45
CVEs
200
Threats
0
News
1
Critical
1
CISA KEV
🛡 Security Vulnerabilities (CVE)
CVE-2026-33017
Langflow Code Injection Vulnerability Allows Unauthenticated Flow Execution
01:52 KSA
Langflow Langflow — CVE-2026-33017
Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or di…
CVE-2026-20631
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate
23:54 KSA
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate privileges.
CVE-2026-23514
Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerabili
11:08 KSA
Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch.
CVE-2026-33348
OpenEMR is a free and open source electronic health records and medical practice management application. Users with the
11:08 KSA
OpenEMR is a free and open source electronic health records and medical practice management application. Users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form are displayed on the encounter page and in the visit history…
CVE-2026-20698
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4
23:54 KSA
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or corrupt kernel memory.
CVE-2026-33913
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio
11:08 KSA
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing `…
CVE-2026-2995
GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.1
11:08 KSA
GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content.
CVE-2026-24750
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attac
11:08 KSA
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later…
CVE-2026-33247
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.1
11:08 KSA
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv (the command-line), then those credentials are visible to any us…
CVE-2025-36258
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive informat
11:08 KSA
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied in the `$MQTT.>` namespace, allowing MQTT clients to bypass ACL checks for MQTT s…
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.
CVE-2026-3119
Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affec
11:08 KSA
Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration.
This issue affect…
CVE-2025-14790
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due
11:08 KSA
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials.
CVE-2025-14807
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper v
11:08 KSA
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, c…
CVE-2026-23635
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of
11:08 KSA
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later …
CVE-2026-20110
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of se
11:08 KSA
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability exists because incorrect privileges are associated with the start maintenance command. An att…
CVE-2026-27496
n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user
11:08 KSA
n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain …
CVE-2026-20083
A vulnerability in the Secure Copy Protocol (SCP) server feature of Cisco IOS XE Software could allow an authenticated,
11:08 KSA
A vulnerability in the Secure Copy Protocol (SCP) server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper handling of a ma…
CVE-2025-14915
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affecte
11:08 KSA
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server.
CVE-2026-32120
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio
11:08 KSA
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the fee sheet product save logic (`library/FeeSheet.class.php`) allows any authenticated …
CVE-2026-1014
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON
11:08 KSA
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation.
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header `Nats-Request-Info:` is supposed to be a guarantee of identity by the NATS server, but the stripping of this header from i…
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a `Nats-Request-Info:` message header, providing information about a request. This is supposed to provide enough information to allow for account/user identifica…
CVE-2026-4825
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /up
11:08 KSA
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /update_sales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. …
CVE-2025-14810
IBM InfoSphere Information Server Insufficient Session Expiration After Privilege Modification
11:08 KSA
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient…
IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.
IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user.
CVE-2026-20104
A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS93
11:08 KSA
A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Switches, and Cisco IE3500 and IE3505 Rugged Series Switches could allow an authenti…
A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information.
This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this …
CVE-2025-40842
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a
Cross-Site Scripting (XSS) vulnerability which, if exp
11:08 KSA
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a
Cross-Site Scripting (XSS) vulnerability which, if exploited, can lead to
unauthorized disclosure and modification of certain information.
CVE-2025-64648
IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive informatio
11:08 KSA
IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
Mattermost versions 11.4.x
CVE-2026-20114
A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated,
11:08 KSA
A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users.
This vulnerability e…
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus…
A Reflected Cross Site Scripting (XSS) vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the 'search' parameter in '/supportboard/include/artic…
A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addr…
CVE-2025-14912
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This ma
11:08 KSA
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2026-1015
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This ma
11:08 KSA
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2026-1561
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnera
11:08 KSA
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumerat…
CVE-2026-20108
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, rem
11:08 KSA
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.
This vulnerability is due to insufficient …
n8n is an open source workflow automation platform. Prior to versions 2.6.4 and 1.123.23, an authenticated user without permission to list external secrets could reference a secret by the external name in a credential and retrieve its plaintext value when saving the credential. T…
CVE-2026-20113
A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software
11:08 KSA
A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user.
This vulnerability is due to …
CVE-2025-36438
IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restrictio
11:08 KSA
IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints.
IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control.
⚠️ Threat Intelligence
200 threats
rss:The Hacker News
—
20:02 KSA
Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
Active device code phishing campaign targeting Microsoft 365 identities across 340+ organizations in five countries including U.S., Canada, Australia, New Zealand, and German…
rss:The Hacker News
—
19:00 KSA
LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace
Russian law enforcement arrested the alleged administrator of LeakBase cybercrime forum in Taganrog. LeakBase operated as a major marketplace for stolen credentials and compromised data…
rss:Dark Reading
—
17:58 KSA
Phishers Pose as Palo Alto Networks' Recruiters for Months in Job Scam
Phishing campaigns starting in August 2024 impersonate Palo Alto Networks recruiters to defraud job seekers. Attackers use psychological manipulation and LinkedIn-scraped data to target …
rss:Dark Reading
—
17:58 KSA
Ex-NSA Directors Discuss 'Red Line' for Offensive Cyberattacks
