CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog
Ravie LakshmananFeb 04, 2026Software Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical...
Ravie
Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata
Ravie LakshmananFeb 03, 2026Artificial Intelligence / Vulnerability Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon,...
Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
Ravie LakshmananFeb 03, 2026Open Source / Vulnerability Threat actors have been observed exploiting a critical security flaw impacting the Metro...
APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks
Ravie LakshmananFeb 03, 2026Vulnerability / Malware The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to...
Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox
Ravie LakshmananFeb 03, 2026Artificial Intelligence / Privacy Mozilla on Monday announced a new controls section in its Firefox desktop browser...
Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group
Ravie LakshmananFeb 03, 2026Malware / Open Source A China-linked threat actor known as Lotus Blossom has been attributed with medium...
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
Ravie LakshmananFeb 02, 2026Vulnerability / Artificial Intelligence A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as...
Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos
Ravie LakshmananFeb 02, 2026Kerberos / Enterprise Security Microsoft has announced a three-phase approach to phase out New Technology LAN Manager...
⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats
Ravie LakshmananFeb 02, 2026Hacking News / Cybersecurity Every week brings new discoveries, attacks, and defenses that shape the state of...
Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
Ravie LakshmananFeb 02, 2026Threat Intelligence / Malware The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update...
Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
Ravie LakshmananFeb 02, 2026Developer Tools / Malware Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open...
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
Ravie LakshmananJan 31, 2026Social Engineering / SaaS Security Google-owned Mandiant on Friday said it identified an "expansion in threat activity"...
CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms
Ravie LakshmananJan 31, 2026Network Security / SCADA CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks...
Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup
Ravie LakshmananJan 30, 2026Artificial Intelligence / Economic Espionage A former Google engineer accused of stealing thousands of the company's confidential...
SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score
Ravie LakshmananJan 30, 2026Vulnerability / Email Security SmarterTools has addressed two more security flaws in SmarterMail email software, including one...
