TRENDING TOPICS June 05, 2026 Cisco Patches Critical RCE Flaw CVE-2026-20230 in Unified Communications Manager Cisco has released urgent security updates addressing CVE-2026-20230, a critical remote code execution vulnerability in Unified Communications Manager (Unified CM) that could allow unauthenticated attackers to gain root-level control over affected appliances. The flaw resides
TRENDING TOPICS JUNE 03, 2026 One-click VS Code GitHub .dev Exploit Leaks Full GitHub Tokens A newly disclosed attack against GitHub.dev shows how a single malicious link can give an attacker read and write access to every repository a developer can reach. GitHub.dev is the browser-based version of
OpenVPN
TRENDING TOPICS MAY 29, 2026 Critical OpenVPN Connect macOS Flaw Lets Local Attackers Gain Root Access A critical vulnerability in OpenVPN Connect for macOS, tracked as CVE-2026-9560, allowed local users to gain full root privileges by abusing the app’s privileged helper component. The issue affected versions 3.5.1
BadHost
TRENDING TOPICS MAY 27, 2026 The Quiet Python Flaw BadHost is Putting AI Agents at Risk A newly disclosed vulnerability called "BadHost" is putting thousands of AI agents and inference servers at risk by allowing attackers to bypass authentication and reach internal services that were never meant to
Trend Micro
TRENDING TOPICS MAY 22, 2026 Trend Micro Apex One 0-day Exploited in the Wild Trend Micro is warning customers about active exploitation of critical 0-day remote code execution vulnerabilities in its Apex One endpoint security platform, and on‑premise administrators need to act immediately to reduce exposure. The flaws, tracked
TRENDING TOPICS MAY 20, 2026 Update: GitHub’s Internal Source Code Breach, What TeamPCP’s Hack Really Means For Developers GitHub has confirmed that a threat actor known as TeamPCP gained unauthorized access to thousands of internal repositories after compromising an employee workstation through a malicious Visual Studio Code extension.
Microsoft
TRENDING TOPICS MAY 15, 2026 Microsoft Exchange 0-Day Under Active Attack Microsoft has confirmed that a new 0-day vulnerability in on-premises Exchange Server is already being exploited in active attacks, putting Outlook web users at immediate risk. The flaw, tracked as CVE-2026-42897, affects Exchange Server 2016, Exchange Server 2019, and
Shai-Hulud
TRENDING TOPICS MAY 13, 2026 Mini Shai-Hulud Supply Chain Attack Backdoors TanStack npm Packages With Credential-Stealing Malware A critical supply chain attack has compromised 42 legitimate @tanstack/* packages on npm, allowing attackers to push credential-stealing malware through trusted software updates. The incident, tracked as CVE-2026-45321, involved 84 malicious package versions
Trellix
TRENDING TOPICS MAY 08, 2026 RansomHouse Claims Trellix Source Code Breach, Raising New Supply Chain Concerns Trellix has confirmed that an unauthorized party gained access to a portion of its source code repository. The RansomHouse extortion group has publicly claimed responsibility for the intrusion. The company says it is investigating
Shouting into the IT void
TRENDING TOPICS MAY 06, 2026 Critical PAN-OS Zero-Day CVE-2026-0300 Exposes Palo Alto Firewalls to Root-Level Takeover Palo Alto Networks is warning customers about CVE-2026-0300, a critical PAN-OS zero-day already being exploited in the wild that allows unauthenticated attackers to execute arbitrary code with root privileges on affected firewalls. The vulnerability
TLP: WHITE Audience: Human Resources Leadership Prepared by: Threat Intelligence 01 May 2026 Threat Intelligence Brief For Internal Distribution DPRK Insider Threat Series North Korea's Fake IT Worker Infiltration Campaign What HR needs to know about the most sophisticated hiring fraud operation in the world and how to
TRENDING TOPICS MAY 01, 2026 Copy Fail Vulnerability Turns Any Local Linux User into Root in Seconds A nine‑year‑old logic bug in the Linux kernel, now tracked as CVE‑2026‑31431 and nicknamed Copy Fail, has emerged as one of the most reliable paths to privilege escalation on
TRENDING TOPICS APR 29, 2026 CISA Flags New Windows Shell Zero‑Day Under Active Exploitation CISA has issued an urgent alert about a newly identified Windows Shell zero‑day that attackers are actively exploiting, adding the flaw to its KEV catalog and putting federal agencies on a short deadline to
TRENDING TOPICS APR 24, 2026 Entra ID “Agent IDs” Show How Quiet Admin Roles Become Prime Targets Recent research into Microsoft Entra ID has highlighted that attackers increasingly target service identities and mid-tier admin roles, not just classic Global Administrator accounts. By compromising identities that sit behind “trusted” first‑party
TRENDING TOPICS APR 22, 2026 ASP NET Core Critical Vulnerability: When Request Smuggling Becomes a Security Feature Bypass Microsoft has patched a maximum-severity vulnerability in ASP[.]NET Core, tracked as CVE-2025-55315, that allows HTTP request smuggling via the built-in Kestrel web server. With a CVSS score of 9.9 out
TRENDING TOPICS APR 17, 2026 CISA Sounds the Alarm on Apache ActiveMQ: A 13‑Year‑Old RCE Bug Is Now Being Actively Exploited CISA has added CVE-2026-34197 to its Known Exploited Vulnerabilities catalog after confirming active exploitation of this high-severity remote code execution flaw in Apache ActiveMQ Classic. The vulnerability
TRENDING TOPICS APR 15, 2026 HanGhost Loader Targets the People Who Move Money and Goods, Not Just IT A new HanGhost loader campaign is quietly going after corporate staff who sit closest to payments, logistics, and contract workflows, using a multi‑stage, largely fileless attack chain that most SOCs only
TRENDING TOPICS APR 10, 2026 UNC6783’s Okta Phishing Playbook: When Your BPO Helpdesk Becomes the Front Door Google’s Threat Intelligence Group is tracking a new data‑theft extortion crew, UNC6783, that breaks into large enterprises by first compromising their business process outsourcers (BPOs), the third‑party support and
TRENDING TOPICS APR 08, 2026 Docker’s Silent AuthZ Failure: CVE‑2026‑34040 Turns One Oversized Request into Full Host Takeover A newly disclosed high‑severity flaw in Docker Engine, tracked as CVE‑2026‑34040 (CVSS 8.8), allows attackers to bypass authorization plugins and gain full control of the
A practitioner's guide to patterns, pitfalls, and reusable approaches for GovCloud and classified environments Daniel Beller | Director of Cloud Solutions, Hunter Strategy 23 years supporting DoD and IC in systems and cloud engineering, architecture, and security - both practical and compliance Why Multi-Region? The Case and the Caveats
TRENDING TOPICS APR 03, 2026 SparkCat’s Comeback: Stealthy Mobile Wallet Stealer Hiding in “Normal” Apps Researchers have uncovered a new SparkCat malware variant lurking in seemingly legitimate iOS and Android apps, including enterprise messengers and food delivery services, on both the Apple App Store and Google Play. The trojan
