Critical WordPress Plugin Bug Could Allow File Deletion Attacks on 1 Million Sites
A serious security vulnerability has been uncovered in the widely used Avada (Fusion) Builder WordPress plugin. This flaw could enable unauthenticated attack...
20 articles
A serious security vulnerability has been uncovered in the widely used Avada (Fusion) Builder WordPress plugin. This flaw could enable unauthenticated attack...
A recently disclosed vulnerability inc, which affects UEFI applications signed by multiple vendors, has prompted urgent recommendations to update the UEFI Fo...
A supply-chain style compromise in the Okendo Reviews widget that enabled the SmartApeSG threat actor to deliver staged JavaScript loaders across a wide e-co...
HazyBeacon is a stealthy cloud-native malware campaign identified as CL-STA-1020. It is exploiting Amazon Web Services (AWS) Lambda Function URLs to create c...
CISA has issued an urgent alert regarding a critical vulnerability in Splunk Enterprise, tracked as CVE-2026-20253, which is now listed in the Known Exploite...
Node.js has announced critical security updates that address 12 vulnerabilities across its supported release lines.
INC has matured from an emerging RaaS operation into one of 2026’s most active ransomware families, claiming more than 800 victims since 2023 and capitalizin...
A previously undocumented, modular Linux post‑exploitation framework that demonstrates sophisticated stealth techniques most notably fetching and compiling C...
A novel Windows-based cryptocurrency clipper that has been active since February 2026 and leverages Windows Script Host (WScript) and ActiveXObject calls to ...
Hackers are actively exploiting a compromised Klue Battlecards integration to extract sensitive Salesforce CRM data by abusing OAuth tokens, according to new...
A recently disclosed iPhone BootROM vulnerability, dubbed “usbliter8,” highlights a significant flaw in Apple’s SecureROM implementation. This vulnerability ...
A new state-surveillance assessment finds that foreign travelers and business staff face high or very high digital risk in 31 countries, where governments in...
International law enforcement agencies have successfully seized 106 servers and 101 domains as part of a coordinated global effort against the SocGholish mal...
F5 has released an out-of-band security notification addressing multiple high‑severity vulnerabilities in NGINX components that can enable remote code execut...
A sophisticated malvertising and social-engineering campaign that pivoted from weaponized GitLab Pages to abusing claude.ai’s shared chat feature, enabling o...
AWS has introduced “Continuum,” a new security capability designed to detect, validate, and remediate code vulnerabilities at machine speed, signaling a shif...
A new security analysis has revealed that Microsoft SQL Server 2025’s native AI capabilities can be repurposed by attackers to stealthily exfiltrate sensitiv...
Microsoft’s June 2026 cumulative update for Windows 11 (KB5095051, OS Build 28000.2269) introduces an unexpected application compatibility issue that may dis...
Threat actors are actively exploiting a critical security flaw in the widely used Gravity SMTP WordPress plugin to extract sensitive configuration data, incl...
Splunk has disclosed a critical security vulnerability in its AI Toolkit that could allow authenticated administrators to execute arbitrary operating system ...