Tag Archives: it security

3 SOC Steps that Shut Down Incident Risks Early
May 27, 2026

Most organizations still picture cyber defense as a fortress problem: build stronger walls, add more...

Gitea Vulnerability Exposes Private Container Images without Authentication
May 27, 2026

Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version...

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
May 27, 2026

Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI)...

MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
May 26, 2026

The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting...

New AI DDoS Attacks Are Smarter. Learn How to Fight Back in This Webinar
May 26, 2026

Every single day, hackers are finding new ways to crash websites and steal data. But...

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
May 26, 2026

Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that...

MFA Prompt Bombing: Why Your Second Factor Isn’t Saving You
May 26, 2026

Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant...

CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
May 26, 2026

The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch...

Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning
May 26, 2026

The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has...

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
May 26, 2026

A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular...

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
May 25, 2026

Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs...

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
May 25, 2026

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject...

The Alert Firehose Finally Meets Its Match
May 25, 2026

Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear...

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
May 25, 2026

Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put...

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
May 25, 2026

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io...

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
May 23, 2026

GitHub has rolled out new controls for npm to improve the security of the software...

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
May 23, 2026

A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious...

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
May 23, 2026

Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or...

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
May 23, 2026

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple...

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
May 23, 2026

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in...

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
May 23, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security...

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

Authorities in Europe and North America have announced the dismantling of a criminal virtual private...

22
May
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine’s National Security and Defense...

22
May
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed...

22
May
Making Vulnerable Drivers Exploitable Without Hardware – The BYOVD Perspective

1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers...

22
May
Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks

The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man...

22
May
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting...

22
May
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could...

22
May
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been...

21
May
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

This week starts small. A token leaks. A bad package slips in. A login trick...

21
May