OpenSSH 10.4 Released With Security Fixes and SSH Protocol Hardening 2026-07-06 True Lucas Martin True TrojPix Attack Uses Imperceptible Pixels to Steal Data From Air-Gapped Networks 2026-07-06 True Lucas Martin True Moody Bible Institute Data Breach Exposes 2.3 Million Email Addresses 2026-07-06 True Lucas Martin True fast-mcp-telegram Critical Flaw Lets Attackers Bypass Bearer Token Authentication 2026-07-06 True Lucas Martin True Attackers Use Password-Protected PDF Lures to Launch Microsoft Device Code Phishing 2026-07-06 True Varshini True Veeam Backup RCE Flaw Lets Low-Privileged Domain Users Gain SYSTEM Access 2026-07-06 True Lucas Martin True The Gentlemen RaaS Turns Infected Hosts Into SMB Distribution Points for Rapid Spread 2026-07-06 True Varshini True SilverFox ValleyRAT Campaign Uses Eight-Stage Chain to Deploy Kernel Rootkit 2026-07-06 True Varshini True Indirect Prompt Injection Attacks Hide Malicious Instructions in Websites to Target AI Agents 2026-07-06 True Varshini True Opera GX Universal CSS Injection Flaw Enabled Zero-Click XSLeak Attacks 2026-07-06 True Lucas Martin True Seven FatFs Vulnerabilities Exposing Embedded Devices to Code Execution 2026-07-06 True Lucas Martin True BusySnake Stealer Targets Browser Passwords, Cookies, Telegram Sessions, and Crypto Keys 2026-07-04 True Mayura True CrownX Ransomware Embedded Inside Avalon Framework Targets Recovery and Backup Systems 2026-07-04 True Mayura True Hackers Abuse EdgeUpdate and GoogleUpdater to Deploy TimbreStealer Infostealer 2026-07-04 True Mayura True Hackers Abuse Verified X Ads to Deliver Mac Malware Through ClickFix Attack 2026-07-04 True Mayura True Pegasus Spyware Hacked MEP Serving on European Parliament PEGA Committee 2026-07-03 True Lucas Martin True PamStealer macOS Infostealer Uses Rust Payload to Validate and Steal Passwords 2026-07-03 True Lucas Martin True Scammers Use Fake App Store Listings and Reviews to Trick Users Into Installing Gambling PWAs 2026-07-03 True Varshini True Malicious Websites Hide Prompt Instructions in DOM to Poison AI Agent Decision-Making 2026-07-03 True Varshini True Fake Google and Cloudflare Verification Pages Spread Multiple Malware Families 2026-07-03 True Lucas Martin True PoC Released for Microsoft Exchange SSRF Flaw That Lets Low-Privileged Users Read Files 2026-07-03 True Lucas Martin True ChatGPT Sensitive Information Disclosure Flaw Abused File Download Mechanism 2026-07-03 True Lucas Martin True New Pedit COW Linux Kernel Flaw Lets Local Users Gain Root Access 2026-06-27 True Lucas Martin True Amazon Q VS Code Flaw Lets Malicious Repositories Steal Cloud Credentials 2026-06-27 True Lucas Martin True DirtyClone Linux Kernel LPE Flaw Lets Local Users Gain Root Access 2026-06-27 True Lucas Martin True Cloud Bucket Hijacking Technique Lets Attackers Reroute Logs and Sensitive Data 2026-06-27 True Lucas Martin True Bluekit PhaaS Uses Browser-in-the-Middle Attacks to Steal Microsoft Logins 2026-06-26 True Lucas Martin True Critical FOSSBilling SSTI Flaw Enables Information Disclosure and Remote Code Execution 2026-06-26 True Lucas Martin True Russia Used Cellebrite UFED to Break Into Human Rights Activist’s iPhone 2026-06-26 True Lucas Martin True Hackers Abuse Shopping Apps to Push Fake Receipts and Support Number Fraud 2026-06-26 True Lucas Martin True WinRAR ADS Path Traversal Lets UAC-0226 Deploy GIFTEDCROOK Against Ukrainian Targets 2026-06-26 True Varshini True KuinaExtractor Rust Infostealer Evolves With Chrome ABE Bypass and k0to Rebrand 2026-06-26 True Varshini True TinyRCT Backdoor Gives CL-STA-1062 Command Execution and File Exfiltration Capabilities 2026-06-26 True Varshini True Windows Secure Boot Certificate Expiry Puts Billions of PCs at Security Risk 2026-06-26 True Lucas Martin True Jenkins Security Update Patches Sandbox Bypass, Command Injection, and CSRF Bugs 2026-06-25 True Lucas Martin True curl Patches 18 Vulnerabilities Including Password Leak and WebSocket Memory Bugs 2026-06-25 True Lucas Martin True ManageEngine AD360 Flaw Lets Unauthenticated Attackers Take Over User Accounts 2026-06-25 True Lucas Martin True Langflow AI Pipeline RCE Exploited Within 20 Hours to Steal Keys and Credentials 2026-06-25 True Lucas Martin True LokiBot Infostealer Uses Obfuscated JScript and PowerShell Loader in Recent Campaign 2026-06-25 True Varshini True Shai-Hulud Campaign Abuses node-gyp Rebuild to Execute Credential-Stealing npm Payloads 2026-06-25 True Varshini True Agentic Red-Team Tools Expose API Keys, Sandbox Escape, and Host Compromise Risks 2026-06-25 True Lucas Martin True Hackers Use Cloned AWS Console Login Pages to Capture MFA Codes and Replay Credentials 2026-06-25 True Varshini True Europol Disrupts SocGholish, Amadey, and StealC Malware Networks in Global Cyber Strike 2026-06-25 True Lucas Martin True Critical Laravel Livewire RCE Flaw Exploited to Steal Credentials From 6,000+ Apps 2026-06-24 True Lucas Martin True Microsoft Teams Phishing Lures Push Victims Toward Remote Access Tool Installation 2026-06-24 True Varshini True Grafana Confirms TanStack npm Supply Chain Ransom Incident Hit GitHub Environment 2026-06-24 True Lucas Martin True Woodgnat Uses ClickFix, FileFix, and CrashFix Lures to Deliver Remote Access Malware 2026-06-24 True Varshini True Android Malware Disguised as Document Reader Reaches 100K Downloads on Google Play 2026-06-24 True Varshini True Hackers Use Fake Outlook Update Portal to Deploy Edgecution Browser-Based Backdoor 2026-06-24 True Varshini True PoC Released for Microsoft Exchange EWS SSRF Flaw Targeting Internal Services 2026-06-24 True Lucas Martin True