Overview Earlier this month, security sleuth and researcher “Chaotic Eclipse” (also known as Nightmare-Eclipse) published a zero-day exploit known as YellowKey, which allowed them to access BitLoc...

Overview of the First VPN Service 🚀 The Federal Bureau of Investigation (FBI) has released a FLASH report to share indicators of compromise (IOCs) and tactics related to the First VPN Service. Thi...

🚨 Important Security Alert! An attachment in an email impersonating DHL about a shipment contains a link to a preconfigured SimpleHelp remote access tool—an ideal starting point for attackers to e...

CVE-2026-10199 - Assimp glTF2Asset.h LazyDict Null Pointer Dereference A vulnerability has been found in Assimp up to version 6.0.4. The function glTF2::LazyDict in the library glTF2Asset.h is aff...

Meet GREYVIBE: A New Threat to Ukraine 🚨 Security firm WithSecure has been tracking a previously unknown Russian-linked APT group called GREYVIBE since at least August 2025. This group targets Ukr...

CVE-2026-48810 - FreeScout: Thread Edit Authorization Bypass via Missing Mailbox Check Published Date: May 29, 2026 FreeScout is a free help desk and shared inbox built with PHP’s Laravel framewo...

Major 7-Zip Vulnerability Detected 🚨 The ever-popular open-source archive-handling utility 7-Zip is now in the spotlight due to an 8.8-rated CVE vulnerability in its archive-opening procedure. If ...

CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks A critical FortiClient Endpoint Management Server (EMS) vulnerability patched in April has been exploited in fresh attack...

Scramble Remote Code Execution Vulnerability 🚨 An exploit titled “scramble - Remote Code Execution” was reported on May 7, 2026 by Joshua van der Poll. This vulnerability, identified as CVE-2026-4...

Introducing EvidenceForge 🚀 A lot of important work in security depends on having realistic log data to work with, and much of that work gets blocked, watered down, or quietly skipped because the ...

Company Fined for False Claims of Listening to Conversations 🚨 A media company and two of its marketing partners have been fined for selling a service which they claimed could listen in on people’...

Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry The Wiz Customer Incident Response Team (CIRT) has investigated multiple intrusions targeting cryptocurrency organiza...

EspoCRM 9.3.3 - SSRF Vulnerability 🚨 An authenticated Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2026-33534, has been reported in EspoCRM version 9.3.3. This vulnerability...

Sparkplug B Protocol Fuzzing with AI Assistance 🚀 Source: Bishopfox Date Published: May 26, 2026 Sparkplug B is the dominant MQTT-based protocol in industrial control and SCADA environments, but ...

Silent Ransom Group Targeting Law Firms 🚨 The Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider, and UNC3753, is actively targeting law firms through sophisticated social engineeri...

ABB LVS MConfig Vulnerability Advisory ABB has identified an internally discovered vulnerability in the MConfig product. This vulnerability affects the following versions: LVS <= 1.4.9.21. An a...

The AI Era Is Creating a Bug Hunting Arms Race 🚀 Vulnerability disclosure and bug bounty programs have represented a paradigm shift years in the making. When Apple finally announced a bug bounty i...

Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet TrendAI™ Research has conducted an in-depth analysis of a sophisticated intrusion where threat actors utilized the Ethe...