026
🕵️
Why Service Providers Must Become Secure AI Factories
PALOALTONETWORKS.COM — 02 Mar 2026
🌐
Cyber threat bulletin: Iranian Cyber Threat Response to US/Israel strikes, February 2026
CYBER.GC.CA — 2026-03-02
📡
Im Fokus: RZ-Modernisierung
WHITEPAPER.COMPUTERWOCHE.DE — 02 Mar 2026
📡
Anthropic confirms Claude is down in a worldwide outage
BLEEPINGCOMPUTER.COM — 02 Mar 2026
📡
How to Protect Your SaaS from Bot Attacks with SafeLine WAF
THEHACKERNEWS.COM — 02 Mar 2026
📡
Hackers and internet outages hit Iran amid U.S. air strikes
TECHCRUNCH.COM — 02 Mar 2026
📡
How Deepfakes and Injection Attacks Are Breaking Identity Verification
BLEEPINGCOMPUTER.COM — 02 Mar 2026
📡
Florida woman imprisoned for massive Microsoft license fraud scheme
BLEEPINGCOMPUTER.COM — 02 Mar 2026
📡
Alabama man pleads guilty to hacking, extorting hundreds of women
BLEEPINGCOMPUTER.COM — 02 Mar 2026
📡
Fake Google Security site uses PWA app to steal credentials, MFA codes
BLEEPINGCOMPUTER.COM — 02 Mar 2026
📡
A new app alerts you if someone nearby is wearing smart glasses
TECHCRUNCH.COM — 02 Mar 2026
🐛
CVE-2026-28417 Vim has OS Command Injection in netrw
MSRC.MICROSOFT.COM — 01 Mar 2026
🐛
CVE-2026-28421 Vim has a heap-buffer-overflow and a segmentation fault
MSRC.MICROSOFT.COM — 01 Mar 2026
🐛
CVE-2026-28418 Vim has Heap-based Buffer Overflow in Emacs tags parsing
MSRC.MICROSOFT.COM — 01 Mar 2026
🐛
CVE-2026-28419 Vim has Heap-based Buffer Underflow in Emacs tags parsing
MSRC.MICROSOFT.COM — 01 Mar 2026
🐛
CVE-2026-28422 Vim has stack-buffer-overflow in build_stl_str_hl()
MSRC.MICROSOFT.COM — 01 Mar 2026
🐛
CVE-2026-28420 Vim has Heap-based Buffer Overflow and OOB Read in :terminal
MSRC.MICROSOFT.COM — 01 Mar 2026
⚠️
Hackers Weaponize Claude Code in Mexican Government Cyberattack
SECURITYWEEK.COM — 01 Mar 2026
⚠️
ClawJacked attack let malicious websites hijack OpenClaw to steal data
BLEEPINGCOMPUTER.COM — 01 Mar 2026
📡
Samsung TVs to stop collecting Texans’ data without express consent
BLEEPINGCOMPUTER.COM — 01 Mar 2026
📡
Let’s explore the best alternatives to Discord
TECHCRUNCH.COM — 01 Mar 2026
🐛
CVE-2025-40082 hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2023-54207 HID: uclogic: Correct devm device reference for hidinput input_dev name
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2025-68340 team: Move team device type change at the end of team_port_add
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2025-71147 KEYS: trusted: Fix a memory leak in tpm2_load_cmd
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2025-71152 net: dsa: properly keep track of conduit reference
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2025-71154 net: usb: rtl8150: fix memory leak on usb_submit_urb() failure
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2025-71160 netfilter: nf_tables: avoid chain re-validation if possible
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2025-71161 dm-verity: disable recursive forward error correction
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2025-71163 dmaengine: idxd: fix device leaks on compat bind and unbind
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-22976 net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-22977 net: sock: fix hardened usercopy panic in sock_recv_errqueue
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-22978 wifi: avoid kernel-infoleak from struct iw_point
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-22992 libceph: return the handler error from mon_handle_auth_done()
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-22996 net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-22997 net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-22998 nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2025-71150 ksmbd: Fix refcount leak when invalid session is found on session lookup
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2025-71162 dmaengine: tegra-adma: Fix use-after-free
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-22979 net: fix memory leak in skb_segment_list for GRO packets
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-22980 nfsd: provide locking for v4_end_grace
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-22982 net: mscc: ocelot: Fix crash when adding interface under a lag
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-22984 libceph: prevent potential out-of-bounds reads in handle_auth_done()
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-22990 libceph: replace overzealous BUG_ON in osdmap_apply_incremental()
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-22991 libceph: make free_choose_arg_map() resilient to partial allocation
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-22999 net/sched: sch_qfq: do not free existing class in qfq_change_class()
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-23212 bonding: annotate data-races around slave->last_rx
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-23220 ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2025-71232 scsi: qla2xxx: Free sp in error path to fix system crash
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-28364 In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-23216 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-23222 crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2026-23228 smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2025-71235 scsi: qla2xxx: Delay module unload while fabric scan in progress
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2025-71229 wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()
MSRC.MICROSOFT.COM — 28 Feb 2026
🐛
CVE-2025-71237 nilfs2: Fix potential block overflow that cause system hang
MSRC.MICROSOFT.COM — 28 Feb 2026
⚠️
Cybersecurity Today Weekend with Carey Frey, VP and Chief Security Officer at TELUS
CYBERSECURITYTODAY.LIBSYN.COM — 28 Feb 2026
⚠️
Hackers Exploit Windows File Explorer and WebDAV to Distribute Malware
GBHACKERS.COM — 28 Feb 2026
⚠️
Who is the Kimwolf Botmaster “Dort”?
KREBSONSECURITY.COM — 28 Feb 2026
⚠️
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
THEHACKERNEWS.COM — 28 Feb 2026
📢
Compliant or Facing Federal Fines
YOUTUBE.COM — 2026-02-28
📢
This month in security with Tony Anscombe – February 2026 edition
WELIVESECURITY.COM — 28 Feb 2026
🔥
Canadian Tire Data Breach Impacts 38 Million Accounts
SECURITYWEEK.COM — 28 Feb 2026
🔥
QuickLens Chrome extension steals crypto, shows ClickFix attack
BLEEPINGCOMPUTER.COM — 28 Feb 2026
🕵️
Trump Bans Anthropic AI in Federal Agencies Amid Growing Security Concerns
GBHACKERS.COM — 28 Feb 2026
🕵️
Fake Zoom and Google Meet Phishing Campaigns Deploy Teramind Surveillance Software
GBHACKERS.COM — 28 Feb 2026
🕵️
MY TAKE: The Pentagon punished Anthropic for red lines it accepted from OpenAI hours later
LASTWATCHDOG.COM — 28 Feb 2026
🌐
Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute
THEHACKERNEWS.COM — 28 Feb 2026
📡
India disrupts access to popular developer platform Supabase with blocking order
TECHCRUNCH.COM — 28 Feb 2026
📡
Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement
THEHACKERNEWS.COM — 28 Feb 2026
📡
$4.8M in crypto stolen after Korean tax agency exposes wallet seed
BLEEPINGCOMPUTER.COM — 28 Feb 2026
🐛
Cisco SD-WAN Bug Actively Exploited
KEVCYBERSECURITYTODAY.LIBSYN.COM — 27 Feb 2026
🐛
AL26-004 - Critical vulnerability affecting Cisco Catalyst SD-WAN - CVE-2026-20127
CYBER.GC.CA — 2026-02-27
🐛
AL26-003 - Vulnerability affecting BeyondTrust - CVE-2026-1731
CYBER.GC.CA — 2026-02-27
🐛
Juniper Networks PTX Routers Affected by Critical Vulnerability
SECURITYWEEK.COM — 27 Feb 2026
🐛
CVE-2026-27571 nats-server websockets are vulnerable to pre-auth memory DoS
MSRC.MICROSOFT.COM — 27 Feb 2026
🐛
CVE-2026-21620 TFTP Path Traversal
MSRC.MICROSOFT.COM — 27 Feb 2026
🐛
CVE-2026-27965 Vitess users with backup storage access can gain unauthorized access to production deployment environments
MSRC.MICROSOFT.COM — 27 Feb 2026
🐛
CVE-2026-27969 Vitess users with backup storage access can write to arbitrary file paths on restore
MSRC.MICROSOFT.COM — 27 Feb 2026
🐛
CVE-2025-69873 ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation.
