SHub macOS Stealer Uses Fake Login Lures to Harvest Data
SentinelOne says SHub Reaper uses fake macOS security and login prompts to…
MiniPlasma Windows Zero-Day PoC Gives Local Users SYSTEM Access
A public MiniPlasma proof-of-concept shows local privilege escalation to SYSTEM on fully…
Anthropic Mythos Helped Build a macOS M5 Kernel Exploit
Calif says researchers used Anthropic’s Mythos Preview to build a local macOS…
FrostyNeighbor Targets Ukraine With PDF Lures and PicassoLoader
ESET says FrostyNeighbor is using fake Ukrtelecom-themed PDF lures, Ukrainian geofencing, JavaScript…
Kali365 Device Code Phishing
FBI/IC3 warns Kali365 abuses Microsoft device-code login to steal OAuth tokens. Learn…
Avada Builder CVEs Put WordPress Sites at File Read and SQLi Risk
Avada Builder patched two WordPress vulnerabilities that could expose server files or…
FunnelKit Checkout Skimmer Hits WooCommerce Payment Pages
Attackers are abusing vulnerable FunnelKit/Funnel Builder installations to inject checkout skimmers into…
Microsoft Details Kazuar Botnet Used by Secret Blizzard
Microsoft published a technical analysis of Kazuar, a modular Secret Blizzard botnet…
NGINX CVE-2026-42945 Exposes Rewrite Rules to Crash and RCE Risk
CVE-2026-42945 affects NGINX rewrite rules that combine unnamed PCRE captures with question-mark…
Burst Statistics CVE-2026-8181 Exploited for WordPress Admin Takeover
Attackers are exploiting CVE-2026-8181 in the Burst Statistics WordPress plugin. Update to…
Exchange Server CVE-2026-42897 Exploited Through Crafted OWA Email
Microsoft says Exchange Server CVE-2026-42897 has exploitation detected. The current protection path…
Cisco Catalyst SD-WAN CVE-2026-20182 Exploited in Limited Attacks
Cisco patched CVE-2026-20182, a critical Catalyst SD-WAN authentication bypass under limited exploitation.…