Italian authorities have shut down CINEMAGOAL, a sophisticated piracy application that masqueraded as a free streaming service while covertly harvesting authentication credentials from 1.4 million users. The operation, coordinated by Italy’s Guardia di Finanza and Postal Police, dismantled infrastru
CISA adds Cisco SD-WAN authentication bypass to KEV catalog. Critical flaw CVE-2026-20182 exploited for admin access. Federal agencies have until May 2026.
Cybercriminals are weaponizing legitimate remote access tools like ScreenConnect and AnyDesk through phishing campaigns using fake Word documents. These attacks exploit enterprise trust relationships and security blind spots, allowing attackers to establish persistent remote access while evading tra
Linux kernel flaw lets unprivileged users access root-only files. A critical vulnerability breaks fundamental security boundaries. Patch immediately.
Microsoft just took down Fox Tempest, a criminal network that helped hackers sign malware with fake certificates to bypass security. Trust nothing.
A critical authentication bypass vulnerability (CVE-2026-0257) in Palo Alto Networks’ PAN-OS GlobalProtect gateway is being actively exploited in the wild. The flaw allows unauthenticated attackers to bypass authentication mechanisms and gain unauthorized access to protected networks. With a CVSS sc
A critical remote code execution (RCE) vulnerability has been discovered in Gogs, the popular self-hosted Git service. The flaw allows any authenticated user to execute arbitrary code on vulnerable servers, potentially leading to complete system compromise. Organizations running Gogs versions prior
Threat actors have registered over 5,000 malicious domains impersonating official election websites to target voters with phishing attacks. These domains exploit voter concerns about registration, ballot tracking, and election information to steal credentials, financial data, and personally identifi
CRITICAL: 200,000+ WordPress sites exposed to full account takeover via Burst Statistics plugin flaw. Authentication bypass vulnerability now being exploited in the wild.
A newly identified Russian-linked threat actor dubbed GREYVIBE has deployed AI-enhanced cyberattacks targeting Ukrainian critical infrastructure and government networks. The campaign leverages machine learning algorithms to automate reconnaissance, evade detection systems, and optimize payload deliv