Security Insights

Breaches, ransomware and regulation — analysed the day they break, with the practical lessons your team can act on. Free to read, no account required.

A photoreal server room at night, rows of glowing blue rack-mounted servers, one rack conspicuously overheating with amb
Vulnerabilities
4 min read
1 Jul 2026

CVE-2025-33017: Attackers Are Turning Forgotten Langflow Servers Into Monero Mines

A critical unauthenticated remote-code-execution flaw in Langflow is under active exploitation, with threat actors deploying XMRig cryptocurrency miners on any instance left exposed to the public internet.

A photoreal editorial close-up of a tangled cluster of consumer routers, IP cameras, and small set-top boxes sitting on
Threats
5 min read
30 Jun 2026

RustDuck Botnet Has Been Building a DDoS Swarm Since February 2026 — and It's Evolving Faster Than It's Growing

QiAnXin's XLab team has identified a Rust-written, two-stage botnet called RustDuck quietly enlisting home routers, IP cameras, Android TV boxes, and exposed Linux servers into a DDoS-for-hire operation. The headline isn't the size of the swarm. It's how fast the code is changing.

A close-up photoreal shot of a server rack in a dimly lit enterprise data center, with a single rack unit emitting a fai
Vulnerabilities
5 min read
30 Jun 2026

CVE-2026-46817: Unauthenticated Attackers Are Actively Exploiting Oracle E-Business Suite Payments

A CVSS 9.8 flaw in Oracle's Payments module lets remote attackers seize full control of EBS instances — no credentials required — and exploitation is already underway.

A close-up photoreal shot of hands hovering over a laptop keyboard in a dimly lit office, the glow of a browser address
Threats
4 min read
30 Jun 2026

Fake Perplexity Chrome Extension Sent Every Address Bar Keystroke to an Attacker Server

Microsoft's threat research team caught a malicious Chrome extension impersonating Perplexity AI — one that silently intercepted omnibox input, character by character, before users ever saw a search result.

A photoreal wide-angle shot of a dimly lit enterprise server room at night, rows of glowing rack-mounted servers casting
Breaches
5 min read
29 Jun 2026

ShinyHunters Breached NAIC via Oracle PeopleSoft Zero-Day — But the Regulator Says the Haul Was Mostly Junk

The National Association of Insurance Commissioners confirms attackers exploited an unpatched vulnerability in an internet-facing PeopleSoft server, while disputing the extortion crew's characterization of what was actually stolen.

A photoreal editorial scene of a glowing laptop screen displaying green terminal code in a dimly lit developer workspace
Threats
4 min read
29 Jun 2026

Hijacked npm Packages Abuse VS Code Tasks to Drop Cross-Platform Python Infostealer

JFrog researchers found attackers who compromised two legitimate npm maintainer accounts and built a Go module cluster to deliver a Python stealer — hiding execution inside VS Code workspace task definitions rather than the lifecycle hooks most tools actually scan.

Photoreal editorial scene: a software developer sitting at a dual-monitor workstation in a dimly lit open-plan office, f
Vulnerabilities
5 min read
29 Jun 2026

CVE-2026-12957: Amazon Q Developer Flaw Let a Cloned Repo Steal AWS Credentials

A high-severity vulnerability in Amazon's AI coding assistant allowed a hostile repository to hijack ambient AWS credentials the moment a developer clicked 'trust workspace.' Amazon has shipped a patch.

A photorealistic editorial scene showing a close-up of a smartphone lying face-up on a cold metal table in a sparse, dim
Threats
5 min read
28 Jun 2026

Russia Used Cellebrite Against an Activist, Five Eyes Sounded an AI Alarm, and Scattered Spider Pleaded Guilty — Here Is What Defenders Should Do Next

Four security developments from one week paint a coherent picture: surveillance tools reach beyond their intended users, AI threats are operational not theoretical, Mac endpoints carry real risk, and social-engineering crews face real prison time.

Photoreal editorial scene: a darkened server room bathed in cold blue light, rows of network hardware with blinking ambe
Threats
4 min read
28 Jun 2026

ASIO: State Hackers Stole IT Staff Credentials at Australian Critical Infrastructure Site

Australia's domestic intelligence chief confirmed a foreign state actor had harvested valid login credentials from privileged IT accounts inside a critical infrastructure operator — and was positioned for sabotage, not passive surveillance.

Photoreal editorial scene: a darkened government server room in Southeast Asia, rows of illuminated rack-mounted servers
Threats
5 min read
28 Jun 2026

New TinyRCT Backdoor Targets Southeast Asian Energy and Government Networks in Stealthy Chinese-Speaking Campaign

Palo Alto Networks Unit 42 has identified a previously unknown implant — TinyRCT — deployed by an intrusion cluster called CL-STA-1062 against state-owned energy enterprises and government ministries across Southeast Asia.

Photoreal editorial scene: a dimly lit government office at night, a serious professional in civilian clothes staring at
Threats
4 min read
27 Jun 2026

Russia Ran Fake Messenger Support Scams Against Officials Across Three Continents, SSU and FBI Say

GRU and FSB-linked operators impersonated tech-support staff and trusted contacts to hijack Signal, Telegram, and WhatsApp accounts belonging to soldiers, politicians, and activists in Ukraine, Europe, and the United States.

