-
The threat actors have begun actively exploiting a critical authentication bypass vulnerability in GNU InetUtils telnetd immediately after proof-of-concept code became publicly available. The flaw allows remote attackers to gain root access without aut…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fortinet has officially confirmed active exploitation of critical FortiCloud single sign-on (SSO) authentication bypass vulnerabilities affecting multiple enterprise security appliances. The company disclosed two vulnerabilities CVE-2025-59718 and CVE-…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
TrustAsia has revoked 143 SSL/TLS certificates following the discovery of a critical vulnerability in its LiteSSL ACME service. The flaw, disclosed on January 21, 2026, permitted the reuse of domain validation data across different ACME accounts, allow…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fake Captcha and “ClickFix” lures have emerged as among the most persistent and deceptive malware-delivery mechanisms on the modern web. These pages mimic legitimate verification challenges from trusted services like Cloudflare, tricking us…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical backdoor vulnerability discovered in the LA-Studio Element Kit for the Elementor plugin poses an immediate threat to more than 20,000 WordPress installations. The vulnerability, tracked as CVE-2026-0920 with a CVSS severity rating of 9.8 (Cr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalogue with four critical security flaws affecting widely-used enterprise software and development tools. All vulnerabilities were add…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Node.js has implemented a new quality control measure on its HackerOne bug bounty program, requiring researchers to maintain a minimum Signal reputation score of 1.0 before submitting vulnerability reports. This policy change, announced by the OpenJS F…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated three-stage malware attack campaign against Windows users in South Korea using specially crafted LNK (shortcut) files. The attack begins with a deceptive LNK file named “실전 트레이딩 핵심 비법서.pdf.lnk” (translating to “Practic…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The final day of Pwn2Own Automotive 2026 brought the world’s elite security researchers to the finish line with a spectacular display of hacking prowess. Over three intense days of competition, researchers successfully identified and exploited 76…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
MacSync macOS Infostealer Exploits ClickFix-style Attack to Trick Users with Single Terminal Command
A sophisticated macOS infostealer campaign that leverages deceptive ClickFix-style social engineering to distribute MacSync, a Malware-as-a-Service (MaaS) credential-stealing tool targeting cryptocurrency users. The attack chain begins with phishing re…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