-
Researchers demonstrate multiple attacks against major password managers, showing how compromised servers and design flaws can expose encrypted vault data.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A cache deception vulnerability in SvelteKit apps deployed on Vercel exposes sensitive user data to attackers. The flaw allows publicly cached responses to be authenticated. SvelteKit, a full-stack JavaScript framework, often pairs with Vercel for depl…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Feb. 20, 2026 – Advantest Corporation, a top supplier of semiconductor test equipment, revealed it is battling a ransomware attack that struck its network last weekend. The incident, detected on February 15 (JST), has disrupted multiple systems and rai…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A serious flaw in Splunk Enterprise for Windows that lets low-privileged users hijack DLL loading and escalate to SYSTEM-level access. Tracked as CVE-2026-20140, this local privilege escalation (LPE) vulnerability stems from DLL search-order hijacking …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A popular open-source automation server used by developers worldwide to build, test, and deploy software faces serious security risks from recent flaws. On February 18, 2026, two vulnerabilities were detailed in the core Jenkins software. The most crit…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical unauthenticated stack-based buffer overflow vulnerability, tracked as CVE-2026-2329, affecting Grandstream GXP1600 series VoIP phones. The vulnerability, rated as critical with a CVSS score of 9.8, allows remote attackers to gain root privil…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are actively exploiting a critical vulnerability in BeyondTrust’s remote support software to deploy the VShell backdoor and SparkRAT remote access trojan, enabling full compromise of exposed systems. The vulnerability, tracked as CVE-2026-1731,…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Beyond CVE, China’s dual vulnerability databases, CNVD and CNNVD, show that vulnerability disclosure is not a single, global, unified process but a set of parallel systems with different rules, incentives, and timelines. China runs two national vulnera…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researchers at Hudson Rock have identified a live infection where an infostealer exfiltrated a victim’s OpenClaw configuration. The discovery highlights a shift in malware behaviour toward harvesting personal AI identity files.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Social engineering campaigns are becoming increasingly sophisticated, moving beyond simple phishing emails to more complex technical deceptions. The “ClickFix” tactic, which typically tricks users into copying and pasting malicious scripts …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