A photoreal editorial scene of a darkened government operations center in Asia at night, multiple monitors displaying ne
Threats
4 min read
27 Jun 2026

SharkLoader: A Custom-Built Stager Is Planting Cobalt Strike Beacon on Asian Government Networks

Kaspersky researchers tracking a campaign called StrikeShark have identified a previously undocumented loader family dropping Cobalt Strike Beacon on a diplomatic organization in Indonesia and government targets in Taiwan — a targeting profile that points squarely to state-sponsored espionage.

Photoreal editorial scene: a dimly lit industrial server room inside a large manufacturing facility, rows of humming rac
Vulnerabilities
5 min read
27 Jun 2026

Web Shells Deployed on PTC Windchill PLM Systems as Attackers Exploit Critical Deserialization Flaw

A CVSS 9.3 vulnerability in PTC Windchill and FlexPLM — software trusted by defense contractors, aerospace primes, and automotive manufacturers — is under active exploitation, with attackers establishing persistent backdoors inside some of the most sensitive engineering environments on earth.

A close-up editorial photograph of a person's hands holding a smartphone displaying a blurred messaging app settings scr
Threats
5 min read
26 Jun 2026

GRU Phishing Campaign Targets Signal's Backup Recovery Key — And the Key Never Expires

The FBI and CISA have updated their advisory on Russian intelligence operators targeting Signal users, warning that attackers have shifted tactics from linked-device hijacking to stealing the Backup Recovery Key — a credential that grants permanent, silent access to a user's full message history.

A lone executive in a dark suit walks through a modern glass-walled corporate security operations centre at dusk, multip
Threats
4 min read
26 Jun 2026

Philip Martin Joins Uber as CISO, Bringing Crypto and Defence Credentials to a Chair With History

The former Coinbase security chief takes over at Uber — a company whose breach record, regulatory scrutiny, and expanding data footprint make the hire one of the more consequential CISO appointments in recent memory.

A close-up, photoreal editorial shot of a laptop screen displaying a browser window with a puzzle-piece extension icon g
Threats
5 min read
26 Jun 2026

Featured Chrome Extension 'Adblock for YouTube' Carries Hidden Remote-Execution Capability — 10 Million Users at Risk

A widely installed ad-blocking extension holds code that can fetch and run arbitrary JavaScript on any page a user visits. No malicious payload has been observed yet. That 'yet' is the problem.

Photoreal editorial scene: a lone industrial control room at night, banks of monitors displaying pipeline schematics and
Regulation
5 min read
25 Jun 2026

ICS Security Turns 25: What a Quarter-Century of OT Defense Has Taught Us

The Industrial Control Systems Cybersecurity Conference returns October 6–8, 2026, at the W Nashville for its 25th anniversary — a milestone that invites hard questions about how much the field has actually changed.

A dimly lit enterprise network operations center at night, rows of physical server racks and blinking network switches i
Vulnerabilities
4 min read
25 Jun 2026

Cisco Catalyst SD-WAN Zero-Day Exploited for Two Months Before Disclosure

CVE-2026-20245 gave attackers root on enterprise WAN gear while defenders had no patch to apply — and possibly no idea the intrusion was happening.

A photoreal editorial scene inside a dimly lit corporate server room at night, a hooded figure reflected faintly in a ra
Threats
5 min read
25 Jun 2026

Mistic Backdoor: How an Access Broker Is Selling Footholds to Qilin, Akira, and Black Basta

A threat group called Woodgnat has deployed a custom in-memory backdoor since at least April 2025, quietly auctioning enterprise access to some of the most active ransomware gangs operating today.

A photoreal close-up editorial photograph of a rack-mounted industrial network device with serial ports and ethernet con
Vulnerabilities
4 min read
24 Jun 2026

CISA Adds Lantronix EDS5000 Code Injection Bug to Known Exploited Vulnerabilities List

CVE-2025-67038 scores a 9.8 CVSS and is already being exploited in the wild. Federal agencies have until June 26, 2026 to patch — a deadline that tells you nothing about how fast attackers are moving right now.

A futuristic government office with computer screens displaying cryptographic algorithms, diverse professionals engaged
Regulation
2 min read
24 Jun 2026

Federal Push for Quantum-Resistant Cryptography: New Deadlines and Initiatives

The U.S. government mandates a nationwide shift to quantum-resistant cryptography by 2030, impacting federal agencies and contractors.

A photoreal close-up of a film strip partially unwinding from a damaged reel on a dark server room floor, with dramatic
Vulnerabilities
5 min read
24 Jun 2026

PixelSmash: Critical FFmpeg Flaw Puts Media Servers and Cloud Pipelines at Risk

A heap out-of-bounds write in FFmpeg's MagicYUV decoder — CVE-2026-8461 — can crash applications or hand attackers remote code execution via a 50 KB video file.

