Tag Archives: it security

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration...

05
May
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination...

05
May
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

An active phishing campaign has been observed targeting multiple vectors since at least April 2025,...

04
May
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass

Progress Software has released updates to address two security flaws in MOVEit Automation, including a...

04
May
⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

This week, the shadows moved faster than the patches. While most teams were still triaging...

04
May
2026: The Year of AI-Assisted Attacks

On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition...

04
May
Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

The China-based cybercrime group known as Silver Fox has been linked to a new campaign...

04
May
Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks

A previously unknown threat actor has been observed targeting government and military entities in Southeast...

04
May
Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M

A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects...

04
May
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security...

03
May
Trellix Confirms Source Code Breach With Unauthorized Repository Access

Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to...

02
May
30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign

A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a “phishing...

01
May
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

Cybersecurity researchers are warning of two cybercrime groups that are carrying out “rapid, high-impact attacks”...

01
May
China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists

Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense...

01
May
Preparing for a ‘vulnerability patch wave’
May 1, 2026

Organisations must act now to prepare for a wave of patches that will address decades...

Top Five Sales Challenges Costing MSPs Cybersecurity Revenue

The managed security services market is projected to grow from $38.31 billion in 2025 to...

01
May
Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks

The U.S. Department of Justice (DoJ) on Thursday announced the sentencing of two cybersecurity professionals...

01
May
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

A new software supply chain attack campaign has been observed using sleeper packages as a...

01
May
PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

In yet another software supply chain attack, threat actors have managed to compromise the popular...

30
Apr
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

The internet is noisy this week. We are seeing some wild new tactics, like people...

30
Apr
New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes...

30
Apr
EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in...

30
Apr
New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions

Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could...

30
Apr
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Google has addressed a maximum severity security flaw in Gemini CLI — the “@google/gemini-cli” npm...

30
Apr
SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related...

29
Apr
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as...

29
Apr
Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks

In February 2026, researchers uncovered a shift that completely changed the game: threat actors are...

29
Apr
What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

Every security team has a version of the same story. The quarter ends with hundreds...

29
Apr
Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

cPanel has released security updates to address a security issue impacting various authentication paths that...

29
Apr
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting...

29
Apr