-
DigitStealer is an increasingly active macOS‑targeting infostealer whose predictable command‑and‑control (C2) setup exposes structural weaknesses in its operators’ infrastructure decisions. While technically sophisticated on the endpoint, its reuse of …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The three major cloud-based password managers, such as Bitwarden, LastPass, and Dashlane, collectively serve approximately 60 million users. Despite marketing claims of “zero-knowledge encryption,” the research team demonstrated that these …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft’s February 10, 2026, Patch Tuesday cumulative update KB5077181 for Windows 11 is being linked to severe boot failures on some devices, with users reporting systems that restart repeatedly and never reach the desktop. The issue is pr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Joomla site owners using extensions that bundle the Novarain/Tassos Framework are being warned after a source code review identified multiple attack primitives that can be chained together to achieve administrator takeover and reliable remote code exec…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Feiniu fnOS network-attached storage (NAS) devices have been pulled into a large Netdragon botnet after attackers exploited still-unpatched vulnerabilities, turning home and small‑business storage into infrastructure for DDoS attacks. The malware open…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ivanti has issued a high-security update for its Endpoint Manager (EPM) solution to address two significant vulnerabilities that could put organisational data at risk. The advisory, released on February 9, 2026, highlights a high-severity flaw that all…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE) to address multiple high-severity vulnerabilities. These patches, detailed in the release notes for versions 18.8.4, 18.7.4, and 18.6.6, resolve fl…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft’s February 2026 Patch Tuesday update has arrived with critical urgency, addressing 54 security vulnerabilities across its ecosystem. This month’s release is particularly severe due to the inclusion of six zero-day vulnerabilities that are cur…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated new cyber campaign has been detected targeting Ivanti Endpoint Manager Mobile (EPMM) systems. Starting on February 4, 2026, threat actors began exploiting two critical vulnerabilities, CVE-2026-1281 and CVE-2026-1340, to plant dormant b…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Two medium-severity vulnerabilities, an unsecured email API endpoint and verbose error messages exposing OAuth tokens, chain together to enable authenticated phishing that bypasses all email security controls, persistent access to Microsoft 365 environ…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
