cybersecurity

The BOSS Breach: APT36 Pivots to Linux Espionage with “Silent” Shortcuts Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

The BOSS Breach: APT36 Pivots to Linux Espionage with “Silent” Shortcuts

Do Son December 2, 2025

A prominent state-aligned threat actor has significantly evolved its arsenal, launching a sophisticated campaign targeting the Linux-based...

Albiriox: The Russian ‘MaaS’ Android Trojan Redefining Mobile Fraud Albiriox, Android Banking Trojan

Albiriox, Android Banking Trojan

Albiriox: The Russian ‘MaaS’ Android Trojan Redefining Mobile Fraud

Do Son December 2, 2025

A sophisticated new Android banking trojan, dubbed “Albiriox,” has emerged from the cybercriminal underground, offering a potent...

Boot Process Compromised: Critical Flaw (CVE-2025-47372) Hits Snapdragon 8 Gen 3 & 5G Modems Qualcomm Security, CVE-2025-47372 Automotive Safety, Connected Cars

Qualcomm Security, CVE-2025-47372 Automotive Safety, Connected Cars

Boot Process Compromised: Critical Flaw (CVE-2025-47372) Hits Snapdragon 8 Gen 3 & 5G Modems

Do Son December 1, 2025

Qualcomm has released a substantial security update for December 2025, addressing 11 distinct vulnerabilities across its chipset...

PoC Exploit Releases for CVE-2025-60718 – Windows Administrator Protection Elevation of Privilege Vulnerability

HTTP.sys RCE vulnerability, Windows HTTP stack exploit, CVE-2026-47291 Netlogon RCE vulnerability Exploited in the wild Secure Boot certificate renewal 2026, Windows 11 UEFI update Community-First AI Infrastructure, Microsoft self-funding energy mandate aka.ms/aoh online portal CVE-2025-55681, Windows DWM Elevation Windows Administrator Protection, CVE-2025-60718 Microsoft AI Compute, IREN Infrastructure Microsoft Japan PPA, Renewable Energy Microsoft AI Investment, Cloud Expansion Microsoft Azure, Startup Credits Infinite Workday, AI in Work Microsoft Russia, Bankruptcy AI code generation, Microsoft AI Microsoft Layoffs, Restructuring

PoC Exploit Releases for CVE-2025-60718 – Windows Administrator Protection Elevation of Privilege Vulnerability

Do Son December 1, 2025

A significant crack has been discovered in the armor of Windows Administrator Protection, potentially allowing low-privileged attackers...

CVE-2025-59789: Critical Flaw in Apache bRPC Framework Exposes High-Performance Systems to Crash Risks Apache bRPC Vulnerability CVE-2025-60021 Apache bRPC, CVE-2025-59789 Apache bRPC, Redis Vulnerability

Apache bRPC Vulnerability CVE-2025-60021 Apache bRPC, CVE-2025-59789 Apache bRPC, Redis Vulnerability

CVE-2025-59789: Critical Flaw in Apache bRPC Framework Exposes High-Performance Systems to Crash Risks

Do Son December 1, 2025

A critical vulnerability has been unearthed in Apache bRPC, an industrial-grade RPC framework widely used to power...

OpenAI API Users Exposed in Mixpanel Security Breach

ChatGPT Lockdown Mode OpenAI OpenClaw acquisition OpenAI Prism GPT-5.2 LaTeX, scientific research AI workspace OpenAI, Mixpanel Breach ChatGPT Data Preservation, NYT Lawsuit ChatGPT Apps SDK, super app OpenAI Jony Ive, AI Hardware Delay Musk Apple lawsuit, App Store antitrust UK AI Partnership, OpenAI Collaboration Jony Ive OpenAI, DoD Contract OpenAI Lawsuit, ChatGPT Privacy North Korea ChatGPT - GPT-4.5 model OpenAI Models, AI Advancements OpenAI pricing, Flex API

OpenAI API Users Exposed in Mixpanel Security Breach

Do Son November 28, 2025

In a significant reminder of the risks inherent to the digital supply chain, artificial intelligence giant OpenAI...

Hidden Danger in 3D: Malicious Blender Files Unleash StealC V2 Infostealer Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Hidden Danger in 3D: Malicious Blender Files Unleash StealC V2 Infostealer

Do Son November 27, 2025

Morphisec has issued a critical alert regarding a sophisticated malware campaign targeting 3D artists, game developers, and...

UNMASKED: Massive Leak Exposes Iran’s ‘Department 40’ Cyber-Terror Unit Department 40, IRGC Cyber Leak

Department 40, IRGC Cyber Leak

UNMASKED: Massive Leak Exposes Iran’s ‘Department 40’ Cyber-Terror Unit

Do Son November 27, 2025

A leak of internal documents has shattered the anonymity of one of Iran’s most feared cyber units,...

Tor Project Develops New CGO Encryption to Replace Vulnerable Tor1 Protocol Firefox Vulnerability Tor CGO Encryption Tor1 Protocol Vulnerability

Firefox Vulnerability Tor CGO Encryption Tor1 Protocol Vulnerability

Tor Project Develops New CGO Encryption to Replace Vulnerable Tor1 Protocol

Do Son November 26, 2025

The Onion Network (Tor) has long been synonymous with accessing the dark web, though its primary purpose...

CVE-2025-54918: Windows NTLM Elevation of Privilege Vulnerability Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

CVE-2025-54918: Windows NTLM Elevation of Privilege Vulnerability

Do Son November 26, 2025

Just when administrators thought NTLM relay attacks were becoming a thing of the past, a dangerous new...

