HTTP/2 Bomb: How Default Configurations Open a New DoS Vector
HTTP/2 Bomb: How Default Configurations Open a New DoS Vector A newly disclosed Denial-of-Service (DoS) technique dubbed HTTP/2 Bomb can crash or stall servers that run default HTTP/2 configurations a...
CVE-2025-48595: June 2026 Android Security Update Fixes Framework Zero...
CVE-2025-48595: June 2026 Android Security Update Fixes Framework Zero-Day Google’s June 2026 Android Security Bulletin includes a fix for an Android Framework elevation of privilege zero-day tracked ...
Charter Data Breach: ShinyHunters Claims 42 Million Records Stolen on ...
Charter Data Breach: ShinyHunters Claims 42 Million Records Stolen on the Dark Web Charter Communications, the U.S. telecommunications company behind the Spectrum brand, has confirmed a cybersecurity ...
April 2026: ShinyHunters Hits Medtronic and ADT as North Korean Hacker...
April 2026: ShinyHunters Hits Medtronic and ADT as North Korean Hackers Drain DeFi Protocols April 2026 delivered a concentrated wave of high-impact incidents across healthcare, financial services, co...
TrapDoor: Malicious npm, PyPI, Crates.io Packages Target Developer Sec...
TrapDoor: Malicious npm, PyPI, Crates.io Packages Target Developer Secrets & AI Tooling Researchers identified a coordinated supply chain malware campaign named TrapDoor, involving waves of malici...
CVE-2026-20223: Cisco Secure Workload Auth Bypass Grants Site Admin Ac...
CVE-2026-20223: Cisco Secure Workload Auth Bypass Grants Site Admin Access Cisco has patched a maximum-severity vulnerability in Cisco Secure Workload (CSW) Cluster Software tracked as CVE-2026-20223....
CVE-2024-12802: SonicWall SSL-VPN MFA Bypass Persists on Gen6
CVE-2024-12802: SonicWall SSL-VPN MFA Bypass Persists on Gen6 CVE-2024-12802 is an authentication bypass that can result in an SSL-VPN MFA bypass affecting SonicWall SonicOS / SonicWall SSL-VPN when t...
B1ack's Stash Releases 4.6 Million Stolen Credit Cards for Free
B1ack’s Stash Releases 4.6 Million Stolen Credit Cards for Free A notorious Dark Web carding marketplace is making headlines again. B1ack’s Stash, one of the most active illicit card shops on the Dark...
Inside The Gentlemen Ransomware Leak: When the Hunter Becomes the Hunt...
Inside The Gentlemen Ransomware Leak: When the Hunter Becomes the Hunted Ransomware groups spend their days breaking into networks, stealing data, and pressuring victims into paying. They rarely find ...
CVE-2026-20182: Cisco Catalyst SD-WAN Auth Bypass Added to CISA KEV
CVE-2026-20182: Cisco Catalyst SD-WAN Auth Bypass Added to CISA KEV Cisco has disclosed CVE-2026-20182, a critical authentication bypass affecting Cisco Catalyst SD-WAN Controller (formerly vSmart) an...
CVE-2026-42945: NGINX Rewrite Heap Overflow Enables Remote DoS & Poten...
CVE-2026-42945: NGINX Rewrite Heap Overflow Enables Remote DoS & Potential RCE CVE-2026-42945 is a heap-based buffer overflow in NGINX that occurs in ngx_http_rewrite_module (the rewrite module). ...
BreachForums & TeamPCP Promote Supply Chain Competition as Cybercrime ...
BreachForums & TeamPCP Promote Supply Chain Competition as Cybercrime Gets Gamified Underground cybercrime communities are increasingly borrowing ideas from legitimate tech ecosystems: branding, p...
May 2026 Patch Tuesday: 137 Vulnerabilities, No Zero-Days
May 2026 Patch Tuesday: 137 Vulnerabilities, No Zero-Days Microsoft released its May 2026 Patch Tuesday security updates, resolving a total of 137 vulnerabilities across Windows and a broad range of M...
Checkmarx Jenkins Plugin Backdoored in New TeamPCP Supply Chain Attack
Checkmarx Jenkins Plugin Backdoored in New TeamPCP Supply Chain Attack It hasn’t been long since TeamPCP made headlines for compromising Checkmarx’s GitHub Actions and OpenVSX extensions as part of a ...
SOCRadar Recognized in the 2026 Gartner® Magic Quadrant™ for Cyberthre...
SOCRadar Recognized in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies SOCRadar is positioned as a Visionary in the inaugural Magic Quadrant report for Threat Intelligence,...
CVE-2026-6973: Authenticated Admin RCE In Ivanti EPMM Added to CISA KE...
CVE-2026-6973: Authenticated Admin RCE In Ivanti EPMM Added to CISA KEV Ivanti has patched CVE-2026-6973, a high-severity remote code execution (RCE) vulnerability affecting Ivanti Endpoint Manager Mo...
CVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25
CVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25 CVE-2026-26956 is a critical sandbox escape affecting the Node.js sandbox library vm2. In vm2 3.10.4, attacker-controlled JavaScript e...
CVE-2026-23918: Apache HTTP Server HTTP/2 Double Free With Possible RC...
CVE-2026-23918: Apache HTTP Server HTTP/2 Double Free With Possible RCE CVE-2026-23918 is a vulnerability in Apache HTTP Server (httpd) that affects its HTTP/2 implementation and can lead to a double ...
CVE-2026-0300 Enables Root RCE in PAN-OS Captive Portal
CVE-2026-0300 Enables Root RCE in PAN-OS Captive Portal Palo Alto Networks disclosed CVE-2026-0300, a critical pre-authentication buffer overflow in the User-ID™ Authentication Portal (Captive Portal)...
Trellix Source Code Repository Incident: What Defenders Should Know
Trellix Source Code Repository Incident: What Defenders Should Know Trellix publicly disclosed that it identified unauthorized access to a portion of its internal source code repository. The company s...