LiteSpeed cPanel Plugin 0-Day Exploited for Server Root Access
A critical zero-day privilege escalation vulnerability in the LiteSpeed User-End cPanel plugin is being actively exploited in the wild, enabling any authenticated cPanel user to…
Author: Cybernoz
CISA’s new KEV nomination form opens reporting to vendors and researchers
The Cybersecurity and Infrastructure Security Agency launched a new nomination form that lets researchers, vendors, and industry partners report known exploited vulnerabilities for possible inclusion…
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
Ravie LakshmananMay 23, 2026Artificial Intelligence / Vulnerability Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across…
‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains
Threat actors are exploiting a vulnerability in shared content delivery network (CDN) infrastructure to hide connections to malicious domains. Dubbed Underminr, the issue is a…
Why pure extortion is replacing traditional ransomware
Why pure extortion is replacing traditional ransomware Pierluigi Paganini May 23, 2026 Ransomware gangs are shifting from encryption to pure extortion, focusing on stolen data,…
Google folds CodeMender into agent ecosystem amid push for AI-led AppSec
The shift suggests that CodeMender may no longer be just a standalone remediation tool. Instead, it appears to be positioned as part of a broader…
Out of Sight, Top of Mind
Cybersecurity is a lot like insurance: it’s difficult to calculate ROI unless something bad happens. The first auto insurance policy was sold in the US…
Why Chargebacks are Just One Piece of the Fraud Puzzle
For most teams, fraud performance is still summed up in a single metric: chargeback rate. It is visible, painful, and tied directly to card network…
Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now!
A newly disclosed flaw in one of the world’s most widely deployed web servers is forcing administrators into another emergency patch cycle. Tracked as CVE-2026-9256…
Hackers Exploit F5 BIG-IP to Gain SSH Access and Pivot Into Linux Networks
Threat actors are actively exploiting end-of-life F5 BIG-IP appliances to gain unauthorized SSH access into enterprise networks, using the compromised devices as launchpads for sophisticated…
RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers
Cybersecurity firm VulnCheck’s latest research reveals that cybercriminals are now targeting old models of ASUS routers by exploiting a software vulnerability from 2018, tracked as…
Keepnet contributes voice and SMS phishing data to the 2026 Verizon DBIR
Keepnet, an Extended Human Risk Management (xHRM) platform, today announced that its voice and SMS phishing simulation data contributed to the 2026 Verizon Data Breach…