A seemingly innocuous Linux kernel function hides a potent root exploit. Unprivileged users can now potentially seize control.
Drupal just patched a 'highly critical' SQL injection flaw. Guess what? Hackers are already trying to break in. This isn't good.
A maximum-severity vulnerability in LiteSpeed's cPanel plugin is actively being exploited, opening the door for attackers to gain root-level access. The flaw, CVE-2026-48172, has been patched, but vigilance is urged.
Internet-facing appliances are no longer just security barriers; they're entry points. This latest breach highlights how F5 and Confluence can be weaponized to bypass traditional defenses.
Belarusian threat actor Ghostwriter is leveraging Ukraine's own Prometheus learning platform as a fresh vector for phishing attacks against the nation's government entities. The sophisticated operation employs a multi-stage JavaScript payload designed for deep system reconnaissance and Cobalt Strike deployment.
Another week, another batch of weaponized vulnerabilities lands in Metasploit's arsenal. This cycle sees critical authentication bypasses and RCEs emerge, targeting widely deployed infrastructure.
Microsoft Defender, our supposed digital guardian, is bleeding vulnerabilities. Two zero-days are actively exploited, one granting SYSTEM privileges, the other locking down devices entirely.
Microsoft's primary security software isn't immune. Two serious vulnerabilities in Microsoft Defender are actively being exploited, giving attackers a backdoor into your systems.
Drupal users, pay attention. A 'highly critical' flaw has landed, and if you're running PostgreSQL, your site is vulnerable. This isn't just about data leaks; it's about full takeover.
A seemingly innocuous VS Code extension became the gateway for a devastating breach at GitHub, exposing thousands of internal repositories. This isn't just another headline; it's a wake-up call for the entire software supply chain.
Cybercriminals are getting slicker. Microsoft just busted Fox Tempest, a service that made malware look like the real deal.
Drupal is scrambling to push a critical security update. A bug with a high exploitation risk means threat actors could have exploits ready within hours of disclosure. Your website might be next.
GitHub is grappling with a significant breach stemming from a compromised Visual Studio Code extension. The incident highlights the escalating risks within the developer tooling supply chain.
The window for attackers just slammed shut – or rather, it just blew wide open. A critical Linux kernel vulnerability, PinTheft, now has a public exploit. Arch Linux users are in the crosshairs.
A new Windows zero-day, dubbed YellowKey, is exposing BitLocker-protected drives. Microsoft has released emergency mitigations, but public exploits are already circulating.
Another week, another handful of zero-days hitting Windows. Microsoft's patching efforts are starting to look like a game of whack-a-mole.
A significant operation enabling cybercriminals to digitally sign malware as if it were legitimate software has been dismantled. This attack vector highlights how even trusted cloud services can be subverted, impacting user trust and system security.
GitHub's internal source code is reportedly up for grabs on the dark web, and the company's scrambling to figure out what happened. This latest incident highlights the ever-present danger lurking in the supply chain.
Ever wonder why that antivirus scan takes *forever*? Turns out, a clever trick with Windows file paths might be the culprit, letting attackers hide in plain sight. Welcome to GhostTree.
A months-long breach at NYC Health + Hospitals has compromised the data of 1.8 million people, exposing everything from medical histories to biometric identifiers.