From August 3, 2026, Google will use IP addresses from UK, EEA and Switzerland users for ad measurement and personalization. It lands as the ICO weighs new consent rules, and years after Google itself called using such signals to identify devices “wrong.” […]
Google to use UK and EU user IP addresses for ad personalization Read More »
A newly discovered data leak dubbed “FortiBleed” has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide. […]
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices. Read More »
India has banned Telegram until June 22 after the app was used to circulate leaked exam papers. CEO Pavel Durov accuses telecom Reliance of BGP hijacking that disrupted the app as far away as the UAE. Here’s what happened, and how to get around the block with an MTProto proxy. […]
India’s Telegram ban hit the UAE too. Here’s how to get around it Read More »
Account takeovers are rising as attackers bypass traditional defenses through phishing, session hijacking, and MFA fatigue. Specops Software explores how device trust and continuous verification help reduce account takeover risk. […]
Why Account Takeovers Are Rising and How to Stop Them Read More »
Breaches don’t always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like MongoBleed earlier this year, which let attackers pull credentials and session tokens from server memory without authentication — anything internet-facing is immediately at risk. With time-to-exploit
The Top 10 Attack Surface Exposures in 2026 Read More »
As many as 144 npm packages associated with the Mastra namespace (“@mastra/*”), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from Endor Labs, JFrog, SafeDep, Socket, and StepSecurity. “A single npm account (ehindero)
144 Mastra npm Packages Compromised via Hijacked Contributor Account Read More »
Microsoft is investigating a new issue preventing third-party applications from launching Microsoft Office applications or opening documents on up-to-date Windows systems. […]
Microsoft confirms Office apps launch issues after June updates Read More »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-48907 (CVSS score: 10.0), is a case of improper access control that could facilitate arbitrary
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution Read More »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in the wild. […]
CISA orders feds to patch max severity Joomla plugin flaw by Friday Read More »
A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim’s project hijack the victim’s machine learning model upload and run code inside Google’s serving infrastructure. Palo Alto Networks Unit 42, which found and reported the bug through Google’s bug bounty program, calls the technique “Pickle
Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting Read More »