Trellix Source Code Repository Incident: What Defenders Should Know
Trellix Source Code Repository Incident: What Defenders Should Know Trellix publicly disclosed that it identified unauthorized access to a portion of its internal source code repository. The company s...
ShinyHunters Breached Instructure: 275 Million Students, Teachers and ...
ShinyHunters Breached Instructure: 275 Million Students, Teachers and Staff Potentially Exposed If your school uses Canvas, your data may already be in the hands of one of the most active hacking grou...
CVE-2026-4670 & CVE-2026-5174: MOVEit Automation Flaws Enable Auth Byp...
CVE-2026-4670 & CVE-2026-5174: MOVEit Automation Flaws Enable Auth Bypass and Privilege Escalation Progress Software has disclosed and patched two vulnerabilities in MOVEit Automation, its managed...
March 2026: Wiper Attack Paralyzes Stryker as BPO Breaches & Data Thef...
March 2026: Wiper Attack Paralyzes Stryker as BPO Breaches & Data Thefts Sweep the Month March 2026 brought a heavy concentration of significant cyber incidents across healthcare, outsourcing, sof...
CVE-2026-31431: "Copy Fail," the Nine-Year-Old Linux Bug Introduced in...
CVE-2026-31431: “Copy Fail,” the Nine-Year-Old Linux Bug Introduced in 2017 A vulnerability hiding in plain sight for nearly a decade, capable of granting full root access to almost any Linux server w...
Chinese Cybercrime Infrastructure Detected: Automated Exploitation & H...
Chinese Cybercrime Infrastructure Detected: Automated Exploitation & Harvesting Infrastructure SOCRadar Threat Research Team identified automated Chinese cybercrime infrastructure that blends larg...
SAP Ecosystem Targeted: The Mini Shai-Hulud Supply Chain Attack
SAP Ecosystem Targeted: The Mini Shai-Hulud Supply Chain Attack A sophisticated npm supply-chain compromise dubbed “Mini Shai-Hulud” has recently emerged, creating an urgent risk for SAP CAP developme...
CVE-2026-3854 Exposes a Critical Weak Point in GitHub’s Git Push Pipel...
CVE-2026-3854 Exposes a Critical Weak Point in GitHub’s Git Push Pipeline A newly disclosed GitHub vulnerability, CVE-2026-3854, has drawn attention because it turned a routine git push operation into...
Handala Hack Targets U.S. Troops with Doxxing Threats in Bahrain
Handala Hack Targets U.S. Troops with Doxxing Threats in Bahrain On Monday, U.S. service members stationed in Bahrain started getting WhatsApp messages on their personal phones telling them they were ...
Bitwarden CLI Hijacked in npm Supply Chain Attack Linked to TeamPCP & ...
Bitwarden CLI Hijacked in npm Supply Chain Attack Linked to TeamPCP & Checkmarx Breach A malicious version of the Bitwarden CLI circulated on npm for roughly 90 minutes on April 22, 2026, silently...
How AI Changed Vishing: Case of PlugValley
How AI Changed Vishing: Case of PlugValley Vishing or voice phishing is not a new attack. Fraudsters have been calling people and pretending to be banks, government agencies, and tech support for deca...
CVE-2026-38526 in Krayin CRM Enables RCE
CVE-2026-38526 in Krayin CRM Enables RCE CVE-2026-38526 is a critical authenticated remote code execution (RCE) vulnerability affecting Webkul Krayin CRM / Krayin Laravel CRM v2.2.x. The issue is in t...
Vercel Breach: Hacker Claims to Sell Stolen Data in Potential Global S...
Vercel Breach: Hacker Claims to Sell Stolen Data in Potential Global Supply Chain Attack On April 19, 2026, Vercel, the cloud development platform behind Next.js and Turbopack, disclosed a security in...
Public Elasticsearch Servers Expose 9.8 Billion Credential Records Acr...
Public Elasticsearch Servers Expose 9.8 Billion Credential Records Across Enterprise, Cloud, and AI Platforms Misconfigured Elasticsearch servers continue to expose massive volumes of sensitive data. ...
BlueHammer, RedSun, and UnDefend: Three Windows Defender Zero-Days Exp...
BlueHammer, RedSun, and UnDefend: Three Windows Defender Zero-Days Exploited in the Wild Three Windows Defender vulnerabilities disclosed as zero-days in April 2026 are now being actively exploited: B...
April 2026 Patch Tuesday: 165 Vulnerabilities, Two Zero-Days Including...
April 2026 Patch Tuesday: 165 Vulnerabilities, Two Zero-Days Including One Actively Exploited Microsoft released its April 2026 Patch Tuesday security updates, resolving a total of 165 vulnerabilities...
CVE-2026-34486: Apache Tomcat Tribes Regression Creates Unauthenticate...
CVE-2026-34486: Apache Tomcat Tribes Regression Creates Unauthenticated RCE Path Apache Tomcat users running Tribes clustering should pay attention to CVE-2026-34486, an important-severity regression ...
Claude Code & ChatGPT Used to Steal Millions of Records in Mexican Gov...
Claude Code & ChatGPT Used to Steal Millions of Records in Mexican Government Breach A cyberattack spanning nine Mexican government organizations has become one of the clearest examples yet of how...
CVE-2026-34621: Adobe Acrobat Reader Zero-Day Enables Arbitrary Code E...
CVE-2026-34621: Adobe Acrobat Reader Zero-Day Enables Arbitrary Code Execution via Crafted PDF Adobe released an emergency update for Adobe Acrobat and Adobe Acrobat Reader on Windows and macOS to add...
Could XChat Become a Telegram Rival and a Future Hub for Threat Actors...
Could XChat Become a Telegram Rival and a Future Hub for Threat Actors? X’s upcoming messaging app, XChat, is being presented as more than a simple upgrade to direct messages. Public details point to ...