Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (.rdp) files, adding warnings and disabling risky shared resources by default. […]
Microsoft adds Windows protections for malicious Remote Desktop files Read More »
OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%. The surge in AI-assisted development is creating a “velocity gap” where the density of high-impact vulnerabilities is scaling faster than
Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report) Read More »
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0. It relates to a case of unrestricted file upload that stems from improper validation of
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers Read More »
Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited. According to Socket, the extensions (complete
108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users Read More »
Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. […]
McGraw-Hill confirms data breach following extortion threat Read More »
Microsoft has released the Windows 10 KB5082200 extended security update to fix the April 2026 Patch Tuesday vulnerabilities, including 2 zero-days. […]
Microsoft releases Windows 10 KB5082200 extended security update Read More »
More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, deploy backdoors, and carry out ad fraud. […]
Over 100 Chrome Web Store extensions steal user accounts, data Read More »
The Kraken cryptocurrency exchange announced that a cybercrime group is trying to extort the company by threatening to release videos showing internal systems that host client data. […]
Crypto-exchange Kraken extorted by hackers after insider breach Read More »
Today is Microsoft’s April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities. […]
Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days Read More »
Microsoft has released Windows 11 KB5083769 and KB5082052 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. […]
Windows 11 cumulative updates KB5083769 & KB5082052 released Read More »