Articles

Trellix Source Code Breach: RansomHouse Claims April 17 Intrusion, Vendor Confirms Repo Access

Sorry Ransomware Sweeps cPanel Hosts: 7,135 Servers Encrypted, Censys Says cPanel Is 80% of New Malicious IPs Today

ShinyHunters Sets May 12 Deadline for Canvas / Instructure: 8,809 Schools, 275M Records, Per-School Ransom Demands

MOVEit Automation CVE-2026-4670: Unauthenticated Auth Bypass on the MFT Engine 1,400+ Customers Run

cPanel CVE-2026-41940: 64-Day Zero-Day, 44,000 Compromised IPs, and a Targeted Run at Southeast Asian Defence and MSPs

Apache HTTP Server 2.4.66 HTTP/2 Double-Free (CVE-2026-23918): A Single-Version Bug With RCE Potential

LiteLLM CVE-2026-42208: Pre-Auth SQL Injection in the AI Gateway, Targeted Exploitation Within 36 Hours

Hugging Face LeRobot CVE-2026-25874: Unauthenticated Pickle RCE Over gRPC, Still Unpatched

One git push, Full Server: CVE-2026-3854 Let Anyone with Push Access RCE GitHub.com and Enterprise Server

Tropic Trooper Turns VS Code Tunnels and GitHub Issues into a Stealth C2, Plants Trojanized SumatraPDF on Devs

PhantomRPC: Architectural Flaw in Windows RPC Lets Any Service Account Reach SYSTEM, and Microsoft Will Not Patch It

Ninja Forms File Upload CVE-2026-0740 (CVSS 9.8) — 50,000 WordPress Sites Under Active Webshell Attack

Global Modbus/TCP Scanning Campaign Hits 14,426 Internet-Exposed PLCs in 70 Countries — Including Active Write Attempts

ADT Confirms Breach: One Vishing Call → Okta SSO → 10M Salesforce Records — The ShinyHunters Playbook in Action

GopherWhisper: China-Aligned APT Uses Slack, Discord, and Microsoft 365 Outlook as Command-and-Control

CISA Adds 4 Actively Exploited Flaws to KEV: SimpleHelp, Samsung MagicINFO, D-Link DIR-823X — May 8 Federal Deadline

LMDeploy SSRF (CVE-2026-33626) Weaponized Within 13 Hours of Disclosure — Your AI Inference Box Is a Metadata-API Probe

FIRESTARTER: APT Backdoor on Cisco ASA/Firepower Devices Survives Patching — Federal Agency Confirmed Compromised

Your Security Tools Are the Vulnerability: Critical CrowdStrike LogScale (CVE-2026-40050) and High-Severity Tenable Nessus (CVE-2026-33694) Patches

Defender BlueHammer (CVE-2026-33825) Now Actively Exploited — CISA KEV Deadline May 6

Bitwarden CLI Backdoored in Ongoing TeamPCP Campaign — Shai-Hulud: The Third Coming

Checkmarx KICS Docker Hub and VS Code Extensions Poisoned in Fresh Supply Chain Attack

CanisterWorm: A Self-Propagating npm Worm Is Stealing Developer Tokens and Spreading Autonomously

ASP.NET Core CVE-2026-40372: Out-of-Band Patch for Critical Cookie Forgery Flaw — Rotate Your Data Protection Keys

Google Antigravity IDE: Prompt Injection Through find_by_name Turns File Search Into Full RCE

Vercel Breach Traced to Context.ai Supply Chain Compromise — Rotate Your Environment Variables Now

SGLang CVE-2026-5760: A Malicious AI Model File Is Enough to Get RCE on Your Inference Server

BRIDGE:BREAK — 20 New Vulnerabilities in Lantronix and Silex Serial-to-IP Converters Threaten OT and Hospital Networks

Anthropic's MCP Has a By-Design RCE Flaw Affecting 200,000 Servers — and Anthropic Won't Fix It

Microsoft's Massive April 2026 Patch Tuesday Fixes 167 Flaws Including Exploited SharePoint Zero-Day

ICS Patch Tuesday: Siemens, Schneider Electric, Rockwell and Five More Vendors Ship Critical Fixes

ShowDoc RCE Flaw CVE-2025-0520 Is Being Actively Exploited — Over 2,000 Servers Exposed

PHP Composer Patches Two Command Injection Flaws in Perforce VCS Driver — Update to 2.9.6 Now

OpenAI Revokes macOS Code Signing Certificate After North Korea-Linked Axios Supply Chain Attack

Mirax Android RAT Converts Infected Phones into Residential Proxies After Spreading via Meta Ads

CISA Orders Federal Agencies to Patch 6 Actively Exploited Flaws in Fortinet, Microsoft, and Adobe

108 Malicious Chrome Extensions Caught Stealing Google Tokens and Telegram Sessions

Google Chrome Now Makes Stolen Session Cookies Useless With Device Bound Session Credentials

Unpatched 'BlueHammer' Windows Zero-Day Lets Local Users Escalate to Admin — PoC Is Public

CPUID Website Breached — Trojanized CPU-Z and HWMonitor Downloads Delivered STX RAT for Six Hours

Adobe Ships Emergency Patch for Acrobat Reader Zero-Day That Was Exploited for Five Months

Attackers Hijacked Smart Slider 3 Pro's Update Server to Push a Backdoor to 800,000 WordPress Sites

Critical Marimo Python Notebook Flaw Exploited in Under 10 Hours After Public Disclosure

Palo Alto Networks and SonicWall Release Patches for High-Severity Firewall and VPN Vulnerabilities

Adobe Reader Zero-Day Has Been Exploited Through Malicious PDFs Since Late 2025

OpenSSL Patches Seven Vulnerabilities Including a Data Leakage Flaw in RSASVE Key Encapsulation

Critical Docker Engine Flaw Lets Attackers Bypass Authorization Plugins and Access the Host

Device Code Phishing Attacks Have Surged 37x — Here's How to Stop Them

How Attackers Are Hiding PHP Web Shells Inside HTTP Cookies on Linux Servers

Microsoft's Defender team uncovered a growing technique where attackers use HTTP cookies as a hidden command channel for PHP web shells — making them far harder to detect than traditional approaches.

How a Poisoned Trivy Update Gave Hackers the Keys to the European Commission's AWS

A supply chain attack against Trivy resulted in the European Commission losing 340 GB of data from its AWS environment — showing how dangerous a single compromised tool in a pipeline can be.

Critical ShareFile Vulnerabilities Allow Full RCE Without a Password — Patch Now

Two chained vulnerabilities in Progress ShareFile's Storage Zones Controller allow an unauthenticated attacker to go from zero access to full remote code execution on the server — no credentials needed.