Fake Security Tool Spreads LucidRook in Taiwan Cyberattacks
Hackers are using fake security tools and cleverly crafted phishing emails to secretly deploy a new malware family, LucidRook, against organizations in Taiwa...
Threat Intelligence Feed
Aggregating 2797 articles from trusted cybersecurity sources
LATEST CVEs
CVE-2026-5813
A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of
CVE-2026-5812
A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown pa
CVE-2026-5811
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function
CVE-2026-5173
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and
CVE-2026-4916
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 1
CVE-2026-4398
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-4332
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.1
CVE-2026-3438
A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that al
CVE-2026-3199
A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an a
CVE-2026-2619
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.1
CVE-2026-2104
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 1
CVE-2026-1752
GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.1
CVE-2026-1516
GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18
CVE-2026-1101
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.1
CVE-2026-1092
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and
CVE-2025-9484
GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.1
CVE-2025-12664
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 1
CVE-2026-5919
Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attack
CVE-2026-5918
Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had com
CVE-2026-5915
Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to
CVE-2026-5914
Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a mali
CVE-2026-5913
Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bound
CVE-2026-5912
Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds
CVE-2026-5911
Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content secu
CVE-2026-5910
Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap
CVE-2026-5909
Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap
CVE-2026-5908
Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap
CVE-2026-5907
Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an ou
CVE-2026-5906
Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof t
CVE-2026-5905
Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to per
CVE-2026-5904
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malic
CVE-2026-5903
Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to
CVE-2026-5902
Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the rende
CVE-2026-5901
Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a
CVE-2026-5900
Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download
CVE-2026-5899
Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker
CVE-2026-5898
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI
CVE-2026-5897
Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a use
CVE-2026-5896
Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage
CVE-2026-5895
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the c
Latest News
The long road to your crypto: ClipBanker and its marathon infection chain
Threat actors are distributing a Trojan disguised as Proxifier software; through a multi-stage infection chain, it delivers ClipBanker – malware that replace...
Hackers exploiting Acrobat Reader zero-day flaw since December
Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. [.
WhatsApp brings long-awaited privacy control over who can contact you
After years of waiting, WhatsApp is set to roll out a username feature that will allow people to connect and communicate without sharing their phone numbers....
Patch windows collapse as time-to-exploit accelerates
The gap between vulnerability disclosure and exploitation is drastically decreasing, putting security teams’ patching practices on notice. According to Rapid...
Weak at the seams
Before I ever held a security title, I was a software engineer implementing vertically integrated automation systems for industrial manufacturing, warehouse-...
Meta’s Muse Spark takes AI a step closer to personal superintelligence
Meta Superintelligence Labs has introduced Muse Spark, a natively multimodal reasoning model with support for tool use, visual chain of thought, and multi-ag...
China’s Tianjin Supercomputer Center Allegedly Hit in 10-Petabyte Data Theft
A threat actor has allegedly executed one of the largest data heists in China’s history, siphoning an astounding 10 petabytes of highly classified informatio...
Adobe Reader Zero-Day Exploited for Months: Researcher
Reputable researcher Haifei Li has come across what appears to be a PDF designed to exploit an unpatched vulnerability. The post Adobe Reader Zero-Day Exploi...
Google Warns of New Threat Group Targeting BPOs and Helpdesks
Google’s threat intel team warns UNC6783, a new extortion group possibly linked to the “Raccoon” persona, is targeting BPOs and enterprises
CISA Issues Warning on Critical Ivanti EPMM Flaw Exploited in Ongoing Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical security flaw in Ivanti Endpoint Manager Mobile (...
300,000 People Impacted by Eurail Data Breach
In December 2025, hackers stole names and passport numbers from the European travel company’s network. The post 300,000 People Impacted by Eurail Data Breach...
Data Breaches
Leaked Database Sheds Light on Iranian Crypto Sanctions Evasion
Ariomex database reveals potential sanctions evasion and capital transfers tied to Iranian actors
North Korea's APT37 Expands Toolkit to Breach Air-Gapped Networks
The security researchers from Zscaler ThreatLabz have also discovered five new tools deployed by the North Korean hacking group
23rd February – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 23rd February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES France...
16th February – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 16th February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Dutch ...
Odido Breach Impacts Millions of Dutch Telco Users
Dutch telco Odido has revealed a major data breach impacting over six million customers
Substack Confirms Data Breach, "Limited User Data" Compromised
Substack did not specify the number of users affected by the data breach
France Fines National Employment Agency €5m Over 2024 Data Breach
The French data protection regulator said that France Travail’s response to a 2024 data breach violated GDPR
World Leaks Ransomware Group Claims 1.4TB Nike Data Breach
Nike is investigating after the World Leaks ransomware group posted a 1.
Law Firm Investigates Coupang Security Failures Ahead of Class Action Deadline
The US law firm Hagens Berman will lead a class action lawsuit against Coupang over security failures that led to a June 2025 data breach
Under Armour Investigates Data Breach After 72 Million Records Allegedly Exposed
Under Armour said there is no evidence at this point to suggest the incident affected systems used to process payments or store customer passwords
Credential stuffing: What it is and how to protect yourself
Reusing passwords may feel like a harmless shortcut – until a single breach opens the door to multiple accounts