MSRC.MICROSOFT.COM — 27 Feb 2026
🐛
Stored XSS Vulnerability in RustFS Console Puts S3 Admin Credentials at Risk
GBHACKERS.COM — 27 Feb 2026
🐛
FreeBSD Vulnerabilities Enable Attackers to Crash Entire System
GBHACKERS.COM — 27 Feb 2026
🐛
Your personal OpenClaw agent may also be taking orders from malicious websites
CSOONLINE.COM — 27 Feb 2026
🐛
CISA warns that RESURGE malware can be dormant on Ivanti devices
BLEEPINGCOMPUTER.COM — 27 Feb 2026
🐛
Security hole could let hackers take over Juniper Networks PTX core routers
CSOONLINE.COM — 27 Feb 2026
⚠️
900 Sangoma FreePBX Instances Infected With Web Shells
SECURITYWEEK.COM — 27 Feb 2026
⚠️
Researchers Unveil Aeternum C2 Infrastructure with Advanced Evasion and Persistence Tactics
GBHACKERS.COM — 27 Feb 2026
⚠️
Critical Trend Micro Apex One Vulnerabilities Allow Remote Malicious Code Execution
GBHACKERS.COM — 27 Feb 2026
⚠️
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor in Developer Environments
GBHACKERS.COM — 27 Feb 2026
⚠️
Infostealers Drive Massive Brute-Force Attacks on Corporate SSO Gateways with Stolen Credentials
GBHACKERS.COM — 27 Feb 2026
⚠️
US authorities punish sellers of malware and spyware
CSOONLINE.COM — 27 Feb 2026
⚠️
Why application security must start at the load balancer
CSOONLINE.COM — 27 Feb 2026
⚠️
How to make LLMs a defensive advantage without creating a new attack surface
CSOONLINE.COM — 27 Feb 2026
⚠️
Ransomware groups switch to stealthy attacks and long-term access
CSOONLINE.COM — 27 Feb 2026
⚠️
Hacker kompromittieren immer schneller
CSOONLINE.COM — 27 Feb 2026
⚠️
Trend Micro warns of critical Apex One code execution flaws
SH.ITJUST.WORKS — 27 Feb 2026
⚠️
Third-Party Patching and the Business Footprint We All Share
BLEEPINGCOMPUTER.COM — 27 Feb 2026
⚠️
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor
THEHACKERNEWS.COM — 27 Feb 2026
⚠️
Cultivating a robust and efficient quantum-safe HTTPS
SECURITY.GOOGLEBLOG.COM — 2026-02-27
⚠️
900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks
THEHACKERNEWS.COM — 27 Feb 2026
⚠️
‘Silent’ Google API key change exposed Gemini AI data
CSOONLINE.COM — 27 Feb 2026
⚠️
Friday Squid Blogging: Squid Fishing in Peru
SCHNEIER.COM — 2026-02-27
⚠️
Open Source Risk Is Exploding
YOUTUBE.COM — 2026-02-27
📢
Why Tehran’s Two-Tiered Internet Is So Dangerous
SCHNEIER.COM — 2026-02-27
📢
n8n security advisory (AV26-176)
CYBER.GC.CA — 2026-02-27
📢
Drupal security advisory (AV26-175)
CYBER.GC.CA — 2026-02-27
📢
ServiceNow security advisory (AV26-174)
CYBER.GC.CA — 2026-02-27
📢
VMware security advisory (AV26-173)
CYBER.GC.CA — 2026-02-27
📢
Juniper Networks security advisory (AV26-172)
CYBER.GC.CA — 2026-02-27
📢
Cisco security advisory (AV26-166) – Update 1
CYBER.GC.CA — 2026-02-27
📢
JetBrains security advisory (AV26-171)
CYBER.GC.CA — 2026-02-27
📢
GitLab security advisory (AV26-170)
CYBER.GC.CA — 2026-02-27
📢
AMD security advisory (AV26-169)
CYBER.GC.CA — 2026-02-27
📢
Trend Micro security advisory (AV26-168)
CYBER.GC.CA — 2026-02-27
📢
Zyxel security advisory (AV26-167)
CYBER.GC.CA — 2026-02-27
📢
SolarWinds security advisory (AV26-165)
CYBER.GC.CA — 2026-02-27
📢
HPE security advisory (AV26-164)
CYBER.GC.CA — 2026-02-27
📢
[Control systems] ABB security advisory (AV26-163)
CYBER.GC.CA — 2026-02-27
📢
VMware security advisory (AV26-162)
CYBER.GC.CA — 2026-02-27
📢
SonicWall security advisory (AV26-161)
CYBER.GC.CA — 2026-02-27
📢
Mozilla security advisory (AV26-160)
CYBER.GC.CA — 2026-02-27
📢
Google Chrome security advisory (AV26-159)
CYBER.GC.CA — 2026-02-27
📢
Docker security advisory (AV26–158)
CYBER.GC.CA — 2026-02-27
📢
HPE security advisory (AV26-157)
CYBER.GC.CA — 2026-02-27
📢
Dell security advisory (AV26-156)
CYBER.GC.CA — 2026-02-27
📢
Microsoft Edge security advisory (AV26-155)
CYBER.GC.CA — 2026-02-27
📢
Ubuntu security advisory (AV26-154)
CYBER.GC.CA — 2026-02-27
📢
Red Hat security advisory (AV26-153)
CYBER.GC.CA — 2026-02-27
📢
IBM security advisory (AV26-152)
CYBER.GC.CA — 2026-02-27
📢
[Control systems] CISA ICS security advisories (AV26–151)
CYBER.GC.CA — 2026-02-27
📢
HPE security advisory (AV26-150)
CYBER.GC.CA — 2026-02-27
📢
Tenable security advisory (AV26-149)
CYBER.GC.CA — 2026-02-27
📢
IceWarp security advisory (AV26-148)
CYBER.GC.CA — 2026-02-27
📢
Splunk security advisory (AV26-147)
CYBER.GC.CA — 2026-02-27
📢
GitHub security advisory (AV26-146)
CYBER.GC.CA — 2026-02-27
📢
Google Chrome security advisory (AV26-145)
CYBER.GC.CA — 2026-02-27
📢
F5 security advisory (AV26-144)
CYBER.GC.CA — 2026-02-27
📢
Dell security advisory (AV26-138) – Update 1
CYBER.GC.CA — 2026-02-27
📢
Microsoft Edge security advisory (AV26-143)
CYBER.GC.CA — 2026-02-27
📢
Jenkins security advisory (AV26-142)
CYBER.GC.CA — 2026-02-27
📢
Atlassian security advisory (AV26-141)
CYBER.GC.CA — 2026-02-27
📢
[Control systems] ABB security advisory (AV26-140)
CYBER.GC.CA — 2026-02-27
📢
HPE security advisory (AV26-139)
CYBER.GC.CA — 2026-02-27
📢
Google Chrome security advisory (AV26-130) - Update 1
CYBER.GC.CA — 2026-02-27
📢
Tenable security advisory (AV26-137)
CYBER.GC.CA — 2026-02-27
📢
Mozilla security advisory (AV26-136)
CYBER.GC.CA — 2026-02-27
📢
Red Hat security advisory (AV26-135)
CYBER.GC.CA — 2026-02-27
📢
[Control systems] CISA ICS security advisories (AV26-134)
CYBER.GC.CA — 2026-02-27
📢
Ubuntu security advisory (AV26-133)
CYBER.GC.CA — 2026-02-27
📢
Dell security advisory (AV26-132)
CYBER.GC.CA — 2026-02-27
📢
IBM security advisory (AV26-131)
CYBER.GC.CA — 2026-02-27
📢
Critical Flaws Exposed Gardyn Smart Gardens to Remote Hacking
SECURITYWEEK.COM — 27 Feb 2026
📢
Vshell Gains Popularity Among Cybercriminals as Cobalt Strike Alternative
GBHACKERS.COM — 27 Feb 2026
📢
One of the ‘most influential cybersecurity’ roles will pay under $175,000
CSOONLINE.COM — 27 Feb 2026
📢
In Other News: ATT&CK Advisory Council, Russian Cyberattacks Aid Missile Strikes, Predator Bypasses iOS Indicators
SECURITYWEEK.COM — 27 Feb 2026
📢
CISA replaces acting director after a bumbling year on the job
TECHCRUNCH.COM — 27 Feb 2026
📢
VMware security advisory (AV26-178)
CYBER.GC.CA — 2026-02-27
📢
Microsoft Edge security advisory (AV26-177)
CYBER.GC.CA — 2026-02-27
📢
FreeBSD security advisory (AV26-179)
CYBER.GC.CA — 2026-02-27
🔥
Cyber incident reporting guidelines: Key information sharing requirements – ITSM.00.140
CYBER.GC.CA — 2026-02-27
