66
CVEs
37
Threats
0
News
1
Critical
1
CISA KEV
🛡 Security Vulnerabilities (CVE)
Check Point Security Gateway — CVE-2026-50751
Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection withou…
CVE-2026-49190
Improper Instructional Permission Evaluation Enables Unauthorized Command Execution
15:15 KSA
The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions.
CVE-2026-49194
Authentication Bypass in SCREEN_CLICK(5053) Debug Routine Enables Unauthorized Shell Access
15:15 KSA
The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface.
Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft.
Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted.
Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Attackers can inject malicious SQL through the ck_config cookie in multiple endpoints including login.…
Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to pages.php with crafted id values using error-based SQL inject…
All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection p…
System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data.
The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity.
CVE-2026-49189
Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke
09:18 KSA
Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations.
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external attacker.
CVE-2026-8889
Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) an
09:16 KSA
Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes).
Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet.
CVE-2026-50210
Static IV AES-CBC Encryption Vulnerability Enabling Replay and Plaintext Attacks
21:01 KSA
The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attacks and known-plaintext decryption.
CVE-2026-50213
Information Disclosure via Predictable ID Enumeration in Account Validation
21:01 KSA
The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings.
CVE-2026-49187
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse.
09:18 KSA
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse.
CVE-2026-10737
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability
09:16 KSA
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtai…
CVE-2026-10771
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-
09:16 KSA
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server…
A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential c…
HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. .
CVE-2026-39908
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers
01:07 KSA
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts…
CVE-2026-11611
A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory g
01:07 KSA
A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause cra…
WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the…
WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settings[currency_code] parameter. Attackers can submit POST requests to /wp-admin/options…
WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin …
CVE-2026-3011
The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'su
19:52 KSA
The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOM_Helpers::deserialize_block_attributes' method converting …
CVE-2026-11532
A weakness has been identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Aff
01:07 KSA
A weakness has been identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected is an unknown function of the file /add.php of the component Student Record Handler. Executing a manipulation can lead to improper access controls. The at…
CVE-2026-11559
SQL Injection in CodeAstro Payroll System 1.0 /view_account.php ID Parameter
04:36 KSA
A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of the file /view_account.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /home_salary.php. The manipulation of the argument rate/salary_rate leads to sql injection. The attack is possible to be carried out remotely. The e…
CVE-2026-11475
SQL Injection in Kushan2k Student Management System Certificate Verification
10:16 KSA
A weakness has been identified in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this vulnerability is the function getStatus of the file controllers/GradeController.php of the component Certificate Verification Endpoint. Executing …
A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remot…
A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remot…
A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The e…
CVE-2026-11473
A vulnerability was identified in jflyfox jfinal_cms up to 5.1.0. This impacts the function list of the file Advicefeedb
07:54 KSA
A vulnerability was identified in jflyfox jfinal_cms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the probl…
CVE-2026-11470
A vulnerability has been found in hs-web hsweb-framework up to 5.0.1. The affected element is the function denied of the
07:54 KSA
A vulnerability has been found in hs-web hsweb-framework up to 5.0.1. The affected element is the function denied of the file hsweb-system/hsweb-system-file/src/main/java/org/hswebframework/web/file/FileUploadProperties.java of the component File Upload. The manipulation of the a…
CVE-2026-11461
A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_t
04:18 KSA
A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to laun…
CVE-2026-11513
SQL Injection in itsourcecode Hospital Management System 1.0 Date Parameter
19:52 KSA
A vulnerability was detected in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminaccount.php. The manipulation of the argument Date results in sql injection. The attack can be launched remotely. The exploit is now public and may be us…
CVE-2026-11495
A vulnerability was detected in CodeAstro Ingredients Stock Management System 1.0. This impacts an unknown function of t
15:56 KSA
A vulnerability was detected in CodeAstro Ingredients Stock Management System 1.0. This impacts an unknown function of the file /Ingredients-Stock/add_stock.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now …
A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql URI Handler. This manipulation of the argument uri_str causes sql injection. Remote …
CVE-2026-11506
A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /a
19:52 KSA
A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search_staff_for_deletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has…
CVE-2026-11507
A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/d
19:52 KSA
A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/delete_leave_type.php. The manipulation of the argument leave_type results in sql injection. The attack can be executed remotely. The exploit has been made publi…
CVE-2026-11508
A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown fu
19:52 KSA
A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search_staff_to_assign_pc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried …
CVE-2026-11509
A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown function
19:52 KSA
A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/search_staff_for_updation.php. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote.
