CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.
LofyGang resurfaces with LofyStealer disguised as Minecraft hack, exfiltrating IBANs and passwords to 24.152.36[.]241, ...
Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to ...
Open a ticket, stand up a gateway, push the data through. Done. That assumption is wrong. It is also a major reason Zero ...
Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state-sponsored threat ...
CVE-2026-32202 actively exploited after April 27 advisory fix, exposing NTLMv2 hashes via zero-click SMB authentication.
Agent ID Administrator enabled service principal takeover before April 9, 2026 patch, exposing privilege escalation risk in ...
Checkmarx data surfaced after March 23, 2026 supply chain attack, prompting repository lockdown and investigation, raising ...
VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side
Claude Mythos’ April 7 launch accelerates vulnerability discovery, but limited access and rising false positives strain ...
Fake CAPTCHA IRSF scam sends up to 60 SMS messages since June 2020, exploiting 17 countries and costing victims $30 per ...
PhantomCore exploited three TrueConf flaws since September 2025, enabling remote access and lateral movement across Russian ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results