Photoreal wide-angle editorial shot of a server room at night, rows of rack-mounted firewall and network appliances with
Threats
4 min read
23 Jun 2026

FortiBleed: How a Credential-Stuffing IAB Probed 430,000 FortiGate Firewalls

A financially motivated initial access broker has been running brute-force and credential-stuffing attacks against internet-exposed FortiGate appliances since February 2026 — and the TTPs are textbook, repeatable, and preventable.

A photorealistic editorial scene: a glowing smartphone screen displaying an anonymous chat message with a file attachmen
Threats
5 min read
23 Jun 2026

WhatsApp DMs Are Delivering VBScript Droppers That Install Legitimate RMM Tools on Victims' Machines

An active, multi-continent campaign sends malicious Visual Basic Script files over WhatsApp to sideload commercial remote-monitoring software — and most endpoint controls never fire.

A photoreal close-up of a glowing computer screen in a darkened server room showing lines of YAML pipeline code, with a
Vulnerabilities
5 min read
23 Jun 2026

GitHub Hardens actions/checkout to Kill 'Pwn Request' Attacks Dead

A new default in actions/checkout v7, announced June 18, automatically blocks unreviewed fork code from running inside privileged workflows — closing an exploit path that attackers had used for years to steal secrets and poison packages.

A photorealistic editorial scene of a software engineer in a dimly lit server room staring at a monitor displaying a pip
Threats
5 min read
22 Jun 2026

ShapedPlugin Pro Plugins Shipped Backdoor Code Through the Vendor's Own Update Channel

Attackers compromised ShapedPlugin's build and distribution pipeline, silently delivering malicious code to paying customers who did everything right.

Photoreal editorial scene: a dimly lit operations center in a Southeast Asian city at night, multiple large monitors dis
Threats
5 min read
22 Jun 2026

INTERPOL's 2025/2026 Assessment: Phishing, Ransomware, and AI Fraud Are Overwhelming Asia-Pacific Defenses

A new INTERPOL threat report finds cybercrime accelerating across Asia and the South Pacific, with phishing driving initial access, ransomware hitting under-resourced nations hardest, and generative AI removing the last natural barriers to mass fraud.

A photoreal editorial scene of a modern open-plan office at dusk, warm overhead lights, several professionals wearing wi
Vulnerabilities
6 min read
22 Jun 2026

Four Security Stories You Shouldn't Ignore: Beats Eavesdropping, a GCP Privilege-Escalation Flaw, and a Threat Actor Who Lived Inside a Network for a Decade

Apple quietly patched a Bluetooth vulnerability in Beats firmware, Google Cloud's Config Connector carries an unpatched privilege-escalation bug, and the threat group Velvet Ant spent roughly ten years undetected inside a target network. Here is what defenders need to know — and do — right now.

Photoreal editorial scene: a dimly lit server room with blue-tinted rack lighting, a law enforcement officer in dark tac
Regulation
5 min read
21 Jun 2026

Operation Endgame Dismantles SocGholish Infrastructure, Cleans 14,971 Hacked WordPress Sites

A Dutch-led coalition spanning four countries has taken down command-and-control servers powering the SocGholish malware loader and force-remediated nearly 15,000 compromised websites — marking the latest phase of the largest coordinated botnet-disruption effort in history.

A dramatic low-angle shot of a server room corridor at night, rows of blinking rack-mounted servers fading into darkness
Ransomware
5 min read
21 Jun 2026

The Gentlemen Ransomware Group Ships a Centralized EDR Killer to Every Affiliate

GentleKiller blends signed-driver abuse with a hardcoded hit list of roughly 400 security processes — and every Gentlemen affiliate gets it as standard kit.

A wide-angle photoreal editorial scene of a modern international summit chamber, empty leather chairs arranged in a circ
Regulation
4 min read
21 Jun 2026

Macron Calls for G7 Nations to Unify AI Oversight — and Wants Washington in the Room

France's president is urging wealthy democracies to treat advanced AI governance as a shared responsibility, not a domestic footnote. The gap between political will and enforceable policy remains dangerously wide.

A photoreal close-up of a physical server rack in a dimly lit data center, with a single open padlock resting on a cable
Vulnerabilities
5 min read
20 Jun 2026

Gravity SMTP Vulnerability CVE-2026-4020 Is Being Actively Exploited — Patch and Rotate Now

An unauthenticated information-disclosure flaw in the popular WordPress mailer plugin is already under active attack, putting API keys, OAuth tokens, and SMTP credentials at risk on up to 100,000 websites.

A close-up macro photograph of a modern mobile processor chip on a circuit board, with a thin beam of ultraviolet light
Vulnerabilities
5 min read
20 Jun 2026

usbliter8: Researchers Crack Apple A12 and A13 SecureROM in an Exploit That Cannot Be Patched

A working tethered exploit from Paradigm Shift reaches code burned into the chip at fabrication — and no software update on earth can fix it.

Photoreal editorial scene: a glowing digital key dissolving into streams of data inside a dark server room, shallow dept
Breaches
5 min read
20 Jun 2026

Klue Confirms OAuth Token Theft: Icarus Extortion Group Claims the Attack

The Vancouver-based competitive intelligence platform says attackers stole OAuth tokens and used them to reach customer Salesforce tenants — adding another entry to a growing list of SaaS-to-CRM supply-chain breaches.

