risk
-
Weaponizing FortiOS: How Hackers Weaponized Diagnostic Commands to Steal Credentials
A sophisticated, large-scale credential harvesting operation, dubbed “FortiBleed”, has surfaced, demonstrating a highly efficient method for compromising Fortinet FortiGate firewalls.…
Read More » -
Deep Dive: The CodeStorm Adversary-in-the-Middle (AiTM) Campaign Targeting Microsoft 365
A sophisticated multi-organization phishing campaign, attributed to the CodeStorm threat actor, is currently targeting Microsoft 365 tenants. Unlike traditional credential…
Read More » -
The iOS LLM Security Gap: How 282 AI Apps are Leaking Critical API Credentials
As Large Language Models (LLMs) become deeply integrated into the mobile ecosystem, a new and systemic security vulnerability has emerged.…
Read More » -
Security Alert: QNAP Addresses 14 Critical Vulnerabilities Across NAS and Surveillance Ecosystems
QNAP has released security advisory QSA-26-10, detailing the remediation of 14 distinct vulnerabilities. These security flaws impact a broad spectrum…
Read More » -
The Provenance Gap: Analyzing Scope Squatting Vulnerabilities in ClawHub’s Plugin Registry
A critical supply-chain weakness has been identified within the ClawHub plugin registry, specifically concerning a failure in namespace enforcement. This…
Read More » -
Critical Update: pgAdmin 9.16 Fixes Insecure Deserialization and RCE Risks
The pgAdmin Development Team has officially rolled out pgAdmin 4 version 9.16, a critical update that prioritizes the hardening of…
Read More » -
Sapphire Sleet Compromises Node.js: Account Takeover, Typosquatting, and Multi-Stage Payloads in @mastra
A sophisticated supply chain attack has been identified targeting the Node.js ecosystem, attributed to the North Korean state-sponsored actor Sapphire…
Read More » -
SmartApeSG Compromises Okendo Reviews Widget: Supply-Chain Attack Analysis
In a sophisticated supply-chain maneuver, the threat actor known as SmartApeSG successfully compromised the Okendo Reviews widget, leveraging a trusted…
Read More » -
VU#457458: Immediate Action Required for UEFI DBX and Firmware Patches
A critical vulnerability has recently surfaced within the UEFI ecosystem, impacting a wide array of signed applications across multiple hardware…
Read More » -
Critical Path Traversal Vulnerability in Avada Builder Threatens Over One Million WordPress Installations
A high-severity security flaw has been identified in the widely utilized Avada (Fusion) Builder WordPress plugin, posing a significant risk…
Read More » -
Security Alert: Critical “MaXSS” and “Spyder” Vulnerabilities Compromise Millions of AI-Powered Chrome Extension Users
A series of high-severity security flaws has been identified in widely deployed Chrome extensions, potentially exposing millions of users to…
Read More » -
Urgent Remediation Required: Active Exploitation of Splunk Enterprise Authentication Bypass (CVE-2026-20253)
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated the threat level for a critical vulnerability within Splunk Enterprise, designated…
Read More » -
Evolution of the INC Ransomware Ecosystem: From Emerging Threat to Top-Tier RaaS
The INC ransomware group has undergone a significant metamorphosis, transitioning from a niche emerging threat into one of the most…
Read More » -
RoguePlanet: Critical Zero-Day CVE-2026-50656 Compromises Microsoft Defender via Symlink Flaw
Microsoft has officially acknowledged a critical zero-day vulnerability, identified as CVE-2026-50656, which impacts the Microsoft Defender security suite. The disclosure…
Read More » -
Exploiting Trust: How Malvertisers Leveraged GitLab and Claude.ai for In-Memory RAT Deployment
A highly sophisticated malvertising and social engineering campaign has recently emerged, showcasing a tactical pivot from weaponized GitLab Pages to…
Read More » -
Critical Information Disclosure in Gravity SMTP Plugin: Active Exploitation of API Credentials
Security researchers have identified a significant information disclosure vulnerability in the Gravity SMTP WordPress plugin, which is currently being leveraged…
Read More » -
Critical Command Injection and Data Exfiltration Vulnerabilities Identified in Splunk AI Toolkit
Splunk has issued a critical security advisory regarding a significant vulnerability discovered within its AI Toolkit. This flaw provides a…
Read More »