-
The world’s top ethical hackers wasted no time breaking into modern software and AI systems on the opening day of Pwn2Own Berlin 2026, exposing critical zero-day vulnerabilities in Microsoft Edge, Windows 11, LiteLLM, and NVIDIA platforms. On May 14, r…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new phishing campaign uncovered in late April 2026 shows how threat actors behind the Tycoon 2FA Phishing-as-a-Service (PhaaS) kit are evolving beyond traditional credential theft. This development comes just weeks after a global takedown effort led …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Amazon Redshift users are facing a serious security risk after researchers uncovered a high-severity vulnerability that could allow attackers to execute arbitrary code on affected systems. The flaw, tracked as CVE-2026-8178, affects the widely used Ama…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Multiple newly disclosed vulnerabilities in cPanel & WHM, including the critical CVE‑2026‑41940 authentication bypass bug and a cluster of May 2026 flaws, could allow attackers to access sensitive resources and hosting accounts if servers remain un…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has rolled out a major Chrome security update, fixing 79 vulnerabilities in the Stable channel, including 14 critical flaws that could allow attackers to execute arbitrary code or crash systems. The update, now available as version 148.0.7778.16…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco has disclosed a critical vulnerability in its Catalyst SD-WAN platform that is already being exploited in the wild, allowing attackers to gain administrative control over enterprise networks without authentication. Critical SD-WAN flaw under atta…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A financially motivated threat group known as TeamPCP is aggressively targeting modern software supply chains, abusing trusted CI/CD pipelines to steal sensitive developer and cloud credentials at scale. TeamPCP’s core strategy is simple but highly eff…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Next.js, one of the most widely used React frameworks, has been hit by a high-severity vulnerability that could allow attackers to extract sensitive cloud credentials, API keys, and even access internal admin interfaces. The flaw, tracked as CVE-2026-4…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has revealed new technical insights into Kazuar, a long-running malware linked to the Russian state-backed group Secret Blizzard, highlighting its evolution into a stealthy, modular peer-to-peer (P2P) botnet designed for persistent cyber espi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A devastating zero-day vulnerability in Palo Alto Networks firewalls is under active exploitation by suspected state-sponsored hackers, allowing unauthenticated attackers to seize complete control of enterprise security infrastructure. The flaw, tracke…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
