Cybersecurity
Curated coverage and analysis in this editorial area.
Adobe ColdFusion: Security Update Addresses Reported Authentication Bypass
Advisory ZDI-26-263 describes a reported remote authentication bypass in Adobe ColdFusion. With a CVSS score of 6.5, the vulnerability…
Cisco SD-WAN: Potential Targeted Activity Involving Controllers
A report describes potential exploitation of SD-WAN vulnerabilities, noting activity attributed to a group designated as UAT-8616 and…
Docker Desktop ECI Flaw: High-Severity LPE Vulnerability Enables Container Escapes
A vulnerability in Docker Desktop’s Enhanced Container Isolation (ECI) allows for local privilege escalation with a CVSS score of 8.8.…
7-Eleven Data Breach Exposes 185,000 Records Following Extortion Attempt
Verified reports confirm that 185,300 unique records were compromised after an unauthorized party accessed 7-Eleven’s franchisee docum…
F-Secure Leverages Android Accessibility for Scam Defense: A High-Privilege Trade-off
F-Secure Internet Security for Android utilizes Accessibility Services permissions to monitor URLs in Chrome and block phishing, highl…
CVE-2026-5426: KnowledgeDeliver LMS Targeted by Zero-Day ViewState Exploit
Hard-coded ASP.NET machine keys in KnowledgeDeliver LMS have enabled unauthenticated RCE attacks. Threat actors deployed the BLUEBEAM…
TrapDoor Campaign Targets Crypto and AI Developers via 34+ Malicious Packages
The TrapDoor campaign deployed credential-stealing malware across npm, PyPI, and Crates.io, exfiltrating crypto wallets and weaponizin…
Operation Saffron Dismantles First VPN, Exposing 25 Ransomware Groups
Operation Saffron has dismantled First VPN, a cornerstone anonymization service used by at least 25 ransomware groups since 2014. The…
DocketWise Data Breach: 143,480 Impacted via Third-Party Repository Exposure
Legal-tech platform DocketWise has notified 143,480 individuals of a data breach involving cloned third-party repositories. The incide…
The Oncology Institute Discloses Patient Data Breach Linked to Third-Party Vendor
The Oncology Institute (TOI) confirmed in an SEC filing that unauthorized actors accessed patient data through a third-party software…
Radiology Associates of Richmond Discloses Breach Affecting 266,000 Following Nine-Month Investigation
Radiology Associates of Richmond has confirmed a July 2025 data breach impacting over 266,000 patients. The disclosure follows a nine-…
CVE-2026-41091: Microsoft Defender Engine Exploited for SYSTEM Privilege Escalation
A link-following vulnerability in the Microsoft Malware Protection Engine enables local privilege escalation to SYSTEM. An analysis of…