The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Oracle WebLogic Server deserialization vulnerability (CVE-2020-14882) to its Known Exploited Vulnerabilities (KEV) catalog. This remote code execution flaw, originally patched in October 2020, is now being actively
A critical privilege escalation vulnerability in the Linux kernel’s CIFS (Common Internet File System) implementation has been discovered after hiding in plain sight for 19 years. Dubbed “CIFSwitch,” the flaw allows unprivileged users to gain root access through a race condition in filesystem switch
The U.S. Department of Defense has officially acknowledged that commercially available location data from smartphones and connected devices poses a significant operational security risk to military personnel and missions. This admission validates long-standing concerns about how adversaries can expl
A sophisticated campaign is targeting Signal messenger users by stealing their encrypted backup files and attempting to crack the passphrases offline. Attackers are using social engineering, malware distribution, and cloud storage compromise to access Signal backups stored on victims’ devices or clo
CrowdStrike has announced a strategic partnership with NVIDIA to scale AI-native agents across its Falcon Exposure Management platform. This collaboration leverages NVIDIA’s AI computing infrastructure to enhance autonomous threat detection, vulnerability prioritization, and risk assessment capabili
YARA-X version 1.17.0 has been released with significant performance improvements and important bug fixes. This update to the next-generation YARA rule engine enhances scanning efficiency, resolves several critical bugs affecting rule compilation and execution, and introduces optimizations that bene
A sophisticated wave of supply chain attacks has infiltrated multiple developer package repositories, compromising thousands of open-source libraries across npm, PyPI, and RubyGems ecosystems. Attackers deployed typosquatted and dependency-confused packages containing malicious payloads designed to
A critical security vulnerability in the WP Maps Pro WordPress plugin allows unauthenticated attackers to create rogue administrator accounts on vulnerable websites. The flaw stems from improper authentication controls in the plugin’s user management functionality, enabling complete site takeover. W
A critical authentication bypass vulnerability (CVE-2026-0257) in Palo Alto Networks’ PAN-OS GlobalProtect gateway is being actively exploited in the wild. The flaw allows unauthenticated attackers to bypass authentication mechanisms and gain unauthorized access to protected networks. Organizations
The notorious cybercrime group ShinyHunters has leaked what appears to be Charter Communications customer data on a dark web forum, claiming to have exposed information on approximately 5 million customers. The dataset allegedly contains personal information including names, addresses, phone numbers