CVE-2026-35616 (CVSS 9.1) exploited since March 31, 2026, affects FortiClient EMS 7.4.5–7.4.6, enabling privilege escalation.
Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
"The C2 hosts a web-based graphical user interface (GUI) titled 'NEXUS Listener' that can be used to view stolen information ...
The U.S. State Department has officially launched the Bureau of Emerging Threats, a new unit tasked with protecting U.S.
Cookie-gated PHP web shells enable persistent Linux RCE via cron-based re-creation, reducing detection in routine traffic ...
UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...
The activity begins with the attackers distributing malicious VBS files via WhatsApp messages that, when executed, create ...
TA416 targeted European governments from mid-2025 using PlugX and OAuth abuse, enabling cyber espionage against EU and NATO ...
AI extensions after DeepSeek block at U.S. law firm, routing traffic to China servers, exposing compliance risk.
Third parties cause 30% of breaches in 2025, with $4.91M average costs, driving $18.7B TPRM growth by 2030 and stricter ...
Google expands Android developer verification globally after September rollout, adding authentication and delays to ...
Compliance continues to drive adoption of trusted open source: We saw the same themes from December present here, underscored ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results