-
Threat actors are actively deploying a new infostealer dubbed “AuraStealer,” backed by a growing customer base, 48 identified command‑and‑control (C2) domains, and multiple ongoing campaigns abusing popular platforms like TikTok and cracked‑software si…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered high-severity vulnerability in Google Chrome’s Gemini Live integration, tracked as CVE-2026-0628, exposed users to significant privacy and security risks. Researchers found that the flaw could allow malicious browser extensions…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft released its Patch Tuesday updates, addressing 59 vulnerabilities, including a critical zero-day flaw in the Windows MSHTML framework. Tracked as CVE-2026-21513, this actively exploited vulnerability allows attackers to bypass security featur…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Tire pressure monitoring systems (TPMS) in popular brands like Toyota, Mercedes, and many others quietly broadcast radio signals that can be turned into a powerful vehicle‑tracking tool. New research shows that these routine safety messages can be harv…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A high-severity local privilege escalation (LPE) vulnerability, identified as CVE-2026-20817, has been publicly documented following the release of a proof-of-concept (PoC) exploit. Discovered in the Windows Error Reporting (WER) service, the flaw allo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability was recently discovered in the DuckDuckGo browser for Android, exposing users to Universal Cross-Site Scripting (UXSS) attacks. This flaw, found in the browser’s AutoConsent JS bridge, allows malicious code from an untrus…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical command injection vulnerability, identified as CVE-2026-27728, has been discovered in OneUptime, a platform for monitoring and managing online services. This flaw allows authenticated users to execute arbitrary operating system commands on t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GTFire is a large-scale phishing scheme that abuses multiple Google services to hide malicious infrastructure, evade security tools, and steal credentials from organizations worldwide. GTFire is a credential-harvesting operation that chains Google Fire…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability has been discovered in Langflow, a popular low-code tool used for building applications with Large Language Models (LLMs). The flaw, tracked as CVE-2026-27966, resides in the software’s CSV Agent node and could allow mali…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An international law enforcement operation named Project Compass has launched a major offensive against “The Com,” a dangerous transnational virtual network (TVN). The operation, which began in January 2025, has successfully led to the arre…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
