cybersecurity

Publicly Disclosed: Bishop Fox Reveals Critical Pre-Auth SQL Injection in FortiClient EMS FortiSandbox Vulnerability Unauthenticated RCE FortiClient EMS Vulnerability CVE-2026-21643 FortiClient EMS Vulnerability CVE-2026-21643 CVE-2023-34992 - CVE-2023-37936 Fortinet Vulnerabilities CVE-2025-64155

FortiSandbox Vulnerability Unauthenticated RCE FortiClient EMS Vulnerability CVE-2026-21643 FortiClient EMS Vulnerability CVE-2026-21643 CVE-2023-34992 - CVE-2023-37936 Fortinet Vulnerabilities CVE-2025-64155

Publicly Disclosed: Bishop Fox Reveals Critical Pre-Auth SQL Injection in FortiClient EMS

Do Son March 17, 2026

Cybersecurity researchers at Bishop Fox have released a technical deep-dive into a critical vulnerability affecting FortiClient EMS,...

Instant Hijack: Critical 10.0 CVSS File Browser Flaw Grants Automatic Admin Rights File Browser Vulnerability CVE-2026-32760

File Browser Vulnerability CVE-2026-32760

Instant Hijack: Critical 10.0 CVSS File Browser Flaw Grants Automatic Admin Rights

Do Son March 17, 2026

Security researchers have issued a high-priority alert for users of File Browser, a popular open-source self-hosted cloud...

CVE Watchtower Launches Enterprise Automation Suite Featuring 30-Day Intelligence Dashboards, Predictive EPSS Scoring, REST API, and ITSM Webhooks cve

cve

CVE Watchtower Launches Enterprise Automation Suite Featuring 30-Day Intelligence Dashboards, Predictive EPSS Scoring, REST API, and ITSM Webhooks

ddos-admin March 17, 2026

CVE Watchtower has announced a major expansion to its threat intelligence platform, introducing a comprehensive suite of...

Broken Keys: Critical Authlib Flaws Expose Millions to JWT Forgery and Padding Oracles Authlib Vulnerabilities CVE-2026-27962

Authlib Vulnerabilities CVE-2026-27962

Broken Keys: Critical Authlib Flaws Expose Millions to JWT Forgery and Padding Oracles

Do Son March 17, 2026

Security researchers exposed three critical vulnerabilities in Authlib, the widely used library for building OAuth and OpenID...

GlassWorm Abuses VS Code Extensions to Fuel Supply Chain Attacks GlassWorm Malware Open VSX Supply Chain

GlassWorm Malware Open VSX Supply Chain

GlassWorm Abuses VS Code Extensions to Fuel Supply Chain Attacks

Do Son March 17, 2026

The threat actor known as GlassWorm has significantly escalated its operations, pivoting from simple malicious listings to...

Weaponized Browsers: How the ‘DRILLAPP’ Backdoor Turns Microsoft Edge into an Espionage Tool DRILLAPP Backdoor Browser Exploitation

DRILLAPP Backdoor Browser Exploitation

Weaponized Browsers: How the ‘DRILLAPP’ Backdoor Turns Microsoft Edge into an Espionage Tool

Do Son March 17, 2026

Cybersecurity researchers at LAB52, the threat intelligence arm of S2 Group, have uncovered a novel campaign targeting...

High-Severity Angular XSS Flaw Bypasses Built-In Sanitization Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

High-Severity Angular XSS Flaw Bypasses Built-In Sanitization

Do Son March 17, 2026

A significant security vulnerability has been unearthed in the Angular runtime and compiler, potentially exposing thousands of...

Operation CamelClone: New Global Espionage Campaign Hijacks Public Cloud Tools Operation CamelClone Cloud Storage Abuse

Operation CamelClone Cloud Storage Abuse

Operation CamelClone: New Global Espionage Campaign Hijacks Public Cloud Tools

Do Son March 17, 2026

Cybersecurity researchers at Seqrite Labs have identified a widespread and highly targeted espionage operation dubbed “Operation CamelClone”....

The Fake VPN Trap: Microsoft Warns of Storm-2561 SEO Poisoning Campaigns Stealing Corporate Credentials

Storm-2561 SEO Poisoning

The Fake VPN Trap: Microsoft Warns of Storm-2561 SEO Poisoning Campaigns Stealing Corporate Credentials

Do Son March 17, 2026

Cybersecurity investigators at Microsoft Defender Experts have sounded the alarm on a deceptive credential theft campaign targeting...

