-
A highly sophisticated China-linked threat actor, identified as UAT-9244, has been actively targeting critical telecommunications infrastructure across South America since 2024. Security researchers assess with high confidence that UAT-9244 exhibits cl…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a major law enforcement operation, authorities have arrested a U.S. government contractor accused of executing a massive cryptocurrency theft. John Daghita allegedly stole over $46 million in digital assets from the United States Marshals Service (U…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability in the popular WordPress User Registration & Membership plugin allows unauthenticated attackers to easily create administrator accounts. The severe flaw, officially tracked as CVE-2026-1492, currently affects all p…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google Threat Intelligence Group (GTIG) reported 90 zero-day vulnerabilities actively exploited in the wild during 2025. While this total is slightly below the 2023 peak, it highlights a critical shift in the cybersecurity landscape, as attackers are i…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cato CTRL’s senior security researcher, Vitaly Simonovich, has uncovered a high-severity dos vulnerability in MongoDB, tracked as CVE-2026-25611, that lets unauthenticated attackers crash any exposed MongoDB server. CVE-2026-25611 is rooted in M…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are abusing interest in Anthropic’s Claude Code tools by setting up fake download pages that ultimately drop a lightweight infostealer via mshta.exe. The campaign shows how a single living‑off‑the‑land binary (LOLBIN) can power an effecti…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical zero-day vulnerability in Cisco Catalyst SD-WAN infrastructure, tracked as CVE-2026-20127, is currently under active exploitation by highly sophisticated threat actors. The situation has grown considerably more severe following the public re…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are abusing a new Linux-based toolkit dubbed RingH23 to silently compromise MacCMS-based video sites and hijack CDN infrastructure at scale, redirecting millions of users to gambling, pornography, and fraud platforms. Evidence shows Funn…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Suspected DPRK-linked threat actors have been observed compromising cryptocurrency firms through a coordinated campaign that blends web-app exploitation, cloud abuse, and secrets theft to position for large‑scale digital asset theft. The intrusions sho…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw in the popular Java authentication library pac4j-jwt allows attackers to completely bypass authentication and impersonate any user, including administrators. Tracked as CVE-2026-29000, this vulnerability carries a maximum CVSS …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
