General cybersecurity industry news, market trends, and analysis
The Mini Shai-Hulud attack introduced a preinstall hook to fetch and execute a Bun binary and bypass security monitoring.
Latest ThreatsDay: SMS blasters, npm supply chain hits, and unpatched Windows flaws. Stay ahead of new phishing kits and exposed servers.
DEEP#DOOR embeds a Python RAT in a dropper script, using bore[.]pub C2 to steal credentials and evade Windows defenses, complicating detection.
An attacker could have planted a malicious configuration to execute commands outside the sandbox.
Claroty researchers discovered two vulnerabilities that can be exploited for security bypass and remote code execution.
44 GitHub facades and Ethereum smart contracts power a March 2026 admin-targeted campaign, enabling resilient C2 rotation and enterprise compromise.
The authentication bypass flaw allows attackers to gain administrative access to vulnerable servers.
Affecting the kernel’s authencesn cryptographic template, the vulnerability was introduced in 2017 and impacts all distributions.
CVE-2026-31431 CVSS 7.8 flaw since 2017 enables root via 732-byte exploit, impacting major Linux distributions.
It took the healthcare organization nearly one year to publicly disclose a data breach after it was targeted by Inc Ransom.
US Marines stationed around the Persian Gulf have been receiving WhatsApp messages from strangers suggesting they call home and make their final goodbyes.
Gemini CLI CVSS 10.0 flaw in versions below 0.39.1 enabled RCE in CI workflows, forcing Google to mandate explicit workspace trust.
