Russia-linked actors target WhatsApp and Signal accounts of officials and journalists via phishing, gaining access to messages and contacts. Threat actors linked to Russian Intelligence Services are running phishing campaigns... Read more »

Oracle fixed a critical severity flaw, tracked as CVE-2026-21992, enabling unauthenticated remote code execution in Identity Manager. Oracle released security updates to address a critical vulnerability, tracked as CVE-2026-21992... Read more »

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added... Read more »

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New Payload ransomware – malware analysis   DRILLAPP: new... Read more »

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new... Read more »

WorldLeaks group hit Los Angeles and its Metro system, forcing a shutdown, while two Bay Area cities declared emergencies after ransomware attacks. WorldLeaks group hit Los Angeles and its... Read more »

Sansec found a Magento and Adobe Commerce REST API flaw, named PolyShell, which allows unauthenticated file uploads and possible XSS in older versions. Sansec disclosed a critical flaw in... Read more »

Hackers defaced 7,500 Magento sites since Feb 27, uploading files across 15,000 hostnames, mostly opportunistic attacks. Since February 27, a large-scale campaign has defaced over 7,500 Magento sites, targeting... Read more »

Navia Benefit Solutions data breach exposed 2.7M people after attackers accessed systems from December 2025 to January 2026. Navia Benefit Solutions disclosed a data breach affecting 2,697,540 individuals. The... Read more »