Four former NSA directors discussed offensive cyber operations and US Cyber Command's role in national security. The debate covered strategic boundaries and ethical considerations for gover…
rss:Dark Reading
—
17:58 KSA
CSA Launches CSAI Foundation for AI Security
Cloud Security Alliance established CSAI Foundation, a nonprofit dedicated to securing autonomous AI agent ecosystems. The initiative focuses on risk intelligence and certification frameworks to address emerging AI se…
rss:Dark Reading
—
16:54 KSA
Blame Game: Why Public Cyber Attribution Carries Risks
Public attribution of cyberattacks to specific entities carries significant risks and potential negative consequences. Organizations should carefully evaluate diplomatic, legal, and operational implications …
rss:BleepingComputer
—
08:00 KSA
Bubble AI app builder abused to steal Microsoft account credentials
Cybercriminals are exploiting the Bubble no-code platform to create and host malicious web applications that bypass phishing detection systems. These fraudulent apps are specifically designed to…
rss:BleepingComputer
—
08:00 KSA
New Torg Grabber infostealer malware targets 728 crypto wallets
A newly discovered infostealer malware named Torg Grabber is targeting 850 browser extensions, with over 700 specifically designed for cryptocurrency wallets. The malware steals sensitive data inclu…
rss:BleepingComputer
—
08:00 KSA
Citrix urges admins to patch NetScaler flaws as soon as possible
Citrix has released patches for two critical vulnerabilities in NetScaler ADC and NetScaler Gateway products. One vulnerability bears significant similarities to the previously exploited CitrixBlee…
rss:SecurityWeek
—
04:37 KSA
FCC Bans New Routers Made Outside the US Over National Security Risks
The FCC has banned new routers manufactured outside the United States following a White House determination that foreign-produced routers pose national security threats. This regulatory action…
rss:SecurityWeek
—
04:37 KSA
RSAC 2026 Conference Announcements Summary (Day 2)
Summary of cybersecurity vendor announcements from the second day of RSA Conference 2026. The conference showcases new security products, technologies, and industry developments relevant to enterprise cybersecur…
rss:SecurityWeek
—
04:37 KSA
From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
TeamPCP hackers compromised multiple open-source software platforms including GitHub Actions, NPM, Docker Hub, VS Code, and PyPI in a coordinated supply chain attack. The group collaborat…
rss:SecurityWeek
—
03:33 KSA
Onit Security Raises $11 Million for Exposure Management Platform
Cybersecurity startup Onit Security has raised $11 million in funding to develop its exposure management platform. The company plans to invest in product development and expand into new sectors to…
rss:Malwarebytes Lab
—
12:38 KSA
Hackers claim to have accessed data tied to millions of crime tipsters
A hacktivist group claims unauthorized access to sensitive information about crime tipsters and reported individuals spanning from 1987 to present. The breach exposes personally identifiable …
rss:The Hacker News
—
12:24 KSA
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
GlassWorm campaign has evolved to deliver a multi-stage malware framework that steals comprehensive data and installs a remote access trojan (RAT). The malware deploys a malic…
rss:The Hacker News
—
12:24 KSA
The Kill Chain Is Obsolete When Your AI Agent Is the Threat
Anthropic disclosed in September 2025 that a state-sponsored threat actor used an AI coding agent to conduct autonomous cyber espionage against 30 global targets. The AI agent independently handled 80-9…
rss:The Hacker News
—
12:24 KSA
Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks
Russian national Ilya Angelov, 40, was sentenced to two years in prison and fined $100,000 by U.S. Department of Justice for managing the TA551 botnet used to launch ransomware attack…
rss:SecurityWeek
—
12:23 KSA
Russian Cybercriminal Gets 2-Year Prison Sentence in US
Russian cybercriminal Ilya Angelov, member of TA-551/Shathak cybercrime group, sentenced to 2 years in US prison. The group is known for malware distribution campaigns and has been tracked under multiple t…
rss:SecurityWeek
—
12:23 KSA
AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link
PwC research reveals AI is accelerating the speed and scale of cyberattacks, while identity theft has evolved into an organized cybercriminal supply chain. Identity management remains the most …
rss:SecurityWeek
—
12:23 KSA
iOS, macOS 26.4 Roll Out With Fresh Security Patches
Apple released security patches for iOS 26.4 and macOS 26.4, along with updates for older devices including iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, and macOS Sonoma 14.8.5. Updates address multiple se…
rss:Recorded Future
—
12:23 KSA
Practitioners Reveal What Makes Threat Intelligence Programs Mature
Cybersecurity practitioners from major organizations share strategies for maturing threat intelligence programs by transforming overwhelming data into actionable business insights. Key focus are…
rss:Recorded Future
—
12:23 KSA
GRU-Linked BlueDelta Evolves Credential Harvesting
Russian military intelligence (GRU)-linked threat group BlueDelta has evolved its credential harvesting techniques in targeted campaigns against government, energy, and research sectors across Europe and Eurasia…
rss:Recorded Future
—
12:23 KSA
New ransomware tactics to watch out for in 2026
Ransomware groups earned less revenue in 2025 despite a 47% surge in attacks, forcing evolution of tactics including bundled DDoS extortion services, active insider recruitment within target organizations, and expl…
rss:Malwarebytes Lab
—
12:23 KSA
New FCC router ban could leave home networks less secure
The FCC has announced a ban on routers manufactured outside the United States, raising concerns that this policy could inadvertently reduce home network security. The restriction may limit access to secure…
rss:Dark Reading
—
12:22 KSA
SANS: Top 5 Most Dangerous New Attack Techniques to Watch
SANS Institute identifies the top five most dangerous attack techniques, all leveraging artificial intelligence for the first time. This marks a significant shift in the threat landscape as AI becomes the…
rss:Dark Reading
—
12:22 KSA
Why a 'Near Miss' Database Is Key to Improving Information Sharing
Organizations typically share attack information only after successful breaches occur. Establishing a 'near miss' database for close-call incidents could significantly improve threat in…
rss:Dark Reading
—
12:22 KSA
AI-Native Security Is a Must to Counter AI-Based Attacks
AI-powered attacks are now a reality requiring defenders to adopt AI-native security solutions. Nvidia GTC conference experts emphasize that organizations must leverage the same AI technologies used by att…
rss:BleepingComputer
—
12:22 KSA
Paid AI Accounts Are Now a Hot Underground Commodity
Premium AI service accounts are being sold on underground cybercrime markets as commodities, similar to compromised email accounts and VPS access. Flare Systems research reveals organized criminal operations b…
rss:BleepingComputer
—
12:22 KSA
Kali Linux 2026.1 released with 8 new tools, new BackTrack mode
Kali Linux 2026.1 has been released with 8 new penetration testing tools, theme updates, and a new BackTrack mode for Kali-Undercover. This release enhances capabilities for security professionals a…
rss:BleepingComputer
—
12:22 KSA
TP-Link warns users to patch critical router auth bypass flaw
TP-Link has released security patches for multiple vulnerabilities in its Archer NX router series, including a critical authentication bypass flaw that could allow attackers to upload malicious firmwa…
rss:The Hacker News
—
08:03 KSA
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
Threat actors are actively exploiting a critical severity vulnerability (CVSS 10.0) in Quest KACE Systems Management Appliance. Arctic Wolf detected malicious activity starting…
rss:The Hacker News
—
08:03 KSA
FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
