Featured

Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk

Android, Featured, Microsoft, Mobile & Wireless, vulnerability /

Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk 2026-06-02 at 18:01 By Kevin Townsend A simple development setting bypassed protections designed to prevent unauthorized Android apps from accessing Microsoft account tokens, exposing billions of installations. The post Exclusive: How One Line of Code Put Billions of Microsoft Android […]

Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk Read More »

Supply Chain Attack Hits 32 Red Hat NPM Packages

Featured, NPM, Red Hat, supply chain attack, Supply Chain Security /

Supply Chain Attack Hits 32 Red Hat NPM Packages 2026-06-02 at 15:46 By Ionut Arghire Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud. The post Supply Chain Attack Hits 32 Red Hat NPM Packages appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Supply Chain Attack Hits 32 Red Hat NPM Packages Read More »

Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads

2FA, brute-force, cybercrime, Dashlane, Featured, password manager /

Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads 2026-06-02 at 11:12 By Eduard Kovacs Dashlane’s security systems automatically locked accounts to protect them against the hacking attempts. The post Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads Read More »

19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access

CIFSwitch, Featured, Linux, Vulnerabilities /

19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access 2026-06-01 at 17:37 By Ionut Arghire Proof-of-concept (PoC) exploit code has been released for the CIFSwitch flaw, which allows low-privileged users to escalate to root on vulnerable Linux systems. The post 19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access appeared first on SecurityWeek. This article

19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access Read More »

Exploit Code Published for Critical Flowise RCE Vulnerability

CVE-2026-40933, exploit, Featured, Vulnerabilities, vulnerability /

Exploit Code Published for Critical Flowise RCE Vulnerability 2026-05-30 at 18:55 By Ionut Arghire The one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow. The post Exploit Code Published for Critical Flowise RCE Vulnerability appeared first on SecurityWeek. This article is an excerpt from

Exploit Code Published for Critical Flowise RCE Vulnerability Read More »

Charter Communications Data Breach Could Impact Nearly 5 Million

cybercrime, data breach, Data Breaches, Featured /

Charter Communications Data Breach Could Impact Nearly 5 Million 2026-05-29 at 17:49 By Ionut Arghire The notorious ShinyHunters extortion group leaked over 42 million records allegedly stolen from Charter in April. The post Charter Communications Data Breach Could Impact Nearly 5 Million appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Charter Communications Data Breach Could Impact Nearly 5 Million Read More »

Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects

AI, Artificial Intelligence, Featured, Mythos, Vulnerabilities, vulnerability /

Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects 2026-05-25 at 13:58 By Eduard Kovacs Many findings have been confirmed to be critical or high-severity vulnerabilities and the number will continue to increase.  The post Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects appeared first on SecurityWeek. This article is an excerpt

Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects Read More »

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

Application Security, Featured, GitHub, Megalodon, supply chain attack, Supply Chain Security /

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack 2026-05-25 at 10:56 By Ionut Arghire Fake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens. The post Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack Read More »

‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

CDN, DNS, Featured, Network Security, vulnerability /

‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains 2026-05-23 at 14:04 By Ionut Arghire The stealthy vulnerability impacts roughly 88 million domains and can be exploited to bypass DNS filtering and hide command-and-control traffic. The post ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains appeared first on SecurityWeek. This article is

‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains Read More »

Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure

Drupal, exploited, Featured, Vulnerabilities /

Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure 2026-05-22 at 21:05 By Eduard Kovacs Drupal is warning users that it has already seen attempts to exploit CVE-2026-9082 and security firms are seeing attacks against thousands of websites. The post Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure appeared first on SecurityWeek. This article is an

Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure Read More »

TrendAI Patches Apex One Zero-Day Exploited in the Wild

exploited, Featured, Trend Micro, TrendAI, Vulnerabilities, vulnerability, Zero-Day /

