Cyber Security
CVE Vulnerability Alerts
Public PoC Drops for CVSS 9.8 Android Zero-Click CVE-2026-0073
Security group BARGHEST released a public PoC for CVE-2026-0073, a CVSS 9.8 zero-click RCE in Android's debug bridge daemon affecting Android 14, 15, and 16.
CVE Vulnerability Alerts
Dell DSA-2026-047: CVSS 9.8 Hard-Coded Credentials in ECS Storage
Dell advisory DSA-2026-047 patches a CVSS 9.8 hard-coded credentials flaw in Dell ECS and ObjectScale that grants unauthenticated filesystem access to enterprise storage.
Application Security
PHP SOAP Extension RCE CVE-2026-6722 Patched Across All Branches
PHP patched CVE-2026-6722, a use-after-free RCE in the SOAP extension, across all active branches (8.2, 8.3, 8.4, 8.5) — exposing any server handling SOAP requests.
Cybersecurity
GhostLock Abuses Windows API to Lock 500K Files, Bypassing EDR
GhostLock uses Windows CreateFileW to lock 500,000 files in under three minutes, blocking all access without encryption and evading EDR detection.
Cybersecurity
WEF: 94% of Organizations Name AI as Top Cybersecurity Change Driver
A WEF report finds 94% of enterprise security leaders call AI the top change driver, but warns data quality gaps risk producing false alerts and ...
CVE Vulnerability Alerts
Dirty Frag CVE-2026-43284 Exploited in Wild, Linux Patches Out
Microsoft Defender confirmed limited in-the-wild exploitation of Dirty Frag CVE-2026-43284 in Linux, a deterministic LPE chain targeting xfrm-ESP and RxRPC page caches. Patches available for ...
Cybersecurity
FCC Extends Foreign Router Update Window to 2029 Amid Volt Typhoon
The FCC extended security update support for banned Chinese-made routers to 2029, citing Volt Typhoon threat concerns and risk of unpatched network devices.
Cybersecurity
Skoda Online Shop Breach Exposes Customer Data and Password Hashes
Skoda Auto disclosed a breach of its online shop portal that exposed customer names, addresses, email addresses, and password hashes to unauthorized access.
Cybersecurity
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
SOCRadar uncovered Operation HookedWing, a 4-year credential-harvesting campaign that compromised 2,000+ accounts across 500+ organizations in aviation, energy, government, and critical infrastructure using GitHub-hosted phishing ...
Application Security
cPanel Patches Three CVEs as Sorry Ransomware Hits 44K Servers
cPanel released a second emergency patch in ten days — CVE-2026-29202 and CVE-2026-29203 enable code execution — as Sorry ransomware hits 44,000 servers.
Application Security
Checkmarx Jenkins Plugin Backdoored in TeamPCP Supply Chain
TeamPCP backdoored the Checkmarx Jenkins AST scanner plugin in a third supply chain wave, following March Trivy and April KICS attacks. Version 2026.5.09 was compromised; ...
Cybersecurity
University Student’s TETRA Replay Attack Halts Taiwan Bullet Train
A Taiwan university student used cheap radio equipment to replay TETRA signals, disabling the island's high-speed rail network for nearly an hour in 2026.
Application Security
Five Malicious NuGet Packages Target Chinese .NET Developers
Socket discovered five NuGet packages typosquatting Chinese .NET UI libraries — IR.DantUI, IR.OscarUI, and three more — amassing 65,000 downloads while stealing credentials from 12 ...
Cybersecurity
QLNX Fileless Linux RAT Combines eBPF Rootkit, PAM Backdoor
QLNX is a fileless Linux RAT using eBPF rootkit and PAM backdoor to steal npm, PyPI, AWS, and GitHub tokens from developer hosts with near-zero ...
Cybersecurity
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield
Cushman & Wakefield confirmed a vishing-enabled breach after ShinyHunters and Qilin ransomware listed the firm separately. ShinyHunters published a 50GB Salesforce dataset after the May ...
Application Security
Google GTIG Documents First AI-Generated Zero-Day Exploit
Google's Threat Intelligence Group confirmed the first AI-generated zero-day exploit, targeting 2FA logic in an open-source web admin tool via LLM-written code.
Application Security
Apache CVE-2026-23918: HTTP/2 Double-Free Enables RCE on Debian
Apache patched CVE-2026-23918 (CVSS 8.8), a double-free in mod_http2 that enables RCE on Debian-default Linux servers. Fix ships in Apache HTTP Server 2.4.67.
Application Security
SailPoint GitHub Repositories Breached via Third-Party App Flaw
SailPoint disclosed unauthorized access to its GitHub repositories through a third-party app vulnerability on April 20, 2026, exposing source code data.
Cybersecurity
TrickMo Android Banker Routes C2 Traffic Through TON Blockchain
ThreatFabric identified Trickmo.C, a TrickMo Android banking trojan routing C2 through TON blockchain with SSH tunneling, SOCKS5, and NFC capabilities targeting European banking users.
