Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. […]
Path traversal flaw in AI dev platform Langflow exploited in attacks Read More »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The list of vulnerabilities is as follows – CVE-2026-20245 (CVSS score: 7.8) – An improper encoding or escaping of output vulnerability in Cisco Catalyst SD-WAN Manager that could allow
CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation Read More »
The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. […]
The ‘Miasma’ worm source code briefly leaked on GitHub Read More »
GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the ‘npm install’ command. […]
GitHub announces npm security changes to tackle supply-chain attacks Read More »
Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues appear. The report looks stable. Leadership reads “stable” as “secure.” It usually isn’t. The work slows down. The risk does not. That gap is
Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar Read More »
Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. […]
Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks Read More »
The JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded its targeting scope and reconnaissance efforts. […]
China-linked JDY botnet expands targeting of U.S. military networks Read More »
Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This includes 63 privilege escalation, 56 remote code execution, 30 information disclosure,
Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs Read More »
On June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by capability but by a layer of safety classifiers. Fable 5 goes to the public. Its twin, Claude Mythos 5, the same underlying
Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards Read More »
ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. “On June 5, 2026, ServiceNow applied a security update to hosted customer instances,” the company revealed in an advisory that requires customer access. “The update concerned a security issue that could allow
ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances Read More »