Security Issues, Vulnerabilities, Exploits & Government Alerts
Not long ago, AI agents were harmless. They wrote snippets of code. They answered questions. They helped individuals move a little faster. Then organizations got ambitious. Instead of personal copilots, companies started deploying shared organizational…
Security experts have disclosed details of an active malware campaign that’s exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range…
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA), United Kingdom’s National Cyber Security Centre (NCSC-UK), Federal Bureau of Investigation (FBI) and international partners released Secure Connectivity Principles for Operational Technology. This joint guidance, led by NCSC-UK, helps organizations…
Jan 14, 2026Ravie LakshmananVulnerability / Patch Management Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The operating system…
Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. Government sector malicious activity spiked from 2% to 12.9%, while 1 in…
Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the 114 flaws, eight are rated…
Jan 14, 2026Ravie LakshmananApplication Security / Vulnerability Node.js has released updates to fix what it described as a critical security issue impacting “virtually every production Node.js app” that, if successfully exploited, could trigger a denial-of-service…
Jan 14, 2026Ravie LakshmananCyber Espionage / Threat Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between October and…
Jan 13, 2026Ravie Lakshmanan Web Security / Data Theft Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club,…
Jan 13, 2026Ravie LakshmananWeb Security / Online Fraud Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that’s capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in…