🔥
Cyber Centre releases Ransomware Threat Outlook 2025 to 2027
CANADA.CA — 2026-02-27
🔥
Ransomware playbook (ITSM.00.099)
CYBER.GC.CA — 2026-02-27
🔥
Ransomware Threat Outlook 2025-2027
CYBER.GC.CA — 2026-02-27
🔥
What to do when your organization has been compromised by a cyber attack (ITSAP.00.009)
CYBER.GC.CA — 2026-02-27
🔥
Developing your incident response plan (ITSAP.40.003)
CYBER.GC.CA — 2026-02-27
🔥
Developing your business continuity plan (ITSAP.10.005)
CYBER.GC.CA — 2026-02-27
🔥
38 Million Allegedly Impacted by ManoMano Data Breach
SECURITYWEEK.COM — 27 Feb 2026
🔥
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
THEHACKERNEWS.COM — 27 Feb 2026
🔥
1 Million Records from Dutch Telco Odido Leaked Online in Massive Data Breach
GBHACKERS.COM — 27 Feb 2026
🔥
UFP Technologies discloses data breach after cybersecurity incident | brief | SC Media
SH.ITJUST.WORKS — 27 Feb 2026
🔥
European DYI chain ManoMano data breach impacts 38 million customers
SH.ITJUST.WORKS — 27 Feb 2026
🔥
Ransomware payment rate drops to record low as attacks surge
SH.ITJUST.WORKS — 27 Feb 2026
🔥
APT37 hackers use new malware to breach air-gapped networks
BLEEPINGCOMPUTER.COM — 27 Feb 2026
🕵️
Phishing Attacks Against People Seeking Programming Jobs
SCHNEIER.COM — 2026-02-27
🕵️
Chilean Carding Shop Operator Extradited to US
SECURITYWEEK.COM — 27 Feb 2026
🕵️
Anthropic Refuses to Bend to Pentagon on AI Safeguards as Dispute Nears Deadline
SECURITYWEEK.COM — 27 Feb 2026
🕵️
Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience
SECURITYWEEK.COM — 27 Feb 2026
🕵️
Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms
THEHACKERNEWS.COM — 27 Feb 2026
🕵️
ISC Stormcast For Friday, February 27th, 2026 https://isc.sans.edu/podcastdetail/9828, (Fri, Feb 27th)
ISC.SANS.EDU — 27 Feb 2026
🕵️
Study Finds 87% of Organizations Exposed to Attacks Due to Known Vulnerabilities
GBHACKERS.COM — 27 Feb 2026
🕵️
Dohdoor Malware Targets U.S. Schools and Healthcare with Multi-Stage Attack
GBHACKERS.COM — 27 Feb 2026
🕵️
Vshell: A Chinese-Language Alternative to Cobalt Strike  - Censys
SH.ITJUST.WORKS — 27 Feb 2026
🕵️
Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens
SH.ITJUST.WORKS — 27 Feb 2026
🕵️
Hacking group begins leaking customer data in Dutch telecom Odido hack
SH.ITJUST.WORKS — 27 Feb 2026
🕵️
Critical Juniper Networks PTX flaw allows full router takeover
SH.ITJUST.WORKS — 27 Feb 2026
🕵️
Google API Keys Weren't Secrets. But then Gemini Changed the Rules. ◆ Truffle Security Co.
SH.ITJUST.WORKS — 27 Feb 2026
🕵️
The Rise of Kratos: How the New Phishing-as-a-Service Kit Industrializes Cybercrime
KNOWBE4.COM — 27 Feb 2026
🕵️
Don’t Let AI Make Passwords
YOUTUBE.COM — 2026-02-27
🕵️
Common Facebook Scam Method
KNOWBE4.COM — 27 Feb 2026
🕵️
Trump Orders All Federal Agencies to Phase Out Use of Anthropic Technology
SECURITYWEEK.COM — 27 Feb 2026
🕵️
Brainstorm, SonicWall, Junos, Glienicke Brücke, Burger King, Claude, Josh Marpet - SWN #559
YOUTUBE.COM — 2026-02-27
🌐
Joint guidance on malicious cyber threats to SD-WAN networks
CYBER.GC.CA — 2026-02-27
🌐
CSE calls on Canadian organizations and critical infrastructure providers to strengthen defences on fourth anniversary of Russia’s invasion of Ukraine
CYBER.GC.CA — 2026-02-27
🌐
The cyber threat to marine transportation
CYBER.GC.CA — 2026-02-27
🌐
Fake Fedex Email Delivers Donuts&#x21;, (Fri, Feb 27th)
ISC.SANS.EDU — 27 Feb 2026
📡
Security considerations for SIMs (ITSAP.10.021)
CYBER.GC.CA — 2026-02-27
📡
GeekWeek 11
CYBER.GC.CA — 2026-02-27
📡
Spotting malicious email messages (ITSAP.00.100)
CYBER.GC.CA — 2026-02-27
📡
Cyber security considerations for drone use (ITSAP.00.143)
CYBER.GC.CA — 2026-02-27
📡
Developing your IT recovery plan (ITSAP.40.004)
CYBER.GC.CA — 2026-02-27
📡
Improving cyber security resilience through emergency preparedness planning (ITSM.10.014)
CYBER.GC.CA — 2026-02-27
📡
Joint guidance on secure connectivity principles for operational technology
CYBER.GC.CA — 2026-02-27
📡
Ukrainian man pleads guilty to running AI-powered fake ID site
BLEEPINGCOMPUTER.COM — 27 Feb 2026
📡
Meta Files Lawsuits Against Brazil, China, Vietnam Advertisers Over Celeb-Bait Scams
THEHACKERNEWS.COM — 27 Feb 2026
📡
Enterprise Spotlight: Data Center Modernization
US.RESOURCES.CSOONLINE.COM — 27 Feb 2026
📡
Local KTAE and the IDA Pro plugin | Kaspersky official blog
KASPERSKY.COM — 27 Feb 2026
📡
Europol-led crackdown on The Com hackers leads to 30 arrests
BLEEPINGCOMPUTER.COM — 27 Feb 2026
📡
DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams
THEHACKERNEWS.COM — 27 Feb 2026
📡
Microsoft testing Windows 11 batch file security improvements
BLEEPINGCOMPUTER.COM — 27 Feb 2026
📡
Mobile app permissions (still) matter more than you may think
WELIVESECURITY.COM — 27 Feb 2026
📡
Bringing more transparency to post-quantum usage, encrypted messaging, and routing security
CLOUDFLARE.COM — 27 Feb 2026
🐛
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access
THEHACKERNEWS.COM — 26 Feb 2026
🐛
Chromium: CVE-2026-3063 Inappropriate implementation in DevTools
MSRC.MICROSOFT.COM — 26 Feb 2026
🐛
Chromium: CVE-2026-3062 Out of bounds read and write in Tint
MSRC.MICROSOFT.COM — 26 Feb 2026
🐛
Chromium: CVE-2026-3061 Out of bounds read in Media
MSRC.MICROSOFT.COM — 26 Feb 2026
🐛
CVE-2026-23229 crypto: virtio - Add spinlock protection with virtqueue notification
MSRC.MICROSOFT.COM — 26 Feb 2026
🐛
CVE-2025-71230 hfs: ensure sb->s_fs_info is always cleaned up
MSRC.MICROSOFT.COM — 26 Feb 2026
🐛
CVE-2026-23224 erofs: fix UAF issue for file-backed mounts w/ directio option
MSRC.MICROSOFT.COM — 26 Feb 2026
🐛
CVE-2025-67733 Valkey Affected by RESP Protocol Injection via Lua error_reply
MSRC.MICROSOFT.COM — 26 Feb 2026
🐛
CVE-2026-21863 Malformed Valkey Cluster bus message can lead to Remote DoS
MSRC.MICROSOFT.COM — 26 Feb 2026
🐛
CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern
MSRC.MICROSOFT.COM — 26 Feb 2026
🐛
CVE-2026-23223 xfs: fix UAF in xchk_btree_check_block_owner
MSRC.MICROSOFT.COM — 26 Feb 2026
🐛
CVE-2026-23225 sched/mmcid: Don't assume CID is CPU owned on mode switch
MSRC.MICROSOFT.COM — 26 Feb 2026
🐛
CVE-2025-61143 libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c.
MSRC.MICROSOFT.COM — 26 Feb 2026
🐛
CVE-2025-61144 libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function.
