Resources

Application Security
CISA Adds ColdFusion, Langflow, Two Joomla CVEs to KEV
CISA added four actively exploited flaws to KEV on July 7, requiring federal agencies to patch ColdFusion, Langflow, and two Joomla extensions by July 10.
CVE Vulnerability Alerts
Ubiquiti Patches Seven Critical UniFi OS Flaws, 100K at Risk
Ubiquiti patched seven critical-to-maximum severity flaws in UniFi OS, led by CVE-2026-50746, a command injection requiring only network access to exploit.
Cybersecurity
Eight Predatorgate Victims Sue Intellexa for €8 Million
Eight victims of the Greek Predatorgate spyware scandal filed a €8 million civil lawsuit against Intellexa and founder Tal Dilian in a Greek court on ...
CVE Vulnerability Alerts
CVE-2026-53359 Januscape: 16-Year KVM Flaw Enables VM Escape
CVE-2026-53359 Januscape is a 16-year-old Linux KVM use-after-free that allows guest VM escape to the host on Intel and AMD systems. Patches are available.
Application Security
BeyondTrust CVE-2026-40138 Auth Bypass Left Self-Hosted Users Exposed
BeyondTrust patched a CVSS 9.2 auth bypass in Remote Support and PRA for SaaS users months ago but withheld notice from self-hosted operators until July ...
CVE Vulnerability Alerts
CERT/CC Finds Hidden Admin Backdoor CVE-2026-11405 in Tenda Firmware
CERT/CC disclosed CVE-2026-11405, a hidden backdoor in Tenda router firmware granting unauthenticated full admin access. No vendor patch is available.
Application Security
Adobe ColdFusion CVE-2026-48282 Exploited Within Hours of PoC Release
Adobe ColdFusion CVE-2026-48282 (CVSS 10) moved from PoC release to confirmed in-the-wild exploitation in under two hours, according to KEVIntel honeypot data.
CVE Vulnerability Alerts
CVE-2026-33697: Attested TLS Relay Flaw Hits WhatsApp, Cocos AI
CVE-2026-33697 lets relay attacks redirect confidential computing traffic without breaking attestation, affecting WhatsApp, Cocos AI, and Edgeless Systems.
CVE Vulnerability Alerts
CVE-2026-8451 Exploited Within 24 Hours of Citrix NetScaler Patch
A threat actor exploited CVE-2026-8451 in Citrix NetScaler within 24 hours of patch release, targeting Lupovis honeypots with confirmed memory overread payloads.
Application Security
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
Sysdig identified JADEPUFFER, the first ransomware campaign run by an LLM autonomous agent exploiting CVE-2026-33017 in Langflow to complete full attack chains without human operators.

Weekly Newsletter

Weekly Cybersecurity Newsletter: 14th to 18th August
Cybersecurity Newsletter
Weekly Cybersecurity Newsletter: 14th to 18th August
Explore our latest cybersecurity podcast episodes featuring ransomware attacks, phishing campaigns, corporate breaches, legal showdowns, and deep dives into evolving threats and digital defenses.
This Week In Cybersecurity: 23rd June to 27th June
Cybersecurity Newsletter
This Week In Cybersecurity: 23rd June to 27th June
News Stories New ‘FileFix’ Attack Exploits Windows File Explorer to Deliver Stealthy Commands Threat actors use the search-ms URI protocol ...
This Week In Cybersecurity: 26th to 30th May, 2025
Cybersecurity Newsletter
This Week In Cybersecurity: 26th to 30th May, 2025
"Cybersecurity threats escalate as ransomware attacks target major organizations, exposing sensitive data and highlighting vulnerabilities in systems across various industries. Stay informed."
This Week In Cybersecurity: 19th to 23rd May, 2025
Cybersecurity Newsletter
This Week In Cybersecurity: 19th to 23rd May, 2025
This week, significant cybersecurity incidents include ransomware attacks, data breaches affecting major organizations, and ongoing threats from state-sponsored groups, highlighting vulnerabilities across various sectors.
This Week In Cybersecurity: 21st - 25th April, 2025
Cybersecurity Newsletter
This Week In Cybersecurity: 21st – 25th April, 2025
Targeted malware, ransomware, phishing, and ad fraud hit SK Telecom, Baltimore schools, Google, and more this week—exposing critical data and abusing trusted systems.