Security Issues, Vulnerabilities, Exploits & Government Alerts
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced the successful retirement of ten Emergency Directives issued between 2019-2024. Marking a significant milestone in federal cybersecurity, this is the highest number of Emergency Directives retired by the…
Chainguard, the trusted source for open source, has a unique view into how modern organizations actually consume open source software and where they run into risk and operational burdens. Across a growing customer base and…
Jan 08, 2026Ravie LakshmananNetwork Security / Vulnerability Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit. The…
Jan 08, 2026Ravie LakshmananMalware / Cloud Security Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT. The names of the packages, all of which were…
Jan 08, 2026Ravie LakshmananVulnerability / Container Security Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list…
Jan 08, 2026Ravie LakshmananPrivacy / Artificial Intelligence Artificial intelligence (AI) company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about their health.…
Jan 08, 2026Ravie LakshmananVulnerability / KEV Catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities…
Jan 07, 2026Ravie LakshmananCybercrime / Software Security A cybercrime gang known as Black Cat has been attributed to a search engine optimization (SEO) poisoning campaign that employs fraudulent sites advertising popular software to trick users…
Jan 07, 2026Ravie LakshmananVulnerability / Automation Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n, a popular workflow automation platform, that allows an unauthenticated remote attacker to gain complete control over…
Jan 07, 2026The Hacker NewsThreat Detection / Endpoint Security Security teams are still catching malware. The problem is what they’re not catching. More attacks today don’t arrive as files. They don’t drop binaries. They don’t…