MSRC.MICROSOFT.COM — 26 Feb 2026
🐛
CVE-2025-61145 libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.
MSRC.MICROSOFT.COM — 26 Feb 2026
🐛
CVE-2025-11563 wcurl path traversal with percent-encoded slashes
MSRC.MICROSOFT.COM — 26 Feb 2026
🐛
CVE-2021-20225 A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
MSRC.MICROSOFT.COM — 26 Feb 2026
🐛
CVE-2021-20233 A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
MSRC.MICROSOFT.COM — 26 Feb 2026
🐛
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
SH.ITJUST.WORKS — 26 Feb 2026
⚠️
Multiple Vulnerabilities in Cisco Catalyst SD-WAN Products Could Allow for Authentication Bypass
CISECURITY.ORG — 26 Feb 2026
⚠️
Trend Micro warns of critical Apex One code execution flaws
BLEEPINGCOMPUTER.COM — 26 Feb 2026
⚠️
Critical Juniper Networks PTX flaw allows full router takeover
BLEEPINGCOMPUTER.COM — 26 Feb 2026
⚠️
Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown
THEHACKERNEWS.COM — 26 Feb 2026
⚠️
Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens
THEHACKERNEWS.COM — 26 Feb 2026
⚠️
Cisco says hackers have been exploiting a critical bug to break into big customer networks since 2023
TECHCRUNCH.COM — 26 Feb 2026
⚠️
China-linked hackers used Google Sheets to spy on telecoms and governments across 42 countries
CSOONLINE.COM — 26 Feb 2026
⚠️
The farmers and the mercenaries: Rethinking the ‘human layer’ in security
CSOONLINE.COM — 26 Feb 2026
⚠️
5 trends that should top CISO’s RSA 2026 agendas
CSOONLINE.COM — 26 Feb 2026
⚠️
Steaelite RAT combines data theft and ransomware management capability in one tool
CSOONLINE.COM — 26 Feb 2026
⚠️
Nuke Docker From Orbit?
YOUTUBE.COM — 2026-02-26
⚠️
How Russia is intercepting communications from European satellites
INFOSEC.PUB — 26 Feb 2026
⚠️
Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023
SH.ITJUST.WORKS — 26 Feb 2026
⚠️
Zyxel warns of critical RCE flaw affecting over a dozen routers
SH.ITJUST.WORKS — 26 Feb 2026
⚠️
Intego X9: Why your macOS antivirus should not trust PIDs
QUARKSLAB.COM — 2026-02-26
⚠️
A Deep Dive into the GetProcessHandleFromHwnd API
PROJECTZERO.GOOGLE — 2026-02-26
📋
ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories
THEHACKERNEWS.COM — 26 Feb 2026
📢
CISA Issues Updated RESURGE Malware Analysis Highlighting a Stealthy but Active Threat
CISA.GOV — Thu, 26 Feb 26 1
📢
AI Is Taking Over Cybersecurity - PSW #915
YOUTUBE.COM — 2026-02-26
📢
Google disrupts Chinese-linked group UNC2814, which breached 53+ organizations across 42 countries and utilized Google Sheets to manage targeting and data theft
INFOSEC.PUB — 26 Feb 2026
📢
Google disrupts Chinese-linked group UNC2814, which breached 53+ organizations across 42 countries and utilized Google Sheets to manage targeting and data theft
PROGRAMMING.DEV — 26 Feb 2026
📢
Google disrupts Chinese-linked group UNC2814, which breached 53+ organizations across 42 countries and utilized Google Sheets to manage targeting and data theft
SH.ITJUST.WORKS — 26 Feb 2026
🔥
European DYI chain ManoMano data breach impacts 38 million customers
BLEEPINGCOMPUTER.COM — 26 Feb 2026
🔥
Olympique Marseille confirms 'attempted' cyberattack after data leak
BLEEPINGCOMPUTER.COM — 26 Feb 2026
🔥
Ransomware payment rate drops to record low as attacks surge
BLEEPINGCOMPUTER.COM — 26 Feb 2026
🔥
Expert Recommends: Prepare for PQC Right Now
THEHACKERNEWS.COM — 26 Feb 2026
🔥
Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware
THEHACKERNEWS.COM — 26 Feb 2026
🔥
Your staff are your biggest security risk: AI is making it worse
FORTRA.COM — 26 Feb 2026
🔥
Notorious ransomware gang allegedly blackmailed by fake FSB officer
BITDEFENDER.COM — 26 Feb 2026
🔥
Smashing Security podcast #456: How to lose friends and DDoS people
GRAHAMCLULEY.COM — 26 Feb 2026
🔥
Odido - 688,102 breached accounts
HAVEIBEENPWNED.COM — 26 Feb 2026
🔥
Cost of Insider Incidents Surges 20% to Nearly $20m - Infosecurity Magazine
SH.ITJUST.WORKS — 26 Feb 2026
🕵️
LLMs Generate Predictable Passwords
SCHNEIER.COM — 2026-02-26
🕵️
Apple iPhone and iPad Cleared for Classified NATO Use
SECURITYWEEK.COM — 26 Feb 2026
🕵️
Four Risks Boards Cannot Treat as Background Noise
SECURITYWEEK.COM — 26 Feb 2026
🕵️
Claude Code Flaws Exposed Developer Devices to Silent Hacking
SECURITYWEEK.COM — 26 Feb 2026
🕵️
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
THEHACKERNEWS.COM — 26 Feb 2026
🕵️
Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance &#x5b;Guest Diary&#x5d;, (Tue, Feb 24th)
ISC.SANS.EDU — 26 Feb 2026
🕵️
ISC Stormcast For Thursday, February 26th, 2026 https://isc.sans.edu/podcastdetail/9826, (Thu, Feb 26th)
ISC.SANS.EDU — 26 Feb 2026
🕵️
Threat modeling AI applications
MICROSOFT.COM — 26 Feb 2026
🕵️
Nation-State Threat Actors Incorporate AI to Streamline Attacks
KNOWBE4.COM — 26 Feb 2026
🕵️
FedRAMP's Role in Risk Management
YOUTUBE.COM — 2026-02-26
🕵️
Fake Job Interviews Are Installing Backdoors on Developer Machines
INFOSEC.PUB — 26 Feb 2026
🕵️
Unknown hacker used Claude to steal 150GB of Mexican government data, including 195M taxpayer records, in December 2025 and January 2026
INFOSEC.PUB — 26 Feb 2026
🕵️
Unknown hacker used Claude to steal 150GB of Mexican government data, including 195M taxpayer records, in December 2025 and January 2026
PROGRAMMING.DEV — 26 Feb 2026
🕵️
Conduent Says Hack Now Affects at Least 25 Million Patients
SH.ITJUST.WORKS — 26 Feb 2026
🕵️
Unknown hacker used Claude to steal 150GB of Mexican government data, including 195M taxpayer records, in December 2025 and January 2026
SH.ITJUST.WORKS — 26 Feb 2026
🌐
The CLAIR Model: A Synthesized Conceptual Framework for Mapping Critical Infrastructure Interdependencies &#x5b;Guest Diary&#x5d;, (Wed, Feb 25th)
ISC.SANS.EDU — 26 Feb 2026
🌐
Spyware makers sentenced to prison in Greece for wiretapping politicians and journalists
TECHCRUNCH.COM — 26 Feb 2026
📡
AI Capabilities Are Advancing Faster Than AI Security
F5.COM — 26 Feb 2026
📡
Previously harmless Google API keys now expose Gemini AI data
BLEEPINGCOMPUTER.COM — 26 Feb 2026
📡
Microsoft expands Windows restore to more enterprise devices
BLEEPINGCOMPUTER.COM — 26 Feb 2026
📡
New York sues Valve for promoting illegal gambling via game loot boxes
BLEEPINGCOMPUTER.COM — 26 Feb 2026
📡
New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises
ARSTECHNICA.COM — 26 Feb 2026
📡
Recorded Future Expands Coverage of Scams and Financial Fraud with Money Mule Intelligence from CYBERA
RECORDEDFUTURE.COM — 26 Feb 2026
🚨
CISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its  Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.  CVE-2022-20775  Cisco Catalyst SD-WAN Path Traversal Vulnerability CVE-2026-20127  Cisco Cat…
