-
A newly analyzed leak tied to The Gentlemen ransomware group reveals how modern ransomware operations are evolving in structure and tooling while relying on the same proven intrusion techniques seen over the past four years. The leak also highlights op…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw in the Kirki – Freeform Page Builder, Website Builder & Customizer WordPress plugin is exposing sites to account takeover and privilege escalation attacks, with roughly 150,000 estimated to be running vulnerable versions in…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Expiring Microsoft Secure Boot keys will not brick unmigrated systems on June 27, 2026. However, they will silently freeze DB/DBX updates and lock affected Windows and Linux fleets out of future boot‑level protections. On June 27, 2026, the Microsoft C…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apache ActiveMQ users are being urged to apply immediate patches following the disclosure of a critical vulnerability, CVE-2026-42253, that enables HTTP response header injection via improperly handled JMS message properties. The flaw affects both Apac…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Analysis has revealed that 38% of organizations are running GitHub Actions workflows vulnerable to script injection or unsafe trigger configurations, highlighting a growing risk in modern software supply chains. GitHub plays a central role in developme…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ivanti has patched a high-severity vulnerability in its Ivanti Neurons for ITSM platform that could allow authenticated attackers to escalate privileges and gain full administrative access to affected systems. Tracked as CVE-2026-9614, the flaw is clas…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A threat campaign in which attackers leveraged AI-powered tools to streamline Active Directory (AD) compromise and accelerate endpoint detection and response (EDR) evasion testing. The activity, observed on June 2, 2026, was triggered by suspicious fil…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly documented cyber espionage operation known as HazyBeacon, tracked as CL-STA-1020, is leveraging Amazon Web Services (AWS) to build stealthy command-and-control (C2) channels that are difficult for defenders to detect. The campaign primarily tar…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Windows systems are once again exposed to NTLM credential leakage through a newly observed abuse of the search, URI handler, a vulnerability class closely mirroring the previously patched CVE-2026-33829 in the Snipping Tool. Windows Search URI Handler …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed “HTTP/2 Bomb” attack is raising serious concerns across the web infrastructure ecosystem, enabling remote denial-of-service (DoS) conditions against widely deployed servers including nginx, Apache httpd, Microsoft IIS, Envoy, and Clou…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
