Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

How to Reduce Phishing Exposure Before It Turns into Business Disruption

What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that…

Developer Workstations Are Now Part of the Software Supply Chain

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker…

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

Ravie LakshmananMay 18, 2026Vulnerability / Software Security Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping…

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

Ravie LakshmananMay 18, 2026Supply Chain Attack / Botnet Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of…

Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations

Ravie LakshmananMay 18, 2026Industrial Sabotage / Malware A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned…

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

Ravie LakshmananMay 18, 2026Zero Day / Vulnerability Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants…

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

Ravie LakshmananMay 17, 2026Server Security / Vulnerability A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The…

Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

Ravie LakshmananMay 17, 2026Data Breach / Cybercrime Grafana has disclosed that an “unauthorized party” obtained a token that granted them the ability to access the company’s GitHub environment and download its codebase. “Our investigation has…

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

Ravie LakshmananMay 16, 2026Vulnerability / Website Security A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages…

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

Ravie LakshmananMay 15, 2026Botnet / Threat Intelligence The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that’s engineered for stealth and persistent access to…

« Previous
1
…
9
10
11
12
13
…
522
Next »