Page 1 of 10 · 359 stories from the last 30 days across 20 trusted sources.
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
1storyEPSS 81%Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
2storiesEPSS 19%AICritical unauthenticated RCE in Splunk Enterprise (CVE-2026-20253) exploited in wild; CISA added to KEV, federal agencies must patch by June 21.
5storiesEPSS 10%AICisco released updates for an actively exploited medium-severity flaw in Catalyst SD-WAN Manager, tracked as CVE-2026-20262 with a CVSS score of 6.5.
2storiesEPSS 1%ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
1storyEPSS 8%CISA Adds Two Known Exploited Vulnerabilities to Catalog
1storyEPSS 54%AIMicrosoft attributes a Mastra AI supply chain attack compromising 140+ npm packages to North Korean group Sapphire Sleet, with malware targeting cryptocurrency extensions.
Open narrative →I haven’t thought about the privacy issues surrounding professional athletes and wearables. Wearables present serious privacy issues for “Average Joe” consumers, who are entrusting tech companies to safely store and protect their biometric data. Imagine the stakes for a profes...
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage. The post What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks appeared first on SecurityWeek.
FortiBleed targeted 430,000+ FortiGate devices, harvesting 110M credentials and enabling breaches through large-scale credential theft. A new threat intelligence report from SOCRadar’s Threat Research Unit (STRU), the team that first identified and named the FortiBleed campaig...
The vulnerability exploited by the Usbliter8 exploit cannot be patched and a PoC exploit has been released by researchers. The post New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones appeared first on SecurityWeek.
A database of over 86,000 confirmed working credentials was created during the credential-harvesting campaign. The post Fortinet Responds to FortiBleed Campaign appeared first on SecurityWeek.
Canada's spy service got a judge's permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets. The Federal Court released a public version of the ruling on June 15. It is the first time the Canadian Sec...
HackerOne, Huntress, Jamf, OneTrust, Recorded Future, Snyk, and Tanium are among the affected Klue customers. The post More Cybersecurity Firms Disclose Impact From Klue Hack appeared first on SecurityWeek.
AryStinger hijacks outdated routers via old flaws, turning 4,300+ devices into a stealth network for reconnaissance and intrusion support. On March 12, 2026, QiAnXin’s XLab threat detection system flagged a single IP address, 107.150.106.14, spreading a Linux binary through tw...
Plugin registries for AI agents use npm-style scopes like @openclaw/ and @clawhub/ to signal who published a package. But on ClawHub, a registry whose plugins run with Claude, OpenClaw, and other agents, those official scopes weren’t reserved to their owners for every package ...
Alleged FortiBleed Access Auction, Sens Unique Paris Data Sale, and libsodium DoS Claims SOCRadar Dark Web Team identified new underground activity involving alleged FortiBleed-related access, an alleged 529,892-record customer database linked to French retailer Sens Unique Pa...
AIUnpatchable usbliter8 exploit achieves code execution in Apple A12/A13 SecureROM. Published by Paradigm Shift, it extends checkm8 risks to newer devices.
Open narrative →A new malware family is turning forgotten home routers into a distributed reconnaissance and proxy network, not the DDoS botnet these devices usually end up in. QiAnXin's XLab calls it AryStinger and counts at least 4,300 infected routers, a total it says is still rising. The ...
A new report from INTERPOL has revealed a "dramatic increase" in cybercrime in Asia and the South Pacific, fueled by rapid digitalization, internet penetration, new technologies, organized criminal networks, and a disparity in cybersecurity maturity. According to INTERPOL's 20...
In this interview with Help Net Security, Jaya Baloo, COO & CISO at Aisle, examines the debate over restricting access to cyber-capable AI models. She lays out the strongest argument for gating these tools, then explains where it breaks down for security teams who depend on th...
AITexas Parks & Wildlife data breach via third-party vendor exposed personal info of over 3 million, including driver’s licenses.
Open narrative →AI coding agents such as Claude Code, Codex CLI, Cursor, and Claude Cowork run on developer laptops, CI jobs, cloud environments, where they edit files, run commands, and call outside tools. Beacon, an open-source project from Asymptote Labs, configures telemetry for those run...
Encrypted DNS runs across much of the Internet. DNS over TLS, HTTPS, and QUIC keep the contents of a query away from anyone watching a network link. The encryption covers the message inside each packet. The packet still carries plaintext headers, and those values mark a flow a...
Avira Mobile Security for iOS combines security, privacy, and device optimization tools in a single application. The app is also available for Android, macOS, and Windows devices. After downloading the application from the App Store users are guided through a short onboarding ...
Mobile app developers are packing AI features into everything from writing assistants to productivity tools and lifestyle apps. New research shows that securing access to those services remains a challenge. LLM API credential leakage via network traffic interception (Source: R...