Russian Intelligence Services are conducting large-scale phishing campaigns targeting Signal and WhatsApp users with high intelligence value. The FBI warns these attacks aim to compromise…
rss:The Hacker News
—
08:03 KSA
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
Oracle released critical security patches for a vulnerability (CVE-2026-21992, CVSS 9.8) in Identity Manager and Web Services Manager. The flaw allows unauthenticated remote …
rss:Recorded Future
—
08:03 KSA
Threat and Vulnerability Management in 2026
Organizations must evolve their threat and vulnerability management approaches as traditional tools prove inadequate. Intelligence-driven TVM solutions are becoming essential for identifying and prioritizing security r…
rss:Recorded Future
—
08:03 KSA
Best Ransomware Detection Tools
Intelligence-driven ransomware detection tools focus on identifying precursor behaviors before encryption occurs. These advanced solutions reduce false positives and enable faster incident response by detecting early-stage ransomw…
rss:Recorded Future
—
08:03 KSA
December 2025 CVE Landscape: 22 Critical Vulnerabilities Mark 120% Surge, React2Shell Dominates Threat Activity
December 2025 witnessed a 120% surge in critical CVEs with 22 actively exploited vulnerabilities. React2Shell (CVE-2025-55182) emerged as the dominant…
rss:Malwarebytes Lab
—
08:03 KSA
Meet Khaled Mohamed: the bug hunter who found a Microsoft flaw
Security researcher Khaled Mohamed discovered a vulnerability in Microsoft Authenticator, transitioning from amateur to professional bug bounty hunter. The flaw represents a potential security risk i…
rss:Dark Reading
—
08:03 KSA
SideWinder Espionage Campaign Expands Across Southeast Asia
India-linked APT group SideWinder targets government, telecom, and critical infrastructure across Southeast Asia using spear-phishing and exploiting old vulnerabilities. The group maintains persistent a…
rss:Dark Reading
—
08:03 KSA
More Attackers Are Logging In, Not Breaking In
Credential theft surged dramatically in late 2025 driven by industrialized infostealer malware operations and AI-powered social engineering attacks. Attackers increasingly use stolen credentials for initial access r…
rss:Dark Reading
—
08:03 KSA
Clear Communication: The Missing Link in Cybersecurity Success
Effective cybersecurity requires bridging the gap between technical expertise and clear communication across teams. Building trust and collaboration through improved communication practices enhances …
rss:The Hacker News
—
06:58 KSA
We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them
Security researchers discovered eight attack vectors in AWS Bedrock, Amazon's AI application platform. The platform's connectivity to enterprise data and systems, while…
rss:The Hacker News
—
06:58 KSA
Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
Microsoft detected phishing campaigns exploiting U.S. tax season, affecting 29,000 users. Attackers send fake IRS refund and payroll notices to steal credentials and deploy Remote Monitoring and…
rss:The Hacker News
—
06:58 KSA
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Researchers uncovered a supply chain attack on Trivy security scanner distributed via Docker Hub. Malicious versions (0.69.4, 0.69.5) contain infostealer malware, worm capabilities, an…
rss:SecurityWeek
—
06:58 KSA
US Prisons Russian Access Broker for Aiding Ransomware Attacks
Russian national Aleksei Volkov sentenced to 81 months in US prison for facilitating Yanluowang ransomware attacks as an initial access broker. This case highlights international law enforcement effo…
rss:Recorded Future
—
06:57 KSA
Rublevka Team: Anatomy of a Russian Crypto Drainer Operation
Rublevka Team represents the industrialization of cryptocurrency scams through organized traffer teams and wallet drainer operations. The group demonstrates sophisticated methods for high-volume crypto…
rss:Recorded Future
—
06:57 KSA
Autonomous Threat Operations in action: Real results from Recorded Future’s own SOC team | Recorded Future
Recorded Future tested its Autonomous Threat Operations solution internally as Customer Zero before public release. The technology addresses inconsistent a…
rss:Recorded Future
—
06:57 KSA
PurpleBravo’s Targeting of the IT Software Supply Chain
PurpleBravo, a North Korean APT group, conducts supply chain attacks using fake job offers to compromise software developers. The group deploys remote access trojans (RATs) and infostealers like BeaverTail …
rss:Mandiant Blog
—
06:57 KSA
Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
Despite US government sanctions, Intellexa continues operating its Predator spyware platform with ongoing zero-day exploits. The commercial surveillance vendor remains active in mercena…
rss:Mandiant Blog
—
06:57 KSA
Beyond the Watering Hole: APT24's Pivot to Multi-Vector Attacks
Chinese state-sponsored threat actor APT24 has evolved its tactics over three years, moving beyond traditional watering hole attacks to multi-vector approaches. The group deploys BADAUDIO malwa…
rss:Dark Reading
—
06:57 KSA
DarkSword: iPhone Exploit Kit Serves Spies & Thieves Alike
A sophisticated iOS exploit kit called DarkSword is actively targeting users in Saudi Arabia, Turkey, Malaysia, and Ukraine using multiple zero-day vulnerabilities. This advanced threat poses sig…
rss:Dark Reading
—
06:57 KSA
'Claudy Day’ Trio of Flaws Exposes Claude Users to Data Theft
Three vulnerabilities dubbed 'Claudy Day' affecting Claude AI can be exploited through prompt injection combined with other flaws. A simple Google search can trigger a full attack chain threateni…
rss:Dark Reading
—
06:57 KSA
Researchers: Meta, TikTok Steal Personal & Financial Info When Users Click Ads
Research reveals that Meta and TikTok use tracking pixels to collect sensitive user data including credit card information and geolocation even after users navigate to adverti…
rss:Recorded Future
—
06:31 KSA
Fragmentation Defined 2025's Threat Landscape. Here's What It Means for 2026
Recorded Future's 2026 State of Security report analyzes the fragmented global threat landscape of 2025, providing comprehensive threat intelligence based on proprietary data …
rss:Recorded Future
—
06:31 KSA
State of Security Report | Recorded Future
Recorded Future's 2026 State of Security report covers critical threat intelligence topics including geopolitical fragmentation, state-sponsored cyber operations, ransomware evolution, and emerging technology risks. The…
rss:Recorded Future
—
06:31 KSA
From 27 Steps to 5: How Recorded Future Reimagined Threat Hunting with Autonomous Threat Operations
Recorded Future introduces Autonomous Threat Operations that dramatically reduces threat hunting complexity from 27 manual steps to just 5 largely automated steps…
rss:Mandiant Blog
—
06:31 KSA
Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation
Mandiant released comprehensive Net-NTLMv1 rainbow tables to accelerate migration from this deprecated protocol. Net-NTLMv1 has been known as insecure for over two decade…
rss:Mandiant Blog
—
06:31 KSA
AuraInspector: Auditing Salesforce Aura for Data Exposure
Mandiant released AuraInspector, an open-source tool for auditing access control misconfigurations in Salesforce Aura framework. The tool helps defenders identify data exposure risks in Salesforce Experie…
rss:Mandiant Blog
—
06:31 KSA
Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)
Multiple threat actors are exploiting CVE-2025-55182 (React2Shell), a critical unauthenticated remote code execution vulnerability in React Server Components disclosed on December 3, 2025. The vulnerabi…
rss:Malwarebytes Lab
—
06:30 KSA
Hacked sites deliver Vidar infostealer to Windows users
Compromised WordPress sites are hosting fake CAPTCHA verification pages that deceive Windows users into downloading and executing the Vidar information-stealing malware. This social engineering attack explo…
rss:Malwarebytes Lab
—
06:30 KSA
Zombie ZIP method can fool antivirus during the first scan
Security researchers disclosed the Zombie ZIP technique that can evade initial antivirus detection by exploiting how AV engines scan compressed files. This method allows malicious payloads to bypass firs…
