Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Ravie LakshmananMay 26, 2026Vulnerability / Enterprise Security Microsoft has rolled out updates to fix a remote code execution vulnerability impacting...
Hacking
Category Added in a WPeMatico Campaign
MFA Prompt Bombing: Why Your Second Factor Isn’t Saving You
Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker...
CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed...
Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning
The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh...
KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
Ravie LakshmananMay 26, 2026Vulnerability / Threat Intelligence A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System...
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
Ravie LakshmananMay 25, 2026Cybersecurity / Hacking Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old...
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Ravie LakshmananMay 25, 2026Vulnerability / Web Security Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS...
The Alert Firehose Finally Meets Its Match
Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear "Noisy," "Too much data." But...
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
Ravie LakshmananMay 25, 2026Endpoint Security / Threat Intelligence Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that...
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The...
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
Ravie LakshmananMay 23, 2026Software Supply Chain / DevSecOps GitHub has rolled out new controls for npm to improve the security...
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
Ravie LakshmananMay 23, 2026Malware / DevSecOps A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including...
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
Ravie LakshmananMay 23, 2026Artificial Intelligence / Vulnerability Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000...
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Ravie LakshmananMay 23, 2026Supply Chain Attack / Malware Cybersecurity researchers have flagged a fresh software supply chain attack campaign that...
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
Ravie LakshmananMay 23, 2026Vulnerability / Web Security A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active...
