PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Ravie LakshmananMay 30, 2026Vulnerability / Network Security Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting...
Ravie
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
Ravie LakshmananMay 29, 2026Vulnerability / Artificial Intelligence An unknown threat actor has been observed using a large language model (LLM)...
New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks
Ravie LakshmananMay 29, 2026Cyber Espionage / Artificial Intelligence A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing...
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
Ravie LakshmananMay 28, 2026Vulnerability / Open Source A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted...
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
Ravie LakshmananMay 28, 2026Vulnerability / Endpoint Security Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient...
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
Ravie LakshmananMay 28, 2026Zero Day / Vulnerability Disclosure Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD),...
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More
Ravie LakshmananMay 28, 2026Hacking News / Cybersecurity News Every time you think the industry has finally stopped doing some reckless,...
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
Ravie LakshmananMay 27, 2026Threat Intelligence / Supply Chain Attack Cybersecurity researchers have discovered a new malicious package on the npm...
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
Ravie LakshmananMay 27, 2026Malware / Threat Intelligence CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous...
Gitea Vulnerability Exposes Private Container Images without Authentication
Ravie LakshmananMay 27, 2026Vulnerability / Software Security Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform...
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Ravie LakshmananMay 26, 2026Vulnerability / Enterprise Security Microsoft has rolled out updates to fix a remote code execution vulnerability impacting...
KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
Ravie LakshmananMay 26, 2026Vulnerability / Threat Intelligence A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System...
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
Ravie LakshmananMay 25, 2026Cybersecurity / Hacking Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old...
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Ravie LakshmananMay 25, 2026Vulnerability / Web Security Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS...
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
Ravie LakshmananMay 25, 2026Endpoint Security / Threat Intelligence Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that...