Application Security
CVE-2026-7482 in Ollama Exposes 300,000 AI Servers to Memory Leaks
CVE-2026-7482, dubbed 'Bleeding Llama,' exposes 300,000+ Ollama AI servers to heap memory leaks via a crafted GGUF file. Patch to version 0.17.1 is available.
Application Security
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
TOP CYBERSECURITY HEADLINES
Application Security
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
This Week’s Security Spotlight
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Application Security
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
GhostLock Abuses Windows API to Lock 500K Files, Bypassing EDR
GhostLock uses Windows CreateFileW to lock 500,000 files in under three minutes, blocking all access without encryption and evading EDR detection.
WEF: 94% of Organizations Name AI as Top Cybersecurity Change Driver
A WEF report finds 94% of enterprise security leaders call AI the top change driver, but warns data quality gaps risk producing false alerts and ...
Dirty Frag CVE-2026-43284 Exploited in Wild, Linux Patches Out
Microsoft Defender confirmed limited in-the-wild exploitation of Dirty Frag CVE-2026-43284 in Linux, a deterministic LPE chain targeting xfrm-ESP and RxRPC page caches. Patches available for ...
FCC Extends Foreign Router Update Window to 2029 Amid Volt Typhoon
The FCC extended security update support for banned Chinese-made routers to 2029, citing Volt Typhoon threat concerns and risk of unpatched network devices.
Skoda Online Shop Breach Exposes Customer Data and Password Hashes
Skoda Auto disclosed a breach of its online shop portal that exposed customer names, addresses, email addresses, and password hashes to unauthorized access.
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
SOCRadar uncovered Operation HookedWing, a 4-year credential-harvesting campaign that compromised 2,000+ accounts across 500+ organizations in aviation, energy, government, and critical infrastructure using GitHub-hosted phishing ...
cPanel Patches Three CVEs as Sorry Ransomware Hits 44K Servers
cPanel released a second emergency patch in ten days — CVE-2026-29202 and CVE-2026-29203 enable code execution — as Sorry ransomware hits 44,000 servers.
Checkmarx Jenkins Plugin Backdoored in TeamPCP Supply Chain
TeamPCP backdoored the Checkmarx Jenkins AST scanner plugin in a third supply chain wave, following March Trivy and April KICS attacks. Version 2026.5.09 was compromised; ...
University Student’s TETRA Replay Attack Halts Taiwan Bullet Train
A Taiwan university student used cheap radio equipment to replay TETRA signals, disabling the island's high-speed rail network for nearly an hour in 2026.
Five Malicious NuGet Packages Target Chinese .NET Developers
Socket discovered five NuGet packages typosquatting Chinese .NET UI libraries — IR.DantUI, IR.OscarUI, and three more — amassing 65,000 downloads while stealing credentials from 12 ...
QLNX Fileless Linux RAT Combines eBPF Rootkit, PAM Backdoor
QLNX is a fileless Linux RAT using eBPF rootkit and PAM backdoor to steal npm, PyPI, AWS, and GitHub tokens from developer hosts with near-zero ...
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield
Cushman & Wakefield confirmed a vishing-enabled breach after ShinyHunters and Qilin ransomware listed the firm separately. ShinyHunters published a 50GB Salesforce dataset after the May ...
Google GTIG Documents First AI-Generated Zero-Day Exploit
Google's Threat Intelligence Group confirmed the first AI-generated zero-day exploit, targeting 2FA logic in an open-source web admin tool via LLM-written code.
Apache CVE-2026-23918: HTTP/2 Double-Free Enables RCE on Debian
Apache patched CVE-2026-23918 (CVSS 8.8), a double-free in mod_http2 that enables RCE on Debian-default Linux servers. Fix ships in Apache HTTP Server 2.4.67.
SailPoint GitHub Repositories Breached via Third-Party App Flaw
SailPoint disclosed unauthorized access to its GitHub repositories through a third-party app vulnerability on April 20, 2026, exposing source code data.
TrickMo Android Banker Routes C2 Traffic Through TON Blockchain
ThreatFabric identified Trickmo.C, a TrickMo Android banking trojan routing C2 through TON blockchain with SSH tunneling, SOCKS5, and NFC capabilities targeting European banking users.
CVE-2026-7482 in Ollama Exposes 300,000 AI Servers to Memory Leaks
CVE-2026-7482, dubbed 'Bleeding Llama,' exposes 300,000+ Ollama AI servers to heap memory leaks via a crafted GGUF file. Patch to version 0.17.1 is available.
JDownloader Website Hacked to Serve Python RAT Malware
Unknown attackers compromised the official JDownloader website and replaced legitimate Windows and Linux installers with a Python-based remote access trojan.
NVIDIA GeForce NOW Breach Exposes Armenian Users’ Data
NVIDIA confirmed a GeForce NOW data breach via Armenian partner GFN.am, exposing names, emails, and phone numbers of users registered before March 9, 2026.
RansomHouse Breaches Trellix; Source Code Repositories Accessed
Trellix confirmed unauthorized access to its source code repositories after RansomHouse posted photographic evidence of the breach. Law enforcement has been notified.