Archive
All articles, newest first. Page 12.
YellowKey: Microsoft Issues Emergency Mitigations for BitLocker Bypass
Microsoft issued temporary mitigations on May 20 for CVE-2026-45585, a BitLocker bypass vulnerability exploited through the Windows Re…
Trend Micro: CISA Adds Exploited Apex One Zero-Day to KEV Catalog with June 4 Deadline
CVE-2026-34926 affects on-premise Apex One installations. This directory traversal zero-day is under active exploitation, prompting CI…
Operation Saffron Dismantles First VPN, Exposing 25 Ransomware Groups
Operation Saffron has dismantled First VPN, a cornerstone anonymization service used by at least 25 ransomware groups since 2014. The…
DocketWise Data Breach: 143,480 Impacted via Third-Party Repository Exposure
Legal-tech platform DocketWise has notified 143,480 individuals of a data breach involving cloned third-party repositories. The incide…
The Oncology Institute Discloses Patient Data Breach Linked to Third-Party Vendor
The Oncology Institute (TOI) confirmed in an SEC filing that unauthorized actors accessed patient data through a third-party software…
Radiology Associates of Richmond Discloses Breach Affecting 266,000 Following Nine-Month Investigation
Radiology Associates of Richmond has confirmed a July 2025 data breach impacting over 266,000 patients. The disclosure follows a nine-…
CISA Adds Microsoft Defender DoS Flaw to KEV Catalog with June 3 Deadline
CISA has added CVE-2026-45498, a Denial of Service vulnerability in Microsoft Defender, to its Known Exploited Vulnerabilities catalog…
NGate Malware Trojanizes HandyPay App to Steal Contactless PINs in Brazil
ESET Research has uncovered a new NGate variant that trojanizes the legitimate HandyPay Android app to relay NFC data and intercept PI…
CVE-2026-41091: Microsoft Defender Engine Exploited for SYSTEM Privilege Escalation
A link-following vulnerability in the Microsoft Malware Protection Engine enables local privilege escalation to SYSTEM. An analysis of…
CISA Adds Critical Langflow Vulnerability (CVE-2025-34291) to KEV Catalog Following Active Exploitation
CISA has added CVE-2025-34291, a critical origin validation flaw in the Langflow platform, to its Known Exploited Vulnerabilities cata…
Fake Data Breach Alerts: When the Warning Becomes the Trap
Cybercriminals are weaponizing 'breach fatigue' and generative AI to craft hyper-realistic phishing alerts that mimic official inciden…
Anthropic’s Project Glasswing Unearths 10,000 Flaws, Triggering 'Patching Paralysis'
Project Glasswing identified over 10,000 critical vulnerabilities in just one month. As Anthropic’s Claude Mythos model accelerates di…
May 2026 Patch Tuesday: 137 Flaws and the Domain Controller Threat
Microsoft's May 2026 security update addresses 137 vulnerabilities, including 31 critical flaws. While no zero-days were reported, una…
CVE-2026-48172: Critical Root Escalation in LiteSpeed cPanel Plugin Under Active Attack
A critical vulnerability in LiteSpeed’s cPanel plugin allows for privilege escalation to root. We break down the mechanism and provide…
Ransomware 2026: Post-Quantum Ciphers, Encryptionless Extortion, and the Rise of EDR-Killers
The 2026 ransomware landscape is defined by the adoption of post-quantum algorithms and a shift toward encryptionless extortion, with…
Apple Patches macOS RCE Vulnerability in USD Library (ZDI-26-314)
A critical out-of-bounds write in the macOS USD library could allow remote code execution through malicious 3D files. Apple released a…
macOS USD Library Bug ZDI-26-315 Exposes System Memory, Patch Issued May 12
Apple has addressed ZDI-26-315, an out-of-bounds read vulnerability in the macOS Universal Scene Description (USD) library. Rated CVSS…
Verizon DBIR 2026: Vishing Success Rates Surpass Email by 40%
The 2026 Verizon Data Breach Investigations Report (DBIR) reveals a 2% median click rate for phone-based phishing, significantly highe…
AI Unearths 300 WordPress Zero-Days for $20 Each: The Human Triage Crisis
A high-efficiency AI pipeline has discovered over 300 critical zero-day vulnerabilities in WordPress plugins at an estimated cost of $…
GitLab 19.0 Debuts Native Secrets Management and Air-Gapped AI
GitLab 19.0 integrates native secrets management, agentic merge request workflows, and self-hosted AI models, reinforcing its 'single…
Cloud Atlas Upgrades Arsenal: Novel Backdoors and Stealth RDP Patching for Cyber-Espionage
Between 2025 and 2026, the Cloud Atlas APT deployed previously undocumented backdoors, VBCloud and PowerShower, alongside modified sys…
M365 Phishing: How Kali365 and EvilTokens Bypass MFA Without Passwords
Two emerging Phishing-as-a-Service (PhaaS) platforms are leveraging device code phishing and OAuth consent abuse to hijack Microsoft 3…
TrendAI Fixes Actively Exploited Apex One Zero-Day; CISA Sets June 4 Patch Deadline
TrendAI has issued critical patches for CVE-2026-34926, a directory traversal vulnerability in Apex One on-premises installations curr…
30-Minute Lateral Breakouts: Why the SOC is Losing the Race Against AI-Driven Threats
Average breakout times have accelerated by 29%, with the fastest recorded exfiltration dropping from over four hours to just six minut…