-
A critical vulnerability in the popular WPvivid Backup & Migration plugin is putting more than 800,000 WordPress websites at risk of complete takeover through remote code execution (RCE) attacks. Tracked as CVE-2026-1357 and rated 9.8 on the CVSS s…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Palo Alto Networks has disclosed a PAN-OS firewall vulnerability that can let remote attackers force repeated reboots, potentially pushing a device into a “reboot loop” that ends in maintenance mode. Tracked as CVE-2026-0229, the issue sits in the Adva…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered malicious NPM package, dubbed duer-js , is being used to distribute an advanced information‑stealing malware that primarily targets Windows systems and Discord users. Published by the user “luizaearlyx”, the package contains a custom…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new fingerprinting technique called “Adbleed” reveals that VPN users aren’t as anonymous as they think. While VPNs hide your IP address and encrypt traffic, they can’t conceal which country-specific adblock filter lists are in…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Lazarus Group’s latest software supply chain operation is using fake recruiter lures and popular open‑source ecosystems to deliver malware to cryptocurrency‑focused developers quietly. The campaign, dubbed graphalgo, abuses GitHub, npm, and PyPI to hid…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A dormant Microsoft Outlook add-in has been weaponized by attackers to steal thousands of login credentials and credit card numbers. The incident, identified by security researchers as the first known malicious Office add-in found in the wild, exposed …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fake CAPTCHA attacks are now a key entry point for a new wave of LummaStealer infections, with CastleLoader loaders turning simple web clicks into full system compromise. Less than a year after a major law-enforcement takedown, the infostealer’s operat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new era of AI vulnerability has arrived, and it is far more dangerous than simply tricking a chatbot into saying something rude. New research released this week demonstrates how attackers can weaponize everyday tools such as Google Calendar and Zoom …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are abusing legitimate remote monitoring tools to hide inside corporate networks and launch ransomware attacks. Net Monitor for Employees Professional is a commercial workforce monitoring tool by NetworkLookout that offers remote screen v…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apple has released emergency security updates for iOS and iPadOS to fix a critical “zero-day” vulnerability that hackers are actively using in attacks. The flaw, tracked as CVE-2026-20700, was discovered by Google’s Threat Analysis Gr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