rss:Dark Reading
—
06:30 KSA
Post-Quantum Web Could be Safer, Faster
Major technology providers are implementing quantum-resistant HTTPS protocols that reduce certificate sizes by 90%, improving both security against future quantum computing threats and network performance. This advancement…
rss:Dark Reading
—
06:30 KSA
EU Sanctions Companies in China, Iran for Cyberattacks
The European Union has imposed sanctions on entities in China and Iran for conducting cyberattacks, prohibiting them from entering or conducting business within EU territories. This represents escalating int…
rss:Dark Reading
—
06:30 KSA
C2 Implant 'SnappyClient' Targets Crypto Wallets
A sophisticated C2 implant named SnappyClient has been discovered targeting cryptocurrency wallets with capabilities for remote access, data exfiltration, and surveillance. The malware poses significant …
rss:CISA Advisories
—
06:30 KSA
Siemens Heliox EV Chargers
Siemens Heliox EV chargers contain an improper access control vulnerability allowing attackers to reach unauthorized services through the charging cable. Siemens has released security updates and recommends immediate patching to preven…
rss:CISA Advisories
—
06:30 KSA
Trane Tracer SC, Tracer SC+, and Tracer Concierge
Multiple vulnerabilities in Trane Tracer SC, SC+, and Concierge building management systems could allow attackers to disclose sensitive information, execute arbitrary commands, or cause denial-of-service. These f…
rss:CISA Advisories
—
06:30 KSA
Siemens SIMATIC
Siemens SIMATIC S7-1500 industrial controllers contain a code injection vulnerability exploitable through social engineering, where attackers trick users into importing malicious trace files via the web interface. Siemens has released patches for…
rss:Malwarebytes Lab
—
06:29 KSA
90% of people don’t trust AI with their data
A privacy survey reveals that 90% of respondents do not trust AI systems with their personal data, leading many to reduce their AI usage. This widespread distrust poses significant challenges for organizations impleme…
rss:Malwarebytes Lab
—
06:29 KSA
How searching for a VPN could mean handing over your work login details
Cybercriminals are using SEO poisoning techniques to make malicious VPN downloads appear legitimate in search results, specifically targeting corporate login credentials. Organizations face …
rss:Malwarebytes Lab
—
06:29 KSA
Google cracks down on Android apps abusing accessibility
Google has implemented stricter controls on Android apps that abuse accessibility features, which malware has exploited for years to gain elevated permissions and control devices. This security enhancement…
rss:Mandiant Blog
—
06:29 KSA
Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft
Mandiant identified expansion of ShinyHunters-branded extortion operations using sophisticated voice phishing (vishing) and credential harvesting techniques. These attacks target …
rss:Mandiant Blog
—
06:29 KSA
No Place Like Home Network: Disrupting the World's Largest Residential Proxy Network
Google and partners disrupted IPIDEA, believed to be one of the world's largest residential proxy networks used by threat actors. These proxy infrastructures enable cybercr…
rss:Mandiant Blog
—
06:29 KSA
Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088
Google Threat Intelligence identified widespread active exploitation of critical WinRAR vulnerability CVE-2025-8088 by diverse threat actors. The vulnerability, patched in July 2025, is…
rss:Dark Reading
—
06:29 KSA
AI Conundrum: Why MCP Security Can't Be Patched Away
Model Context Protocol (MCP) introduces architectural security vulnerabilities in Large Language Model environments that cannot be resolved through traditional patching methods. Researchers warn these ris…
rss:Dark Reading
—
06:29 KSA
With Government's Role Uncertain, Businesses Unite to Combat Fraud
Major industry leaders are forming collaborative partnerships to share threat intelligence and strengthen defenses against increasing online fraud and scams. This private sector initiative e…
rss:Dark Reading
—
06:29 KSA
Native Launches With Security Control Plane for Multicloud
Cloud security startup Native launches a unified security control plane that translates and enforces consistent security policies across multiple cloud providers including AWS, Azure, Google Cloud, and O…
rss:Malwarebytes Lab
—
06:29 KSA
Apple patches WebKit bug that could let sites access your data
Apple released a silent security update fixing WebKit vulnerability CVE-2026-20643 that could allow malicious websites to access user data. The patch was deployed as a Background Security Improvement…
rss:Malwarebytes Lab
—
06:29 KSA
Inside a network of 20,000+ fake shops
Security researchers uncovered a massive network of over 20,000 fake e-commerce websites designed to steal payment card details and personal information from unsuspecting shoppers. The fraudulent operation represents a sign…
rss:Malwarebytes Lab
—
06:29 KSA
Fake Pudgy World site steals your crypto passwords
A phishing website impersonating Pudgy World is targeting cryptocurrency users by mimicking the legitimate Pudgy Penguins brand. The fake site is designed to steal crypto wallet passwords and credentials from un…
rss:Dark Reading
—
06:29 KSA
Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw
Oracle Fusion Middleware contains a critical remote code execution vulnerability affecting Identity and Web Services Managers. Attackers can exploit this flaw without authentication when these serv…
rss:Dark Reading
—
06:29 KSA
Cyber OpSec Fail: Beast Gang Exposes Ransomware Server
The Beast ransomware gang inadvertently exposed their central cloud server, revealing files that document their systematic tactics targeting network backups. This operational security failure provides insigh…
rss:Dark Reading
—
06:29 KSA
Interlock Ransomware Targets Cisco Enterprise Firewalls
Interlock ransomware group exploited a critical Cisco firewall vulnerability weeks before public disclosure, demonstrating zero-day access capabilities. The gang specializes in double-extortion attacks and …
rss:CISA Advisories
—
06:29 KSA
Siemens RUGGEDCOM APE1808 Devices
Fortinet discovered vulnerabilities in FORTIOS affecting Siemens RUGGEDCOM APE1808 industrial devices. Siemens has released security updates and strongly recommends immediate patching to address these vulnerabilities in their in…
rss:CISA Advisories
—
06:29 KSA
Siemens SIDIS Prime
Multiple vulnerabilities discovered in SIDIS Prime versions before V4.0.800 affecting OpenSSL, SQLite, and Node.js components. Siemens released security patches addressing these critical infrastructure vulnerabilities and urges immediate upda…
rss:CISA Advisories
—
06:29 KSA
Inductive Automation Ignition Software
Critical vulnerability in Inductive Automation Ignition Software allows authenticated attackers to execute malicious code with elevated OS service account permissions. This privilege escalation flaw poses significant risk t…
rss:CISA Advisories
—
06:28 KSA
Schneider Electric EcoStruxure Data Center Expert
Schneider Electric disclosed a hard-coded credentials vulnerability in EcoStruxure IT Data Center Expert (DCE) affecting the SOCKS Proxy feature. The vulnerability requires administrator credentials and the featu…
rss:CISA Advisories
—
06:28 KSA
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA added two actively exploited vulnerabilities to its KEV Catalog: CVE-2026-3909 affecting Google Skia (out-of-bounds write) and CVE-2026-3910 in Chromium V8 engine. These browser-based vulnerabilities …
rss:BleepingComputer
—
06:28 KSA
Crunchyroll probes breach after hacker claims to steal 6.8M users' data
Crunchyroll anime streaming platform is investigating a data breach affecting approximately 6.8 million users. Hackers claim to have stolen personal information of subscribers, raising …
rss:US-CERT Alerts
—
06:13 KSA
#StopRansomware: Medusa Ransomware
US-CERT has issued a joint cybersecurity advisory on Medusa ransomware as part of the #StopRansomware initiative. The advisory details tactics, techniques, and procedures used by this ransomware variant to help network defender…
