
Nine-Nation Advisory Flags FSB Center 16 Router Attacks
Cybersecurity agencies from nine countries issued a joint advisory on FSB Center 16 router attacks targeting energy, healthcare, and defense

Cybersecurity agencies from nine countries issued a joint advisory on FSB Center 16 router attacks targeting energy, healthcare, and defense

French security firm Lexfo discovered three Evilginx M365 phishing campaigns after attackers left a Python HTTP server with directory listing

CISA added CVE-2026-48939 and CVE-2026-56291 to KEV with a same-day federal deadline after both Joomla extension zero-days were exploited before

Progress Software ordered ShareFile Storage Zone Controller customers to shut down internet-facing servers amid an undisclosed security threat investigation.

Group-IB analyzed a new RedHook Android RAT variant that gains shell-level access by turning the device into its own ADB

Armenian national Karen Vardanyan pleaded guilty to enabling Ryuk ransomware attacks on U.S. organizations that yielded about 1,610 Bitcoin for

UMKC researchers demonstrated Ghostcommit, a PNG-based prompt injection attack that tricks AI code reviewers into exfiltrating .env secrets as code

An attacker compromised jscrambler’s npm credentials and published five malicious versions dropping a Rust infostealer targeting cloud and AI credentials.

Binarly disclosed six flaws in U-Boot’s FIT signature verification subsystem, including two RCEs that bypass Secure Boot across more than

Google’s Threat Analysis Group found a critical stored XSS flaw in the Zimbra Classic Web Client that allows mailbox takeover
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.