Vulnerability Web Security3 Min Read July 17, 2026 New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable. Every 6.9 and 7.0 site…
4 Min Read July 17, 2026 OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests Eleven bytes will make an unpatched OpenSSL server set aside up to 131… Server Security Vulnerability
2 Min Read July 17, 2026 Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT Cybersecurity researchers have discovered a cluster of seven malicious… Malware Software Supply Chain
5 Min Read July 17, 2026 New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens A Go botnet called NadMesh turned up in early July hunting exposed AI… AI Security Botnet
Malware Threat Intelligence4 Min Read July 17, 2026 GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine.…
Malware Social Engineering3 Min Read July 17, 2026 Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to…
Artificial Intelligence Regulation7 Min Read July 17, 2026 E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants The European Commission on Thursday ordered Google to give rival AI assistants the same reach into Android that Gemini already has: the…
Artificial Intelligence National Security4 Min Read July 17, 2026 The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace? Military forces are under increasing pressure to field autonomous capabilities faster than ever before. Across the U.S., UK, and NATO, new…
Malware Windows Security5 Min Read July 17, 2026 ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session…
Cyber Espionage Threat Intelligence4 Min Read July 17, 2026 New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage Cybersecurity researchers have discovered a previously undocumented malware called GoSerpent that has been put to use in cyber attacks…
Enterprise Security Vulnerability2 Min Read July 17, 2026 CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft…
Cybercrime Identity Security4 Min Read July 16, 2026 Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack Owen Flowers, 18, and Thalha Jubair, 20, were each sentenced to five and a half years at Woolwich Crown Court on Thursday, 16 July 2026, for…
Artificial Intelligence Offensive Security10 Min Read July 16, 2026 AI Can Find Bugs, But Human Knowledge Still Proves Them Artificial intelligence (AI) is changing offensive security, but it has not changed the standard that matters most: a finding has to be proven…
IoT Security Vulnerability4 Min Read July 16, 2026 Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide Pull the certificate off the flash of a Shark RV2320EDUS robot vacuum, and you can run root commands on other people's Shark vacuums across…
Red Teaming Software Security4 Min Read July 16, 2026 OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol OpenAI has disclosed details of GPT-Red, an internal automated red-teaming model that scales prompt injection vulnerability discovery with an…
Enterprise Security Vulnerability2 Min Read July 16, 2026 Zoom Patches Critical Windows Flaw That Could Enable Account Takeover Zoom has released security updates for a critical security flaw impacting Zoom Workplace for Windows that could facilitate account takeover.…
IoT Security Network Security3 Min Read July 15, 2026 TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development Cybersecurity researchers have disclosed details of a previously unreported Internet-of-Things (IoT) botnet framework dubbed TuxBot v3…
Endpoint Security Malware4 Min Read July 15, 2026 OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware…
Browser Security Vulnerability3 Min Read July 15, 2026 Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published. The…
Enterprise Security Network Security3 Min Read July 15, 2026 SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough. For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection…
Enterprise Security Vulnerability3 Min Read July 15, 2026 Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday Security researcher Chaotic Eclipse (aka Nightmare-Eclipse) has released a new proof-of-concept (PoC) exploit called LegacyHive. It has been…
Supply Chain Security Web Security4 Min Read July 15, 2026 New Webinar: Closing the Approval Gap in AI-Era Ad Tech A single approved marketing tag can quietly load fourth-party code your security team has never seen, granting full access to your forms,…
Endpoint Security Vulnerability5 Min Read July 15, 2026 Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval…
Malware Software Security3 Min Read July 15, 2026 Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings…
Enterprise Security Vulnerability2 Min Read July 15, 2026 Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 series appliances, one…
Enterprise Security Vulnerability5 Min Read July 14, 2026 Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack Microsoft shipped its largest Patch Tuesday on record today, and two of the fixes close holes that attackers are already exploiting. The…
Enterprise Security Vulnerability2 Min Read July 14, 2026 SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including a critical flaw in SAP…
Browser Security Vulnerability5 Min Read July 14, 2026 Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads Any other browser extension that can run a script on claude.ai can still trigger Claude for Chrome tasks aimed at your Gmail, your latest…
Artificial Intelligence Data Privacy4 Min Read July 14, 2026 Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read xAI's Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI,…
Cyber Espionage Network Security4 Min Read July 14, 2026 U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling…
Browser Security Malvertising6 Min Read July 14, 2026 148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet A campaign of 148 npm packages disguised as student web proxies turned visitors' browsers into a distributed denial-of-service botnet for…
Identity Security SaaS Security6 Min Read July 14, 2026 Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce…
Cybercrime Endpoint Security2 Min Read July 13, 2026 CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from…
Browser Security Web Security4 Min Read July 13, 2026 Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after…
Cybersecurity Hacking10 Min Read July 13, 2026 ⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That's supposed to be the good news. The…
AI Security Data Integrity6 Min Read July 13, 2026 New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single…
Artificial Intelligence Email Security5 Min Read July 13, 2026 Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM)…
Identity Security Threat Intelligence7 Min Read July 13, 2026 Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365 An attacker running a live Microsoft 365 phishing operation left a Python web server listening on a public port with directory listing…
Vulnerability Web Security3 Min Read July 13, 2026 iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa…
Malware Software Supply Chain4 Min Read July 11, 2026 Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published…
Cyber Espionage Threat Intelligence3 Min Read July 11, 2026 Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations…
Email Security Vulnerability2 Min Read July 11, 2026 Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in…
Enterprise Security Security Incident3 Min Read July 10, 2026 URGENT – Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The…
Malware Software Supply Chain3 Min Read July 10, 2026 Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the…
Firmware Security Vulnerability4 Min Read July 10, 2026 Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot Researchers at firmware security firm Binarly have found six new flaws in U-Boot, the small program that starts up hardware as…
Hardware Security Vulnerability5 Min Read July 10, 2026 Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched Researchers at Ledger's Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto…