FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
Ravie LakshmananJun 23, 2026Initial Access Broker / Firewall Security A Russian-speaking initial access broker (IAB) driven by financial gain is...
security a
29-Year-Old Squid Proxy Bug ‘Squidbleed’ Can Leak Cleartext HTTP Requests
Swati KhandelwalJun 22, 2026Vulnerability / Server Security A heap over-read in the Squid web proxy can leak another user's cleartext...
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
Swati KhandelwalJun 04, 2026Vulnerability / AI Security A security researcher found a flaw in Anthropic's Claude Code GitHub Action that...
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
Ravie LakshmananMay 23, 2026Vulnerability / Web Security A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active...
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
Ravie LakshmananMay 07, 2026Vulnerability / Software Security A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library...
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
Ravie LakshmananMay 05, 2026Endpoint Security / Software Security A newly identified supply chain attack targeting DAEMON Tools software has compromised...
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
Ravie LakshmananMay 05, 2026Network Security / Endpoint Security A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to...
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
Ravie LakshmananMay 05, 2026Vulnerability / Network Security A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA)...
Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
Ravie LakshmananMay 04, 2026Vulnerability / Network Security A previously unknown threat actor has been observed targeting government and military entities...
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
Ravie LakshmananApr 22, 2026Vulnerability / Container Security A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium...
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
Ravie LakshmananApr 20, 2026Open Source / Server Security A critical security vulnerability has been disclosed in SGLang that, if successfully...
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation
Ravie LakshmananApr 17, 2026Vulnerability / Enterprise Security A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active...
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
Ravie LakshmananApr 14, 2026Vulnerability / Network Security A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in...
UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns
Ravie LakshmananApr 09, 2026Malware / Windows Security A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting...
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
Ravie LakshmananApr 01, 2026Malware / Windows Security A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America...
