U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog
U.S.
Aggregating 7486 articles from trusted cybersecurity sources
U.S.
Version 8.14.
Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by ...
Binarly found six U-Boot flaws, including two that enable code execution during boot image verification, impacting 50+ releases. Binarly’s research team has ...
Multiple campaigns are using ghost accounts to map GitHub organizations, including their repositories and members. The post Ghost Accounts Abuse GitHub API i...
The Australian Cyber Security Centre (ACSC) issued an alert about a global exploitation campaign targeting vulnerable content management systems (CMS) and pl...
The Cybersecurity and Infrastructure Security Agency (CISA) has disclosed details of an internal security incident involving exposed AWS GovCloud credentials...
A sophisticated Windows Trojan that compromises software development projects to distribute a multi-stage backdoor, data stealer, clipboard hijacker, cryptom...
Wireshark release 4.6.
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit,' slipped past AI code reviewers...
Zimbra has released its Daffodil v10.1.
A newly disclosed Dell BIOS password-storage flaw can allow attackers with physical access to recover administrator and user passwords from SPI flash dumps i...
The UK’s data protection regulator, the Information Commissioner’s Office (ICO), fined South Staffordshire Water’s parent company £963,900 over security fail...
Resetting a password doesn't always remove attackers from Active Directory. Specops Software explains how cached credentials and Kerberos tickets can keep at...
A threat actor claimed to have breached GeForce NOW and stolen millions of user records, including full names, email addresses, usernames, dates of birth, an...
Kaspersky researchers analyzed a dataset of 231 million unique passwords leaked on the dark web between 2023 and 2026.
For the latest discoveries in cyber research for the week of 11th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Instructure...
Fashion retailer Inditex, the parent company of Zara, has confirmed unauthorized access to customer transaction databases hosted by a third-party provider. D...
Using a vulnerability in the portal, hackers accessed names, addresses, email addresses, and phone numbers. The post Skoda Data Breach Hits Online Shop Custo...
Key Findings Ransomware in Q1 2026: Consolidation at Scale During the first quarter of 2026, we monitored more than 70 active data leak sites (DLS) that coll...
ShinyHunters gets away with emails and other data on 200,000 Zara customers
In early May 2026, ShinyHunters breached Instructure’s Canvas LMS by abusing the Free-For-Teacher (FFT) account program, triggering an active extortion campa...
The official JDownloader website fell victim to a sophisticated supply-chain attack, resulting in malicious installers being distributed to users worldwide. ...
JDownloader confirms a security breach where hackers manipulated official download links to distribute malicious files between 6 and 7 May 2026.