GitLab has patched a high-severity two-factor authentication bypass impacting community and enterprise editions of its software development platform. Tracked as CVE-2026-0723, this vulnerability stems from…
LockBit, one of the most dangerous ransomware groups in the world, has released its newest version despite facing serious law enforcement actions. The group’s operations…
ErrTraffic is a Traffic Distribution System (TDS) designed to power ClickFix social engineering attacks. Unlike traditional fake update prompts, ErrTraffic deliberately breaks website visuals creating garbled text,…
Ravie LakshmananJan 21, 2026Vulnerability / Network Security Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in…
ACME flaw in Cloudflare allowed attackers to reach origin servers Pierluigi Paganini January 21, 2026 Cloudflare fixed a flaw in its ACME validation logic that…
Dive Brief: CFOs and chief information security officers are significantly misaligned when it comes to cybersecurity investment goals and priorities, a survey by cybersecurity firm…
Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access…
A new Magecart-style campaign has emerged, targeting online shoppers through malicious JavaScript code designed to steal payment information directly from ecommerce websites. The attack works…
A sophisticated Linux malware framework developed almost entirely through artificial intelligence, marking the beginning of a new era in AI-powered threats. Unlike previous AI-generated malware…
Microsoft shared a temporary workaround for customers experiencing Outlook freezes after installing this month’s Windows security updates. As explained one week ago, when Microsoft acknowledged…
A new social engineering technique called GlitchFix has emerged, powered by ErrTraffic—a specialized traffic distribution system designed to trick website visitors into downloading malware through…
A sophisticated campaign has weaponized over 2,500 variants of a legitimate security driver to disable endpoint protection before deploying ransomware and remote access trojans. Attackers…
