Cyber Security

SHADOW#REACTOR Malware Builds Remcos RAT via Text Files TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

SHADOW#REACTOR Malware Builds Remcos RAT via Text Files

Do Son January 15, 2026

Security researchers have uncovered a sophisticated new malware framework that is slipping past enterprise defenses by hiding...

“Browser-in-the-Browser” Attack Escalates: Trellix Reports Surge in Sophisticated Facebook Phishing phishing-3390518_1280

phishing-3390518_1280

“Browser-in-the-Browser” Attack Escalates: Trellix Reports Surge in Sophisticated Facebook Phishing

Do Son January 15, 2026

The era of easily spotting phishing emails by checking the URL bar may be coming to an...

Critical Exploit Code Published: Critical FortiSIEM Flaw Grants Unauthenticated Root Access FortiSIEM PoC Exploit CVE-2025-64155

FortiSIEM PoC Exploit CVE-2025-64155

Critical Exploit Code Published: Critical FortiSIEM Flaw Grants Unauthenticated Root Access

Do Son January 14, 2026

Security researchers have blown the lid off a critical vulnerability in Fortinet’s FortiSIEM appliance, publicly releasing proof-of-concept...

High Details Exposed: High-Severity Aruba VIA Root Flaw Publicly Disclosed

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

High Details Exposed: High-Severity Aruba VIA Root Flaw Publicly Disclosed

Do Son January 14, 2026

HPE Aruba Networking has issued a security alert for users of its Virtual Intranet Access (VIA) client...

Iran Tests Academic “Whitelists” Amid Nationwide 2026 Blackout Iran internet blackout 2026, academic ASN connectivity surge

Iran internet blackout 2026, academic ASN connectivity surge

Iran Tests Academic “Whitelists” Amid Nationwide 2026 Blackout

Do Son January 10, 2026

Iran has currently severed all access to the international internet due to internal domestic unrest. Observational data...

9.2 CVE-2026-21440: New AdonisJS 9.2 Critical Flaw Allows Arbitrary File Writes and RCE AdonisJS RCE, CVE-2026-21440

AdonisJS RCE, CVE-2026-21440

9.2 CVE-2026-21440: New AdonisJS 9.2 Critical Flaw Allows Arbitrary File Writes and RCE

Do Son January 5, 2026

A critical security vulnerability has been discovered in AdonisJS, a popular full-stack Node.js web framework known for...

9.8 CVE-2025-68926: Critical Hardcoded Credential Flaw Exposes RustFS Storage Clusters RustFS, Hardcoded Token (CVE-2025-68926)

RustFS, Hardcoded Token (CVE-2025-68926)

9.8 CVE-2025-68926: Critical Hardcoded Credential Flaw Exposes RustFS Storage Clusters

Do Son January 2, 2026

RustFS, a distributed object storage system celebrated for leveraging the memory safety and performance of the Rust...

8.1 CVE-2025-47411: Critical Apache StreamPipes Flaw Allows Standard Users to Seize Admin Control CVE-2024-29868 Apache StreamPipes, CVE-2025-47411

CVE-2024-29868 Apache StreamPipes, CVE-2025-47411

8.1 CVE-2025-47411: Critical Apache StreamPipes Flaw Allows Standard Users to Seize Admin Control

Do Son December 31, 2025

The Apache Software Foundation has released a critical fix for StreamPipes, its self-service Industrial IoT toolbox designed...

ChatGPT Atlas Under Guard: OpenAI Fortifies Browser Agent Against “Prompt Injection” Attacks ChatGPT Atlas, Prompt Injection Safeguards

ChatGPT Atlas, Prompt Injection Safeguards

ChatGPT Atlas Under Guard: OpenAI Fortifies Browser Agent Against “Prompt Injection” Attacks

Do Son December 25, 2025

As artificial intelligence begins to browse the web on our behalf, the battleground for security is shifting...

The Notarized Nightmare: New MacSync Stealer Bypasses Gatekeeper to Hijack Mac Devices OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

The Notarized Nightmare: New MacSync Stealer Bypasses Gatekeeper to Hijack Mac Devices

Do Son December 24, 2025

The cat-and-mouse game between Apple’s security protocols and malware authors has taken a stealthy turn. A new...

10.0 n8n Under Fire: Critical CVSS 10.0 RCE Vulnerability Grants Total Server Access n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

10.0 n8n Under Fire: Critical CVSS 10.0 RCE Vulnerability Grants Total Server Access

Do Son December 22, 2025

The popular workflow automation tool n8n has issued a critical security alert after discovering a vulnerability that...

TikTok’s “Scam-Yourself” Trap: How AuraStealer Malware Tricks Users into Hacking Their Own PCs AuraStealer, Scam-Yourself

AuraStealer, Scam-Yourself

TikTok’s “Scam-Yourself” Trap: How AuraStealer Malware Tricks Users into Hacking Their Own PCs

Do Son December 22, 2025

A deep-dive analysis by Gen Digital (Gen Threat Labs) has unveiled AuraStealer, an emerging Malware-as-a-Service (MaaS) that...

10 CISA Alert: Chinese Hackers Weaponize CVSS 10 Cisco Zero-Day & SonicWall Exploit Chains CISA KEV Update, Cisco Zero-Day KEV Vulnerabilities

CISA KEV Update, Cisco Zero-Day KEV Vulnerabilities

10 CISA Alert: Chinese Hackers Weaponize CVSS 10 Cisco Zero-Day & SonicWall Exploit Chains

Do Son December 18, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive adding three critical vulnerabilities to...