rss:Threatpost
—
06:13 KSA
Google Patches Chrome’s Fifth Zero-Day of the Year
Google patched 11 vulnerabilities in Chrome including a critical zero-day flaw involving insufficient input validation that enables arbitrary code execution. The vulnerability is actively being exploited in the …
rss:The Hacker News
—
06:13 KSA
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
Citrix released security updates for two vulnerabilities in NetScaler ADC and Gateway, including CVE-2026-3055 (CVSS 9.3), a critical input validation flaw allowing unauthenticated…
rss:The Hacker News
—
06:13 KSA
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
North Korean threat actors (WaterPlum/Contagious Interview campaign) are exploiting Visual Studio Code's tasks.json auto-run feature to deploy StoatWaffle malware. This supply chain …
rss:The Hacker News
—
06:13 KSA
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Weekly cybersecurity recap covering multiple threats including supply chain attacks targeting CI/CD pipelines, shutdown of long-exploited IoT devices, and various securit…
rss:SecurityWeek
—
06:12 KSA
Iran Built a Vast Camera Network to Control Dissent. Israel Turned It Into a Targeting Tool
Israel successfully hijacked Iran's extensive street surveillance camera network and weaponized it for targeted operations, including the assassination of Iran's supreme …
rss:Recorded Future
—
06:12 KSA
ClickFix Campaigns Targeting Windows and macOS
Five ClickFix social engineering clusters targeting Windows and macOS systems have been identified, exploiting QuickBooks, Booking.com, and Birdeye brands. Threat actors use obfuscated commands through native system…
rss:Recorded Future
—
06:12 KSA
GrayCharlie Hijacks Law Firm Sites in Suspected Supply-Chain Attack
GrayCharlie threat actor compromises WordPress sites of law firms to deliver malware through fake browser updates and ClickFix techniques. The campaign deploys NetSupport RAT, Stealc stealer, an…
rss:Recorded Future
—
06:12 KSA
Network Intelligence: Your Questions, Global Answers
Network intelligence solutions provide security teams with global visibility and active threat investigation capabilities. This approach offers more control compared to passive, generic threat feeds for enhanc…
rss:Mandiant Blog
—
06:12 KSA
Beyond the Battlefield: Threats to the Defense Industrial Base
State-sponsored cyber actors are conducting persistent cyber operations targeting the defense industrial base and its supply chains. Modern warfare has extended beyond physical battlefields into the …
rss:Mandiant Blog
—
06:12 KSA
UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering
North Korean threat group UNC1069 is using advanced tooling and AI-enabled social engineering to target cryptocurrency and decentralized finance (DeFi) organizations. Mandia…
rss:Mandiant Blog
—
06:12 KSA
Guidance from the Frontlines: Proactive Defense Against ShinyHunters-Branded Data Theft Targeting SaaS
Mandiant is tracking significant expansion in ShinyHunters-branded extortion operations targeting SaaS platforms through vishing and social engineering tactics…
rss:Malwarebytes Lab
—
06:11 KSA
A DarkSword hangs over unpatched iPhones
State-sponsored attackers are exploiting DarkSword, a vulnerability chain targeting unpatched iPhones. Organizations using iOS devices face critical risk from these advanced persistent threats requiring immediate patching…
rss:Malwarebytes Lab
—
06:11 KSA
Your tax forms sell for $20 on the dark web
Cybercriminals are actively trading stolen tax records on dark web forums for as little as $20 during tax season. This represents significant identity theft risk for individuals and potential fraud exposure for financi…
rss:Malwarebytes Lab
—
06:11 KSA
Researchers found font-rendering trick to hide malicious commands
Security researchers discovered a font-rendering technique that can deceive AI assistants into overlooking malicious commands embedded in websites. This social engineering method poses risks to or…
rss:Krebs on Securit
—
06:11 KSA
Please Don’t Feed the Scattered Lapsus ShinyHunters
The Scattered Lapsus ShinyHunters (SLSH) data ransom gang employs aggressive extortion tactics including harassment, threats, and swatting of executives and their families. The group simultaneously notifies jou…
rss:Dark Reading
—
06:11 KSA
CISOs Debate Human Role in AI-Powered Security
Security executives at RSAC 2026 debated the necessity of human oversight in AI-powered security systems. The discussion challenges traditional 'human in the loop' approaches as AI capabilities advance in cybersecur…
rss:Dark Reading
—
06:11 KSA
Attackers Hide Infostealer in Copyright Infringement Notices
A sophisticated phishing campaign targets healthcare, government, hospitality, and education sectors globally using fake copyright infringement notices. Attackers deploy infostealer malware while emplo…
rss:Dark Reading
—
06:11 KSA
AI Dominates RSAC Innovation Sandbox
Ten cybersecurity startups compete in RSAC Innovation Sandbox, with AI-focused solutions dominating the competition. Each finalist presents their innovative security technology in a three-minute pitch to demonstrate emerging …
rss:CISA Advisories
—
06:11 KSA
Schneider Electric SCADAPack and RemoteConnect
Schneider Electric disclosed a vulnerability affecting its SCADAPack x70 RTU products, including SCADAPack 47xi, 47x, and 57x models used for remote monitoring and control in industrial environments. Organizations u…
rss:CISA Advisories
—
06:11 KSA
Siemens SICAM SIAPP SDK
Multiple vulnerabilities discovered in Siemens SICAM SIAPP SDK could enable attackers to disrupt customer-developed SIAPP applications or their simulation environments. Potential impacts include denial of service, data corruption within S…
rss:CISA Advisories
—
06:11 KSA
CODESYS in Festo Automation Suite
Vulnerabilities identified in CODESYS components within Festo Automation Suite versions prior to 2.8.0.138, affecting the CODESYS Development System 3.0. Organizations using Festo automation solutions should upgrade to the lates…
rss:BleepingComputer
—
06:10 KSA
Manager of botnet used in ransomware attacks gets 2 years in prison
Russian national sentenced to 2 years for managing phishing botnet used in BitPaymer ransomware attacks against 72 U.S. companies. The botnet infrastructure enabled widespread ransomware deploym…
rss:BleepingComputer
—
06:10 KSA
Tycoon2FA phishing platform returns after recent police disruption
Tycoon2FA phishing-as-a-service platform has resumed full operations shortly after Europol disruption on March 4. The platform's rapid recovery demonstrates resilience of cybercrime infrastructur…
rss:BleepingComputer
—
06:10 KSA
TeamPCP deploys Iran-targeted wiper in Kubernetes attacks
TeamPCP hacking group targeting Kubernetes clusters with destructive wiper malware that activates when detecting Iran-configured systems. The attacks represent geopolitically-motivated cyber operations ag…
rss:US-CERT Alerts
—
05:43 KSA
Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations
FBI and CISA issued a joint advisory on LummaC2 malware being deployed by threat actors to exfiltrate sensitive organizational data. The advisory provides known tactics, techniq…
rss:US-CERT Alerts
—
05:43 KSA
Russian GRU Targeting Western Logistics Entities and Technology Companies
Russian state-sponsored GRU actors are conducting cyber campaigns targeting Western logistics entities and technology companies involved in coordinating and delivering foreign assistance t…
rss:US-CERT Alerts
—
05:43 KSA
Fast Flux: A National Security Threat
A cybersecurity advisory warns that Fast Flux technique represents a significant national security threat, allowing malicious actors to consistently evade detection. Many networks lack adequate defenses to detect and block t…
rss:Threatpost
—
05:43 KSA
Firewall Bug Under Active Attack Triggers CISA Warning
CISA has issued an urgent warning about active exploitation of a vulnerability in Palo Alto Networks' PAN-OS firewall system. Organizations using PAN-OS are advised to apply security patches immediately to p…
