A critical security vulnerability in the WP Maps Pro WordPress plugin allows unauthenticated attackers to create rogue administrator accounts on vulnerable websites. The flaw stems from improper authentication controls in the plugin’s user management functionality, enabling complete site takeover. W
A critical authentication bypass vulnerability (CVE-2026-0257) in Palo Alto Networks’ PAN-OS GlobalProtect gateway is being actively exploited in the wild. The flaw allows unauthenticated attackers to bypass authentication mechanisms and gain unauthorized access to protected networks. Organizations
The notorious cybercrime group ShinyHunters has leaked what appears to be Charter Communications customer data on a dark web forum, claiming to have exposed information on approximately 5 million customers. The dataset allegedly contains personal information including names, addresses, phone numbers
GitLab has released security updates addressing multiple critical vulnerabilities in both Community Edition (CE) and Enterprise Edition (EE), including severe flaws in its Duo AI features, authorization bypass issues, and denial-of-service (DoS) vectors. The most severe vulnerabilities allow unautho
A critical privilege escalation vulnerability dubbed “CIFSwitch” has been discovered in the Linux kernel’s CIFS (Common Internet File System) implementation, allowing unprivileged local users to gain root access on multiple distributions. The flaw affects kernel versions spanning several years and i
A sophisticated phishing campaign is targeting Signal users, particularly journalists and activists, attempting to steal backup recovery keys that would grant attackers access to encrypted message histories. The attack leverages social engineering tactics mimicking official Signal communications, ex
Dutch authorities, in collaboration with international partners, have successfully dismantled one of the largest botnets ever recorded, comprising approximately 17 million compromised devices worldwide. The operation targeted infrastructure hosting malicious command-and-control servers, effectively
A critical authentication bypass vulnerability (CVE-2026-0257) in Palo Alto Networks’ PAN-OS GlobalProtect gateway is being actively exploited in the wild. The flaw allows unauthenticated attackers to bypass authentication mechanisms and gain unauthorized access to protected networks. With a CVSS sc
A lone threat actor successfully published 14 malicious npm packages designed to impersonate legitimate OpenSearch and Elasticsearch libraries. These typosquatting packages contained credential-harvesting code that targeted developers’ authentication tokens and environment variables. The malicious l
U.S. Immigration and Customs Enforcement (ICE) has awarded a $25 million contract for advanced biometric iris scanning technology to expand surveillance capabilities across detention facilities and border operations. This deployment raises significant cybersecurity concerns around biometric data pro