-
QNAP has released an urgent security advisory regarding a critical vulnerability affecting its QVR Pro application, a widely deployed network video surveillance solution. Disclosed on March 21, 2026, under the security advisory identifier QSA-26-07, th…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Recent threat research reveals a severe security crisis affecting low-cost IP-KVM devices. Security experts discovered nine vulnerabilities across four popular vendors, transforming these cheap management tools into powerful attack platforms. Compromis…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The ongoing supply chain attack targeting Aqua Security’s Trivy ecosystem has escalated, with new compromised Docker images discovered on Docker Hub. According to Socket’s analysis, two new Docker image tags, 0.69.5 and 0.69.6, were published on March …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A highly automated npm supply chain campaign, dubbed “CanisterWorm,” in which threat actors steal npm access tokens and weaponize legitimate publisher accounts at scale. The group, tracked as “TeamPCP,” has compromised trusted namespaces including @emi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding three critical security flaws affecting the Apple ecosystem. Officially added to the Known Exploited Vulnerabilities (KEV) catalog on March 20, 2026, th…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new variant of the MaaS infostealer VoidStealer has become the first malware observed in the wild to weaponize a debugger‑based bypass for Google Chrome’s Application‑Bound Encryption (ABE), using hardware breakpoints to steal Chrome’s v20_master_key…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A major data breach has reportedly compromised Crunchyroll, the popular Sony-owned anime streaming service. Threat actors claim to have successfully stolen 100 GB of personally identifiable information (PII) from the platform. The breach allegedly took…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The notorious hacking collective known as LAPSUS$ has resurfaced, allegedly claiming responsibility for a significant data breach involving multinational pharmaceutical giant AstraZeneca. The threat actors are reportedly attempting to sell a compressed…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Oracle recently issued an urgent security alert regarding a critical Remote Code Execution (RCE) flaw that impacts both Oracle Identity Manager and Oracle Web Services Manager. Tracked as CVE-2026-21992, this vulnerability allows attackers to compromis…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A highly sophisticated supply chain attack has successfully compromised the official Trivy GitHub Actions repository, severely impacting continuous integration environments. Discovered on March 19, 2026, this breach represents the second major security…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
