-
A surge in infrastructure deployment that mirrors the tactics of SLSH, a predatory alliance uniting three major threat actors: Scattered Spider, LAPSUS$, and ShinyHunters. A sophisticated identity-theft campaign has emerged, targeting Single Sign-On (S…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in the vm2 JavaScript sandbox library (versions ≤ 3.10.0) enables attackers to bypass sandbox protections and execute arbitrary code with full system privileges. The flaw exploits improper sanitization of Promise callback funct…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Approximately 6,000 vulnerable SmarterTools SmarterMail installations globally are all exposed to an actively exploited remote code execution vulnerability. The vulnerability, tracked as CVE-2026-23760, poses an immediate threat to organisations relyin…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Active exploitation of a critical vulnerability in React Server Components, tracked as CVE‑2025‑55182 (React2Shell), targeting companies across multiple industry sectors worldwide. React2Shell affects the Flight protocol, which facilitates client-serve…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Search engine optimization (SEO) poisoning techniques to trick users into downloading malicious software disguised as legitimate tools. This attack campaign involves manipulating search results to promote fake repositories and archives containing BAT e…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated deepfake-enabled phishing campaign is actively targeting Bitcoin users through fake Zoom and Microsoft Teams calls. The attackers are exploiting video conferencing, Telegram, and AI-generated identities to steal bitcoin and compromise v…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A class-action lawsuit filed in San Francisco federal court accuses Meta Platforms of systematically misleading billions of WhatsApp users about the protection of their messages. The complaint alleges that despite marketing claims of unbreakable end-to…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The North Korean state-sponsored Lazarus hacking group has launched a sophisticated cyberespionage campaign targeting European defense contractors involved in uncrewed aerial vehicle (UAV) manufacturing. The attacks appear directly linked to North Kore…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A proof-of-concept exploit for CVE-2026-24061, a critical remote code execution vulnerability in the GNU Inetutils telnetd, has surfaced, with security researchers warning that over 800,000 vulnerable instances remain publicly accessible on the interne…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A server-side vulnerability in Instagram that allegedly allowed completely unauthenticated access to private account posts. This raises concerns about Meta’s vulnerability disclosure handling and the effectiveness of compensatory controls protect…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
