-
A recent campaign has targeted improperly secured Open WebUI systems, allowing threat actors to deploy malicious artificial intelligence payloads. Open WebUI is a highly popular self-hosted interface designed to enhance large language models. Shodan sc…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies and organizations using the …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
ConnectWise has released a critical security update for its ScreenConnect remote desktop software to address a severe vulnerability that allows attackers to hijack user sessions. The flaw, which compromises the protection of server-level cryptographic …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google Threat Intelligence Group (GTIG) has uncovered a highly sophisticated iOS full-chain exploit dubbed DarkSword. Active since November 2025, this exploit leverages multiple zero-day vulnerabilities to compromise Apple devices running iOS 18.4 thro…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security research has uncovered an active Interlock ransomware campaign exploiting a critical zero-day vulnerability in Cisco Secure Firewall Management Centre (FMC) software. Utilizing this unauthenticated remote code execution flaw via the Amazon Mad…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researchers detail “Claudy Day” flaws in Claude AI that could enable data theft using fake Google Ads, hidden…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apple has released emergency security updates to address a critical WebKit vulnerability that currently exposes iPhone, iPad, and Mac users to sophisticated content-based bypass attacks. Delivered seamlessly via the Background Security Improvements mec…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical buffer overflow vulnerability has been discovered in the GNU InetUtils telnetd daemon. Tracked as CVE-2026-32746, the flaw carries a maximum CVSS 3.1 score of 9.8 and allows unauthenticated attackers to execute arbitrary code with root privi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Qualys Threat Research Unit (TRU) has disclosed a critical Local Privilege Escalation (LPE) vulnerability affecting default installations of Ubuntu Desktop version 24.04 and later. Tracked as CVE-2026-3888, this high-severity flaw carries a CVSS v3…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed security flaw in the Kubernetes Container Storage Interface (CSI) Driver for Network File System (NFS) exposes storage servers to unauthorized directory modification and deletion. Tracked as CVE-2026-3864 with a medium-severity CVSS v…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
