Fraudsters exploit vacant properties and postal services for identity theft
The tutorial, analyzed by Flare, outlines a low-cost, difficult-to-detect workflow that begins with identifying vacant residential properties, often found by...
Vulnerability Disclosure
20 articles
CISA gives agencies two weeks to patch video conferencing bug exploited by Chinese hackers
A bug in a popular line of video conferencing software is being exploited by hackers, prompting the U.S.
Security lapse lets researchers view React2Shell hackers’ dashboard
An apparent security lapse has allowed researchers to peer into the work of a threat group currently exploiting unpatched servers open to the four-month-old ...
Claude Code is still vulnerable to an attack Anthropic has already fixed
The leak of Claude Code’s source is already having consequences for the tool’s security. Researchers have spotted a vulnerability documented in the code.
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, accord...
Critical ShareFile Flaws Lead to Unauthenticated RCE
The vulnerabilities can be chained together to bypass authentication and upload arbitrary files to the server. The post Critical ShareFile Flaws Lead to Unau...
Apple expands updates to iOS 18 devices affected by DarkSword exploit
Experts say Apple’s move shows it understood that older iOS and iPadOS devices were vulnerable and being exploited by DarkSword.
200,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in Perfmatters WordPress Plugin
On March 1st, 2026, we received a submission for an Arbitrary File Deletion vulnerability in Perfmatters, a WordPress plugin with more than 200,000 active in...
Claude Code vulnerable to prompt injection due to subcommand limit
The vulnerability was discovered by Adversa, a security firm, after the leak of Claude Code's source code.
US Bans All Foreign-Made Consumer Routers
This is for new routers; you don’t have to throw away your existing ones: The Executive Branch determination noted that foreign-produced routers (1) introduc...
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 23, 2026 to March 29, 2026)
Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPres...
Apple Rolls Out DarkSword Exploit Protection to More Devices
The DarkSword exploit kit has been used by both state-sponsored hackers and commercial spyware vendors. The post Apple Rolls Out DarkSword Exploit Protection...
Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
Threat actors are exploiting vacant homes as "drop addresses" to intercept mail and enable fraud. Flare shows how postal services and fake identities are abu...
New Progress ShareFile flaws can be chained in pre-auth RCE attacks
Two vulnerabilities in Progress ShareFile, an enterprise-grade secure file transfer solution, can be chained to enable unauthenticated file exfiltration from...
Apple Expands iOS 18 Security Updates Amid DarkSword Threat
iOS/iPadOS 18.7.
Cisco Patches Critical and High-Severity Vulnerabilities
The bugs could lead to authentication bypass, remote code execution, information disclosure, and privilege escalation. The post Cisco Patches Critical and Hi...
DarkSword exploit forces Apple to loosen its patching policy
Apple has extended security updates to a wider range of devices still running iOS 18, aiming to protect users from the DarkSword exploit kit. This is not the...
Apple Releases iOS 18.7.7 Update to Defend Against DarkSword Exploit
Apple has officially expanded the rollout of iOS 18.7.
Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks
Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote ...
Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit
Apple on Wednesday expanded the availability of iOS 18.7.