-
A newly uncovered cyber fraud campaign is abusing fake CAPTCHA pages to trick mobile users into sending large volumes of international SMS messages, resulting in unexpected phone bills and illicit profits for attackers. Unlike traditional malware campa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability, tracked as CVE-2026-6644, has been uncovered in ASUSTOR’s ADM (ASUSTOR Data Master) operating system. Specifically, the flaw exists within the PPTP VPN Client feature. Carrying a CVSS v4.0 score of 9.4, this OS command injecti…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenAI has released a comprehensive cyber defense roadmap titled “Cybersecurity in the Intelligence Age” to responsibly equip defenders with AI-powered security tools faster than malicious actors can adapt. Spearheaded by Sasha Baker in Apr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical zero-day vulnerability, tracked as CVE-2026-41940, is currently being actively exploited across the web hosting industry. This CVSS 9.8 flaw allows unauthenticated remote attackers to bypass cPanel and WHM login mechanisms, granting them ful…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Jenkins project released a critical security advisory addressing seven vulnerabilities across multiple widely used plugins. The disclosed flaws include high-severity path traversal and stored cross-site scripting (XSS) vulnerabilities that could al…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A long-dormant backdoor has been uncovered in the “Quick Page/Post Redirect Plugin,” a popular WordPress add-on with over 70,000 active installations. The tampered plugin, specifically version 5.2.3, contained two distinct malicious feature…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are actively exploiting two severe authentication bypass vulnerabilities in Qinglong, a popular open-source task scheduling platform. These flaws allow attackers to execute arbitrary code and deploy resource-draining cryptomining malware on vul…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have identified a severe supply chain attack targeting the SAP developer ecosystem. A threat group identified as TeamPCP has compromised multiple legitimate SAP npm packages in a new campaign named Mini Shai Hulud. The operation re…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SonicWall has released a security advisory detailing three new vulnerabilities affecting its SonicOS software. Disclosed on April 29, 2026, under advisory ID SNWLID-2026-0004, these security flaws open the door for attackers to bypass access controls, …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed flaw in ProFTPD is drawing urgent attention because it can let attackers move from a simple SQL injection bug to authentication bypass, privilege escalation, and in some environments even remote code execution. Tracked as CVE-2026-421…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