A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/add_leave.php. Performing a manipulation of the argument type_of_leave results in sql injection. It is possible to initiate the attack remotely. The explo…
CVE-2026-11514
SQL Injection in itsourcecode Hospital Management System 1.0 addpatient.php
19:52 KSA
A flaw has been found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /addpatient.php. This manipulation of the argument admissiontme causes sql injection. The attack may be initiated remotely. The exploit has been published…
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in…
CVE-2026-11519
SourceCodester Inventory System 1.0 Improper Authorization in Role Assignment
23:06 KSA
A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /Product_Inventory/api/users_handler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in …
A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/com/alien/bank/management/system/controller/TransactionController.java of the comp…
CVE-2026-11476
Kushan2k Student Management System Privilege Escalation via isadmin Parameter
10:16 KSA
A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulatio…
CVE-2022-50953
WordPress admin-word-count-column Plugin 2.2 Arbitrary File Read via Path Traversal
10:16 KSA
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path par…
CVE-2026-11467
A security vulnerability has been detected in jishenghua jshERP up to 3.6. This vulnerability affects the function addAc
07:54 KSA
A security vulnerability has been detected in jishenghua jshERP up to 3.6. This vulnerability affects the function addAccountHeadAndDetail of the file jshERP-boot/src/main/java/com/jsh/erp/service/AccountHeadService.java of the component addAccountHeadAndDetail Endpoint. Such man…
Stored cross-site scripting in the URL dashboard widget in Checkmk
CVE-2026-8833
Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0
21:33 KSA
Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk
CVE-2026-11466
A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invok
05:18 KSA
A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the atta…
A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-…
CVE-2026-11533
A security vulnerability has been detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd48
01:07 KSA
A security vulnerability has been detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the arg…
CVE-2026-11497
A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of
15:56 KSA
A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. Th…
CVE-2026-11487
A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/
11:54 KSA
A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argument path can lead to command injection. It is possible to launch the attack on the…
A vulnerability has been found in SourceCodester Barangay Resident Profiling and Information Management System 1.0. The impacted element is an unknown function of the file passsword_reset.php of the component Password Reset Handler. Such manipulation of the argument new_password …
CVE-2026-7765
Incorrect authorization in the User Messages dashboard widget in Checkmk <2.5.0p5 causes the message-fetching endpoints
21:33 KSA
Incorrect authorization in the User Messages dashboard widget in Checkmk
CVE-2026-11552
A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Lea
01:07 KSA
A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import_users.php. The manipulation of the argument…
CVE-2026-11500
A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the f
17:00 KSA
A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization …
A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key
. The attack may be launched remotely. Th…
CVE-2026-11493
A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etc_r
15:56 KSA
A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. The attack is only possible within the local network. A high…
CVE-2026-11460
04:32 KSA
⚠️ Threat Intelligence
37 threats
rss:Dark Reading
—
03:27 KSA
Iran Signed a Ceasefire — Its Hackers Didn't
Despite Iran's ceasefire agreement, Iranian state-sponsored cyber operations continue unabated, highlighting the gap in international cyberwarfare regulations. An extension of the Geneva Conventions could establi…
rss:Dark Reading
—
03:27 KSA
Check Point VPN Flaw Exploited Since Early May
A critical zero-day vulnerability in Check Point VPN has been actively exploited since early May, with Qilin ransomware affiliates confirmed to have leveraged the flaw in at least one attack. The vulnerability poses…
rss:Dark Reading
—
03:27 KSA
Silent Ransom Group Hits US Law Firms in Escalating Extortion Attacks
A financially motivated ransomware group is conducting sophisticated multi-vector attacks against US law firms using vishing, IT impersonation, and physical office intrusions to steal sensitiv…
rss:The Hacker News
—
03:27 KSA
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
A critical Linux kernel use-after-free vulnerability (CVE-2026-23111) in the nf_tables packet-filtering code has been publicly exploited, allowing unprivileged local users to escalate…
rss:BleepingComputer
—
03:27 KSA
New Shai-Hulud attack trojanizes 19 science-focused PyPI packages
Attackers compromised 19 science-focused packages on PyPI repository, downloaded hundreds of thousands of times, injecting malware designed to steal developer credentials and secrets. This supply-…
rss:BleepingComputer
—
01:30 KSA
WhatsApp says it disrupted new NSO spyware phishing attacks
WhatsApp detected and disrupted spear-phishing campaigns attributed to NSO Group targeting users through social engineering attacks. The platform investigated user reports and implemented measures to st…
rss:Dark Reading
—
00:16 KSA
'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud
The 'Hades' campaign targeted 37 PyPI wheels and 19 code packages, demonstrating an evolved approach to software supply chain attacks. This persistent threat shows attackers are continuously ref…
rss:The Hacker News
—
00:16 KSA
Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order
Meta detected and blocked spear-phishing attempts attributed to NSO Group, an Israeli spyware vendor, targeting WhatsApp users. The company filed a federal court contempt order again…
rss:SecurityWeek
—
23:27 KSA
A Security Raises $37 Million for Autonomous Offensive Security Platform
The company founded by Yossi Torati, Omer Gull, and Yuval Itzchakov has emerged from stealth mode.
