CVE-2026-41940, a critical cPanel authentication bypass, is being actively exploited by multiple actors deploying ransomware and C2 tools against governments
Kaspersky discovered DAEMON Tools versions 12.5.0.2421–12.5.0.2434 were backdoored on the official site for one month, infecting thousands across 100+ countries
ShinyHunters claims 280 million records stolen from Instructure’s Canvas LMS across 8,809 schools and universities in a breach disclosed May
Progress Software patched a CVSS 9.8 authentication bypass in MOVEit Automation — the same product line that fueled the catastrophic
An adversary-in-the-middle phishing campaign hit 35,000 workers across 13,000 organizations in 48 hours, using fake HR emails to bypass MFA
VENOMOUS#HELPER spent 13 months inside 80+ organizations using legitimate RMM software — SimpleHelp and ScreenConnect — as undetected persistent access
Attackers compromised PyTorch Lightning 2.6.3 on PyPI with ShaiWorm credential stealer, targeting cloud API keys, browser credentials, and AWS/Azure/GCP tokens.
Trellix disclosed that attackers accessed its internal source code repositories — raising serious questions about what stolen security vendor source
Attackers compromised DigiCert support staff via a chat-delivered screenshot, used their access to obtain code-signing certificates, and signed Zhong Stealer
The Five Eyes alliance issued its first joint advisory on agentic AI security, warning that autonomous AI systems introduce novel
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.