YARA-X version 1.17.0 has been released with significant performance improvements and important bug fixes. This update to the next-generation YARA rule engine enhances scanning efficiency, resolves several critical bugs affecting rule compilation and execution, and introduces optimizations that bene
A sophisticated wave of supply chain attacks has infiltrated multiple developer package repositories, compromising thousands of open-source libraries across npm, PyPI, and RubyGems ecosystems. Attackers deployed typosquatted and dependency-confused packages containing malicious payloads designed to
A critical security vulnerability in the WP Maps Pro WordPress plugin allows unauthenticated attackers to create rogue administrator accounts on vulnerable websites. The flaw stems from improper authentication controls in the plugin’s user management functionality, enabling complete site takeover. W
A critical authentication bypass vulnerability (CVE-2026-0257) in Palo Alto Networks’ PAN-OS GlobalProtect gateway is being actively exploited in the wild. The flaw allows unauthenticated attackers to bypass authentication mechanisms and gain unauthorized access to protected networks. Organizations
The notorious cybercrime group ShinyHunters has leaked what appears to be Charter Communications customer data on a dark web forum, claiming to have exposed information on approximately 5 million customers. The dataset allegedly contains personal information including names, addresses, phone numbers
GitLab has released security updates addressing multiple critical vulnerabilities in both Community Edition (CE) and Enterprise Edition (EE), including severe flaws in its Duo AI features, authorization bypass issues, and denial-of-service (DoS) vectors. The most severe vulnerabilities allow unautho
A critical privilege escalation vulnerability dubbed “CIFSwitch” has been discovered in the Linux kernel’s CIFS (Common Internet File System) implementation, allowing unprivileged local users to gain root access on multiple distributions. The flaw affects kernel versions spanning several years and i
A sophisticated phishing campaign is targeting Signal users, particularly journalists and activists, attempting to steal backup recovery keys that would grant attackers access to encrypted message histories. The attack leverages social engineering tactics mimicking official Signal communications, ex
Dutch authorities, in collaboration with international partners, have successfully dismantled one of the largest botnets ever recorded, comprising approximately 17 million compromised devices worldwide. The operation targeted infrastructure hosting malicious command-and-control servers, effectively
A critical authentication bypass vulnerability (CVE-2026-0257) in Palo Alto Networks’ PAN-OS GlobalProtect gateway is being actively exploited in the wild. The flaw allows unauthenticated attackers to bypass authentication mechanisms and gain unauthorized access to protected networks. With a CVSS sc