First VPN Takedown Hits Ransomware Anonymization Service
Europol says First VPN, a Russian-speaking cybercrime VPN, was dismantled in Operation…
Langflow CVE-2025-34291: Token Hijack and RCE Added to CISA KEV
Langflow CVE-2025-34291 can turn a malicious webpage into account takeover and RCE…
Trend Micro Apex One CVE-2026-34926 Exploited in the Wild
Trend Micro patched an Apex One on-prem directory traversal flaw after observing…
Microsoft Defender CVE-2026-41091 and CVE-2026-45498 Exploited
Microsoft says two Defender flaws have been exploited. CISA added both to…
Drupal Core CVE-2026-9082: PostgreSQL SQL Injection Patch
Drupal core CVE-2026-9082 is a highly critical PostgreSQL SQL injection flaw. Check…
SonicWall CVE-2024-12802: MFA Bypass Still Exposes SSL-VPNs
SonicWall CVE-2024-12802 can leave SSL-VPN MFA bypassable when firmware is patched but…
ChromaDB CVE-2026-45829 Allows Pre-Auth Server Takeover
HiddenLayer disclosed ChromaToast, a pre-auth RCE in ChromaDB Python FastAPI server deployments…
GitHub Internal Repos Exposed Through Poisoned VS Code Extension
GitHub says an employee device was compromised through a poisoned VS Code…
Storm-2949 SSPR Abuse: From MFA Prompt to Cloud-Wide Breach
Microsoft says Storm-2949 abused Self-Service Password Reset and MFA social engineering to…
Fox Tempest Signed Malware Service: Why Valid Signatures Are Not Enough
Microsoft says Fox Tempest operated a malware-signing service. Learn why signed malware…
Shai-Hulud AntV npm Supply-Chain Wave: What Developers Should Check
Shai-Hulud returned in an AntV npm supply-chain wave affecting hundreds of packages.…
Operation Ramz Cuts Phishing and Malware Servers in MENA
INTERPOL says Operation Ramz led to 201 arrests and the seizure of…