Microsoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. […]
Microsoft confirms outage affecting MFA, My Sign-Ins platform Read More »
Microsoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). […]
Microsoft fixes KB5089549 Windows security update install issues Read More »
Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. […]
WP Maps Pro bug exploited to create admin accounts on WordPress sites Read More »
Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks. The bot network, per the Dutch Politie and the National Cyber Security Center (NCSC), consisted of at least 17 million infected devices. More than 200 servers located in
Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices Read More »
Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. […]
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks Read More »
Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass that could be exploited by bad actors to set up VPN connections. “Authentication bypass vulnerabilities
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation Read More »
Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant’s implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been codenamed ChatGPhish by Permiso Security. “The chatgpt.com response renderer trusts Markdown links and Markdown
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface Read More »
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. “The attacker compromised an internet-reachable Marimo notebook via CVE-2026-39987, extracted two cloud credentials from the compromised
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit Read More »
A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Russian time zone, with the activities aligning with Kremlin state interests, specifically when it comes to
New Russia-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks Read More »
A newly discovered local privilege escalation vulnerability dubbed ‘CIFSwitch’ in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel’s key request mechanism, and gain root privileges. […]
New CIFSwitch Linux flaw gives root on multiple distributions Read More »