-
The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalogue with four critical security flaws affecting widely-used enterprise software and development tools. All vulnerabilities were add…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Node.js has implemented a new quality control measure on its HackerOne bug bounty program, requiring researchers to maintain a minimum Signal reputation score of 1.0 before submitting vulnerability reports. This policy change, announced by the OpenJS F…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated three-stage malware attack campaign against Windows users in South Korea using specially crafted LNK (shortcut) files. The attack begins with a deceptive LNK file named “실전 트레이딩 핵심 비법서.pdf.lnk” (translating to “Practic…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The final day of Pwn2Own Automotive 2026 brought the world’s elite security researchers to the finish line with a spectacular display of hacking prowess. Over three intense days of competition, researchers successfully identified and exploited 76…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
MacSync macOS Infostealer Exploits ClickFix-style Attack to Trick Users with Single Terminal Command
A sophisticated macOS infostealer campaign that leverages deceptive ClickFix-style social engineering to distribute MacSync, a Malware-as-a-Service (MaaS) credential-stealing tool targeting cryptocurrency users. The attack chain begins with phishing re…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft is launching a new security feature designed to protect Teams users from fraudulent external callers impersonating trusted organizations. The Brand Impersonation Protection for Teams Calling will roll out starting mid-February 2026, with gene…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Day Two of Pwn2Own Automotive 2026 kicked off with high intensity, as security researchers targeted automotive infotainment systems, EV chargers, and gateways. Building on Day One’s momentum, teams demonstrated 37 unique zero-day vulnerabilities,…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered ransomware family, Osiris, targeted a major foodservice franchisee in Southeast Asia in November 2025. Despite sharing a name with a 2016 Locky ransomware variant, security researchers confirm this represents an entirely new threat w…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Akamai’s Security Intelligence and Response Team (SIRT) uncovered a serious command injection vulnerability in legacy Vivotek IoT camera firmware. Tracked as CVE-2026-22755, the flaw lets remote attackers inject and run arbitrary code as root wit…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
NVIDIA has patched critical vulnerabilities in its CUDA Toolkit that expose developers and GPU-accelerated systems to command injection and arbitrary code execution risks. Released on January 20, 2026, the update addresses four flaws in Nsight Systems …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