Cybersecurity writer and analyst. Covering breaches, threats, and vulnerabilities — analysis beyond the headline.
Vulnerabilities
Microsoft's February patch for a Windows zero-day actively exploited by Russia's APT28 blocked the remote code execution path — but left behind a zero-click authentication coercion flaw. Akamai researchers found it while testing the fix. That flaw is now CVE-2026-32202, confirmed exploited in the wild, and added
Data Breaches
A hardcoded third-party API key embedded in ClickUp's publicly accessible website JavaScript exposed hundreds of corporate and government email addresses — along with thousands of internal product development flags — for more than a year with no authentication required to access the data. ClickUp has not issued a public statement.
Threat Intelligence
Poland is experiencing a sharp rise in state-linked cyberattacks primarily sourced from Russia, with officials warning that the spread of advanced AI tools will intensify the threat — following a December 2025 power grid attack that came within hours of a nationwide blackout. WARSAW, POLAND — Poland is facing a documented escalation
Vulnerabilities
CISA confirmed active exploitation of two vulnerabilities — a ConnectWise ScreenConnect path traversal flaw linked to Medusa ransomware and a Microsoft Windows Shell spoofing bug attributed to Russian APT28 — adding both to its Known Exploited Vulnerabilities catalog with a federal patching deadline of May 12, 2026. WASHINGTON, D.C. — The Cybersecurity
Threat Intelligence
North Korean threat actors have escalated their developer-targeting campaign by using an AI large language model to insert malicious npm dependencies into legitimate projects — operating through fake U.S.-registered companies and deploying full-featured remote access trojans targeting cryptocurrency wallets and developer infrastructure. GLOBAL — Cybersecurity researchers at ReversingLabs have documented
Vulnerabilities
CISA has flagged a data-theft vulnerability in GrassMarlin, an open-source OT network analysis tool developed by the NSA. The tool reached end-of-life in 2017 and no patch will be released. A public proof-of-concept exploit is already available on GitHub. WASHINGTON, D.C. — The Cybersecurity and Infrastructure Security Agency has published
Vulnerabilities
A critical authentication vulnerability in cPanel and WebHost Manager allowed attackers to access hosting control panels without valid credentials — and exploits were confirmed in the wild before the emergency patch was released on April 28, 2026. HOUSTON, TX — cPanel has issued an emergency security update to address a critical flaw
Data Breaches
U.S. Senators are demanding transparency from Navigate360 following claims that a hacker exfiltrated over 8 million confidential records from the P3 Global Intel platform, potentially unmasking tipsters and exposing decades of sensitive law enforcement and school safety data. WASHINGTON, D.C. — A massive cybersecurity incident at P3 Global Intel,
Data Breaches
A Singapore-linked contractor, Shanghai Tunnel Engineering Co (Singapore), has suffered a cybersecurity incident compromising digital project data for the Jurong Region Line (JRL) and Changi NEWater Factory 3. While operational control systems remain secure, the breach has prompted the Land Transport Authority (LTA) and Public Utilities Board (PUB) to suspend
Vulnerabilities
A pro-Ukrainian hacktivist group called PhantomCore has been exploiting three TrueConf video conferencing flaws (BDU-2025-10114, 10115, 10116) since September 2025 to breach Russian networks. By chaining these vulnerabilities, the group bypasses authentication and executes arbitrary OS commands, turning video conferencing servers into springboards for lateral movement and data harvesting. ST.
Trending
A Chinese state-linked contract hacker, Xu Zewei, has been extradited from Italy to the United States and charged for his alleged role in the Silk-Typhoon (Hafnium) campaigns that targeted U.S. universities conducting COVID-19 vaccine research and later thousands of Microsoft Exchange email servers worldwide. WASHINGTON, D.C. — In a
Vulnerabilities
Microsoft has patched a serious Entra ID (Azure AD) misconfiguration that exposed an “agent-only” role for Microsoft Graph PowerShell that was not properly restricted to Microsoft’s own internal agents. Attackers who obtained secrets for a service-principal-linked app registration could exploit this role to escalate privileges and pivot to long-term