Chinese hackers exploited an organization's authentication stack to maintain persistence and spy on administrative activity for over a decade, highlighting the risks of compromised authentication systems.
Source: https://www.cisa.gov/news.xml, https://www.us-cert.gov/ncas/alerts.xml, https://www.bleepingcomputer.com/feed/A critical vulnerability in Splunk Enterprise allows unauthenticated attackers to perform file operations and execute remote code, posing a severe risk to affected systems.
Source: https://feeds.feedburner.com/TheHackersNewsThe Bookly WordPress plugin is vulnerable to stored cross-site scripting (XSS), allowing unauthenticated attackers to inject malicious scripts via a cookie parameter.
Source: https://cvefeed.io/rssfeed/latest.atomA phishing campaign exploits Salesforce to send Medicare attestation requests authenticated by the victim's own domain, leveraging brand impersonation to deceive recipients.
Source: https://ironscales.com/threat-intelligence/rss.xmlThe FCC is considering measures to eliminate the use of burner phones, while Microsoft addresses critical vulnerabilities in its largest-ever Patch Tuesday, and the ShinyHunters ransomware gang exploits an Oracle zero-day.
Source: https://www.wired.com/feed/category/security/latest/rssThe ransomware group Black X claims to have stolen sensitive technical data from Daechang Solution, threatening to sell it to a single buyer.
Source: https://www.ransomware.live/rss.xmlThe Meow Gallery WordPress plugin is vulnerable to unauthorized data modification due to missing authorization checks on REST API endpoints in versions <= 5.4.4.
Source: https://cvefeed.io/rssfeed/latest.atomThe ransomware group Triple X has leaked 2TB of sensitive customer data from the Bank of Indonesia, including contracts, passports, and ID cards, exposing severe security weaknesses.
Source: https://www.ransomware.live/rss.xmlTriple X ransomware group has exposed 1.5TB of sensitive personal and financial data from a US immigration law firm, citing server overload and lack of updates as the cause of the breach.
Source: https://www.ransomware.live/rss.xmlThe US government has ordered Anthropic to block foreign nationals from accessing its AI models Fable 5 and Mythos 5, citing security concerns over potential misuse of AI capabilities.
Source: https://www.bleepingcomputer.com/feed/A vulnerability in PHP's random number generation process allows attackers to predict process IDs (PIDs), potentially enabling targeted attacks.
Source: https://www.reddit.com/r/netsec/.rssInsufficient verification of query responses in certain systems could allow attackers to manipulate responses, leading to potential data integrity issues.
Source: https://api.msrc.microsoft.com/update-guide/rssCVE-2026-11822 in SQLite prior to version 3.53.2 involves memory corruption in the FTS5 extension, which could lead to application crashes or potential code execution.
Source: https://api.msrc.microsoft.com/update-guide/rssSQLite versions before 3.53.2 are vulnerable to a heap buffer overflow in the FTS5 module, which could be exploited for arbitrary code execution.
Source: https://api.msrc.microsoft.com/update-guide/rssCVE-2026-40034 in gitoxide enables command injection through a partial override of .gitmodules in gix-submodule, allowing attackers to execute arbitrary commands.
Source: https://api.msrc.microsoft.com/update-guide/rssCVE-2026-5222 allows Cargo to inadvertently share credentials between registries, potentially exposing sensitive information to unauthorized parties.
Source: https://api.msrc.microsoft.com/update-guide/rssThird-party crates in registries can override cached sources of other crates, introducing risks of supply chain attacks and dependency manipulation.
Source: https://api.msrc.microsoft.com/update-guide/rssA vulnerability in netrc credential handling allows credential leaks when proxy connections are reused, potentially exposing sensitive information.
Source: https://api.msrc.microsoft.com/update-guide/rssCVE-2026-4873 highlights a vulnerability where connection reuse ignores TLS requirements, exposing systems to potential data interception and security breaches.
Source: https://api.msrc.microsoft.com/update-guide/rssCVE-2026-6276 exposes a vulnerability where stale custom cookie hosts can lead to cookie leakage, potentially compromising user sessions.
Source: https://api.msrc.microsoft.com/update-guide/rssLoading dashboard...