CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.
LofyGang resurfaces with LofyStealer disguised as Minecraft hack, exfiltrating IBANs and passwords to 24.152.36[.]241, ...
Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to ...
Open a ticket, stand up a gateway, push the data through. Done. That assumption is wrong. It is also a major reason Zero ...
CVE-2026-32202 actively exploited after April 27 advisory fix, exposing NTLMv2 hashes via zero-click SMB authentication.
A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy. Xu ...
Agent ID Administrator enabled service principal takeover before April 9, 2026 patch, exposing privilege escalation risk in ...
Checkmarx data surfaced after March 23, 2026 supply chain attack, prompting repository lockdown and investigation, raising ...
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side
Claude Mythos’ April 7 launch accelerates vulnerability discovery, but limited access and rising false positives strain ...
Fake CAPTCHA IRSF scam sends up to 60 SMS messages since June 2020, exploiting 17 countries and costing victims $30 per ...
PhantomCore exploited three TrueConf flaws since September 2025, enabling remote access and lateral movement across Russian ...
This week’s ThreatsDay covers supply chain attacks, fake help desks, wiper malware, AI prompt traps, RMM abuse, phishing kits ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results