-
A critical vulnerability, tracked as CVE-2026-27771, has been discovered in Gitea’s built-in container registry, allowing unauthenticated remote attackers to access private container images without credentials. This flaw poses a serious risk as it can …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered malicious npm package is drawing attention across the cybersecurity community after inadvertently exposing its own operator’s private GitHub token. Identified by OX Security researchers, the package, named mouse5212-super-formatter, …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Notepad++ has released version 8.9.6.1 to address multiple security vulnerabilities, including critical flaws that could allow arbitrary code execution under specific conditions. The update, published on May 26, 2026, patches three vulnerabilities trac…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors behind the ClearFake campaign have adopted a novel and highly resilient command-and-control (C2) architecture by leveraging BNB Smart Chain (BSC) testnet smart contracts, creating an infrastructure that is effectively immune to traditiona…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Roundcube Webmail users are being urged to update their systems immediately after the disclosure of multiple security vulnerabilities, including a critical pre-authentication SQL injection flaw that allows attackers to execute malicious database querie…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are actively deploying VIP Keylogger through phishing emails disguised as routine business documents, using multi‑layered loaders, steganography, and in‑memory execution to quietly steal credentials and other sensitive data from compromised sys…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Motorola is facing scrutiny after researchers and users discovered that its preinstalled Smart Feed app was silently hijacking launches of the Amazon Shopping app to inject affiliate referral codes into user traffic. The behavior, now disabled after pu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has issued a strong warning to the cybersecurity community following a recent surge in publicly disclosed zero-day vulnerabilities without prior coordination. According to the Microsoft Security Response Center (MSRC), several vulnerabilities…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are abusing two bulletproof hosting providers, GHOSTYNETWORKS and OMEGATECH, to run a global JavaScript (JS) malware infrastructure that powers large‑scale malspam and business email compromise activity. In March 2026, multiple malspam waves de…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are actively launching spoofing campaigns targeting FIFA-themed websites ahead of the 2026 FIFA World Cup, according to a Public Service Announcement (Alert I-052726-PSA) issued by the Federal Bureau of Investigation (FBI) on May 27, 2026…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
