Security analysts recently discovered the ToddyCat APT Umbrij tool. It hijacks corporate Gmail accounts without triggering standard...
News
TL;DR CVE-2026-48282, a critical CVSS 10 ColdFusion arbitrary code execution vulnerability, is under active attack. Hackers are...
Security researchers publicly disclosed a critical vulnerability in Control Web Panel alongside proof-of-concept exploit code. This flaw,...
TL;DR Researchers disclosed two UltraVNC repeater vulnerabilities in the tool’s HTTP admin server. One allows arbitrary code...
TL;DR WatchGuard has patched seven WatchGuard Firebox vulnerabilities in its Fireware OS. The worst, CVE-2026-13368 (CVSS 9.2),...
TL;DR Icinga patched three Icinga 2 vulnerabilities on 29 June 2026. Two let an unauthenticated attacker take...
TL;DR CISA published an advisory for five StoneFly Storage Concentrator vulnerabilities on 30 June 2026. Two rate...
TL;DR Researchers at HawkTrace published full technical details and proof-of-concept code for a Microsoft Exchange vulnerability tracked...
TL;DR Attackers are exploiting a Citrix NetScaler vulnerability in the wild, tracked as CVE-2026-8451 (CVSS 8.8). The...
TL;DR The Apache Software Foundation has disclosed two Apache HttpComponents Core vulnerabilities, CVE-2026-54399 and CVE-2026-54428. Both carry...
At a glance Malware Malicious browser extension / search hijacker (“Search for perplexity ai”) Threat actor Not...
Cloudflare has launched a new payment layer called Monetization Gateway. The tool uses the x402 protocol to...
Following its initial reveal at Google I/O 2026 this May, Google has finally launched its agentic AI...
TL;DR CERT Polska disclosed two flaws in GNU gzip on 29 June 2026. One GNU gzip vulnerability,...
At a glance Group Mustang Panda (China-aligned APT; also tracked as Hive0154) Activity Cyberespionage, spear-phishing, cloud-service C2...
At a glance Group The Gentlemen (ransomware-as-a-service) Activity Ransomware, data-leak extortion, custom tool development Targets Large firms...
At a glance Actor: Suspected Russian state-sponsored actors and proxies Activity type: Covert information operations and hacktivism...
At a glance Malware TONResolver (RAT; also tracked as TonRAT by Microsoft; detected as TrojanSpy.JS.TONRESOLVER.A) Threat actor...
TL;DR IBM patched three flaws in Db2 for Linux, UNIX, and Windows. The worst is an IBM...
TL;DR CISA added a Microsoft SharePoint vulnerability to its Known Exploited Vulnerabilities catalog on 1 July 2026....
At a glance Actor or Group: Scattered Spider (Octo Tempest, UNC3944, 0ktapus) Activity Type: Data extortion, computer...