-
Cisco has issued a high-severity security advisory detailing a critical connection exhaustion vulnerability affecting its network management software. Tracked as CVE-2026-20188, this flaw carries a CVSS base score of 7.5. It directly impacts both the C…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Multiple critical sandbox-escape vulnerabilities have been disclosed in vm2, one of the most widely used Node.js sandboxing libraries, allowing attackers to escape the isolated execution environment and run arbitrary commands directly on the host syste…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A wave of ClickFix-style social engineering attacks that specifically target macOS users, using fake disk cleanup and system utility tips hosted on popular content platforms. Instead of installing helpful tools, these Terminal commands silently fetch a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Iranian state-sponsored threat actors linked to MuddyWater (Seedworm) have been caught hiding behind the Chaos ransomware brand to conduct sophisticated espionage operations, using Microsoft Teams as a phishing vector to steal credentials and manipulat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Multiple high-severity vulnerabilities in the WatchGuard Agent for Windows could allow malicious actors to elevate their privileges to the highest system level or disrupt critical security services. With CVSS scores up to 8.5, these vulnerabilities pos…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A powerful new Windows malware family dubbed Salat Stealer, a Go-based Remote Access Trojan (RAT) that blends classic infostealing with a stealthy QUIC/WebSocket command-and-control (C2) channel and resilient blockchain-backed infrastructure. Written i…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new large-scale phishing campaign is abusing fake event invitations to compromise U.S. organizations, combining credential theft, OTP interception, and the deployment of remote monitoring and management (RMM) tools in a single operation. The campaign…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A distributed denial-of-service attack targeted a major user-generated content platform, generating an astonishing 2.45 billion malicious requests in just 5 hours. Security provider DataDome successfully intercepted the assault in real time, ensuring l…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A large-scale fraud and malware operation called FEMITBOT that abuses Telegram Mini Apps to steal cryptocurrency and infect Android devices. The campaign shows how trusted in-app web experiences can be turned into powerful tools for social engineering …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly identified dark web platform, Darkhub, is advertising a wide range of hacking-for-hire services, including account compromise, surveillance, and financial manipulation. The service, accessible via the Tor network, presents itself as a centraliz…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