KEVCISA.GOV — Wed, 25 Feb 26 1
🐛
Discord Finds Age Identification May Have Privacy Concerns
CYBERSECURITYTODAY.LIBSYN.COM — 25 Feb 2026
🐛
Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023
KEVBLEEPINGCOMPUTER.COM — 25 Feb 2026
🐛
SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
THEHACKERNEWS.COM — 25 Feb 2026
🐛
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
KEVTHEHACKERNEWS.COM — 25 Feb 2026
🐛
CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems
KEVCISA.GOV — Wed, 25 Feb 26 1
🐛
CVE-2026-27199 Werkzeug safe_join() allows Windows special device names
MSRC.MICROSOFT.COM — 25 Feb 2026
🐛
CVE-2026-2739 This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
MSRC.MICROSOFT.COM — 25 Feb 2026
🐛
CVE-2026-26960 node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction
MSRC.MICROSOFT.COM — 25 Feb 2026
🐛
CVE-2026-27211 Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse
MSRC.MICROSOFT.COM — 25 Feb 2026
🐛
CVE-2023-53543 vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check
MSRC.MICROSOFT.COM — 25 Feb 2026
🐛
Five Eyes issue emergency directive on exploited Cisco SD-WAN zero-day
KEVCSOONLINE.COM — 25 Feb 2026
🐛
ZDI-26-132: Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 25 Feb 2026
🐛
ZDI-26-131: Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 25 Feb 2026
🐛
ZDI-26-130: IceWarp collaboration Directory Traversal Information Disclosure Vulnerability
ZERODAYINITIATIVE.COM — 25 Feb 2026
🐛
ZDI-26-129: Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability
ZERODAYINITIATIVE.COM — 25 Feb 2026
🐛
ZDI-26-128: (Pwn2Own) Ubiquiti Networks AI Pro Uncaught Exception Denial-of-Service Vulnerability
ZERODAYINITIATIVE.COM — 25 Feb 2026
🐛
ZDI-26-127: (Pwn2Own) Ubiquiti Networks AI Pro Cleartext Transmission Information Disclosure Vulnerability
ZERODAYINITIATIVE.COM — 25 Feb 2026
🐛
ZDI-26-126: (Pwn2Own) Ubiquiti Networks AI Pro Discovery Protocol Missing Encryption Protocol Downgrade Vulnerability
ZERODAYINITIATIVE.COM — 25 Feb 2026
🐛
ZDI-26-125: Docker Desktop grpcfuse Kernel Module Out-Of-Bounds Read Information Disclosure Vulnerability
ZERODAYINITIATIVE.COM — 25 Feb 2026
🐛
ZDI-26-124: claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 25 Feb 2026
⚠️
Medical device maker UFP Technologies warns of data stolen in cyberattack
BLEEPINGCOMPUTER.COM — 25 Feb 2026
⚠️
The OpenClaw Hype: Analysis of Chatter from Open-Source Deep and Dark Web
BLEEPINGCOMPUTER.COM — 25 Feb 2026
⚠️
Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries
THEHACKERNEWS.COM — 25 Feb 2026
⚠️
Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration
THEHACKERNEWS.COM — 25 Feb 2026
⚠️
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
THEHACKERNEWS.COM — 25 Feb 2026
⚠️
RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
THEHACKERNEWS.COM — 25 Feb 2026
⚠️
US cybersecurity agency CISA reportedly in dire shape amid Trump cuts and layoffs
TECHCRUNCH.COM — 25 Feb 2026
⚠️
Inside the story of the US defense contractor who leaked hacking tools to Russia
TECHCRUNCH.COM — 25 Feb 2026
⚠️
Staying One Step Ahead: Strengthening Android’s Lead in Scam Protection
SECURITY.GOOGLEBLOG.COM — 2026-02-25
⚠️
Microsoft warns of job‑themed repo lures targeting developers with multi‑stage backdoors
CSOONLINE.COM — 25 Feb 2026
⚠️
Boards don’t need cyber metrics — they need risk signals
CSOONLINE.COM — 25 Feb 2026
⚠️
Bake Security In Early
YOUTUBE.COM — 2026-02-25
⚠️
VMware Aria Operations Vulnerability Could Allow Remote Code Execution - SecurityWeek
SH.ITJUST.WORKS — 25 Feb 2026
⚠️
Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign
CLOUD.GOOGLE.COM — 25 Feb 2026
⚠️
mquire: Linux memory forensics without external dependencies
TRAILOFBITS.COM — 25 Feb 2026
⚠️
Risky Business #826 -- A week of AI mishaps and skulduggery
RISKY.BIZ — 25 Feb 2026
📢
Immediate Action Required: CISA Issues Emergency Directive to Secure Cisco SD-WAN Systems
CISA.GOV — Wed, 25 Feb 26 1
📢
Governing AI with Security Fundamentals
YOUTUBE.COM — 2026-02-25
📢
Infinite AI Monkeys, Ploutus, Serv-U, Fortinet, Cyberwar, COBOL, NIST, Aaran Leyland - SWN #558
YOUTUBE.COM — 2026-02-25
🔥
Poisoning AI Training Data
SCHNEIER.COM — 2026-02-25
🔥
Chinese cyberspies breached dozens of telecom firms, govt agencies
BLEEPINGCOMPUTER.COM — 25 Feb 2026
🔥
Marquis sues SonicWall over backup breach that led to ransomware attack
BLEEPINGCOMPUTER.COM — 25 Feb 2026
🔥
Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware
THEHACKERNEWS.COM — 25 Feb 2026
🔥
Canadian Tire - 38,306,562 breached accounts
HAVEIBEENPWNED.COM — 25 Feb 2026
🕵️
ISC Stormcast For Wednesday, February 25th, 2026 https://isc.sans.edu/podcastdetail/9824, (Wed, Feb 25th)
ISC.SANS.EDU — 25 Feb 2026
🕵️
Google Reports On Adversarial Use of AI in Late 2025
KNOWBE4.COM — 25 Feb 2026
🕵️
News alert: One Identity fills CFO-COO role to strengthen operating discipline amid expansion
LASTWATCHDOG.COM — 25 Feb 2026
🕵️
Ukrainian convicted for helping fake North Korean IT workers
CSOONLINE.COM — 25 Feb 2026
🕵️
The SOC Is Now Agentic — Introducing the Next Evolution of Cortex
PALOALTONETWORKS.COM — 25 Feb 2026
🕵️
Variations of the ClickFix | Kaspersky official blog
KASPERSKY.COM — 25 Feb 2026
🕵️
Security as a Business Enabler by Re-envisioning Risk and Leading through Uncertainty - BSW #436
YOUTUBE.COM — 2026-02-25
🕵️
What are You Working on Wednesday
INFOSEC.PUB — 25 Feb 2026
🕵️
Malicious NuGet Package Targets Stripe Developers - Infosecurity Magazine
SH.ITJUST.WORKS — 25 Feb 2026
🕵️
ShinyHunters leak 12.4M CarGurus records after ransom threat
SH.ITJUST.WORKS — 25 Feb 2026
🕵️
Phishing campaign targets freight and logistics orgs in the US, Europe
SH.ITJUST.WORKS — 25 Feb 2026
🌐
Fake Next.js job interview tests backdoor developer's devices
BLEEPINGCOMPUTER.COM — 25 Feb 2026
📡
Weekly Threat Bulletin – February 25th, 2026
F5.COM — 25 Feb 2026
📡
SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
THEHACKERNEWS.COM — 25 Feb 2026
📡
Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It
THEHACKERNEWS.COM — 25 Feb 2026
📡
Manual Processes Are Putting National Security at Risk
THEHACKERNEWS.COM — 25 Feb 2026
📡
$10,000 bounty offered if you can hack Ring cameras to stop them sharing your data with Amazon
BITDEFENDER.COM — 25 Feb 2026
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-25108 Soliton Systems K.K. FileZen OS Command Injection Vulnerability This type of vulnerability is a frequent attack vector for maliciou…
KEVCISA.GOV — Tue, 24 Feb 26 1
⚠️
APT28 Targeted European Entities Using Webhook-Based Macro Malware
THEHACKERNEWS.COM — 24 Feb 2026
⚠️
Celebrating Two Years of CSF 2.0!
