All Articles
2477 articles · Updated every 4 hours
Advertisement
Tycoon2FA phishing kit now leverages Microsoft 365 device code flows and Trustifi URL abuse to bypass MFA and hijack enterprise accounts.
Active exploitation of CVE-2026-42945 in NGINX ngx_http_rewrite_module allows for worker process crashes and remote code execution. Update to version 1.31.0.
Grafana discloses a security incident where an unauthorized party used a GitHub token to download source code, leading to a failed extortion attempt.
A reported Azure Backup for AKS vulnerability allowed potential cluster compromise. Learn why Microsoft rejected the report and the impact of silent fixes.
Attackers are exploiting a vulnerability in the Funnel Builder WordPress plugin to inject skimming scripts and steal payment data from WooCommerce sites.
Russian threat actor Turla (Secret Blizzard) has upgraded its Kazuar backdoor with peer-to-peer botnet functionality and modular architecture for stealth.
Proof of Concept code released for critical NGINX CVE-2024-24989 and CVE-2024-24990. Learn how to detect and patch these HTTP/3 vulnerabilities immediately.
An analysis of community-driven threat intelligence aggregation and the role of moderation in maintaining high-signal security data for SOC teams.
AI agents are automating vulnerability discovery in AI-generated codebases, forcing a shift in defensive security strategies and response times.
Examines UNC6671's BlackFile vishing, AiTM, and cloud data exfiltration tactics against Microsoft 365 & Okta. Actionable mitigations included.
CISA adds CVE-2026-42897, a Microsoft Exchange Server Cross-Site Scripting vulnerability, to KEV Catalog due to active exploitation. Immediate patching advised.
Zero-day vulnerabilities in Microsoft Exchange, Windows 11, and Red Hat Enterprise Linux demonstrated at Pwn2Own Berlin. Runtime Rebel details the impact.
No articles in this category yet.
We use cookies for analytics (GA4) and personalised ads (AdSense). They are only activated if you accept. Privacy Policy
