-
New phishing framework Starkiller is enabling more convincing, scalable credential theft by proxying real login pages and bypassing multi-factor authentication (MFA), significantly raising the bar for defenders. Traditional phishing kits typically serv…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
On February 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical flaws in Roundcube Webmail. These vulnerabilities, CVE-2025-49113 and CVE-2025-68461, are…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A serious security flaw in jsPDF, a widely used JavaScript library for generating PDFs in web browsers, puts millions of developers and their users at risk. CVE-2026-25755 allows attackers to perform PDF Object Injection through the library’s add…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hewlett Packard Enterprise (HPE) has issued a security bulletin warning customers of a serious vulnerability in its Telco Service Activator product that could allow attackers to remotely bypass access restrictions. The vulnerability, identified as CVE-…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
North Korean state-backed hackers are running large-scale fake IT worker and “Contagious Interview” campaigns that abuse developer hiring workflows to deliver JavaScript-based malware, steal code and credentials, and covertly generate revenue for the r…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
DPRK-linked operators are maintaining a relentless focus on the crypto sector, with activity accelerating rather than slowing in the year since the record-breaking Bybit breach. On 21 February 2025, threat actors linked to North Korea stole around 1.46…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Silver Fox APT is running a new wave of targeted attacks in Taiwan that combine DLL sideloading and Bring Your Own Vulnerable Driver (BYOVD) techniques to deploy Winos 4.0 (ValleyRat) while aggressively disabling security tools. The campaigns rely on h…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Serious vulnerabilities in four popular Visual Studio Code (VS Code) extensions, affecting over 128 million downloads. These flaws, including three assigned CVEs CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717, highlight IDEs as the weakest link in …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A cache deception vulnerability in SvelteKit apps deployed on Vercel exposes sensitive user data to attackers. The flaw allows publicly cached responses to be authenticated. SvelteKit, a full-stack JavaScript framework, often pairs with Vercel for depl…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Feb. 20, 2026 – Advantest Corporation, a top supplier of semiconductor test equipment, revealed it is battling a ransomware attack that struck its network last weekend. The incident, detected on February 15 (JST), has disrupted multiple systems and rai…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