TrendAI Patches Apex One Zero-Day Exploited in the Wild 2026-05-22 at 11:53 By Eduard Kovacs CVE-2026-34926 is a directory traversal flaw that can be exploited against the on-premise version of Apex One. The post TrendAI Patches Apex One Zero-Day Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

TrendAI Patches Apex One Zero-Day Exploited in the Wild Read More »

Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI

AI, Artificial Intelligence, Chrome, Featured, Google, Vulnerabilities, vulnerability /

Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI 2026-05-21 at 13:14 By Eduard Kovacs More than 200 vulnerabilities patched in recent Chrome releases are marked as ‘reported by Google’. The post Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI Read More »

Real-World ICS Security Tales From the Trenches

Featured, ICS, ICS/OT, OT /

Real-World ICS Security Tales From the Trenches 2026-05-20 at 13:18 By Eduard Kovacs SecurityWeek spoke with several ICS security experts and companies about their most memorable experiences in the field. The post Real-World ICS Security Tales From the Trenches appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Real-World ICS Security Tales From the Trenches Read More »

GitHub Confirms Hack Impacting 3,800 Internal Repositories

Data Breaches, Featured, GitHub, TeamPCP /

GitHub Confirms Hack Impacting 3,800 Internal Repositories 2026-05-20 at 13:02 By Ionut Arghire The TeamPCP hacking group accessed the repositories after a GitHub employee installed a poisoned VS Code extension. The post GitHub Confirms Hack Impacting 3,800 Internal Repositories appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

GitHub Confirms Hack Impacting 3,800 Internal Repositories Read More »

Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’ 

Featured, Fox Tempest, Malware, Malware & Threats, Microsoft, takedown, Vanilla Tempest /

Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’  2026-05-19 at 19:07 By Eduard Kovacs  Fox Tempest provides a service that cybercriminals use to distribute ransomware and other malware disguised as legitimate software. The post Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’  Read More »

Critical Vulnerability Exposes Industrial Robot Fleets to Hacking

cobots, Featured, ICS, ICS/OT, industrial robots, OT, Universal Robots, Vulnerabilities, vulnerability /

Critical Vulnerability Exposes Industrial Robot Fleets to Hacking 2026-05-19 at 09:34 By Eduard Kovacs The vulnerability, CVE-2026-8153, affects Universal Robots PolyScope 5 and it can be exploited for OS command injection.  The post Critical Vulnerability Exposes Industrial Robot Fleets to Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Vulnerability Exposes Industrial Robot Fleets to Hacking Read More »

Hackers Earn $1.3 Million at Pwn2Own Berlin 2026 

Artificial Intelligence, exploit, Featured, hacking contest, Pwn2Own, Pwn2Own Berlin, Vulnerabilities /

Hackers Earn $1.3 Million at Pwn2Own Berlin 2026  2026-05-18 at 08:02 By Eduard Kovacs Participants demonstrated exploits for Windows, Linux, VMware, Nvidia, and AI products. The post Hackers Earn $1.3 Million at Pwn2Own Berlin 2026  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Hackers Earn $1.3 Million at Pwn2Own Berlin 2026  Read More »

Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026

Cisco, exploited, Featured, SD-WAN, UAT-8616, Vulnerabilities, Zero-Day /

Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 2026-05-15 at 10:16 By Eduard Kovacs The zero-day, tracked as CVE-2026-20182, has been exploited in targeted attacks by a sophisticated threat actor identified as UAT-8616. The post Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 appeared first on SecurityWeek. This article is an

Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 Read More »

Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere

AI, Artificial Intelligence, Featured, Mythos, Vulnerabilities /

Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere 2026-05-14 at 18:25 By Kevin Townsend Independent benchmarking finds Mythos highly effective for source code audits, reverse engineering, and native-code analysis, though its exploit validation and reasoning capabilities remain inconsistent. The post Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere appeared first on SecurityWeek. This

Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere Read More »

Scroll to Top