all—News
Top News
Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service
July 1, 2026Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs
June 29, 2026Claude Fable 5 isn’t permanently leaving subscriptions, Anthropic says
July 3, 2026North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets
July 3, 2026Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign
June 26, 2026Medtronic notifies customers impacted by ShinyHunters data breach
July 2, 2026Latest News
BeyondTrust warns of critical flaws in remote access softwareBeyondTrust warned customers to patch two critical security flaws in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow attackers to bypass authentication.
Microsoft testing new Cloud Rebuild Windows 11 recovery featureMicrosoft has begun testing the Cloud Rebuild recovery feature in the latest Windows 11 Insider Preview builds released for users in the Experimental channel.
CERT/CC Warns of Hidden Admin Backdoor in Tenda Router FirmwareSeveral versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. "An attacker can exploit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process
BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRABeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices. The vulnerabilities are listed below - CVE-2026-40138 (CVSS score: 9.2) - A pre-authentication vulnerability exists in the
Phishing poses as big-brand job interview to steal Google accountsA phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals.
Fake IT support calls on Microsoft Teams push EtherRAT malwareThreat actors are abusing Microsoft Teams voice calls by impersonating corporate IT support staff to trick employees into installing the EtherRAT malware, giving attackers initial access to corporate networks.
Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli OrganizationsAn Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations. The activity, which has primarily singled out IT providers and government sectors, has been attributed to a threat cluster tracked by Check Point Research
Vietnam arrests suspects behind HiAnime anime piracy serviceVietnamese authorities have arrested and are prosecuting seven suspects believed to have run HiAnime, the largest anime piracy streaming service before its shutdown in June.
16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 SystemsA use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed 'Januscape' and tracked as CVE-2026-53359, the flaw sits in the shadow MMU code that KVM shares across both Intel and AMD. The public proof-of-concept panics the host; the researcher claims that a separate, unreleased exploit
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After DisclosureThreat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header from any source IP address, effectively allowing an unauthenticated internet client to get elevated