security
-
Iranian-Linked Hackers Targeting U.S. Critical Infrastructure Programmable Logic Controller
A joint advisory from multiple U.S. federal agencies warns that Iranian-affiliated advanced persistent threat (APT) actors are actively targeting internet-exposed…
Read More » -
Critical Ninja Forms File Upload Vulnerability Allows Unauthenticated Remote Code Execution
A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress enables attackers to upload arbitrary files without…
Read More » -
Critical Android Flaw Allows Zero-Interaction Denial-of-Service Attacks
Google released its April 2026 Android Security Bulletin, addressing multiple vulnerabilities. The most alarming flaw is a critical security vulnerability…
Read More » -
GPUBreach Attack Could Lead to Full System Takeover and Root Shell Access
Researchers at the University of Toronto have uncovered a new vulnerability dubbed “GPUBreach,” which demonstrates that GPU-based Rowhammer attacks can…
Read More » -
Kubernetes Flaws Let Hackers Jump From Containers to Cloud Accounts
Hackers are increasingly abusing Kubernetes misconfigurations to jump from containers into high‑value cloud accounts, turning a single compromised pod into…
Read More » -
Windmill Developer Platform Flaws Expose Users to RCE Attacks, Proof-of-Concept Published
Cybersecurity researchers have discovered critical vulnerabilities in the Windmill developer platform and Nextcloud Flow, an integration embedding the Windmill engine.…
Read More » -
Tor-Backed ClickFix Campaign Drops Node.js RAT on Windows
Criminals are leveraging the “ClickFix” scheme, a deceptive tactic that dupes users into engaging with counterfeit CAPTCHA or verification screens.…
Read More » -
Attackers Exploit Flowise Injection Vulnerability as 15,000+ Instances Remain Exposed
A critical security flaw in Flowise, a widely used open-source AI development platform, is currently being actively exploited in the…
Read More » -
Iran-Linked Hackers Hit M365 Tenants in Middle East Password Spray Campaign
Iran-linked threat actors have launched a coordinated password-spraying campaign targeting Microsoft 365 environments across the Middle East, according to new…
Read More » -
Trojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates Data
A malicious PyPI package, hermes-px, masquerades as a “Secure AI Inference Proxy” while secretly stealing user prompts and abusing a…
Read More » -
Critical Claude Code Flaw Silently Bypasses User-Configured Security Rules
Anthropic’s flagship AI coding agent, Claude Code, contains a critical security flaw that silently bypasses developer-configured safety rules. The vulnerability…
Read More » -
Apache Traffic Server Flaw Allowed Attackers to Trigger Denial-of-Service Attacks
The Apache Software Foundation has released critical security updates to address two vulnerabilities in Apache Traffic Server (ATS). Disclosed on…
Read More » -
Google’s Bug Bounty Program Hits Record $17 Million in 2025 Payouts
Google announced a record-breaking year for its Vulnerability Reward Program (VRP) in 2025, paying out over $17 million to ethical…
Read More » -
Threat Actors Weaponize Fake Microsoft Teams Domains to Target Users
North Korean state-sponsored threat actors, specifically the group known as UNC1069, are actively deploying counterfeit Microsoft Teams domains as part…
Read More » -
Top 10 Best Identity And Access Management (IAM) Companies 2026
In the rapidly evolving digital landscape of 2026, Identity and Access Management (IAM) has transcended its traditional role to become…
Read More » -
LinkedIn Hidden Code Secretly Scans Users’ Computers for Installed Software
A new investigation by Fairlinked e.V. claims that Microsoft-owned LinkedIn is running a massive, undisclosed corporate surveillance operation. According to…
Read More »