-
Cybersecurity researchers at the CERT Coordination Center (CERT/CC) have issued a warning regarding a newly disclosed evasion technique tracked as VU#976247. Threat actors are increasingly utilizing malformed ZIP archives to bypass Antivirus (AV) and E…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
On March 10, 2026, SAP released its monthly Security Patch Day updates, addressing multiple vulnerabilities across its enterprise software products. Maintaining a structured patch management cycle aligned with this monthly schedule remains a foundation…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenClaw’s rapid rise has accidentally exposed how far GitHub’s advisory ecosystem has drifted from traditional CVE‑centric vulnerability tracking. Within roughly three weeks, the project published more than 200 GitHub Security Advisories (GHSA), and i…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been identified in Gogs, a widely used open-source self-hosted Git service. / Tracked as CVE-2026-25921, this flaw allows unauthenticated attackers to silently overwrite Git Large File Storage (LFS) objects across …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a recent security advisory, Cloudflare disclosed multiple HTTP request smuggling and cache poisoning vulnerabilities in its open-source Pingora framework. Tracked under the identifiers CVE-2026-2833, CVE-2026-2835, and CVE-2026-2836, these flaws spe…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenAI has announced the acquisition of Promptfoo, an artificial intelligence security platform designed to help enterprises identify and fix vulnerabilities in their AI systems during development. Once the acquisition is finalized, OpenAI plans to int…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new Android Remote Access Trojan (RAT) named SurxRAT, which is being sold as a commercial malware platform through a Telegram-based malware‑as‑a‑service (MaaS) ecosystem. The malware, marketed under the SURXRAT V5 branding, enables cybercriminals to …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A highly advanced iPhone hacking toolkit, originally developed for Western intelligence agencies, has leaked into the hands of Russian spies and Chinese cybercriminals. The exploit framework, known internally as “Coruna,” was likely created…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A wave of phishing campaigns that used signed malware posing as popular workplace apps like Microsoft Teams, Zoom, and Adobe Reader to deploy remote monitoring and management (RMM) backdoors. The activity, attributed to an as-yet unidentified threat ac…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The secure messaging platform Signal recently confirmed active, targeted phishing campaigns resulting in severe account takeovers. These sophisticated attacks have successfully compromised the accounts of high-profile individuals, specifically targetin…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