A dramatic close-up photoreal editorial scene inside a dark server room bathed in blue and red lighting. In the foregrou
Ransomware
5 min read
19 Jun 2026

GentleKiller: How The Gentlemen RaaS Group Handed Affiliates a Ready-Made EDR Termination Kit

A May 2024 breach of The Gentlemen ransomware-as-a-service platform exposed the group's 'GentleKiller' framework — a pre-packaged tool that lets low-skill affiliates disable enterprise endpoint detection and response software at the kernel level.

A pair of sleek white wireless earbuds resting on a dark matte surface, soft blue Bluetooth signal waves glowing faintly
Vulnerabilities
4 min read
19 Jun 2026

Beats Studio Buds Firmware Patch Closes Bluetooth Flaw That Could Turn Earbuds Into a Listening Device

A CVSS 8.8 authorization bug in the Airoha Bluetooth audio SDK let any attacker within radio range pair with Studio Buds without the owner's knowledge — and potentially capture microphone audio.

A photorealistic editorial scene of a dimly lit living room at night, a cheap plastic Android TV streaming box glowing w
Threats
5 min read
19 Jun 2026

Popa Botnet Tied to NASDAQ-Listed Residential Proxy Firm Alarum Technologies

Researchers from Synthient and Qurium traced four years of Android TV box traffic-relaying back to infrastructure connected to NetNut, the residential proxy service owned by Israel's Alarum Technologies — raising hard questions about where legitimate proxy networks end and silent botnets begin.

A photoreal editorial scene of a server rack in a dimly lit data center, with a single amber warning light casting a glo
Vulnerabilities
4 min read
18 Jun 2026

F5 Patches Two Critical NGINX Flaws That Allow Unauthenticated Remote Code Execution

A use-after-free in NGINX's HTTP/3 module earns a CVSS v4 score of 9.2 — and any deployment with QUIC enabled should treat the patch as same-day work.

Photoreal editorial scene: a dimly lit automotive workshop office at night, a single computer workstation glowing with a
Regulation
5 min read
18 Jun 2026

How a Junior Hacker Kept Access to a French Auto Firm Long After His C2 Server Went Dark

A commodity intrusion at a small French automotive business exposed a gap most incident-response playbooks still miss: killing the command-and-control beacon does not end the incident if the attacker already installed OpenSSH and Tailscale.

A photorealistic editorial scene of a dimly lit server room with rows of blinking network equipment, a large world map p
Regulation
5 min read
18 Jun 2026

Google Plans to Use UK and EU IP Addresses for Ad Targeting From August 2026 — and That Should Concern Your Security Team

A signal Google once condemned as a privacy circumvention becomes official ad infrastructure. The ICO is watching. So should your identity and threat-detection teams.

A photorealistic editorial scene of a glowing blue computer server rack in a dark enterprise data center, with a single
Vulnerabilities
5 min read
17 Jun 2026

CVE-2026-50656: Microsoft's Unpatched 'RoguePlanet' Flaw Puts Every Defender Install at Risk

A privilege-escalation zero-day in the Malware Protection Engine — the scanning core shared by every supported Defender variant — has been confirmed by Microsoft, with no patch yet shipped.

A photoreal close-up of a server rack in a dimly lit data center, one rack unit glowing amber with a warning indicator l
Vulnerabilities
5 min read
17 Jun 2026

CVSS 10.0: CISA Confirms Active Exploitation of Joomla Content Editor Flaw CVE-2026-48907

Widget Factory's JCE extension contains an unauthenticated arbitrary file-write vulnerability that attackers are already burning in the wild. Federal agencies have three weeks to patch. Everyone else should move faster.

A close-up photoreal editorial shot of a human hand hovering over a mechanical keyboard, fingers poised to press keys, w
Threats
5 min read
17 Jun 2026

ClickFix Goes Mainstream: Three Loader Families Exploit the Same Social-Engineering Trick

BabaDeda, Lorem Ipsum, and Potemkin loaders all use the same clipboard-paste attack pattern — and education and finance organizations absorbed the bulk of April 2026 hits.

A photoreal editorial close-up of a glass jar sealed with a metal lid sitting on a server rack inside a dimly lit data c
Threats
5 min read
16 Jun 2026

Pickle in the Middle: Google Vertex AI SDK Flaw Gave Attackers Code Execution Inside Google's Cloud

A bucket-squatting vulnerability in the Google Cloud Vertex AI Python SDK let an unauthenticated attacker intercept ML model uploads and run arbitrary code inside Google's managed serving infrastructure — no project credentials required.

A photorealistic editorial scene of a server rack in a dimly lit data center, shot from a low angle with shallow depth o
Vulnerabilities
5 min read
16 Jun 2026

CISA Flags LiteSpeed cPanel Plugin Flaw as Actively Exploited — Root Access at Stake

CVE-2026-54420 carries a CVSS score of 8.5 and hands attackers root-level control over shared hosting servers. Federal agencies must patch by June 18, 2026. Everyone else should move faster.

