Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Ravie LakshmananMar 23, 2026Email Security / Cloud Security Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take…

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Ravie LakshmananMar 23, 2026Cloud Security / DevOps Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean…

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

Ravie LakshmananMar 23, 2026Vulnerability / Endpoint Security Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed…

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Ravie LakshmananMar 21, 2026Cyber Espionage / Threat Intelligence Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging…

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Ravie LakshmananMar 21, 2026Vulnerability / Threat Intelligence Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The…

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

Ravie LakshmananMar 21, 2026Vulnerability / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog,…

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

Ravie LakshmananMar 21, 2026Malware / Threat Intelligence The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a…

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets. The latest incident impacted GitHub Actions…

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities. The security defect, tracked as CVE-2026-33017 (CVSS…

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Ravie LakshmananMar 20, 2026Data Privacy / Mobile Security Google on Thursday announced a new “advanced flow” for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt…

« Previous
1
…
18
19
20
21
22
…
495
Next »