Avada Builder Flaws Expose 1M WordPress Sites To Theft
One million WordPress sites at risk: Avada Builder flaws let hackers steal credentials and database secrets. Patch now or face a data breach nightmare.
Read More
SpaceX Starship Upgrade Launches New Space Security Era
SpaceX’s upgraded Starship launches first test flight May 19. New capabilities could reshape space infrastructure—and expand the attack surface cybersecurity pros must defend.
Hackers Exploit OAuth Flow To Steal M365 Credentials
Hackers are weaponizing Microsoft’s OAuth device flow to steal M365 credentials at scale. This little-known attack vector has exploded since late 2024.
Critical Cisco SD-WAN Flaw Grants Admin Access Remotely
Critical CVE-2026-20182 hits Cisco SD-WAN with CVSS 10.0 rating. Unauthenticated attackers can gain full admin access remotely. Active exploitation confirmed.
Exchange Server OWA Spoofing Flaw Actively Exploited
Critical Exchange Server spoofing flaw under active attack. CVE-2026-42897 affects on-premise versions with CVSS 8.1. Patch immediately if you’re running 2016/2019.
JDownloader Installer Downloads Replaced With Malware
JDownloader’s website was hacked and installer downloads were replaced with malware for days. Millions of users potentially at risk from this supply chain attack.
Ghostwriter APT Targets Ukrainian Government Organizations
Ghostwriter APT group strikes again: New campaign targeting Ukrainian government organizations uncovered by ESET researchers. FrostyNeighbor continues its attacks.
Gremlin Stealer Evolves With Advanced Obfuscation Tactics
Gremlin stealer just leveled up. New variant uses resource file obfuscation, crypto clipping and session hijacking to fly under the radar. Your data’s at risk.
CalPhishing Scam Exploits Outlook Invites To Steal M365
Hackers now hijacking M365 accounts through Outlook calendar invites. The EvilTokens kit lets attackers steal session tokens and bypass MFA entirely.
Microsoft Warns Of Exchange Zero-Day Exploited In Attacks
Microsoft reveals Exchange Server zero-day being actively exploited. Attackers use XSS to execute arbitrary code targeting Outlook on the web. Patch now.