Cisco has released security updates to address a maximum-severity Secure Workload vulnerability that allows attackers to gain Site Admin privileges. Formerly known as Cisco Tetration,…
A large-scale phishing campaign targeting the 2026 FIFA World Cup has grown far beyond what security researchers originally thought. What began as a documented set…
A sophisticated and active supply chain attack has struck the Laravel-Lang open-source organization, compromising over 700 historical package versions across four widely used PHP localization…
Ravie LakshmananMay 23, 2026Vulnerability / Web Security A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The…
There’s an interesting dynamic in the cybersecurity world: the more critical it’s become over time, the harder it’s gotten to manage. Gone are the days…
U.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices worldwide.…
PyrsistenceSniper is an advanced tool for detecting offline persistence, enabling cybersecurity analysts to identify 117 separate persistence mechanisms across Windows, Linux, and macOS platforms. Originally…
Financially motivated threat actors are running an active campaign that impersonates Google’s Gemini CLI and Anthropic’s Claude Code, using SEO poisoning to deliver a fileless…
Ravie LakshmananMay 23, 2026Malware / DevSecOps A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run…
Not sure why I haven’t thought more about this, but it seems like the US now has a massive economic vulnerability from cheap, high-quality, open…
Dig, if you will, the picture of you and I engaged in a stress. Being on the receiving end of defense evasion is stressful. I…
A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags…