A wide-angle photoreal editorial scene showing a federal courthouse exterior at dusk, with the American flag lit by floo
Regulation
5 min read
16 Jun 2026

DOJ Seizes CFAKE and SOCFAKE in First TAKE IT DOWN Act Enforcement Action

Federal agents pulled two of the internet's busiest deepfake nude sites offline, marking the first publicly announced domain seizure under a law signed just weeks ago.

A software developer sits at a dual-monitor workstation in a dimly lit modern office at night, intensely reviewing code
Threats
5 min read
15 Jun 2026

North Korea's Contagious Interview Crew Targets Developers With Code-Review Phishing Bait

The DPRK-linked threat cluster known as Contagious Interview has added a deceptively simple new lure to its arsenal: a polite request to review some code.

A photorealistic close-up of a terminal screen glowing in a dark room showing lines of shell script code, with faint gre
Threats
5 min read
15 Jun 2026

400+ AUR Packages Hijacked to Drop Rust Credential Stealer and eBPF Rootkit

Attackers rewrote PKGBUILD scripts across more than 400 Arch User Repository packages, turning the normal build process into a credential-harvesting operation — with a kernel-level rootkit waiting for any build that ran as root.

A photoreal editorial scene shot in a dark server room: rows of black rack-mounted servers glow with faint blue and gree
Threats
4 min read
15 Jun 2026

Velvet Ant Hid Inside Linux Auth for Nearly a Decade by Backdooring PAM and OpenSSH

A China-nexus threat actor planted rogue authentication modules on victim networks and stayed undetected for close to ten years — by targeting the one layer most incident-response playbooks quietly trust.

A photoreal editorial scene showing a tangled mass of glowing fiber-optic cables being severed by a pair of heavy-duty b
Threats
5 min read
14 Jun 2026

Outsider Enterprise Dismantled: What the 'AI-Powered' Phishing Takedown Actually Tells Defenders

The FBI, Google, and Lumen's Black Lotus Labs jointly knocked a Chinese phishing-as-a-service operation offline after it registered nearly one million malicious domains. The AI angle is real — but narrower than headlines suggest.

A photoreal editorial scene inside a modern government operations center at night: rows of monitors casting blue light o
Regulation
5 min read
14 Jun 2026

Washington Orders Anthropic to Block Foreign Nationals From Fable 5 and Mythos 5 — So Anthropic Pulled Both Models Entirely

Faced with an export-control-style directive it disputes, Anthropic suspended two frontier AI models worldwide rather than build nationality-gated access infrastructure. The standoff raises hard questions about who controls frontier AI and how.

A high-tech conference room with IT professionals discussing cybersecurity vulnerabilities, a digital screen displaying
Vulnerabilities
2 min read
14 Jun 2026

Critical Vulnerability in Splunk Enterprise Exposes Systems to Remote Code Execution

Splunk addresses a severe flaw in its Enterprise software that could allow unauthenticated users to execute arbitrary code.

Photoreal editorial scene: an empty school district IT server room at night, fluorescent lights flickering, a lone works
Threats
4 min read
13 Jun 2026

Former Iowa School IT Admin Sentenced to 21 Months for Post-Termination Network Intrusions

No malware, no nation-state tradecraft — just valid credentials that nobody revoked. A disgruntled ex-employee deleted accounts and disrupted classrooms for months before federal charges ended it.

A photoreal editorial scene showing a large server room with rows of illuminated rack servers, half of the racks display
Regulation
5 min read
13 Jun 2026

Anthropic Takes Fable 5 and Mythos 5 Offline Under White House Export Control Directive

The Trump administration's push to treat frontier AI as dual-use technology forced Anthropic to pull two models entirely — a compliance signal that reshapes how AI labs think about regulatory risk.

A close-up photoreal editorial photograph of a laptop computer open on a dark desk, the screen displaying a blue Windows
Vulnerabilities
4 min read
13 Jun 2026

GreatXML: A BitLocker Bypass That Doesn't Quite Work — Yet

A pseudonymous researcher dropped an alleged Windows Recovery Environment exploit days after Patch Tuesday. A respected vulnerability analyst couldn't replicate it. The researcher is already hunting a workaround.

A dimly lit developer workstation at night showing a terminal screen with cascading green text and package build output,
Threats
5 min read
12 Jun 2026

400+ Arch Linux AUR Packages Backdoored With Rust Credential Stealer and eBPF Rootkit

Attackers hijacked more than 400 community-maintained Arch User Repository packages this week, silently modifying build scripts to drop a Rust-based credential harvester — and, when the build ran as root, an eBPF rootkit capable of hiding itself from every standard Linux detection tool.

A close-up photoreal editorial shot of a laptop sitting open and unattended on a hotel room desk at night, soft lamp lig
Vulnerabilities
5 min read
12 Jun 2026

GreatXML: How a Researcher Cracked BitLocker in Four Hours Using Windows' Own Recovery Partition

A hobbyist find targeting XML configuration files in the Windows Recovery Environment exposes a fundamental gap in full-disk encryption's trust model — and no Microsoft patch exists yet.