NIST.GOV — 24 Feb 2026
⚠️
Open Redirects: A Forgotten Vulnerability&#x3f;, (Tue, Feb 24th)
ISC.SANS.EDU — 24 Feb 2026
⚠️
Developer-targeting campaign using malicious Next.js repositories
MICROSOFT.COM — 24 Feb 2026
⚠️
Treasury sanctions Russian zero-day broker accused of buying exploits stolen from US defense contractor
TECHCRUNCH.COM — 24 Feb 2026
⚠️
News alert: Sendmarc highlights impact of DMARC update on evolving email security standards
LASTWATCHDOG.COM — 24 Feb 2026
⚠️
Helping Users with Practical Advice to Protect their Digital Devices - Runa Sandvik - ASW #371
YOUTUBE.COM — 2026-02-24
⚠️
January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5% Increase, APT28 Exploits Microsoft Office Zero-Day
KEVRECORDEDFUTURE.COM — 24 Feb 2026
🔥
The Ghost in the Shell: Why Agentic AI is a Corporate Security Nightmare
F5.COM — 24 Feb 2026
🔥
Weekly Update 492
TROYHUNT.COM — 24 Feb 2026
🔥
Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks
THEHACKERNEWS.COM — 24 Feb 2026
🔥
Scaling security operations with Microsoft Defender autonomous defense and expert-led services
MICROSOFT.COM — 24 Feb 2026
🔥
CarGurus data breach affects 12.5 million accounts
TECHCRUNCH.COM — 24 Feb 2026
🔥
Marquis sues firewall provider SonicWall, alleges security failings with its firewall backup led to ransomware attack
TECHCRUNCH.COM — 24 Feb 2026
🔥
Conduent data breach grows, affecting at least 25M people
TECHCRUNCH.COM — 24 Feb 2026
🔥
Preparing for Russia’s New Generation Warfare in Europe
RECORDEDFUTURE.COM — 24 Feb 2026
🕵️
Is AI Good for Democracy?
SCHNEIER.COM — 2026-02-24
🕵️
UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware
THEHACKERNEWS.COM — 24 Feb 2026
🕵️
ISC Stormcast For Tuesday, February 24th, 2026 https://isc.sans.edu/podcastdetail/9822, (Tue, Feb 24th)
ISC.SANS.EDU — 24 Feb 2026
🕵️
Fake Video Meeting Invites Trick Users Into Installing RMM Tools
KNOWBE4.COM — 24 Feb 2026
🕵️
CyberheistNews Vol 16 #08 Do Passwords Need to Be 25+ Characters Due to AI and Quantum Attacks?
KNOWBE4.COM — 24 Feb 2026
🕵️
Introducing the AIDA Orchestration Agent: Always-On Human Risk Management Has Arrived
KNOWBE4.COM — 24 Feb 2026
🕵️
A Joint Vision for Simplified SASE Management at Scale
PALOALTONETWORKS.COM — 24 Feb 2026
🕵️
Hidden Risks in Security Defaults
YOUTUBE.COM — 2026-02-24
🕵️
Signal vs WhatsApp: Privacy Choice
YOUTUBE.COM — 2026-02-24
🌐
UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors
THEHACKERNEWS.COM — 24 Feb 2026
📡
Identity Prioritization isn't a Backlog Problem - It's a Risk Math Problem
THEHACKERNEWS.COM — 24 Feb 2026
📡
Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model
THEHACKERNEWS.COM — 24 Feb 2026
📡
Former L3Harris Trenchant boss jailed for selling hacking tools to Russian broker
TECHCRUNCH.COM — 24 Feb 2026
⚠️
Amazon Kiro Prod Disruption, Claude Code Security, Salt Typhoon Warning, and Youth Radicalization
CYBERSECURITYTODAY.LIBSYN.COM — 23 Feb 2026
⚠️
Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb
THEHACKERNEWS.COM — 23 Feb 2026
⚠️
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
THEHACKERNEWS.COM — 23 Feb 2026
⚠️
VPN flaws allowed Chinese hackers to compromise dozens of Ivanti customers, says report
TECHCRUNCH.COM — 23 Feb 2026
⚠️
Unseen Devices in Your Network
YOUTUBE.COM — 2026-02-23
⚠️
Bringing intelligence to assets, new White House cybersecurity strategy, and the news - ESW #447
YOUTUBE.COM — 2026-02-23
⚠️
AI-augmented threat actor accesses FortiGate devices at scale
INFOSEC.PUB — 23 Feb 2026
⚠️
ZDI-26-123: Docker Desktop MCP Server Cleartext Storage of Sensitive Information Vulnerability
ZERODAYINITIATIVE.COM — 23 Feb 2026
📢
On the Security of Password Managers
SCHNEIER.COM — 2026-02-23
🕵️
Another day, another malicious JPEG, (Mon, Feb 23rd)
ISC.SANS.EDU — 23 Feb 2026
🕵️
ISC Stormcast For Monday, February 23rd, 2026 https://isc.sans.edu/podcastdetail/9820, (Mon, Feb 23rd)
ISC.SANS.EDU — 23 Feb 2026
🕵️
AI Is Only as Good as Your Data
YOUTUBE.COM — 2026-02-23
🕵️
Mentorship Monday - Discussions for career and learning!
INFOSEC.PUB — 23 Feb 2026
🕵️
We hid backdoors in ~40MB binaries and asked AI + Ghidra to find them
INFOSEC.PUB — 23 Feb 2026
🌐
⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More
THEHACKERNEWS.COM — 23 Feb 2026
🌐
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP
THEHACKERNEWS.COM — 23 Feb 2026
📡
How Exposed Endpoints Increase Risk Across LLM Infrastructure
THEHACKERNEWS.COM — 23 Feb 2026
📡
Americans are destroying Flock surveillance cameras
TECHCRUNCH.COM — 23 Feb 2026
📡
5 days left to lock in the lowest TechCrunch Disrupt 2026 ticket rates
TECHCRUNCH.COM — 23 Feb 2026
📡
Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer
TRENDMICRO.COM — 23 Feb 2026
📡
Faking it on the phone: How to tell if a voice call is AI or not
WELIVESECURITY.COM — 23 Feb 2026
🔥
CarGurus - 12,461,887 breached accounts
HAVEIBEENPWNED.COM — 22 Feb 2026
🕵️
Integrated Cloud Email Security (ICES) vs Secure Email Gateway (SEG)
KNOWBE4.COM — 22 Feb 2026
📡
6 days left to lock in the lowest TechCrunch Disrupt 2026 rates
TECHCRUNCH.COM — 22 Feb 2026
🚨
CISA Adds Two Actively Exploited Roundcube Flaws to KEV CatalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below …
KEVTHEHACKERNEWS.COM — 21 Feb 2026
🐛
CVE-2021-24119 In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2020-36426 An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-21846 acct: perform last write from workqueue
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-21847 ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-21863 io_uring: prevent opcode speculation
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-29768 Vim vulnerable to potential data loss with zip.vim and special crafted zip files
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-55549 xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-58088 bpf: Fix deadlock when freeing cgroup storage
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-21856 s390/ism: add release function for struct device
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-21866 powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-21861 mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-1767 This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-21864 tcp: drop secpath at the same time as we currently drop dst
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-2953 PyTorch torch.mkldnn_max_pool2d denial of service
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-8176 Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-21839 KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-21855 ibmvnic: Don't reference skb after sending to VIOS
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-68763 crypto: starfive - Correctly handle return of sg_nents_for_len
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-68758 backlight: led-bl: Add devlink to supplier LEDs
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-15444 Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-68771 ocfs2: fix kernel BUG in ocfs2_find_victim_chain
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-68786 ksmbd: skip lock-range check on equal size to avoid size==0 underflow
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-71133 RDMA/irdma: avoid invalid read in irdma_net_event
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-71114 via_wdt: fix critical boot hang due to unnamed resource allocation
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-71109 MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-71143 clk: samsung: exynos-clkout: Assign .num before accessing .hws
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-68755 staging: most: remove broken i2c driver
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-13034 No QUIC certificate pinning with GnuTLS
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-14017 broken TLS options for threaded LDAPS
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-15224 libssh key passphrase bypass without agent set
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-14524 bearer token leak on cross-protocol redirect
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-15079 libssh global known_hosts override
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-14819 OpenSSL partial chain store policy bypass
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2026-21860 Werkzeug safe_join() allows Windows special device names with compound extensions
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2026-22702 virtualenv Has TOCTOU Vulnerabilities in Directory Creation
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-68823 ublk: fix deadlock when reading partition table
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-68781 usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-68808 media: vidtv: initialize local pointers upon transfer of memory ownership
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-71066 net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-71067 ntfs: set dummy blocksize to read boot_block when mounting
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-68819 media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-68817 ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-71064 net: hns3: using the num_tqps in the vf driver to apply for resources
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-71081 ASoC: stm32: sai: fix OF node leak on probe
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-71074 functionfs: fix the open/removal races
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-71101 platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-71122 iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-71105 f2fs: use global inline_xattr_slab instead of per-sb slab cache
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2019-14584 Null pointer dereference in Tianocore EDK2
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2022-22576 An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S) IMAP(S) POP3(S) and LDAP(S) (openldap only).
