Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild
Microsoft Exchange Server users are urged to immediately mitigate a newly disclosed zero-day vulnerability that has been exploited in attacks. Microsoft this week patched 137…
Month: May 2026
Ghostwriter group resumes attacks on Ukrainian Government targets
Ghostwriter group resumes attacks on Ukrainian Government targets Pierluigi Paganini May 15, 2026 ESET uncovered new Ghostwriter (aka FrostyNeighbor) activity targeting Ukrainian government organizations in…
Rapid7 analysis flags Cisco and Palo Alto authentication bypass vulnerabilities
Rapid7 has published analysis of two newly disclosed authentication bypass vulnerabilities affecting enterprise networking and security platforms from Cisco and Palo Alto Networks, with both…
Autonomous systems are finally working. Security is next
The problem was never detection For the last decade, the security industry has focused on detection. The emphasis has been on generating more alerts, improving…
Huntress × Acrisure Cyber Insurance Program
TL;DR: Huntress and Acrisure are partnering to help eligible businesses turn stronger cybersecurity into better cyber insurance outcomes. Through the Huntress × Acrisure Cyber Insurance…
Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks that allowed attackers to…
Microsoft Details Kazuar Malware’s Modular Architecture and P2P Botnet Operations
A nation-state malware known as Kazuar has resurfaced with a far more dangerous design than anyone expected. What once started as a relatively standard backdoor…
Tycoon 2FA Operators Use OAuth Device Code Phishing to Bypass MFA
A new phishing campaign uncovered in late April 2026 shows how threat actors behind the Tycoon 2FA Phishing-as-a-Service (PhaaS) kit are evolving beyond traditional credential…
Deepfake detection is losing ground to generative models
Deepfake detection has been built around a single question for close to a decade. Given a video or audio clip, is it real or synthetic?…
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
Ravie LakshmananMay 15, 2026Microsoft / Vulnerability Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under…
Post Office to contest Capture conviction appeal despite chairman support for overturning en masse
The Post Office is contesting a wrongful conviction appeal by a former subpostmaster who experienced problems with its Capture system in the 1990s. This is…
TanStack Npm Supply Chain Attack Prompts OpenAI Updates
OpenAI has disclosed details of its response to the recent TanStack npm supply chain attack, confirming that two employee devices were affected during the broader…