A photoreal editorial scene of a glowing blue server rack inside a dimly lit data center, with cascading green terminal
Vulnerabilities
5 min read
12 Jun 2026

CVE-2026-5027: Unauthenticated Path Traversal in Langflow Is Being Exploited Right Now

A write-anywhere bug in the popular open-source AI workflow builder carries a CVSS 8.8 score and is already seeing opportunistic mass exploitation — patch immediately or assume compromise.

Photoreal editorial scene: a dimly lit university server room at night, rows of blinking rack-mounted servers casting bl
Threats
4 min read
11 Jun 2026

ShinyHunters Exploited an Oracle PeopleSoft Zero-Day for Two Weeks Before a Patch Existed

The extortion crew tracked as UNC6240 spent May 27 through June 9 inside university PeopleSoft environments — stealing student records, HR files, and financial data — while Oracle's advisory sat unpublished.

A close-up photoreal editorial scene of a developer's hands at a mechanical keyboard in a dimly lit office, a terminal w
Vulnerabilities
5 min read
11 Jun 2026

npm 12 Kills Install Scripts by Default — and That Changes the Supply Chain Math

GitHub's decision to disable lifecycle hooks in npm 12 removes the single most-abused primitive in JavaScript supply chain attacks. Here is what defenders, DevOps teams, and security engineers need to know before the cutover.

A photoreal close-up of a developer's hands at a mechanical keyboard in a dimly lit server room, with a terminal screen
Regulation
5 min read
11 Jun 2026

npm v12 Will Block Auto-Run Install Scripts by Default Starting July 2025

GitHub's decision to disable automatic lifecycle script execution in npm v12 closes a well-worn supply chain attack path — but security engineers warn the threat is far from finished.

A federal government cybersecurity operations center at night, analysts seated at curved workstations covered in multi-m
Regulation
6 min read
10 Jun 2026

CISA's BOD 26-04 Kills CVSS-First Patching — and Gives Agencies Three Days on the Worst Flaws

A new binding directive replaces severity-score timelines with a four-factor risk model. Federal agencies must remediate the highest-risk vulnerabilities within 72 hours. The rest of the industry should be paying close attention.

A photorealistic scene of a cybersecurity analyst examining a computer screen with lines of code, depicting a race condi
Vulnerabilities
2 min read
10 Jun 2026

RoguePlanet Exploit Unveiled: Microsoft Defender's Latest Vulnerability Challenge

An exploit named RoguePlanet has surfaced, targeting Microsoft Defender with a local privilege escalation vulnerability, raising security concerns.

A photorealistic scene of a busy software development office with engineers working on computers, digital screens showin
Vulnerabilities
2 min read
10 Jun 2026

AI-Driven Bug Disclosures and Zero-Day Threats Dominate Microsoft's June Patch Tuesday

Microsoft addresses a record number of vulnerabilities amid AI-assisted bug discoveries and a high-profile researcher threatening further zero-day releases.

A close-up photoreal shot of a server rack in a dimly lit enterprise data center, with one server panel illuminated by a
Vulnerabilities
4 min read
9 Jun 2026

Microsoft's KB5094127 Patches Windows 10 ESU Fleets — and Starts the Secure Boot Certificate Clock

The June 2026 cumulative update for Windows 10 22H2 Extended Security Updates enrollees bundles this month's vulnerability fixes and adds diagnostic hooks for a looming Secure Boot certificate transition that could leave unpatched systems open to bootkit attacks.

A photoreal editorial scene of a glowing smartphone screen displaying a chat interface with a suspicious unread message
Threats
5 min read
9 Jun 2026

Meta Accuses NSO Group of Violating WhatsApp Injunction With Fresh Spear-Phishing Campaign

A federal jury awarded Meta roughly $168 million in May after NSO's Pegasus spyware abused a WhatsApp voice-call flaw in 2019. Now Meta says NSO's operators are back — this time with social-engineering lures — and is asking a judge to hold the vendor in contempt.

A dramatic wide-angle shot of a dimly lit enterprise network operations center at night, multiple large monitors display
Vulnerabilities
5 min read
9 Jun 2026

Cisco SD-WAN Manager Hit by Active Command-Injection Exploit — No Patch Available Yet

CVE-2026-20245 lets an authenticated attacker escalate to root through the CLI. Mandiant reported the bug after spotting real intrusions, and Cisco has confirmed unauthorized configuration changes in the wild.

A photoreal close-up of glowing green terminal text scrolling across a dark monitor screen in a dimly lit server room, c
Vulnerabilities
5 min read
8 Jun 2026

CVE-2026-23111: Public Exploit Turns Unpatched Linux Kernels Into Root Shells

A weaponized proof-of-concept for a use-after-free in nf_tables dropped on June 8, 2026 — four months after the upstream fix — and it works reliably against hardened kernels with KASLR and SMAP enabled.

