Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
Ravie LakshmananMay 06, 2026Vulnerability / Network Security Palo Alto Networks has released an advisory warning that a critical buffer overflow...
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
Ravie LakshmananMay 05, 2026Vulnerability / Server Security The Apache Software Foundation (ASF) has released security updates to address several security...
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
Ravie LakshmananMay 05, 2026Endpoint Security / Software Security A newly identified supply chain attack targeting DAEMON Tools software has compromised...
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
Ravie LakshmananMay 05, 2026Network Security / Endpoint Security A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to...
The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind:...
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
Ravie LakshmananMay 05, 2026Vulnerability / Network Security Threat actors are actively exploiting a critical security flaw impacting an open-source content...
We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is
While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace...
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
Ravie LakshmananMay 05, 2026Cyber Espionage / Surveillance The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video...
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
Ravie LakshmananMay 05, 2026Vulnerability / Network Security A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA)...
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures...