rss:Threatpost
—
05:43 KSA
Fake Reservation Links Prey on Weary Travelers
Cybercriminals are exploiting travel disruptions by sending fake reservation links to travelers affected by flight cancellations and hotel overbookings. These phishing attacks aim to steal personal and financial inf…
rss:Threatpost
—
05:43 KSA
iPhone Users Urged to Update to Patch 2 Zero-Days
Apple has released critical security updates for iOS and macOS to patch two zero-day vulnerabilities in the kernel and WebKit that are actively exploited. These flaws allow attackers to execute arbitrary code and…
rss:The Hacker News
—
05:43 KSA
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
Researchers discovered malicious npm packages in the Ghost campaign designed to steal cryptocurrency wallets and sensitive credentials. Seven packages published by user 'mikilanjillo' tar…
rss:The Hacker News
—
05:43 KSA
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
Threat actor TeamPCP compromised two GitHub Actions workflows maintained by Checkmarx using credential-stealing malware. This attack follows their previous Trivy supply chain compromise, demonstr…
rss:The Hacker News
—
05:43 KSA
U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage
A 26-year-old Russian national received a 6.75-year prison sentence in the U.S. for assisting major cybercrime groups, including Yanluowang ransomware operators, in attacks against U.S…
rss:SecurityWeek
—
05:42 KSA
Chrome 146 Update Patches High-Severity Vulnerabilities
Google Chrome 146 update addresses eight memory safety vulnerabilities across seven components with high severity ratings. Organizations using Chrome should prioritize immediate deployment to prevent potent…
rss:SecurityWeek
—
05:42 KSA
Webinar Today: Putting CIS Controls and Benchmarks into Practice
Educational webinar focusing on implementing CIS Critical Security Controls and CIS Benchmarks for secure configuration management at enterprise scale. Provides guidance on standardizing security c…
rss:SecurityWeek
—
05:42 KSA
3.1 Million Impacted by QualDerm Data Breach
QualDerm suffered a major data breach affecting 3.1 million individuals with hackers stealing personal information, medical records, and health insurance data from internal systems. This healthcare sector breach highl…
rss:Recorded Future
—
05:42 KSA
Preparing for Russia’s New Generation Warfare in Europe
Russia is conducting a coordinated full-scale hybrid warfare campaign against NATO combining cyber attacks, sabotage operations, and influence campaigns. This New Generation Warfare approach poses significa…
rss:Recorded Future
—
05:42 KSA
January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5% Increase, APT28 Exploits Microsoft Office Zero-Day
January 2026 recorded 23 actively exploited critical vulnerabilities, marking a 5% increase in threat activity. Russian APT28 group exploited a zer…
rss:Recorded Future
—
05:42 KSA
2025 Cloud Threat Hunting and Defense Landscape
Threat actors are intensifying attacks on cloud infrastructure by exploiting misconfigurations, abusing native cloud services, and pivoting through hybrid environments. Attack patterns show evolution across exploit…
rss:Mandiant Blog
—
05:42 KSA
Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign
Google Threat Intelligence Group and Mandiant disrupted a global espionage campaign by UNC2814, a suspected Chinese threat actor, targeting telecommunications and government organ…
rss:Mandiant Blog
—
05:42 KSA
From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day
Mandiant and GTIG identified zero-day exploitation of a high-risk vulnerability in Dell RecoverPoint for Virtual Machines by threat actor UNC6201. The vulnerability…
rss:Mandiant Blog
—
05:42 KSA
GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use
GTIG observed threat actors increasingly integrating AI in Q4 2025 to accelerate attack lifecycles, achieving productivity gains in reconnaissance, socia…
rss:Malwarebytes Lab
—
05:41 KSA
This is all it takes to stop a train (Lock and Code S07E06)
Simple network vulnerabilities in Bay Area transit systems can cause major train outages. The podcast discusses how basic network security problems pose significant risks to critical transportation infr…
rss:Malwarebytes Lab
—
05:41 KSA
Could your face change what you pay? NYC wants limits on biometric tracking
NYC lawmakers propose regulations to limit biometric tracking technologies that could enable surveillance-based pricing and customer profiling. This addresses privacy concerns and potent…
rss:Malwarebytes Lab
—
05:41 KSA
That “job brief” on Google Forms could infect your device
Cybercriminals are using fake job offers distributed through Google Forms to deliver PureHVNC malware. This remote access trojan allows attackers to take complete control of infected devices, posing serio…
rss:Krebs on Securit
—
05:41 KSA
‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
A new phishing-as-a-service platform called 'Starkiller' enables cybercriminals to bypass traditional detection methods by proxying real login pages instead of using static copies. This sophisticated se…
rss:Krebs on Securit
—
05:41 KSA
Kimwolf Botnet Swamps Anonymity Network I2P
The Kimwolf IoT botnet has been actively disrupting the I2P anonymity network for over a week, targeting the decentralized encrypted communications infrastructure. This attack demonstrates the vulnerability of privacy-…
rss:Krebs on Securit
—
05:41 KSA
Patch Tuesday, February 2026 Edition
Microsoft released patches for over 50 security vulnerabilities in Windows and other software, including critical fixes for six zero-day vulnerabilities actively exploited by attackers. Organizations must prioritize immediate…
rss:Dark Reading
—
05:41 KSA
AI in the SOC: What Could Go Wrong?
Two cybersecurity leaders conducted a six-month pilot testing AI integration in their Security Operations Centers. The study reveals practical challenges and lessons learned from implementing AI-driven security automation in r…
rss:Dark Reading
—
05:41 KSA
Trivy Supply Chain Attack Targets CI/CD Secrets
Threat actors weaponized the open-source Trivy security scanning tool to deploy an infostealer malware into CI/CD pipelines. The attack successfully exfiltrated cloud credentials, SSH keys, authentication tokens, a…
rss:Dark Reading
—
05:41 KSA
Ransomware's New Era: Moving at AI Speed
Ransomware operators are leveraging AI technologies to accelerate attack speeds and evade security controls. Attackers exploit legitimate credentials and focus on data exfiltration, using AI to automate reconnaissanc…
rss:CISA Advisories
—
05:40 KSA
CISA Urges Endpoint Management System Hardening After Cyberattack Against US Organization
CISA issued guidance on hardening endpoint management systems following a March 11, 2026 cyberattack against Stryker Corporation that compromised their Microsoft environmen…
rss:BleepingComputer
—
05:40 KSA
Dutch Ministry of Finance discloses breach affecting employees
The Dutch Ministry of Finance confirmed a cyberattack that breached some of its systems, detected last week. The incident affected employee data and represents a significant breach of a critical gove…
rss:BleepingComputer
—
05:40 KSA
OpenAI rolls out ChatGPT Library to store your personal files
OpenAI introduced a new 'Library' feature for ChatGPT that enables users to store personal files and images on OpenAI's cloud storage for future reference. This raises data privacy and security consid…
rss:BleepingComputer
—
05:40 KSA
Mazda discloses security breach exposing employee and partner data
Mazda Motor Corporation disclosed a security incident detected in December that exposed information belonging to employees and business partners. The breach affects a major automotive manufacture…
rss:CISA Advisories
—
05:40 KSA
Automated Logic WebCTRL Premium Server
Critical vulnerabilities discovered in Automated Logic WebCTRL Premium Server that could allow attackers to read, intercept, or modify communications. The vulnerabilities pose significant risks to building automation and HV…
rss:CISA Advisories
—
05:40 KSA
Schneider Electric EcoStruxure PME and EPO
