Skip to content
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

Ravie LakshmananJun 03, 2026Vulnerability / Software Development Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user’s GitHub token. “Just by clicking a… 

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

Ravie LakshmananJun 03, 2026Vulnerability / Network Security Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user’s NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829,… 

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Ravie LakshmananJun 03, 2026Vulnerability / Server Security Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed… 

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims’ systems. The Minecraft-focused malware-as-a-service (MaaS) campaign has been codenamed Weedhack by McAfee Labs, stating… 

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

Ravie LakshmananJun 02, 2026Vulnerability / Mobile Security Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component… 

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

Ravie LakshmananJun 02, 2026Threat Intelligence / Malware The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and… 

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

Ravie LakshmananJun 02, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on… 

AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.

AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.

AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window…