Frostarmada Forest Blizzard DNS Hijacking 🚨 Black Lotus Labs, the threat research team at Lumen Technologies, has been tracking a campaign named “FrostArmada” associated with the threat actor grou...

High-Severity Security Vulnerability in Docker Engine 🚨 A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (Au...

GPUBreach Exploit Overview 🚀 The GPUBreach attack technique utilizes GPU memory bit-flips to escalate privileges and potentially take full control of a system. New research reveals that attacks li...

GPUBreach Exploit Overview The GPUBreach attack technique utilizes GPU memory bit-flips to escalate privileges and potentially take full control of a system. New research indicates that attacks li...

10 Minutes with Claude: Remote Code Execution in Apache ActiveMQ (CVE-2026-34197) CVE-2026-34197 is a remote code execution vulnerability in Apache ActiveMQ Classic that has been hiding in plain s...

MCP Isn’t a Protocol Problem: An Identity Crisis Microsoft released a patch on March 10, 2026, for CVE-2026-26118, a server-side request forgery (SSRF) vulnerability in the Azure MCP Server. This ...

is-localhost-ip 2.0.0 - SSRF Vulnerability 🚨 A proof-of-concept (PoC) demonstrating an SSRF / localhost canonicalization bypass has been developed for is-localhost-ip version 2.0.0. This PoC, repo...

How Often Are Redirects Used in Phishing in 2026? Published on: April 6, 2026 Source: SANS ISC Although open redirects are not generally considered a high-impact vulnerability on their own, they ...

Hackers Attempt to Turn ComfyUI Servers Into a Cryptomining Proxy Botnet 🚨 Censys ARC has uncovered an active campaign targeting Internet-exposed ComfyUI instances. Attackers are exploiting the cu...

Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation 🚨 A heap-based buffer overflow exists in a DWM core library code path that processes frame/composition data. This vulnerabil...

🚨 Traffic Violation Scams Alert! Scammers are sending fake “Notice of Default” traffic violation text messages impersonating state courts across the U.S. These messages pressure recipients to scan...

CBP Facility Codes Leaked via Online Flashcards 🚨 A user on Quizlet, an online learning platform, created a public flashcard set in February that appears to have exposed highly confidential inform...

Researchers Roast Cybercriminals to Stop Glamourizing Them Cybercrime crews have become almost mystical entities, with security vendors assigning them names like Wizard Spider and Velvet Tempest. ...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2026-35616 Fortinet - FortiClient...

Qilin EDR Killer Infection Chain This blog post provides an in-depth technical analysis of the malicious dynamic-link library (DLL) “msimg32.dll”, which Cisco Talos observed being deployed in Qili...

New Akira Lookalike Ransomware Campaign 🚨 A new and dangerous ransomware campaign has surfaced across South America, targeting Windows users with a carefully crafted strain that closely imitates t...

Researchers Observe Sub-One-Hour Ransomware Attacks 🚨 Security researchers have warned of another step change in the velocity of ransomware, after spotting the Akira group complete all stages of a...

New Rowhammer Attacks Give Complete Control of Machines Running Nvidia GPUs 🚀 The cost of high-performance GPUs, typically $8,000 or more, means they are frequently shared among dozens of users in...

Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime 🚨 Fraud operations have expanded beyond traditional hacking techniques to include methods that exploit legitimate services a...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2018-25228 Netsetman - NetSetMan ...