CISA has added CVE-2026-42897, an actively exploited Microsoft Exchange Server XSS vulnerability, to its Known Exploited Vulnerabilities catalog. Federal agencies have until May 29, 2026 to remediate the flaw, which enables spoofing attacks via Outlook Web Access.
AI agents now hunt obscure vulnerabilities while developers pump out flawed AI-generated code. The boring security basics just became your biggest threat.
Iranian state-sponsored threat actors are leveraging Microsoft Azure cloud infrastructure to host command-and-control (C2) domains for their custom MiniUpdate remote access trojan (RAT). This sophisticated espionage campaign exploits the trust associated with legitimate cloud services to evade detec
Microsoft has been recognized as a Leader in the 2026 Gartner Magic Quadrant for Endpoint Protection Platforms, reinforcing its position in the enterprise security market. The recognition highlights Microsoft Defender for Endpoint’s comprehensive threat protection capabilities, integration ecosystem
After 18 years in development, Aptera finally assembles its first five three-wheel EVs. The solar-powered vehicle reaches a major milestone in its journey.
Chinese-language Phishing-as-a-Service (PhaaS) platforms have significantly evolved, now incorporating artificial intelligence and sophisticated MFA bypass techniques. These commercial services lower the barrier to entry for cybercriminals, offering turnkey phishing solutions with advanced evasion c
Two former executives of US-based payment processing companies have pleaded guilty to federal charges for their role in facilitating a massive tech support scam operation. The executives knowingly processed payments for fraudulent tech support schemes that defrauded thousands of victims, primarily e
Critical NGINX vulnerability CVE-2026-42945 now under active attack. Heap buffer overflow affects versions 0.6.27-1.30.0. CVSS 9.2. Patch immediately.
Critical CVE-2026-20182 hits Cisco SD-WAN with CVSS 10.0 rating. Unauthenticated attackers can gain full admin access remotely. Active exploitation confirmed.
Threat actors are distributing the Deno-based remote access trojan (RAT) through fake software repositories on GitHub and SourceForge. These malicious packages masquerade as legitimate development tools and productivity software, targeting developers and tech-savvy users. The Deno RAT provides attac