CYBERSEC

Novo Nordisk: Exposed GitHub Token Leads to 1.3 TB Theft Over Two Months

A GitHub personal access token exposed in client-side JavaScript opened a two-month dwell window: roughly 1.3 TB of data, AI models, a…

Jun 18, 2026views - 904

CYBERSEC

Klue Breach: Dormant OAuth Credential Opens Multi-Victim Door to Salesforce

The Icarus extortion group exfiltrated CRM data from Klue customers by abusing stolen OAuth tokens. Cybersecurity vendor Huntress conf…

Jun 18, 2026views - 1.1k

CYBERSECCRITICAL

Splunk Enterprise PostgreSQL Sidecar Bug (CVSS 9.8) Enables Unauthenticated RCE

CVE-2026-20253 allows unauthenticated remote code execution on Splunk Enterprise. The web proxy on port 8000 exposes an internal Postg…

Jun 18, 2026views - 956

ransomwareZERO-DAY

INC Ransomware: 800 Victims, Not a Single Zero-Day

INC ranks among the world's most active ransomware groups despite relying exclusively on known techniques. The Acronis report reveals…

Jun 17, 2026views - 758

CYBERSEC

MySQL Exposed at 26%: The 2026 Top 10 Attack Surface Exposures

Intruder's 2026 ASM Index reveals exposed databases and admin panels as primary vectors. Time-to-exploit has collapsed to a single day…

Jun 17, 2026views - 1.2k

CYBERSEC

GhostTree: The NTFS Attack That Freezes EDR

Varonis Threat Labs disclosed GhostTree, an evasion technique that neutralizes Windows Defender using recursive NTFS junctions — no el…

Jun 16, 2026views - 954

VULNCRITICAL

Vertex AI SDK: Cross-Tenant Bucket Squatting Enabled RCE

Google Cloud Vertex AI SDK versions 1.139.0 through 1.140.0 were vulnerable to cross-tenant bucket squatting leading to remote code ex…

Jun 16, 2026views - 907

malware

DragonForce Weaponizes Microsoft Teams TURN Relays for Stealth C2

The DragonForce ransomware group deployed Backdoor.Turn, the first documented in-the-wild malware to abuse Microsoft Teams' legitimate…

Jun 16, 2026views - 822

CYBERSEC

Chinese APT UNC6508: A Year of Espionage on REDCap Servers

Google exposes UNC6508: over a year of REDCap server compromise at U.S. and Canadian medical and military institutions using InfiniteR…

Jun 15, 2026views - 751

CYBERSECZERO-DAY

ShinyHunters Hits 100+ Universities with Oracle Zero-Day

CVE-2026-35273 in PeopleSoft EMHub: unauthenticated RCE, CVSS 9.8, 68% of victims in higher education. CISA mandates patch by June 15.

Jun 14, 2026views - 1.5k

VULNCVE

Langflow CVE-2026-5027: RCE Under Active Exploitation with 7,000 Instances Exposed

A critical path traversal vulnerability in Langflow is being exploited in the wild. CVE-2026-5027 (CVSS 8.8) enables unauthenticated r…

Jun 13, 2026views - 942

CYBERSECCVE

CVE-2026-3886: QEMU virtio-gpu Integer Overflow Enables Guest-to-Host Escape

An integer overflow in QEMU’s virtio-gpu driver allows local privilege escalation from guest to host with a CVSS score of 8.8. The ups…

Jun 10, 2026views - 1.1k