Approximately 6,000 vulnerable SmarterTools SmarterMail installations globally are all exposed to an actively exploited remote code execution vulnerability. The vulnerability, tracked as CVE-2026-23760, poses an…
A critical vulnerability in the vm2 JavaScript sandbox library (versions ≤ 3.10.0) enables attackers to bypass sandbox protections and execute arbitrary code with full system…
A surge in infrastructure deployment that mirrors the tactics of SLSH, a predatory alliance uniting three major threat actors: Scattered Spider, LAPSUS$, and ShinyHunters. A…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory alerting the public to heightened risks of malicious cyber activity targeting disaster victims.…
A highly sophisticated infostealer malware disguised as a legitimate npm UI component library has been targeting developers through the ansi-universal-ui package. The malware, internally identified…
Threat actors have successfully exploited a design flaw in GitHub’s fork architecture to distribute malware disguised as the legitimate GitHub Desktop installer. The attack chain…
A new phishing campaign abusing the Vercel hosting platform has been active since at least November 2025 and is becoming increasingly sophisticated. The core trick…
A moderate out-of-bounds write vulnerability in Apache Hadoop’s HDFS native client that could allow attackers to trigger system crashes or cause data corruption in production…
A sophisticated, multi-stage espionage campaign targeting Indian residents through phishing emails impersonating the Income Tax Department. The attack chain, tracked as the “SyncFuture Espionage Campaign,”…
Microsoft has released two critical out-of-band (OOB) security patches targeting widespread issues affecting Windows 11 users following January’s monthly security updates. The emergency patches, KB5078127…
Two critical 0-day vulnerabilities in NetSupport Manager that, when chained, allow unauthenticated remote code execution (RCE). The vulnerabilities were discovered during routine security assessments of…
A dangerous new iteration of the “Contagious Interview” campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers. This…
