Police seized First VPN in a global crackdown, exposed its cybercrime users, and shut down infrastructure tied to ransomware and data theft. A major international law enforcement operation has... Read more »

Attackers bypassed MFA on patched SonicWall Gen6 VPNs because admins missed extra manual steps required to fully fix the flaw. There is a particular kind of security failure that... Read more »

Cisco fixed a critical Secure Workload flaw (CVE-2026-20223) that could let attackers gain Site Admin privileges through crafted API requests. Cisco released patches for a critical vulnerability, tracked as... Read more »

Cisco fixed a critical Secure Workload flaw (CVE-2026-20223) that could let attackers gain Site Admin privileges through crafted API requests. Cisco released patches for a critical vulnerability, tracked as... Read more »

Discord now enables end-to-end encryption by default for all voice and video calls, making conversations inaccessible even to the platform itself. No announcement fanfare, no opt-in required, no settings... Read more »

PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately. The wave of Linux... Read more »

Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN. A week after Chaotic Eclipse publicly dropped the YellowKey vulnerability, Microsoft... Read more »

Carding forum B1ack’s Stash claims to have released millions of stolen CVV2 payment card records for free after suspending sellers. B1ack’s Stash, one of the most active stolen card... Read more »

One employee installed a trojanized VS Code extension. Result: ~3,800 GitHub internal repositories exfiltrated. TeamPCP claims credit, wants $50K. There is something almost ironic about GitHub, the platform that... Read more »