A photoreal close-up of tangled fiber optic cables glowing blue and amber in a dark server room, with one cable visibly
Threats
4 min read
8 Jun 2026

Miasma Worm Burrows Into Microsoft's GitHub Presence, Tainting 73 Repositories Across Four Organizations

A self-replicating campaign is chaining stolen developer tokens into an ever-widening blast radius — and Microsoft's own GitHub organizations were not immune.

A photoreal close-up of a computer circuit board bathed in cool blue light, with streams of green binary code cascading
Vulnerabilities
5 min read
8 Jun 2026

AI Agent Finds 21 Zero-Days in FFmpeg the Same Week Chrome Ships a Record 429 Security Fixes

An autonomous AI fuzzer exposed 21 previously unknown vulnerabilities in the media library embedded in nearly every video-capable product on earth. Days later, Google released Chrome 149 with 429 patches — the largest single browser security update on record. Neither story is routine.

A photoreal editorial scene inside a quiet law firm office at dusk: a professional in business attire sits at a desk spe
Threats
5 min read
7 Jun 2026

Silent Ransom Group Calls Law Firms Directly — Then Drains Files Within Hours

A financially motivated extortion crew is impersonating IT staff over the phone, tricking employees into handing over remote access, and exfiltrating privileged client files before most firms even open a help ticket.

A photoreal editorial scene showing a server rack in a dimly lit enterprise data center, one server unit with a blinking
Vulnerabilities
4 min read
7 Jun 2026

CISA Adds SolarWinds Serv-U DoS Flaw to Known Exploited Vulnerabilities List

CVE-2026-28318 crashes the Serv-U file transfer service in the wild. Federal agencies have roughly three weeks to patch. Everyone else should treat that deadline as their own.

A photorealistic wide-angle shot of a dimly lit modern living room at night, a large smart television glowing with a str
Threats
5 min read
7 Jun 2026

Your Smart TV May Be Relaying Scraping Traffic Right Now — And You Probably Agreed to It

A reverse-engineering of Bright Data's iOS SDK reveals how consumer apps — including always-on televisions — quietly enlist household devices as exit nodes in a massive residential proxy network increasingly serving AI data demands.

A photoreal close-up of a developer's hands on a mechanical keyboard in a dimly lit office, a large monitor showing a br
Vulnerabilities
5 min read
6 Jun 2026

One-Click github.dev Flaw Let Attackers Steal GitHub OAuth Tokens

A single crafted link was enough to drain a developer's GitHub OAuth token from the browser-based VS Code editor — granting read/write access to private repositories with no second click required.

A photoreal wide-angle shot of a dimly lit enterprise network operations center at night, multiple large monitors displa
Vulnerabilities
4 min read
6 Jun 2026

Cisco Catalyst SD-WAN Manager Flaw CVE-2026-20245 Exploited in the Wild — No Patch Available

A high-severity authorization vulnerability in Cisco's SD-WAN control plane is under active attack across on-premises, cloud, and FedRAMP deployments. Cisco has confirmed exploitation and has not yet released a fix.

Photoreal editorial scene: a close-up of a developer's hands at a mechanical keyboard in a dimly lit office, a terminal
Vulnerabilities
5 min read
6 Jun 2026

RubyGems Adds Bundler Cooldown to Block Supply Chain Attacks Before They Land

A new --cooldown flag for Bundler delays installation of freshly published gems, buying defenders the time attackers have long exploited.

Photorealistic close-up of a developer's hands typing on a mechanical keyboard in a dimly lit office at night, multiple
Threats
5 min read
5 Jun 2026

Two npm Supply-Chain Campaigns Run Simultaneously: A Rust-Based eBPF Stealer and a Self-Spreading Worm

JFrog researchers caught two parallel attacks inside the npm registry — one hiding inside the Linux kernel, the other replicating across 50-plus packages by hijacking maintainer credentials.

Photoreal editorial scene: a dimly lit server room with rows of illuminated rack-mounted servers casting blue and white
Threats
5 min read
5 Jun 2026

PCPJack Hijacks 230 Cloud Servers Across AWS, Azure, and Google Cloud to Build a Stealth SMTP Relay Grid

A threat actor quietly converted compromised business workloads on three major cloud platforms into a verified mail-relay network, refreshing its inventory every five minutes and burning victims' IP reputations in the process.

A wide-angle photoreal editorial scene inside a dimly lit federal government server room: rows of rackmounted servers wi
Regulation
5 min read
5 Jun 2026

IG Report Blames NIST for NVD Backlog — Severity Scores Match Only 12% of the Time

A Commerce Department watchdog formally faulted NIST for strategic failures, duplicated enrichment work, and CVSS scores so inconsistent that independent evaluators agreed with them barely one time in eight.

A photoreal editorial scene of a large open-plan corporate office in a European city at dusk, rows of monitors glowing w
Threats
4 min read
4 Jun 2026

TA4922 Expands Phishing Operations Into Europe and South Africa With ValleyRAT and Atlas RAT

A China-linked threat crew is cycling through commodity and custom malware at an unusually fast clip — and it has started targeting organizations far outside its traditional Asia-Pacific base.