The post A Security Raises $37 Million for Autonomous Offensive Security Platform appeared…
rss:BleepingComputer
—
23:26 KSA
Gogs patches critical zero-day enabling remote code execution
Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones). [...]
Source: https://www.ble…
rss:Recorded Future
—
21:54 KSA
May 2026 CVE Landscape
Insikt Group identified 41 high-impact vulnerabilities in May 2026 requiring immediate remediation, all rated as Very Critical. This represents an 11% increase in critical vulnerabilities compared to the previous month.
Source: https://ww…
rss:Malwarebytes Lab
—
21:54 KSA
Americans lost nearly $900 million to AI-powered scams, FBI says
AI-powered scams including deepfakes and voice cloning resulted in nearly $900 million in losses for Americans in 2025, according to the FBI Internet Crime Report. These sophisticated fraud techniq…
rss:SecurityWeek
—
21:54 KSA
Everybody Is Vibe Coding But Nobody Told the Security Team
Organizations are increasingly adopting AI-driven development tools without proper security governance and oversight. The article emphasizes that while AI-driven coding cannot be blocked, it requires rob…
rss:The Hacker News
—
21:54 KSA
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
Check Point has disclosed a critical vulnerability (CVE-2026-50751, CVSS 9.3) in Remote Access VPN and Mobile Access deployments using the deprecated IKEv1 protocol. The flaw involves a …
rss:BleepingComputer
—
21:54 KSA
Critical UniFi OS bug lets hackers gain root without authentication
Attackers can chain three previously patched vulnerabilities in Ubiquiti UniFi OS to achieve unauthenticated remote code execution with root privileges. This vulnerability chain allows complete …
rss:The Hacker News
—
20:36 KSA
⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
Weekly security recap covering multiple critical threats including Instagram account compromises, Android zero-day vulnerability, and GitHub repository worm. The analysis highlights …
rss:BleepingComputer
—
20:36 KSA
Reducing security operations complexity with Wazuh Cloud
Security teams face challenges with alert fatigue and complex hybrid infrastructure management. Wazuh Cloud offers a managed SIEM/XDR solution that reduces operational complexity through automated scaling …
rss:SecurityWeek
—
19:57 KSA
Cybersecurity M&A Roundup: 26 Deals Announced in May 2026
The cybersecurity industry saw significant M&A activity in May 2026 with 26 deals announced by major players including Akamai, Check Point, Cisco, Cyera, Dragos, WatchGuard, and Zscaler. This consolid…
rss:SecurityWeek
—
19:57 KSA
Everest Forms Vulnerability Exploited to Hack WordPress Sites
A critical vulnerability in Everest Forms plugin allows attackers to execute arbitrary code remotely on WordPress sites. The flaw has been actively exploited in the wild for approximately two months. …
rss:SecurityWeek
—
19:57 KSA
WhatsApp Catches Spyware Firm NSO Defying No-Hacking Court Order
WhatsApp has filed a federal court contempt order against NSO Group for allegedly violating a no-hacking court order. The spyware firm continues to conduct unauthorized surveillance activities desp…
rss:The Hacker News
—
19:57 KSA
The Hardest Fork
A significant security vulnerability or exploit chain has been discovered in a major system, involving novel combinations of multiple vulnerabilities that create critical security risks. The findings represent serious security flaws that go beyo…
rss:The Hacker News
—
19:57 KSA
AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload
AI-powered phishing attacks are dramatically increasing alert volumes for Security Operations Centers, enabling attackers to generate convincing emails and fake login pages at scale. T…
rss:BleepingComputer
—
19:57 KSA
Check Point links VPN zero-day attacks to Qilin ransomware gang
Check Point has released security updates to patch a critical zero-day vulnerability in Remote Access VPN and Mobile Access deployments that was actively exploited by the Qilin ransomware gang. This…
rss:Malwarebytes Lab
—
17:29 KSA