Schneider Electric disclosed vulnerabilities in EcoStruxure Power Monitoring Expert (PME) and Power Operation (EPO) products. These on-premises software solutions are used in power-critical and energy-intensive faciliti…
rss:CISA Advisories
—
05:40 KSA
CTEK Chargeportal
Multiple vulnerabilities in CTEK Chargeportal could allow attackers to gain unauthorized administrative control over electric vehicle charging stations or launch denial-of-service attacks. This threatens the availability and security of EV char…
rss:CISA Advisories
—
05:39 KSA
Schneider Electric Modicon M241, M251, and M262
Critical vulnerability in Schneider Electric Modicon controllers (M241, M251, M262) versions prior to 5.4.13.12 allows attackers to cause denial-of-service conditions. This affects industrial control systems used i…
rss:CISA Advisories
—
05:39 KSA
Schneider Electric Modicon Controllers M241, M251, M258, and LMC058
Cross-site scripting and open redirect vulnerabilities in Schneider Electric Modicon controllers (M241, M251, M258, LMC058) could lead to account takeover or code execution in user browsers. Thi…
rss:CISA Advisories
—
05:39 KSA
IGL-Technologies eParking.fi
Multiple vulnerabilities in IGL-Technologies eParking.fi charging station systems allow attackers to gain unauthorized administrative control or launch denial-of-service attacks. This threatens electric vehicle charging infrastructur…
rss:BleepingComputer
—
05:39 KSA
HackerOne discloses employee data breach after Navia hack
Bug bounty platform HackerOne suffered a supply chain breach affecting hundreds of employees after attackers compromised Navia, its U.S. benefits administrator. The incident highlights third-party vendor …
rss:BleepingComputer
—
05:39 KSA
Infinite Campus warns of breach after ShinyHunters claims data theft
Infinite Campus, a major K-12 student information system, disclosed a data breach following extortion attempts by threat actors. The breach affects educational institutions and potentially expo…
rss:BleepingComputer
—
05:39 KSA
Yanluowang ransomware access broker gets 81 months in prison
A Russian national received an 81-month prison sentence for operating as an initial access broker for Yanluowang ransomware operations. This conviction demonstrates international law enforcement cooper…
rss:US-CERT Alerts
—
05:24 KSA
CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization
CISA and USCG conducted a proactive threat hunt at a US critical infrastructure organization and identified multiple cybe…
rss:US-CERT Alerts
—
05:24 KSA
#StopRansomware: Interlock
CISA issued a joint advisory as part of the #StopRansomware campaign detailing the Interlock ransomware variant. The advisory provides network defenders with information on tactics, techniques, and procedures used by this ransomware th…
rss:US-CERT Alerts
—
05:24 KSA
Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider
CISA warns that ransomware actors exploited an unpatched vulnerability in SimpleHelp RMM software to compromise a utility billing soft…
rss:Threatpost
—
05:23 KSA
Ransomware Attacks are on the Rise
Lockbit ransomware group leads summer attacks as the most prolific threat actor, followed by two groups originating from the disbanded Conti ransomware operation. Organizations face increased risk from these highly active ranso…
rss:Threatpost
—
05:23 KSA
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of Chinese surveillance cameras remain vulnerable to an 11-month-old critical CVE that has not been patched. Cybercriminals are actively selling unauthorized access to these comp…
rss:Threatpost
—
05:23 KSA
Twitter Whistleblower Complaint: The TL;DR Version
Twitter's former head of security filed a whistleblower complaint alleging severe security and privacy failures at the social media platform. The complaint raises concerns about inadequate security practices, da…
rss:The Hacker News
—
05:23 KSA
5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents
Gartner published its first Market Guide for Guardian Agents on February 25, 2026, establishing a new category in cybersecurity technology. This guide defines the emerging market for AI-pow…
rss:The Hacker News
—
05:23 KSA
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
An active phishing campaign targets French-speaking corporate environments using fake resumes containing highly obfuscated VBScript files. The attack deploys cryptocurrency miners a…
rss:The Hacker News
—
05:23 KSA
The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills
Despite increased specialization and advanced tooling in cybersecurity, organizations continue struggling with fundamental security challenges. The article highlights how over-specializa…
rss:SecurityWeek
—
05:23 KSA
Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector
Poland experienced a surge in cyberattacks in 2025, including a destructive infiltration of its energy infrastructure in December suspected to originate from Russia. The…
rss:SecurityWeek
—
05:23 KSA
RSAC 2026 Conference Announcements Summary (Day 1)
Summary of vendor announcements made on the first day of the RSA Conference 2026. The article covers new cybersecurity products, services, and solutions presented by various security vendors at the industry's pr…
rss:SecurityWeek
—
05:23 KSA
Extortion Group Claims It Hacked AstraZeneca
The Lapsus$ extortion group claims to have breached AstraZeneca, allegedly compromising internal code repositories, employee credentials, and sensitive employee data. This represents a significant data breach targetin…
rss:Recorded Future
—
05:22 KSA
February 2026 CVE Landscape: 13 Critical Vulnerabilities Mark 43% Drop from January
February 2026 recorded 13 critical vulnerabilities requiring immediate patching, representing a 43% decrease from January's 23 vulnerabilities. This reduction in high-impact CVEs…
rss:Recorded Future
—
05:22 KSA
Latin America's Cybersecurity Turning Point: From Reactive Defense to Threat Intelligence
Latin America faces escalating cyber threats including PIX payment fraud, ransomware, and targeted attacks that overwhelm reactive security approaches. Organizations r…
rss:Recorded Future
—
05:22 KSA
Recorded Future Expands Coverage of Scams and Financial Fraud with Money Mule Intelligence from CYBERA
Recorded Future enhances payment fraud prevention through partnership with CYBERA to detect money mule networks and scam-linked bank accounts. This expansion p…
rss:Mandiant Blog
—
05:22 KSA
Proactive Preparation and Hardening Against Destructive Attacks: 2026 Edition
Mandiant provides updated guidance on preparing for and defending against destructive malware attacks that aim to destroy data and eliminate evidence. The guidance includes new recomme…
rss:Mandiant Blog
—
05:22 KSA
Look What You Made Us Patch: 2025 Zero-Days in Review
Google Threat Intelligence Group tracked 90 zero-day vulnerabilities exploited in the wild during 2025, representing a decrease from record highs. The analysis provides critical insights into exploitation tre…
rss:Mandiant Blog
—
05:22 KSA
Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
Google Threat Intelligence Group discovered 'Coruna', a sophisticated exploit kit targeting iPhone devices running iOS versions 13.0 through 17.2.1. The kit contains five exploits and represents a sign…
rss:Malwarebytes Lab
—
05:21 KSA
The March Madness scam playbook
Cybercriminals exploit major sporting events like March Madness to launch various scam campaigns targeting fans. The article provides guidance on identifying and avoiding common fraud schemes associated with large-scale sports tou…
rss:Malwarebytes Lab
—
05:21 KSA
Advanced Flow will make Android sideloading safer
Google introduces Advanced Flow security feature for Android to enhance sideloading safety by implementing delays that disrupt scam-driven application installations. This measure aims to protect users from malici…
rss:Malwarebytes Lab
—
05:21 KSA
A week in security (March 16 – March 22)
Weekly cybersecurity roundup covering various security topics and incidents from March 16-22, 2026. Provides consolidated overview of recent threats, vulnerabilities, and security developments.
