-
Novee researchers find high-severity CVE-2026-26268 flaw in Cursor AI, allowing hackers to run malicious code when developers clone repositories.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Forcepoint’s X-Labs reports an 11-step DHL phishing scam that uses fake OTP codes and EmailJS to harvest user credentials and device telemetry.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security experts have found a high-severity flaw named Pack2TheRoot in PackageKit that allows hackers to gain full root access on multiple Linux distributions.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA and NCSC warn that FIRESTARTER, a Linux-based backdoor, targets Cisco Firepower devices, evades patches, and enables persistent access even after firmware updates.
·
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security Risk in 2026: why unofficial download sources still put users at risk, and how to verify safe, official install paths before installing software.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
LayerX research finds 82 Chrome extensions collecting and selling user data, affecting at least 6.5 million users through disclosed but concerning practices.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
UNC6692 hackers exploit Microsoft Teams with fake IT alerts to deploy SNOW malware, steal credentials, and breach corporate networks in advanced attacks.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
New version of Vidar infostealer spreads via fake CAPTCHAs, hides in JPEG and TXT files, uses fileless attacks and steals browser, crypto wallet data.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft Entra Agent ID flaw allowed privilege escalation and tenant takeover via Service Principal abuse, now fully patched by Microsoft.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Research from Infoblox reveals a massive Click2SMS fraud scheme using fake CAPTCHAs and back button hijacking to trick victims into sending costly international texts.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
