All Recent Posts

Internet Security

CVE-2026-0257: Rapid7 Caught Attackers Abusing Forged VPN Cookies Against Multiple Customers

May 31, 2026 add comment
CVE-2026-0257 lets attackers forge Palo Alto GlobalProtect auth cookies and bypass VPN login. Exploitation confirmed since May 17. Palo Alto Networks addressed the vulnerability CVE-2026-0257 on May 13. Two... Read more »
Internet Security

Security Affairs newsletter Round 579 by Pierluigi Paganini – INTERNATIONAL EDITION

May 31, 2026 add comment
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new... Read more »
Internet Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 99

May 31, 2026 add comment
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ghost CMS Mass Compromised via CVE-2026-26980, Now Fueling... Read more »

Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

May 31, 2026 add comment
Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand... Read more »
The Hacker News

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

May 31, 2026 add comment
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the... Read more »

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

May 30, 2026 add comment
The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities... Read more »
The Hacker News

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

May 30, 2026 add comment
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence... Read more »
Internet Security

ShinyHunters Leaks Charter Communications Data, Potentially Impacting 5 Million Customers

May 30, 2026 add comment
Cybercrime group ShinyHunters leaked data allegedly stolen from Charter Communications, exposing millions of customer records after a failed extortion attempt. The ShinyHunters extortion group has published data allegedly stolen... Read more »
The Hacker News

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

May 30, 2026 add comment
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo... Read more »
The Hacker News

CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

May 30, 2026 add comment
The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where “feasible”... Read more »
Subscribe to our Newsletter