Source: https://…
rss:Krebs on Securit
—
05:21 KSA
Microsoft Patch Tuesday, March 2026 Edition
Microsoft released security patches addressing 77 vulnerabilities in Windows and other software products. While no zero-day exploits were patched this month, unlike February's five critical zero-days, some updates may …
rss:Krebs on Securit
—
05:21 KSA
How AI Assistants are Moving the Security Goalposts
AI-powered assistants and autonomous agents with access to user systems, files, and online services are gaining popularity among developers and IT workers. Recent incidents highlight significant security concer…
rss:Krebs on Securit
—
05:21 KSA
Who is the Kimwolf Botmaster “Dort”?
Following disclosure of a vulnerability used to create Kimwolf, the world's largest and most disruptive botnet, the operator known as 'Dort' has orchestrated widespread distributed attacks. The investigation focuses on identi…
rss:Dark Reading
—
05:21 KSA
GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead
A sophisticated AI-assisted campaign has distributed over 300 malicious packages disguised as legitimate software including developer tools and game cheats through GitHub. The trojanized packages …
rss:Dark Reading
—
05:21 KSA
How a Large Bank Uses AI Digital Twins for Threat Hunting
JPMorgan Chase has implemented AI-powered digital twins and digital fingerprinting technology for advanced threat hunting capabilities. This approach enables the bank to identify malicious actors and susp…
rss:Dark Reading
—
05:21 KSA
Microsoft Proposes Better Identity, Guardrails for AI Agents
Microsoft has introduced new security features to address emerging threats from agentic AI systems. The proposed controls focus on enhanced identity management and protective guardrails to help organiz…
rss:CISA Advisories
—
05:20 KSA
Schneider Electric EcoStruxure Automation Expert
Schneider Electric disclosed a vulnerability in its EcoStruxure Automation Expert plant automation software used for digital control systems in industrial processes. The vulnerability affects critical infrastructu…
rss:CISA Advisories
—
05:20 KSA
Mitsubishi Electric CNC Series
Mitsubishi Electric CNC Series contains a vulnerability that allows remote attackers to cause an out-of-bounds read, resulting in denial-of-service conditions. Affected versions include M800VW and M80 series used in computer numeri…
rss:CISA Advisories
—
05:20 KSA
CISA Adds One Known Exploited Vulnerability to Catalog
CISA added CVE-2026-20131 to its Known Exploited Vulnerabilities Catalog due to active exploitation. The vulnerability affects Cisco Secure Firewall Management Center and Cisco Security Cloud Control, involv…
rss:CISA Advisories
—
05:20 KSA
Schneider Electric Plant iT/Brewmaxx
Critical vulnerabilities discovered in Schneider Electric Plant iT/Brewmaxx version 9.60 and above could allow privilege escalation leading to remote code execution. These flaws pose significant risks to industrial control sy…
rss:CISA Advisories
—
05:20 KSA
CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA added five actively exploited vulnerabilities to its KEV Catalog, including critical flaws in Apple products and Craft CMS. Organizations must prioritize patching these vulnerabilities as they are be…
rss:CISA Advisories
—
05:20 KSA
Russian Intelligence Services Target Commercial Messaging Application Accounts
CISA and FBI warn of ongoing phishing campaigns by Russian Intelligence Services targeting commercial messaging applications to bypass encryption and compromise accounts. These sophis…
rss:BleepingComputer
—
05:20 KSA
Firefox now has a free built-in VPN with 50GB monthly data limit
Mozilla Firefox 149 introduces a built-in VPN feature providing 50GB monthly data allowance for enhanced user privacy. This privacy tool aims to protect browsing activities and encrypt internet tra…
rss:BleepingComputer
—
05:20 KSA
Microsoft fixes bug causing Classic Outlook sync issues with Gmail
Microsoft resolved a bug affecting email synchronization between Classic Outlook and Gmail/Yahoo services. The fix addresses connection and sync problems that impacted business email communicatio…
rss:BleepingComputer
—
05:20 KSA
Zero Trust: Bridging the Gap Between Authentication and Trust
Multi-factor authentication alone is insufficient as attackers can hijack session tokens and bypass identity verification. Zero Trust architecture requires continuous verification of both user identit…
rss:US-CERT Alerts
—
05:10 KSA
Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure
Pro-Russia hacktivist groups are conducting opportunistic cyberattacks targeting critical infrastructure in the US and globally. CISA has issued joint guidance foc…
rss:US-CERT Alerts
—
05:10 KSA
CISA Shares Lessons Learned from an Incident Response Engagement
CISA conducted incident response at a US federal civilian agency after malicious activity was detected through EDR security alerts. The advisory shares lessons learned and best practices from this …
rss:US-CERT Alerts
—
05:10 KSA
Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
Chinese state-sponsored cyber actors are conducting global espionage campaigns targeting telecommunications, government, transportation, lodging, and milit…
rss:Threatpost
—
05:10 KSA
Student Loan Breach Exposes 2.5M Records
A data breach affecting student loan records has exposed personal information of 2.5 million individuals. The incident poses significant risks for identity theft and follow-on attacks targeting affected victims.
Source: …
rss:Threatpost
—
05:10 KSA
Watering Hole Attacks Push ScanBox Keylogger
APT group TA423 is conducting watering hole attacks to deploy ScanBox, a JavaScript-based reconnaissance framework. The attacks compromise legitimate websites to harvest credentials and conduct surveillance on targete…
rss:Threatpost
—
05:10 KSA
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
The 0ktapus threat group conducted a large-scale phishing campaign targeting over 130 organizations by spoofing multi-factor authentication systems. The campaign aims to bypass MFA protections and steal cor…
rss:The Hacker News
—
05:10 KSA
FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns
The U.S. FCC has banned imports of new foreign-manufactured consumer routers due to unacceptable cybersecurity and national security risks. This action aims to protect American communica…
rss:The Hacker News
—
05:10 KSA
TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise
Threat actor TeamPCP compromised the popular Python package LiteLLM (versions 1.82.7-1.82.8) through CI/CD pipeline attacks on Trivy and KICS. The malicious versions contain credential h…
rss:The Hacker News
—
05:10 KSA
Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR
A large-scale malvertising campaign since January 2025 targets U.S. users searching for tax documents, delivering malicious ConnectWise ScreenConnect installers. The malware deploys …
rss:SecurityWeek
—
05:09 KSA
HackerOne Employee Data Exposed in Massive Navia Breach
HackerOne, a cybersecurity firm, suffered a data breach affecting hundreds of employees through an attack on third-party vendor Navia. Personal information of employees was stolen in the incident, highlight…
rss:SecurityWeek
—
05:09 KSA
DoE Publishes 5-Year Energy Security Plan
The US Department of Energy's CESER launched Project Armor, a five-year initiative to strengthen critical energy infrastructure security. The plan focuses on hardening energy systems against cyber threats and improving r…
rss:SecurityWeek
—
05:09 KSA
Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw
Agentic AI systems are evolving from passive tools to autonomous agents with direct system access, raising significant governance and security concerns. The OpenClaw case demonstrates the need…
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Wednesday, March 25, 2026
CVE Archive ·
Threats ·
News