§Source · Cybersecurity News
Cybersecurity News
Every dispatch we have aggregated from Cybersecurity News.
All dispatches
Loading
§Source · Cybersecurity News
Every dispatch we have aggregated from Cybersecurity News.
All dispatchesBitLocker zero-day CVE-2026-50661 allows physical attackers with hands-on access to bypass device encryption protections.
AsyncAPI packages were trojanized after attacker stole an npm publishing token via GitHub Actions, risking developer and CI compromise.
Miasma v3 delivered via trojanized AsyncAPI packages creates persistent backdoors on developer machines and build servers.
CISA publishes after-action lessons following contractor exposure of AWS GovCloud credentials and IaC repos on public GitHub.
Forg365 provides AI-driven phishing, session theft and mailbox access to attack Microsoft 365 users via a subscription model.
Critical Dell BIOS weakness (CVE-2026-40639) allows instant admin-password recovery from SPI flash, risking device takeover and firmware abuse.
Threat group O UNC 066 uses phone-based phishing to trick employees into registering attacker-controlled Entra passkeys to hijack accounts.
Roundcube 1.7 patches zero-click stored XSS via crafted MIME attachments enabling remote compromise without user interaction.
ACSC warns a global campaign is exploiting CMS vulnerabilities to deploy webshells and persist on small to mid-size websites.
Threat actors redirect audit logs and telemetry to attacker storage; tighten bucket controls.
VS Code extension flaws enable arbitrary code execution and cloud credential theft via malicious repos.
Spyder and MaXSS flaws in AI-powered Chrome extensions enable session hijacks and data access.
CVE-2026-8713 in Avada/fusion builder enables file-deletion and potential RCE on affected sites.
Get these articles delivered to your inbox.
Subscribe free