Supply Chain Exploitation of SolarWinds Orion Software
On December 13, FireEye discovered that SolarWinds Orion products (versions 2019.4 HF 5 and 2020.2 with no hotfix or 2020.2 HF 1) were being exploited…
Author: Cybernoz
UN food agency discloses breach affecting 600,000 Gaza households
Image: Kaga Tau (CC BY-SA 4.0) The United Nations’ World Food Programme (WFP), the world’s largest humanitarian organization, revealed over the weekend that its self-registration…
CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux kernel vulnerability, tracked as CVE-2022-0492, to its Known Exploited Vulnerabilities (KEV) catalog,…
Malspam Campaign Abuses DoubleClick to Deploy Stealthy .NET Loader
A sophisticated new malspam campaign is actively exploiting Google’s DoubleClick ad-tracking infrastructure to bypass enterprise email security gateways. Discovered by researchers at Huntress, the attack…
AI agent governance gets harder when agents outnumber your people
In this Help Net Security video, Amit Gautam, CTO at Abluva, explains the security risks that autonomous AI agents bring into enterprise environments. He opens…
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
Ravie LakshmananJun 06, 2026Supply Chain Attack / Malware Microsoft’s GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain…
U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog
U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini June 06, 2026 U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds…
Annual Security Awareness Training is a Waste of Time
It’s that time of year again. December is a time for the holidays. With that comes time to travel, eat great food, visit family &…
Credit card theft campaign abuses Stripe to host stolen payment info
A new Magecart campaign is using Stripe’s API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. The entire malicious…
Critical Hugging Face Transformers Vulnerability Enables Remote Code Execution Attacks
A newly disclosed critical vulnerability in the HuggingFace Transformers library, tracked as CVE-2026-4372, allows attackers to achieve remote code execution (RCE) through malicious model configuration…
CISA Alerts on Actively Exploited SolarWinds Serv-U Denial-of-Service Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability in SolarWinds Serv-U to its Known Exploited Vulnerabilities (KEV) catalog. Tracked…
New Pink Extortion Group Targets Microsoft 365 Cloud Data Via Vishing Scams
A new cybercrime group called Pink is targeting corporate data for financial extortion. Palo Alto Networks’ research division, Unit 42, first exposed this threat, believed…