vulnerabilities
-
The Emergence of Okta Vishing: Identity-Centric Cloud Attacks on the Rise
Hackers are increasingly abandoning email phishing in favor of a more sophisticated threat vector: voice-based social engineering targeting identity platforms…
Read More » -
Critical Security Flaws Discovered in Synology SSL VPN Client
In a significant development for cybersecurity, Synology has released a critical security update addressing dangerous vulnerabilities in its widely-used SSL…
Read More » -
Iran’s CyberAv3ngers Escalates Attacks on U.S. Water Utilities and Industrial Systems
CyberAv3ngers, an Iranian state-linked threat group, has intensified disruptive campaigns against U.S. water utilities and industrial control systems, shifting from…
Read More » -
Critical Apache Tomcat Security Updates Patch Three High-Risk Vulnerabilities
The Apache Software Foundation has issued critical security updates for Tomcat to address three newly disclosed vulnerabilities affecting widely deployed…
Read More » -
AI-Powered Cyberattack on Mexican Government Exposes Hundreds of Millions of Records
In a groundbreaking technical report released by Gambit Security researcher Eyal Sela, new details have emerged about a massive cyberattack…
Read More » -
5,219 Rockwell PLCs exposed online
Censys has warned that more than 5,000 Rockwell Automation/Allen-Bradley PLCs are currently exposed to the internet, as Iranian-affiliated APT actors…
Read More » -
TP-Link Devices at Risk as Multiple Security Flaws Enable Takeover
Cybersecurity researchers have uncovered five significant security vulnerabilities in the TP-Link Archer AX53 v1.0 router. If left unpatched, these critical…
Read More » -
Multiple SonicWall Flaws Enable SQL Injection and Privilege Escalation Attacks
SonicWall has published a critical security advisory addressing four distinct vulnerabilities in its SMA1000 series appliances. These security flaws open…
Read More » -
CISA Issues Warning on Critical Ivanti EPMM Flaw Exploited in Ongoing Attacks
The Cybersecurity and Infrastructure security Agency (CISA) has issued an urgent alert regarding a critical security flaw in Ivanti Endpoint…
Read More » -
Critical Chrome Flaws Let Attackers Execute Arbitrary Code
Google has released an urgent security update for its Chrome browser, resolving multiple dangerous vulnerabilities. The Chrome team promoted version…
Read More » -
Anthropic Launches Claude Mythos Preview Focused on Zero-Day Vulnerability Discovery
Anthropic recently unveiled Claude Mythos Preview, a groundbreaking general-purpose language model demonstrating an unprecedented, emergent ability to autonomously discover and…
Read More » -
IBM Security Verify Access Flaws Let Remote Attackers Access Sensitive Data
IBM has issued an urgent security bulletin addressing a slew of vulnerabilities impacting IBM Verify Identity Access and IBM Security…
Read More » -
Masjesu Botnet Targets Routers in Commercial DDoS Attacks
Hackers are abusing the Masjesu botnet to run high-volume DDoS-for-hire attacks against routers, gateways, and other exposed IoT infrastructure, turning…
Read More » -
FBI Takes Down Russian Campaign That Compromised Thousands of Routers
U.S. Justice Department and FBI actions disrupted a worldwide network of hacked SOHO routers controlled by Russia’s GRU intelligence agency…
Read More » -
Iranian-Linked Hackers Targeting U.S. Critical Infrastructure Programmable Logic Controller
A joint advisory from multiple U.S. federal agencies warns that Iranian-affiliated advanced persistent threat (APT) actors are actively targeting internet-exposed…
Read More » -
Critical Android Flaw Allows Zero-Interaction Denial-of-Service Attacks
Google released its April 2026 Android Security Bulletin, addressing multiple vulnerabilities. The most alarming flaw is a critical security vulnerability…
Read More » -
Windmill Developer Platform Flaws Expose Users to RCE Attacks, Proof-of-Concept Published
Cybersecurity researchers have discovered critical vulnerabilities in the Windmill developer platform and Nextcloud Flow, an integration embedding the Windmill engine.…
Read More » -
Attackers Exploit Flowise Injection Vulnerability as 15,000+ Instances Remain Exposed
A critical security flaw in Flowise, a widely used open-source AI development platform, is currently being actively exploited in the…
Read More »