Pirated PC games are delivering password-stealing malware
Cybercriminals are distributing password-stealing malware through cracked and repacked PC games, compromising over 400,000 devices globally. This supply chain attack targets users seeking free gaming cont…
rss:SecurityWeek
—
17:29 KSA
Anthropic Urges Industry Coordination to Allow for a ‘Pause’ in AI Development if Risks Grow
Anthropic proposes industry-wide coordination mechanisms to enable verification that competing AI labs have paused or slowed development if risks escalate. The proposal …
rss:SecurityWeek
—
17:29 KSA
Silent Ransom Group Uses DNS Fast Flux in Attacks
The Silent Ransom group targets US law firms using DNS Fast Flux techniques to conceal command and control infrastructure. This advanced evasion method allows the group to maintain persistent access while avoidin…
rss:SecurityWeek
—
17:29 KSA
174,000 Impacted by Lansing Community College Data Breach
Hackers accessed personal information from Lansing Community College systems in February 2025, impacting 174,000 individuals. The breach exposed sensitive data stored on college infrastructure. This incid…
rss:The Hacker News
—
17:29 KSA
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances
A China-nexus APT group has deployed a BSD variant of the BRICKSTORM backdoor along with PLENET and AGENTPSD malware families targeting Linux systems. The campaign represents a significant threa…
rss:BleepingComputer
—
17:29 KSA
Oxford University discloses data breach after careers platform hack
Oxford University disclosed a data breach affecting its CareerConnect careers platform operated by third-party provider Group GTI. The compromise exposed sensitive information through the outsou…
rss:SecurityWeek
—
15:18 KSA
OpenAI Rolling Out ChatGPT Account Security Controls
OpenAI is expanding availability of Active Sessions and Lockdown Mode security features for ChatGPT accounts. These controls enable users to monitor active sessions and restrict account access during high-risk…
rss:The Hacker News
—
15:18 KSA
UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign
UNC3753, a financially motivated threat group, conducted a data theft extortion campaign targeting dozens of organizations in professional, legal, and financial services sectors a…
rss:Malwarebytes Lab
—
14:16 KSA
A week in security (June 1 &#8211; June 7)
Weekly security roundup covering cybersecurity topics and incidents from June 1-7, 2026. This compilation provides an overview of significant security events and threats identified during the week.
Source: https://…
rss:SecurityWeek
—
14:16 KSA
SolarWinds Serv-U Vulnerability Exploited in the Wild
An unauthenticated vulnerability in SolarWinds Serv-U is being actively exploited in the wild, allowing attackers to crash the service through specially crafted POST requests. This vulnerability poses a signi…
rss:SecurityWeek
—
13:11 KSA
Meta Says 20,000 Instagram Accounts Hacked via AI Tool Abuse
Meta reported that approximately 20,000 Instagram accounts were compromised through abuse of an account recovery support tool powered by AI. The company has notified relevant authorities about the secu…
rss:The Hacker News
—
13:11 KSA
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
Microsoft has implemented a two-hour delay for automatic extension updates in VS Code to mitigate supply chain attack risks. This security measure allows time for detection and respons…
rss:BleepingComputer
—
12:00 KSA
Over 20,000 Instagram accounts stolen in Meta AI support hack
Meta disclosed a security incident where attackers exploited Meta's AI-powered support system to reset passwords and hijack over 20,000 Instagram accounts. The attack demonstrates vulnerabilities in a…
rss:BleepingComputer
—
05:38 KSA
Hands on with Intelligent Terminal, an AI-powered Windows Terminal
Microsoft has released an open-source fork of Windows Terminal called Intelligent Terminal that integrates AI capabilities directly into the terminal environment. This tool allows users to levera…
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Monday, June 8, 2026
CVE Archive ·
Threats ·
News