Malicious Packagist Themes Target Vietnamese OphimCMS Sites with Trojanized JS OphimCMS Malware Packagist Supply Chain Attack

OphimCMS Malware Packagist Supply Chain Attack

Malicious Packagist Themes Target Vietnamese OphimCMS Sites with Trojanized JS

Do Son March 17, 2026

Cybersecurity investigators at Socket’s Threat Research Team have sounded the alarm after discovering a cluster of malicious...

CISA Flags Actively Exploited Wing FTP Server Flaw Wing FTP Server CVE-2025-47813

Wing FTP Server CVE-2025-47813

CISA Flags Actively Exploited Wing FTP Server Flaw

Do Son March 16, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive after adding a new vulnerability...

Backdoored React Native Packages Target Developers with Crypto-Stealing Malware PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

Backdoored React Native Packages Target Developers with Crypto-Stealing Malware

Do Son March 16, 2026

The JavaScript development community is on high alert following a coordinated supply chain attack targeting two popular...

The Poisoned Pickle: Critical Unpatched RCE Flaws Expose SGLang AI Infrastructure

The Poisoned Pickle: Critical Unpatched RCE Flaws Expose SGLang AI Infrastructure

Do Son March 16, 2026

Security researchers have issued a warning to the AI development community following the discovery of critical vulnerabilities...

Critical 9.7 CVSS TinaCMS Flaw Exposes Local Developer Machines TinaCMS Vulnerability CVE-2026-28792

TinaCMS Vulnerability CVE-2026-28792

Critical 9.7 CVSS TinaCMS Flaw Exposes Local Developer Machines

Do Son March 16, 2026

Security researchers have exposed a devastating vulnerability in TinaCMS, a popular headless content management system used by...

Root of the Problem: Sudo Flaw Exposes Linux Systems to Local Privilege Escalation Sudo Vulnerability Local Privilege Escalation

Sudo Vulnerability Local Privilege Escalation

Root of the Problem: Sudo Flaw Exposes Linux Systems to Local Privilege Escalation

Do Son March 16, 2026

A significant security vulnerability has been identified in Sudo, the ubiquitous utility that allows system administrators to...

High-Severity Flaw Exposes LiteSpeed Web Servers to OS Command Injection LiteSpeed Vulnerability CVE-2026-31386

LiteSpeed Vulnerability CVE-2026-31386

High-Severity Flaw Exposes LiteSpeed Web Servers to OS Command Injection

Do Son March 16, 2026

A significant security warning has been issued for administrators utilizing LiteSpeed Web Server, a popular high-performance replacement...

Critical 10.0 CVSS SandboxJS Flaw Grants Complete Remote Code Execution SandboxJS Escape Host Object Poisoning SandboxJS Vulnerability CVE-2026-26954

SandboxJS Escape Host Object Poisoning SandboxJS Vulnerability CVE-2026-26954

Critical 10.0 CVSS SandboxJS Flaw Grants Complete Remote Code Execution

Do Son March 16, 2026

A severe security flaw has been identified in SandboxJS, a popular JavaScript sandboxing library used to safely...

The $800M Inside Job: OFAC Sanctions North Korean IT Network Defrauding U.S. Businesses NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

The $800M Inside Job: OFAC Sanctions North Korean IT Network Defrauding U.S. Businesses

Do Son March 16, 2026

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued a major sanctions...

Weaponizing Conflict: ThreatLabz Exposes Mustang Panda’s Rapid PlugX Campaign in the Middle East Mustang Panda PlugX Backdoor

Mustang Panda PlugX Backdoor

Weaponizing Conflict: ThreatLabz Exposes Mustang Panda’s Rapid PlugX Campaign in the Middle East

Do Son March 16, 2026

Recently, cybersecurity researchers at ThreatLabz have uncovered a new campaign by a China-nexus threat actor. The operation,...

The Face of Destruction: Inside Void Manticore’s ‘Handala Hack’ AI-Assisted Wiping Operations Void Manticore Handala Hack

Void Manticore Handala Hack

The Face of Destruction: Inside Void Manticore’s ‘Handala Hack’ AI-Assisted Wiping Operations

Do Son March 16, 2026

Cybersecurity researchers at Check Point Research have released a detailed expose on Handala Hack, a prominent online...