-
Security researchers have identified four new vulnerabilities in the Spring Cloud Config Server, ranging from medium to critical severity. These newly disclosed flaws could allow attackers to access arbitrary files, leak Google Cloud Platform (GCP) sec…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are abusing fake Claude AI installer pages promoted through Google Ads to trick users into running malware in a campaign. The operation combines highly realistic install guides with a stealthy, multi‑stage infection chain that abuses trusted Wi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
New tactics used by threat actors who embed phone numbers in scam emails as a key indicator of compromise (IOC), revealing how attackers exploit VoIP infrastructure to evade detection and scale fraud operations. Telephone-oriented attack delivery (TOAD…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has officially rolled out Chrome version 148 to the stable channel, delivering a massive security overhaul that addresses 127 vulnerabilities across Windows, Mac, and Linux. The update, now available as version 148.0.7778.96 for Linux and 148.0….
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new China-linked hacking group, tracked as UAT-8302, that is using custom malware and open-source tools to spy on government organizations in South America and southeastern Europe. The campaign focuses on long-term access and data theft, combining ad…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are abusing Google Ads to steal GoDaddy ManageWP credentials by placing a look‑alike phishing ad above the legitimate ManageWP result and proxying victims’ logins in real time via an adversary‑in‑the‑middle (AiTM) setup. The attackers purchase …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Redis has disclosed and patched five security vulnerabilities, including four rated High severity, that could allow authenticated attackers to achieve remote code execution (RCE) on affected Redis servers. The advisory, published May 5, 2026, by Redis …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Malicious NuGet packages are quietly stealing browser credentials, SSH keys, and cryptocurrency wallet data from developer machines and CI/CD infrastructure, with a particular focus on Chinese .NET ecosystems. The campaign blends legitimate-looking UI …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco has issued a high-severity security advisory detailing a critical connection exhaustion vulnerability affecting its network management software. Tracked as CVE-2026-20188, this flaw carries a CVSS base score of 7.5. It directly impacts both the C…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Multiple critical sandbox-escape vulnerabilities have been disclosed in vm2, one of the most widely used Node.js sandboxing libraries, allowing attackers to escape the isolated execution environment and run arbitrary commands directly on the host syste…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
