NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2024-1490 WAGO - CC100 (0751-9x01...

The Threat Hunter’s Gambit Cisco Talos has observed threat actors weaponizing legitimate SaaS notification pipelines, such as those in GitHub and Jira, to deliver phishing and spam emails. By leve...

New Extortion Crew Targets Corporations 🚨 A new extortion crew has targeted several dozen high-value corporations through phishing and helpdesk social-engineering, according to Google. The Google ...

React Server 19.2.0 - Remote Code Execution 🚨 A Remote Code Execution (RCE) vulnerability, tracked as CVE-2025-55182, affects React Server versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0. This exploit...

Google Chrome Adds Infostealer Protection Against Session Cookie Theft 🚀 Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-...

From the Field to the Report: How Incident Responders Can Use the Year in Review Every year, Cisco Talos publishes the Year in Review, a comprehensive look at the previous year’s threat landscape....

Contemporary Controls BASC 20T Vulnerability Advisory 🚨 On April 9, 2026, CISA published an advisory regarding a critical vulnerability in the Contemporary Controls BASC 20T. This vulnerability co...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-14243 Red Hat - mirror regis...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-14243 Red Hat - mirror regis...

Rotten Apple: An Invasive Threat Actor Targeting Civil Society in Lebanon The SMEX Digital Forensic Lab presents a report on a spear-phishing campaign that targeted a high-profile Lebanese journal...

npm Malware, Fake Devs, and Deepfake Videos: These Are A Few of My Favorite DPRK Things What started as a quick look into a suspicious GitHub organization turned into a much deeper rabbit hole wit...

npm Malware, Fake Devs, and Deepfake Videos - A Few of My Favorite DPRK Things What started as what I thought was going to be a quick look into a suspicious GitHub organization turned into a much ...

New Lua-based Malware ‘LucidRook’ Observed in Targeted Attacks 🚨 Cisco Talos has uncovered a cluster of activity tracked as UAT-10362, conducting spear-phishing campaigns against Taiwanese non-gov...

Major Data Breach at Chinese Supercomputer 🚨 A hacker has allegedly stolen a massive trove of sensitive data, including highly classified defense documents and missile schematics, from a state-run...

FortiWeb 8.0.2 - Remote Code Execution Exploit Disclosed 🚨 A critical Remote Code Execution (RCE) vulnerability has been disclosed in FortiWeb appliances, identified as CVE-2025-64446. This vulner...

CVE-2026-23226: A Critical Vulnerability in ksmbd The Orca Security Research Pod has uncovered a significant vulnerability in the Linux kernel’s ksmbd SMB3 server, identified as CVE-2026-23226. Th...

GrafanaGhost Exploit: A New Threat to Data Security 🚨 A newly identified critical vulnerability dubbed GrafanaGhost has been exploited by attackers to silently extract sensitive enterprise data fr...

Frostarmada Forest Blizzard DNS Hijacking 🚨 Black Lotus Labs, the threat research team at Lumen Technologies, has been tracking a campaign named “FrostArmada” associated with the threat actor grou...

High-Severity Security Vulnerability in Docker Engine 🚨 A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (Au...

GPUBreach Exploit Overview 🚀 The GPUBreach attack technique utilizes GPU memory bit-flips to escalate privileges and potentially take full control of a system. New research reveals that attacks li...