A photoreal aerial view of a generic Southeast Asian city at dusk, digital network node lines faintly overlaid on the ci
Threats
5 min read
4 Jun 2026

DOJ 'Disruption Week' Targets Southeast Asia Pig-Butchering Networks — But the Real Story Is What Platforms Already Knew

A May 18 coordinated takedown froze $3.8 million in crypto and pulled millions of social-media and email accounts linked to Southeast Asian fraud compounds. The dollar figure is almost beside the point.

A photoreal close-up of a developer's hands on a laptop keyboard in a dimly lit office, the screen casting a blue glow s
Vulnerabilities
4 min read
4 Jun 2026

GitHub's Browser Editor Handed Attackers an Unscoped OAuth Token — and a Path to Every Private Repo You Own

A malicious Jupyter notebook, a bypassed publisher trust check, and a single browser tab were all an attacker needed to steal an OAuth token granting access to every repository tied to a GitHub account.

A photoreal editorial scene showing a glowing server rack inside a dark data center, with a single open circuit board in
Vulnerabilities
5 min read
3 Jun 2026

CVE-2026-23479: Redis Sat Vulnerable for Two Years Before an AI Found the Bug

A use-after-free flaw in Redis's blocking-client code went undetected from version 7.2.0 until patches landed on May 5, 2025 — and it took an autonomous AI auditing tool, not a human researcher, to surface it.

A photoreal editorial scene of a teenage boy sitting at a dimly lit gaming desk, staring at a monitor showing a Minecraf
Threats
5 min read
3 Jun 2026

Weedhack MaaS Campaign Has Compromised Over 3,800 Devices by Hijacking Minecraft's Modding Culture

A malware-as-a-service operation active since January 2026 is using YouTube tutorials and fake Minecraft clients to silently hand attackers full remote control of victims' machines — and the infection count keeps climbing.

A photoreal editorial scene of a server room bathed in low blue light, with a single rack of servers visibly older and d
Vulnerabilities
5 min read
3 Jun 2026

CISA Flags Two-Year-Old Oracle WebLogic Flaw as Actively Exploited — Federal Deadline Is Four Days

CVE-2024-21182 earned a CVSS 7.3 score and a July 2024 Oracle patch. Neither was enough to stop threat actors from finding the organizations that never bothered.

A close-up, photoreal editorial photograph of a glowing computer monitor displaying a WordPress admin dashboard with an
Vulnerabilities
5 min read
2 Jun 2026

CVE-2026-8732: Attackers Are Creating Rogue Admin Accounts on WordPress Sites Right Now

A critical unauthenticated privilege-escalation flaw in the WP Maps Pro plugin lets anyone register a full administrator account — no login, no phishing, no waiting. Active exploitation is already underway.

Photoreal editorial scene: a developer's dimly lit workstation at night, multiple monitors showing terminal windows with
Vulnerabilities
4 min read
2 Jun 2026

Miasma Supply Chain Attack Plants Credential-Stealing Worm Inside Red Hat npm Packages

A sophisticated campaign named Miasma has weaponized npm packages tied to the Red Hat ecosystem, silently harvesting developer credentials and burrowing into CI/CD pipelines the moment a compromised package lands on disk.

A photoreal close-up editorial scene of a single physical combination padlock sitting on a dark brushed-metal surface, i
Breaches
5 min read
2 Jun 2026

Dashlane Brute-Force Attack Pulled Encrypted Vaults From Fewer Than 20 Accounts

An unknown actor targeted the 2FA layer on personal-plan accounts on May 31, 2026. The vaults left the server encrypted. Whether they stay that way depends entirely on how strong each user's master password is.

!@
Phishing Awareness
5 min read
28 Mar 2026

How to Recognise Phishing Emails in 2026

Phishing remains the number one attack vector for cyber criminals. Learn the telltale signs of a phishing email and how to protect yourself and your organisation from these increasingly sophisticated attacks.

Password Security
4 min read
20 Mar 2026

Building a Strong Password Policy

Compromised credentials are implicated in the majority of hacking-related breaches. Discover best practices for creating and managing strong passwords, implementing MFA, and using password managers across your organisation.

Social Engineering
6 min read
12 Mar 2026

Social Engineering: The Human Factor

Attackers don't just hack computers — they hack people. Understand the psychology behind social engineering attacks and how to train your team to recognise manipulation tactics.

A+
Compliance
7 min read
5 Mar 2026

GDPR Compliance Training Checklist

Ensure your organisation meets GDPR requirements with our comprehensive training checklist. From data handling procedures to breach notification protocols, cover all the essentials.

24h
Incident Response
8 min read
25 Feb 2026

Incident Response: The Critical First 24 Hours

When a security incident occurs, every minute counts. This guide walks through the critical first 24 hours of incident response, from detection to containment and communication.

VPN
Remote Security
5 min read
15 Feb 2026

Securing Remote and Hybrid Work Environments

With hybrid work becoming the norm, securing remote environments is essential. Learn about VPN best practices, secure home networks, and protecting sensitive data outside the office.

Ready to Reduce Your Human Cyber Risk?

Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.

train2secure analytics dashboard showing training completion stats and user progress