-
ForceMemo is an active software supply‑chain campaign hijacking GitHub accounts and silently backdooring Python repositories via force‑pushed commits that look legitimate in the web UI. It builds on GlassWorm’s stolen‑token ecosystem and uses the Solan…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical buffer overflow vulnerability has been discovered in the GNU InetUtils telnetd daemon. Tracked as CVE-2026-32746, the flaw carries a maximum CVSS 3.1 score of 9.8 and allows unauthenticated attackers to execute arbitrary code with root privi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenAI has officially launched GPT-5.4 mini and GPT-5.4 nano, introducing high-efficiency models optimized for automated workflows, coding subagents, and latency-sensitive deployments. These models are designed to reduce application programming interfa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new phase of the Iran war is unfolding in which ballistic missiles, drones, electronic warfare, and cyber operations are being deployed in parallel, with cyber activity increasingly tied to kinetic targeting, damage assessment, and strategic messagin…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Qualys Threat Research Unit (TRU) has disclosed a critical Local Privilege Escalation (LPE) vulnerability affecting default installations of Ubuntu Desktop version 24.04 and later. Tracked as CVE-2026-3888, this high-severity flaw carries a CVSS v3…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are increasingly relying on social engineering rather than complex software vulnerabilities to breach corporate networks. In November 2025, Microsoft’s Detection and Response Team (DART) investigated a notable identity-first intrusion whe…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Large‑scale campaigns abusing GitHub and Reddit to spread Vidar Stealer 2.0 through fake “free game cheats,” targeting players of popular online titles across the board. The operation shows how the takedown of other infostealers has shifted criminal de…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Boggy Serpens, also known as MuddyWater, has escalated its cyberespionage operations over the past year, focusing on diplomats and critical infrastructure organizations in a coordinated, multi-wave campaign. Boggy Serpens has moved beyond its earlier n…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed security flaw in the Kubernetes Container Storage Interface (CSI) Driver for Network File System (NFS) exposes storage servers to unauthorized directory modification and deletion. Tracked as CVE-2026-3864 with a medium-severity CVSS v…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researchers at MDSec have disclosed a newly patched Elevation of Privilege vulnerability in Microsoft Windows, known as “RegPwn”. Tracked as CVE-2026-24291, this flaw allows a low-privileged user to gain full SYSTEM access by exploiting how…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
