GitLab has released security updates addressing multiple critical vulnerabilities in both Community Edition (CE) and Enterprise Edition (EE), including severe flaws in its Duo AI features, authorization bypass issues, and denial-of-service (DoS) vectors. The most severe vulnerabilities allow unautho
A critical privilege escalation vulnerability dubbed “CIFSwitch” has been discovered in the Linux kernel’s CIFS (Common Internet File System) implementation, allowing unprivileged local users to gain root access on multiple distributions. The flaw affects kernel versions spanning several years and i
A sophisticated phishing campaign is targeting Signal users, particularly journalists and activists, attempting to steal backup recovery keys that would grant attackers access to encrypted message histories. The attack leverages social engineering tactics mimicking official Signal communications, ex
Dutch authorities, in collaboration with international partners, have successfully dismantled one of the largest botnets ever recorded, comprising approximately 17 million compromised devices worldwide. The operation targeted infrastructure hosting malicious command-and-control servers, effectively
A critical authentication bypass vulnerability (CVE-2026-0257) in Palo Alto Networks’ PAN-OS GlobalProtect gateway is being actively exploited in the wild. The flaw allows unauthenticated attackers to bypass authentication mechanisms and gain unauthorized access to protected networks. With a CVSS sc
A lone threat actor successfully published 14 malicious npm packages designed to impersonate legitimate OpenSearch and Elasticsearch libraries. These typosquatting packages contained credential-harvesting code that targeted developers’ authentication tokens and environment variables. The malicious l
U.S. Immigration and Customs Enforcement (ICE) has awarded a $25 million contract for advanced biometric iris scanning technology to expand surveillance capabilities across detention facilities and border operations. This deployment raises significant cybersecurity concerns around biometric data pro
Law enforcement agencies have successfully dismantled one of the largest botnets in history, comprising over 17 million compromised devices worldwide. This massive network of infected computers, IoT devices, and servers was capable of launching devastating distributed denial-of-service (DDoS) attack
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Palo Alto Networks vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. The flaw affects PAN-OS software and requires immediate attention from organizations runn
Threat actors are exploiting ChatGPT’s legitimate conversation-sharing feature to host convincing fake service outage pages that distribute malware. By leveraging OpenAI’s trusted domain reputation, attackers bypass security filters and trick users into downloading malicious payloads disguised as sy