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2022-27775 An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2022-27781 libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2022-27782 libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However several TLS andSSH settings were left out from the configuration match checks making themmatch too easily.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2022-27774 An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2022-27779 libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2022-27780 The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL making it a *different* URL usingthe wrong host name when it is later retrieved.For example a URL like `http://example.com%2F127.0.0.1/` would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters checks and more.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2025-48637 In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2022-24791 Use after free in Wasmtime
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2022-3996 X.509 Policy Constraints Double Locking
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2022-3064 Excessive resource consumption in gopkg.in/yaml.v2
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2022-32207 When curl < 7.84.0 saves cookies alt-svc and hsts data to local files it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation it might accidentally *widen* the permissions for the target file leaving the updated file accessible to more users than intended.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2022-32208 When curl < 7.84.0 does FTP transfers secured by krb5 it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2022-32206 curl < 7.84.0 supports "chained" HTTP compression algorithms meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb" makingcurl end up spending enormous amounts of allocated heap memory or trying toand returning out of memory errors.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2023-5824 Squid: dos against http and https
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2023-46847 Squid: denial of service in http digest authentication
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-53173 NFSv4.0: Fix a use-after-free problem in the asynchronous open()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-56538 drm: zynqmp_kms: Unplug DRM device before removal
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-56598 jfs: array-index-out-of-bounds fix in dtReadFirst
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-11738 Rustls: rustls network-reachable panic in `acceptor::accept`
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-53208 Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-53186 ksmbd: fix use-after-free in SMB request handling
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-56595 jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-47814 use-after-free when closing buffers in Vim
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-49882 ext4: fix double brelse() the buffer of the extents path
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-49954 static_call: Replace pointless WARN_ON() in static_call_module_notify()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-49959 jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-49965 ocfs2: remove unreasonable unlock in ocfs2_read_blocks
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-49973 r8169: add tally counter fields added with RTL8125
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-50003 drm/amd/display: Fix system hang while resume with TBT monitor
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-50006 ext4: fix i_data_sem unlock order in ext4_ind_migrate()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-50085 mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-8508 Unbounded name compression could lead to Denial of Service
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collision
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-9355 Golang-fips: golang fips zeroed buffer
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-49974 NFSD: Limit the number of concurrent async COPY operations
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-49998 net: dsa: improve shutdown sequence
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-50066 mm/mremap: fix move_normal_pmd/retract_page_tables race
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-50073 tty: n_gsm: Fix use-after-free in gsm_cleanup_mux
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-50088 btrfs: fix uninitialized pointer free in add_inode_ref()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-8926 PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-45720 Apache Subversion: Command line argument injection on Windows platforms
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-9407 Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-31227 Denial-of-service due to malformed ACL selectors in Redis
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-31228 Denial-of-service due to unbounded pattern matching in Redis
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-31449 Lua library commands may lead to stack overflow and RCE in Redis
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-47191 pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because in the context of PAM code running as root it mishandles usersfile access such as by calling fchown in the presence of a symlink.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-47554 Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-49946 ppp: do not assume bh is held in ppp_channel_bridge_input()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-49950 Bluetooth: L2CAP: Fix uaf in l2cap_connect
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-49955 ACPI: battery: Fix possible crash when unregistering a battery hook
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-49958 ocfs2: reserve space for inline xattr before attaching reflink tree
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-49963 mailbox: bcm2835: Fix timeout during suspend mode
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-50001 net/mlx5: Fix error path in multi-packet WQE transmit
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-50002 static_call: Handle module init failure correctly in static_call_del_module()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-50005 mac802154: Fix potential RCU dereference issue in mac802154_scan_worker
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-50007 ALSA: asihpi: Fix potential OOB array access
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-50008 wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-8925 Erroneous parsing of multipart form data
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-9026 PHP-FPM logs from children may be altered
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-9632 Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-50010 exec: don't WARN for racy path_noexec check
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-50072 x86/bugs: Use code segment selector for VERW operand
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-50084 net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-9341 Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-38667 riscv: prevent pt_regs corruption for secondary idle threads
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-38588 ftrace: Fix possible use-after-free issue in ftrace_location()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-39291 drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-44965 x86/mm: Fix pti_clone_pgtable() alignment assumption
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-44991 tcp: prevent concurrent execution of tcp_sk_exit_batch
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-44996 vsock: fix recursive ->recvmsg calls
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-45001 net: mana: Fix RX buf alloc_size alignment and atomic op panic
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-45012 nouveau/firmware: use dma non-coherent allocator
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-45016 netem: fix return value if duplicate enqueue fails
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-45019 net/mlx5e: Take state lock during tx timeout reporter
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-45028 mmc: mmc_test: Fix NULL dereference on allocation failure
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-45030 igb: cope with large MAX_SKB_FRAGS
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46672 wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46675 usb: dwc3: core: Prevent USB core invalid event buffer address access
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46680 Bluetooth: btnxpuart: Fix random crash seen while removing driver
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46686 smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46689 soc: qcom: cmd-db: Map shared memory as WC not WB
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46693 soc: qcom: pmic_glink: Fix race during initialization
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46695 selinuxsmack: don't bypass permissions check in inode_setsecctx hook
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46706 tty: serial: fsl_lpuart: mark last busy before uart_add_one_port
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46707 KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46709 drm/vmwgfx: Fix prime with external buffers
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46720 drm/amdgpu: fix dereference after null check
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46722 drm/amdgpu: fix mc_data out-of-bounds read warning
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46726 drm/amd/display: Ensure index calculation will not overflow
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46728 drm/amd/display: Check index for aux_rd_interval before using
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46737 nvmet-tcp: fix kernel crash if commands allocation fails
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46739 uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46741 misc: fastrpc: Fix double free of 'buf' in error path
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46742 smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46746 HID: amd_sfh: free driver_data after destroying hid device
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46747 HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46756 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46761 pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46763 fou: Fix null-ptr-deref in GRO.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46770 ice: Add netif_device_attach/detach into PF reset flow
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46781 nilfs2: fix missing cleanup on rollforward recovery error
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46784 net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46791 can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46796 smb: client: fix double put of @cfile in smb2_set_path_size()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46798 ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46802 drm/amd/display: added NULL check at start of dc_validate_stream
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46804 drm/amd/display: Add array index check for hdcp ddc access
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46806 drm/amdgpu: Fix the warning division or modulo by zero
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46809 drm/amd/display: Check BIOS images before it is used
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46811 drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46818 drm/amd/display: Check gpio_id before used as array index
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46821 drm/amd/pm: Fix negative array index read
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46832 MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46836 usb: gadget: aspeed_udc: validate endpoint index for ast udc
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46840 btrfs: clean up our handling of refs == 0 in snapshot delete
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46853 spi: nxp-fspi: fix the KASAN report out-of-bounds bug
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46855 netfilter: nft_socket: fix sk refcount leaks
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46860 wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46864 x86/hyperv: fix kexec crash due to VP assist page corruption
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-44949 parisc: fix a possible DMA corruption
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-44963 btrfs: do not BUG_ON() when freeing tree block after error
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46772 drm/amd/display: Check denominator crb_pipes before used
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46751 btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-0133 NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-44947 fuse: Initialize beyond-EOF page contents before setting uptodate
