MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
Ravie LakshmananMay 05, 2026Vulnerability / Network Security Threat actors are actively exploiting a critical security flaw impacting an open-source content...
Ravie
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
Ravie LakshmananMay 05, 2026Cyber Espionage / Surveillance The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video...
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
Ravie LakshmananMay 05, 2026Vulnerability / Network Security A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA)...
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
Ravie LakshmananMay 04, 2026Network Security / Endpoint Security An active phishing campaign has been observed targeting multiple vectors since at...
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
Ravie LakshmananMay 04, 2026Vulnerability / Enterprise Software Progress Software has released updates to address two security flaws in MOVEit Automation,...
⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
Ravie LakshmananMay 04, 2026Cybersecurity / Hacking This week, the shadows moved faster than the patches. While most teams were still...
Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia
Ravie LakshmananMay 04, 2026Malware / Network Security The China-based cybercrime group known as Silver Fox has been linked to a...
Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
Ravie LakshmananMay 04, 2026Vulnerability / Network Security A previously unknown threat actor has been observed targeting government and military entities...
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV
Ravie LakshmananMay 03, 2026Vulnerability / Container Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently...
Trellix Confirms Source Code Breach With Unauthorized Repository Access
Ravie LakshmananMay 02, 2026Data Breach / Enterprise Security Cybersecurity company Trellix has announced that it suffered a breach that enabled...
30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
Ravie LakshmananMay 01, 2026Malware / Threat Intelligence A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as...
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
Ravie LakshmananMay 01, 2026Malware / Social Engineering Cybersecurity researchers are warning of two cybercrime groups that are carrying out "rapid,...
Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks
Ravie LakshmananMay 01, 2026Data Breach / Law Enforcement The U.S. Department of Justice (DoJ) on Thursday announced the sentencing of...
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
Ravie LakshmananMay 01, 2026Supply Chain Attack / Malware A new software supply chain attack campaign has been observed using sleeper...
PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
Ravie LakshmananApr 30, 2026Supply Chain Attack / Malware In yet another software supply chain attack, threat actors have managed to...
