A fresh supply chain attack targeting the widely used node-ipc npm package has raised new concerns across the JavaScript ecosystem after researchers uncovered multiple malicious releases containing an obfuscated credential stealer and backdoor…
NSW Police have charged three people over an alleged $600,000 business email compromise (BEC) scam operation, after detectives caught a young woman buying gold bullion…
Google this week released a Chrome 148 update that resolves 79 vulnerabilities, including 14 critical-severity bugs across multiple components. The first critical issue is a…
Researchers uncover YellowKey and GreenPlasma Windows Zero-Days Pierluigi Paganini May 15, 2026 Researchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and…
Hong Kong’s privacy watchdog has condemned the owner of an education platform for paying a ransom to hackers who stole individuals’ personal data across 9,000…
Equinix has expanded its Equinix Fabric “Geo Zones” capability to Australia as part of a broader rollout across five continents, positioning the feature as a…
Similar to Dirty Frag, Fragnesia (CVE-2026-46300) is a local privilege escalation hole that exploits a vulnerability in the XFRM ESP-in-TCP subsystem to achieve a memory…
As of April 15, 2026, NIST enriches only CVEs that appear in the CISA Known Exploited Vulnerabilities catalog, federal government software, or software designated critical…
Multiple critical authentication bypass vulnerabilities in Cisco Catalyst SD-WAN Controller and Manager are under active exploitation by multiple threat clusters, including CVE-2026-20182, which has been…
Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. Burst Statistics is a privacy-focused…
A Chinese state-linked hacking group known as FamousSparrow has quietly infiltrated an Azerbaijani oil and gas company, exploiting an unpatched Microsoft Exchange server to plant…
Windows systems worldwide are at risk from a new critical flaw in the Windows DNS Client that could allow remote code execution without any user…
