A critical privilege escalation vulnerability (CVE-2026-48172) in the LiteSpeed cPanel plugin allows authenticated attackers to execute arbitrary scripts with root privileges. The flaw affects LiteSpeed Web Server installations using the cPanel integration plugin and is actively being exploited in t
Metasploit Framework released five new exploit modules in their May 22, 2026 update, targeting vulnerabilities across enterprise software, IoT devices, and web applications. The additions include remote code execution exploits for widely-deployed systems, providing penetration testers and red teams
A legitimate Lenovo diagnostics driver has been weaponized by threat actors to terminate Endpoint Detection and Response (EDR) processes through a Bring Your Own Vulnerable Driver (BYOVD) attack. The vulnerable driver allows attackers with administrative privileges to execute code at the kernel leve
A sophisticated supply chain attack compromised multiple @antv npm packages with Mini Shai-Hulud malware, specifically designed to steal CI/CD credentials from automated build systems. The malicious code targets environment variables containing sensitive tokens during package installation, affecting
A contractor working with the Cybersecurity and Infrastructure Security Agency (CISA) inadvertently exposed Amazon Web Services (AWS) GovCloud credentials on a public GitHub repository. The leaked keys provided access to sensitive federal government cloud infrastructure, raising serious questions ab
Critical NGINX vulnerability CVE-2026-8711 lets remote attackers execute malicious code via heap overflow. Unauthenticated exploitation possible. Patch now.
CISA’s own GitHub repository was left publicly accessible for six months, exposing hundreds of megabytes of plain-text passwords, AWS credentials, private keys, and cloud tokens with alarmingly obvious filenames. The repository was taken down within 26 hours after a GitGuardian researcher escalated the disclosure through security journalist Brian Krebs.
7-Eleven confirms data breach after ShinyHunters claims theft of 600K+ Salesforce records. Franchisee data and corporate info exposed in latest attack.
Mozilla to UK government: Breaking encryption and banning VPNs won’t solve your age verification problems—it’ll just destroy basic security for everyone.
Grafana Labs confirms GitHub account breach — full codebase accessed. No customer data stolen, operations unaffected, and zero ransom paid.