Vulnerabilities
The "Jolokia" vulnerability allows for unauthenticated Remote Code Execution, posing a significant risk to the message-brokering infrastructure that underpins global finance and logistics. WASHINGTON, D.C. — The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical input validation vulnerability in Apache ActiveMQ to its Known Exploited
Vulnerability Management
The National Institute of Standards and Technology pivots to a prioritization model, focusing enrichment efforts on critical software and known exploited vulnerabilities as the backlog reaches historic levels. GAITHERSBURG, MD — The National Institute of Standards and Technology (NIST) has announced a fundamental shift in how it manages the National Vulnerability
National Security
Security researchers claim sensitive contracts and user IDs were indexed by Google due to misconfigured URLs; Fiverr maintains that its core systems remain secure. TEL AVIV — Fiverr, the global freelance services marketplace, is facing intense scrutiny following reports that sensitive user documents — including contracts, project briefs, and personal IDs — were
Crypto-Crime & Laundering
The disruption of the W3LL Panel dismantles a "full-service" cybercrime ecosystem that bypassed Multi-Factor Authentication (MFA) to target thousands of Microsoft 365 enterprise accounts. ATLANTA, GA — In a major blow to the "Phishing-as-a-Service" (PhaaS) industry, the FBI’s Atlanta Field Office and the Indonesian National Police
Vulnerabilities
The addition of both legacy vulnerabilities and 2026 zero-days signals a "two-front war" for defenders: securing modern cloud-facing infrastructure while purging decade-old exploits still being used in the wild. WASHINGTON, D.C. — The Cybersecurity and Infrastructure Security Agency (CISA) has added seven new vulnerabilities to its Known Exploited
Trending
Adobe has issued an emergency out-of-band update to address a critical memory corruption vulnerability that allowed threat actors to exfiltrate data from targeted workstations for months. SAN JOSE, CA — Adobe has released emergency security updates for Acrobat and Acrobat Reader to patch a critical zero-day vulnerability, tracked as CVE-2026-34621, which
Trending
In a significant blow to the infostealer ecosystem, Google has officially integrated Device Bound Session Credentials (DBSC) into Chrome 146, fundamentally changing how authentication cookies are protected on Windows and macOS. MOUNTAIN VIEW, CA — For over a decade, session hijacking has been the "skeleton key" for cybercriminals. By
Threat Intelligence
In a sophisticated six-hour window of compromise, the official CPUID website was hijacked to serve malicious payloads to thousands of enthusiasts and IT professionals downloading system monitoring utilities. PARIS, FRANCE — The cybersecurity community is on high alert after CPUID, the developer of the ubiquitous system-profiling tools CPU-Z and HWMonitor, fell
Artificial Intelligence (A.I.)
As the industry shifts toward "AI-First" defense, the two titans of Silicon Valley are taking different paths to the same goal: automating the discovery and patching of global software vulnerabilities. SAN FRANCISCO, CA — The battle for the future of cybersecurity has entered a restricted phase. Following the bombshell
Trending
A critical pre-authentication Remote Code Execution (RCE) vulnerability in the Marimo open-source Python notebook has seen active exploitation less than half a day after its public disclosure, highlighting the extreme speed of modern threat actors. SAN FRANCISCO, CA — Security teams are racing to patch installations of Marimo, a reactive Python
Trending
Yesterday, Nextend confirmed that its update servers were compromised, leading to the distribution of backdoored versions of Smart Slider 3 Pro. With nearly a million sites affected across WordPress and Joomla, this is one of the most significant supply chain attacks of the year. BUDAPEST, HUNGARY — Security researchers at Patchstack
Trending
A sophisticated social engineering campaign dubbed "ClickFix" has pivoted to target macOS users, leveraging fake browser errors to trick victims into executing malicious scripts that bypass standard Apple security prompts. CUPERTINO, CA — For years, the prevailing wisdom suggested that macOS was a "walled garden" largely immune