Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
î „Ravie Lakshmananî ‚May 05, 2026Vulnerability / Server Security The Apache Software Foundation (ASF) has released security updates to address several security...
Hacking
Category Added in a WPeMatico Campaign
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
î „Ravie Lakshmananî ‚May 05, 2026Endpoint Security / Software Security A newly identified supply chain attack targeting DAEMON Tools software has compromised...
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
î „Ravie Lakshmananî ‚May 05, 2026Network Security / Endpoint Security A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to...
The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind:...
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
î „Ravie Lakshmananî ‚May 05, 2026Vulnerability / Network Security Threat actors are actively exploiting a critical security flaw impacting an open-source content...
We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is
While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace...
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
î „Ravie Lakshmananî ‚May 05, 2026Cyber Espionage / Surveillance The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video...
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
î „Ravie Lakshmananî ‚May 05, 2026Vulnerability / Network Security A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA)...
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures...
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
î „Ravie Lakshmananî ‚May 04, 2026Network Security / Endpoint Security An active phishing campaign has been observed targeting multiple vectors since at...
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
î „Ravie Lakshmananî ‚May 04, 2026Vulnerability / Enterprise Software Progress Software has released updates to address two security flaws in MOVEit Automation,...
âš¡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
î „Ravie Lakshmananî ‚May 04, 2026Cybersecurity / Hacking This week, the shadows moved faster than the patches. While most teams were still...
2026: The Year of AI-Assisted Attacks
On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had...
Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia
î „Ravie Lakshmananî ‚May 04, 2026Malware / Network Security The China-based cybercrime group known as Silver Fox has been linked to a...
Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
î „Ravie Lakshmananî ‚May 04, 2026Vulnerability / Network Security A previously unknown threat actor has been observed targeting government and military entities...