Russian Disinformation Campaign Targets Moldova’s Pro-EU Elections Autumn Dragon Espionage, DLL Sideloading Moldova disinformation AcidPour Wiper Malware

Autumn Dragon Espionage, DLL Sideloading Moldova disinformation AcidPour Wiper Malware

Russian Disinformation Campaign Targets Moldova’s Pro-EU Elections

Do Son September 25, 2025

With Moldova’s nationwide elections approaching on September 28, 2025, researchers at Silent Push have uncovered a Russian-linked...

The Great Firewall Leaks: A 600GB Trove of Secrets Exposed Booking.com Data Breach Claude Code Leak Anthropic Source Code YggTorrent data breach PS5 BootROM key leak 2026, PlayStation 5 unpatchable jailbreak Great Firewall data leak Dating App Breach, Tea App Leak 23andMe Data Leak

Booking.com Data Breach Claude Code Leak Anthropic Source Code YggTorrent data breach PS5 BootROM key leak 2026, PlayStation 5 unpatchable jailbreak Great Firewall data leak Dating App Breach, Tea App Leak 23andMe Data Leak

The Great Firewall Leaks: A 600GB Trove of Secrets Exposed

Do Son September 19, 2025

China’s internet censorship system, the Great Firewall, has recently suffered the largest data breach in its history,...

DOJ Charges UK National Linked to Scattered Spider in $115M Cyber Extortion Scheme Romanian hacker sentenced identity theft conviction Pig-Butchering Crackdown Operation Level Up Oleksandr Didenko North Korean IT Workers Coinbase TaskUs insider breach, Hyderabad police Coinbase arrest Scattered Spider, Cybercrime Scattered Spider group

Romanian hacker sentenced identity theft conviction Pig-Butchering Crackdown Operation Level Up Oleksandr Didenko North Korean IT Workers Coinbase TaskUs insider breach, Hyderabad police Coinbase arrest Scattered Spider, Cybercrime Scattered Spider group

DOJ Charges UK National Linked to Scattered Spider in $115M Cyber Extortion Scheme

Do Son September 19, 2025

The U.S. Department of Justice (DOJ) has unsealed a criminal complaint charging Thalha Jubair, a 19-year-old United...

MuddyWater APT Shifts Tactics to Custom Malware MuddyWater APT ANY.RUN security incident

MuddyWater APT ANY.RUN security incident

MuddyWater APT Shifts Tactics to Custom Malware

Do Son September 19, 2025

Group-IB analysts have released new intelligence on MuddyWater, the Iranian state-sponsored APT linked to Tehran’s Ministry of...

SolarWinds Issues Advisory on Salesforce Data Breach Linked to Salesloft Drift Serv-U RCE, Authenticated RCE CVE-2024-0692 Salesforce breach

Serv-U RCE, Authenticated RCE CVE-2024-0692 Salesforce breach

SolarWinds Issues Advisory on Salesforce Data Breach Linked to Salesloft Drift

Do Son September 18, 2025

SolarWinds has issued a security advisory regarding a major Salesforce data breach that exposed sensitive information from...

Hacker Tied to Yemen Cyber Army Sentenced for Stealing Data of 4 Million People Cybercrime, Hacker

Cybercrime, Hacker

Hacker Tied to Yemen Cyber Army Sentenced for Stealing Data of 4 Million People

Do Son August 20, 2025

The UK’s National Crime Agency (NCA) has announced the sentencing of Al Tahery Al-Mashriky, a 26-year-old hacker...

Russia Begins Systematic Blocking of Cloudflare, Throttling Internet Access to 16KB Cloudflare layoffs 2026 AI bot traffic surge Content Signals Policy, AI Content Usage Cloudflare, Certificate Misissuance Salesforce, supply chain attack DDoS attack, Cloudflare Perplexity AI, Web Scraping Pay Per Crawl Cloudflare abuse R2 outage HTTP Cloudflare Blocking

Cloudflare layoffs 2026 AI bot traffic surge Content Signals Policy, AI Content Usage Cloudflare, Certificate Misissuance Salesforce, supply chain attack DDoS attack, Cloudflare Perplexity AI, Web Scraping Pay Per Crawl Cloudflare abuse R2 outage HTTP Cloudflare Blocking

Russia Begins Systematic Blocking of Cloudflare, Throttling Internet Access to 16KB

Do Son June 30, 2025

In March 2025, Russia conducted preliminary tests in select regions to sever connections to Cloudflare, aiming to...

🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

CVE-2026-20230CVSS 8.6
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified...
CVE-2026-4020CVSS 7.5
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and...
CVE-2026-10735
Multiple plugins by ShapedPlugin contain a backdoor in various versions. This makes it possible for unauthenticated attackers to...
CVE-2026-20262CVSS 6.5
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated,...
CVE-2026-54420CVSS 8.5
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a...
CVE-2026-53435CVSS 8.8
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize...
CVE-2026-10795CVSS 8.1
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions...
CVE-2026-11645
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker...
CVE-2026-50751CVSS 9.3
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows...
CVE-2026-20245CVSS 7.8
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local...