Critical Patch: NVIDIA DGX Spark Flaw (CVE-2025-33187, CVSS 9.3) Exposes AI Secrets to Takeover NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

Critical Patch: NVIDIA DGX Spark Flaw (CVE-2025-33187, CVSS 9.3) Exposes AI Secrets to Takeover

Do Son November 26, 2025

NVIDIA has issued an urgent security update for its DGX Spark platform, a compact AI supercomputer designed...

Code Injection Flaws Threaten NVIDIA’s Isaac-GROOT Robotics Platform NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

Code Injection Flaws Threaten NVIDIA’s Isaac-GROOT Robotics Platform

Do Son November 24, 2025

NVIDIA has issued a security update to address two high-severity vulnerabilities in its NVIDIA Isaac-GROOT software. Isaac-GROOT...

Google Patches Actively Exploited Chrome Zero-Day Flaw (CVE-2025-13223) in Emergency Update Chrome security update exploit in the wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Chrome security update exploit in the wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Google Patches Actively Exploited Chrome Zero-Day Flaw (CVE-2025-13223) in Emergency Update

Do Son November 17, 2025

Google has issued an urgent, out-of-band security update for the Chrome Stable channel, addressing two separate Type...

DragonForce Ransomware Evolves with BYOVD to Kill EDR and Fixes Encryption Flaws in Conti V3 Codebase DragonForce BYOVD, Conti Codebase

DragonForce BYOVD, Conti Codebase

DragonForce Ransomware Evolves with BYOVD to Kill EDR and Fixes Encryption Flaws in Conti V3 Codebase

Do Son November 11, 2025

The Acronis Threat Research Unit (TRU) has identified a new DragonForce ransomware variant that showcases a dramatic...

Laid-Off Intel Engineer Allegedly Stole 18,000 Confidential Files Before Disappearing Intel EU Antitrust Fine, Naked Restrictions Intel Layoff Data Theft Jinfeng Luo Intel leadership change Intel SoftBank Intel Foundry, Semiconductor Market Intel Arrow Lake Refresh, Copilot+ PC Intel GPU Performance, Security Mitigations Mitigation Downfall Vulnerability

Intel EU Antitrust Fine, Naked Restrictions Intel Layoff Data Theft Jinfeng Luo Intel leadership change Intel SoftBank Intel Foundry, Semiconductor Market Intel Arrow Lake Refresh, Copilot+ PC Intel GPU Performance, Security Mitigations Mitigation Downfall Vulnerability

Laid-Off Intel Engineer Allegedly Stole 18,000 Confidential Files Before Disappearing

Do Son November 10, 2025

Intel is currently undergoing a massive wave of layoffs. Over the past few years, the chipmaker has...

Whisper Leak: Attack Infers Encrypted AI Chat Topics with 98%+ Accuracy Whisper Leak Encrypted AI Chat

Whisper Leak Encrypted AI Chat

Whisper Leak: Attack Infers Encrypted AI Chat Topics with 98%+ Accuracy

Do Son November 10, 2025

Microsoft’s Threat Intelligence team has disclosed a novel side-channel attack on remote language models, demonstrating that a...

Next-Gen Threat: Google Exposes AI-Enabled Malware That Rewrites Its Own Code with Gemini LLM BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

Next-Gen Threat: Google Exposes AI-Enabled Malware That Rewrites Its Own Code with Gemini LLM

Do Son November 6, 2025

The Google Threat Intelligence Group (GTIG) has released a report revealing that threat actors have moved beyond...

Wordfence Warns of Active Exploits Targeting Critical Privilege Escalation Flaw in WP Freeio (CVE-2025-11533) Elementor Unauthenticated EoP, CVE-2025-8489 Exploitation WordPress Privilege Escalation, WP Freeio WordPress backdoor Jupiter X Core - CVE-2024-7781 & CVE-2024-7782

Elementor Unauthenticated EoP, CVE-2025-8489 Exploitation WordPress Privilege Escalation, WP Freeio WordPress backdoor Jupiter X Core - CVE-2024-7781 & CVE-2024-7782

Wordfence Warns of Active Exploits Targeting Critical Privilege Escalation Flaw in WP Freeio (CVE-2025-11533)

Do Son October 30, 2025

The Wordfence Threat Intelligence team has issued an urgent warning about CVE-2025-11533, a critical privilege escalation vulnerability...

Google Rolls Out Chrome 142 Patching 20 Security Flaws

Chrome 148 lazy loading Chrome for Linux ARM64 Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Google Rolls Out Chrome 142 Patching 20 Security Flaws

Do Son October 30, 2025

The Google Chrome team has urgently promoted Chrome version 142 to the stable channel for Windows, Mac,...

LiteSpeed Cache Flaw (CVE-2025-12450): 7 Million WordPress Sites Exposed to XSS Attack CVE-2024-3246 LiteSpeed Cache, XSS, WordPress Vulnerability

CVE-2024-3246 LiteSpeed Cache, XSS, WordPress Vulnerability

LiteSpeed Cache Flaw (CVE-2025-12450): 7 Million WordPress Sites Exposed to XSS Attack

Do Son October 29, 2025

A security flaw has been discovered in the LiteSpeed Cache for WordPress (LSCWP) plugin, one of the...

🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

CVE-2026-20230CVSS 8.6
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified...
CVE-2026-4020CVSS 7.5
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and...
CVE-2026-10735
Multiple plugins by ShapedPlugin contain a backdoor in various versions. This makes it possible for unauthenticated attackers to...
CVE-2026-20262CVSS 6.5
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated,...
CVE-2026-54420CVSS 8.5
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a...
CVE-2026-53435CVSS 8.8
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize...
CVE-2026-10795CVSS 8.1
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions...
CVE-2026-11645
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker...
CVE-2026-50751CVSS 9.3
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows...
CVE-2026-20245CVSS 7.8
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local...