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-44960 usb: gadget: core: Check for unset descriptor
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-44966 binfmt_flat: Fix corruption when not offsetting data start
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-44969 s390/sclp: Prevent release of buffer in I/O
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-45003 vfs: Don't evict inode under the inode lru traversing context
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-45005 KVM: s390: fix validity interception issue when gisa is switched off
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-45011 char: xillybus: Check USB endpoints when probing device
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-45018 netfilter: flowtable: initialise extack before use
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-45020 bpf: Fix a kernel verifier crash in stacksafe()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-45022 mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-45029 i2c: tegra: Do not mark ACPI devices as irq safe
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46676 nfc: pn533: Add poll mod list filling check
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46678 bonding: change ipsec_lock from spin lock to mutex
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46679 ethtool: check device is present when getting link settings
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46685 pinctrl: single: fix potential NULL dereference in pcs_get_function()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46687 btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46692 firmware: qcom: scm: Mark get_wq_ctx() as atomic call
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46694 drm/amd/display: avoid using null object of framebuffer
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46702 thunderbolt: Mark XDomain as unplugged when router is removed
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46710 drm/vmwgfx: Prevent unmapping active read buffers
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46711 mptcp: pm: fix ID 0 endp usage after multiple re-creations
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46719 usb: typec: ucsi: Fix null pointer dereference in trace
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46721 apparmor: fix possible NULL pointer dereference
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46723 drm/amdgpu: fix ucode out-of-bounds read warning
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46724 drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46725 drm/amdgpu: Fix out-of-bounds write warning
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46731 drm/amd/pm: fix the Out-of-bounds read warning
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46732 drm/amd/display: Assign linear_pitch_alignment even for VM
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46735 ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46738 VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46740 binder: fix UAF caused by offsets overwrite
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46743 of/irq: Prevent device address out-of-bounds read in interrupt map walk
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46749 Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46755 wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46757 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46758 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46759 hwmon: (adc128d818) Fix underflows seen when writing limit attributes
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46760 wifi: rtw88: usb: schedule rx work after everything is set up
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46762 xen: privcmd: Fix possible access to a freed kirqfd instance
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46765 ice: protect XDP configuration with a mutex
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46773 drm/amd/display: Check denominator pbn_div before used
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46782 ila: call nf_unregister_net_hooks() sooner
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46786 fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46795 ksmbd: unset the binding mark of a reused connection
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46797 powerpc/qspinlock: Fix deadlock in MCS queue
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46800 sch/netem: fix use after free in netem_dequeue
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46803 drm/amdkfd: Check debug trap enable before write dbg_ev_file
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46805 drm/amdgpu: fix the waring dereferencing hive
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46807 drm/amd/amdgpu: Check tbo resource pointer
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46810 drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46814 drm/amd/display: Check msg_id before processing transcation
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46819 drm/amdgpu: the warning dereferencing obj for nbio_v7_4
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46822 arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46829 rtmutex: Drop rt_mutex::wait_lock before scheduling
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46831 net: microchip: vcap: Fix use-after-free error in kunit test
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46838 userfaultfd: don't BUG_ON() if khugepaged yanks our page table
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46843 scsi: ufs: core: Remove SCSI host only if added
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46844 um: line: always fill *error_out in setup_one_line()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46845 tracing/timerlat: Only clear timer if a kthread exists
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46846 spi: rockchip: Resolve unbalanced runtime PM / system PM handling
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46847 mm: vmalloc: ensure vmap_block is initialised before adding to queue
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46848 perf/x86/intel: Limit the period on Haswell
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46852 dma-buf: heaps: Fix off-by-one in CMA heap fault handler
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46854 net: dpaa: Pad packets to ETH_ZLEN
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46859 platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46861 usbnet: ipheth: do not stop RX on failing RX callback
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46863 ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-46841 btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-44950 serial: sc16is7xx: fix invalid FIFO access with special register set
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2013-4416 The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-42311 hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2023-7256 Double-free in libpcap before 1.10.5 with remote packet capture support.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-43835 virtio_net: Fix napi_skb_cache_put warning
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-43839 bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-42308 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-43817 net: missing check virtio
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-43871 devres: Fix memory leakage caused by driver API devm_free_percpu()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-43882 exec: Fix ToCToU between perm check and set-uid/gid usage
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-44944 netfilter: ctnetlink: use helper function to calculate expect ID
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-8006 NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-43834 xdp: fix invalid wait context of page_pool_destroy()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-42122 drm/amd/display: Add NULL pointer check for kzalloc
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2023-52920 bpf: support non-r10 register spill/fill to/from stack in precision tracking
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-50131 tracing: Consider the NULL character when validating the event length
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-50130 netfilter: bpf: must hold reference on net namespace
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-26951 wireguard: netlink: check for dangling peer via is_dead instead of empty list
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-26984 nouveau: fix instmem race condition around ptr stores
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-26961 mac802154: fix llsec key resources release in mac802154_llsec_key_del
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-26965 clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-26966 clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-26973 fat: fix uninitialized field in nostale filehandles
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-26993 fs: sysfs: Fix reference leak in sysfs_break_active_protection()
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-27000 serial: mxs-auart: add spinlock around changing cts state
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-32624 HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__ref_mem_setnull in H5Tref.c (called from H5T__conv_ref in H5Tconv.c) resulting in the corruption of the instruction pointer.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-33873 HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c.
MSRC.MICROSOFT.COM — 21 Feb 2026
🐛
CVE-2024-33877 HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c.
MSRC.MICROSOFT.COM — 21 Feb 2026
⚠️
Agentic AI Security Is Broken and How To Fix It: Ido Shlomo, Co-founder and CTO of Token Security
CYBERSECURITYTODAY.LIBSYN.COM — 21 Feb 2026
⚠️
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
THEHACKERNEWS.COM — 21 Feb 2026
⚠️
Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning
THEHACKERNEWS.COM — 21 Feb 2026
⚠️
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
THEHACKERNEWS.COM — 21 Feb 2026
⚠️
AI Threats: What Could Go Wrong?
YOUTUBE.COM — 2026-02-21
⚠️
France's Ministry of Economy disclosed that attackers used stolen official credentials to access FICOBA, the national bank account registry, exposing data on 1.2 million accounts
INFOSEC.PUB — 21 Feb 2026
🔥
What Happens If I Click A Phishing Link?
KNOWBE4.COM — 21 Feb 2026
🕵️
What is OAuth?
INFOSEC.PUB — 21 Feb 2026
📡
7 days until ticket prices rise for TechCrunch Disrupt 2026
TECHCRUNCH.COM — 21 Feb 2026
🚨
CISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-49113 RoundCube Webmail Deserialization of Untrusted Data Vulnerability CVE-2025-68461 RoundCube Webmail Cross-site Scripting Vulnerabi…
KEVCISA.GOV — Fri, 20 Feb 26 1
🐛
CISA Orders Emergency Patch for Actively Exploited Dell Flaw;
KEVCYBERSECURITYTODAY.LIBSYN.COM — 20 Feb 2026
🐛
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
THEHACKERNEWS.COM — 20 Feb 2026
🐛
CVE-2024-20328 ClamAV VirusEvent File Processing Command Injection Vulnerability
MSRC.MICROSOFT.COM — 20 Feb 2026
🐛
Chromium: CVE-2026-2649 Integer overflow in V8
MSRC.MICROSOFT.COM — 20 Feb 2026
🐛
Chromium: CVE-2026-2648 Heap buffer overflow in PDFium
MSRC.MICROSOFT.COM — 20 Feb 2026
🐛
Chromium: CVE-2026-2650 Heap buffer overflow in Media
MSRC.MICROSOFT.COM — 20 Feb 2026
⚠️
Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems
THEHACKERNEWS.COM — 20 Feb 2026
⚠️
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware
THEHACKERNEWS.COM — 20 Feb 2026
⚠️
Ukrainian man jailed for identity theft that helped North Koreans get jobs at US companies
TECHCRUNCH.COM — 20 Feb 2026
⚠️
Spanish police say they have arrested hacker who booked luxury hotel rooms for just one cent
BITDEFENDER.COM — 20 Feb 2026
⚠️
CarMax - 431,371 breached accounts
HAVEIBEENPWNED.COM — 20 Feb 2026
⚠️
CyberRiskTV Live Coverage from Zero Trust World 2026 - Day 1
YOUTUBE.COM — 2026-02-20
⚠️
Using threat modeling and prompt injection to audit Comet
TRAILOFBITS.COM — 20 Feb 2026
📢
Risky Biz Soap Box: The lethal trifecta of AI risks
RISKY.BIZ — 20 Feb 2026
🔥
Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026
THEHACKERNEWS.COM — 20 Feb 2026
🔥
FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025
THEHACKERNEWS.COM — 20 Feb 2026
🔥
How To Recall An Email In Outlook
KNOWBE4.COM — 20 Feb 2026
🕵️
Friday Squid Blogging: Squid Cartoon
SCHNEIER.COM — 2026-02-20
🕵️
Ring Cancels Its Partnership with Flock
SCHNEIER.COM — 2026-02-20
🕵️
Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case
THEHACKERNEWS.COM — 20 Feb 2026
🕵️
Humans Will Give AI Anything If You Make It Sound Cool Enough
KNOWBE4.COM — 20 Feb 2026
🕵️
Google's App Store: Hidden Risks
YOUTUBE.COM — 2026-02-20
🕵️
Off-Topic Friday
INFOSEC.PUB — 20 Feb 2026
🕵️
CyberRiskTV Live Coverage from Zero Trust World 2026 - Day 2
YOUTUBE.COM — 2026-02-20
📡
‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
KREBSONSECURITY.COM — 20 Feb 2026
📡
Former Google Engineers Indicted Over Trade Secret Transfers to Iran
THEHACKERNEWS.COM — 20 Feb 2026