Google’s GTIG disclosed UNC6508, a China-nexus group that maintained silent email forwarding inside US medical and military research networks for
Defused confirmed active exploitation of CVE-2026-39813 and CVE-2026-39808 in FortiSandbox, chained with CVE-2026-25089 to deliver unauthenticated root code execution across
Cisco released patches for CVE-2026-20262, an unauthenticated server-side request forgery flaw in SD-WAN Manager now actively exploited, as CISA issued
CISA added LiteSpeed cPanel CVE-2026-54420 to its KEV catalog with a 48-hour deadline as exploitation of the unauthenticated REST API
North Korean APT37 deployed NarwhalRAT, a new backdoor with encrypted custom C2, via fake Microsoft OTP security alerts targeting South
DOJ seized CFAKE.com and SOCFAKE.com in the first TAKE IT DOWN Act enforcement, following a French arrest of the 31-year-old
CybersecurityNews and SOCRadar exposed The Quarry, a PhaaS platform active since April 2026 running IRS and SSA impersonation campaigns that
ESET Research disclosed WIN_DRV, a kernel-mode Windows rootkit linked to China-aligned Earth Lusca — the first confirmed Windows variant of
A three-CVE attack chain disclosed by Obsidian Security in LiteLLM AI Gateway lets low-privilege users escalate to root and steal
CVE-2026-48558, a critical OIDC authentication bypass in SimpleHelp RMM, lets unauthenticated attackers gain full admin access on 14,000 exposed servers.
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.