ConnectWise/R1Soft RCE & Supply Chain Risks
UPDATE 2/27/23: As recently spotted by Fox-IT and subsequently reported in SecurityWeek, a critical vulnerability discovered last year in ConnectWise’s R1Soft Server Backup Manager software…
Author: Cybernoz
Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026
On the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique zero-days. Today’s highlight was the attempt of Cheng-Da…
Android 16 VPN Bypass Lets Malicious Apps Reveal Users Real IP Address
A newly disclosed flaw in Android 16 is raising serious privacy concerns after researchers revealed that malicious apps can bypass VPN protections and expose a…
Why Is Cybersecurity Now A Business Priority, Not Just An IT Function?
Cybersecurity is becoming more than just a technology issue; it is now an essential part of doing business. As more and more organizations depend on…
Scammers Send Physical Phishing Letters to Steal Ledger Wallet Seed Phrases
Crypto wallet owners using Ledger hardware wallets are being targeted through physical mail, with scammers impersonating the company in a campaign designed to steal recovery…
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
Ravie LakshmananMay 17, 2026Data Breach / Cybercrime Grafana has disclosed that an “unauthorized party” obtained a token that granted them the ability to access the…
macOS Support Is Here! | Huntress
As you may have noticed, macOS malware is still very much a thing these days. We covered some of the malware variants that were seen…
Microsoft warns of Exchange zero-day flaw exploited in attacks
On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting…
Grafana Labs Security Breach – Hackers Access GitHub and Download Codebase
A threat actor infiltrated Grafana Labs’ GitHub environment, stealing a privileged token to download the company’s private codebase, and then attempted to extort the open-source…
Microsoft Warns HPE Operations Agent Abused in Malware-Free Attacks
Microsoft has revealed a stealthy intrusion campaign where attackers bypassed traditional malware and exploits, instead abusing trusted enterprise tools to silently infiltrate networks. The technique…
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Ravie LakshmananMay 14, 2026Vulnerability / Web Server Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that…
Sovereign AI fund supports Hassabis startup, Isomorphic
Isomorphic Labs, a company founded by Demis Hassabis, which uses frontier artificial intelligence (AI) for drug design and development, has received investment from the UK…