12+ hour, 11+ min ago  (391+ words) A critical authentication bypass vulnerability in Palo Alto Networks PAN-OS and Prisma Access is now being actively exploited in the wild, prompting CISA to add CVE-2026-0257 to its Known Exploited Vulnerabilities (KEV) catalog on May 29, 2026. Palo Alto Networks published its…...

13+ hour, 45+ min ago  (267+ words) The attack opens with a ZIP archive containing a malicious LNK file with a carefully crafted Pashto-language filename that translates to'List of Employees Who Were Introduced to the Intellectual and Psychological Warfare Seminar. The deliberate use of Pashto, the dominant…...

1+ day, 8+ hour ago  (450+ words) A previously undocumented GREYVIBE Russia-nexus threat group has been weaponizing generative AI tools, including Chat GPT, Google Gemini, and Ideogram AI, to fuel persistent cyberattacks against Ukrainian military, government, civilian, and business entities since at least August 2025, according to research…...

1+ day, 10+ hour ago  (198+ words) Git Lab released security patch versions19. 0. 1, 18. 11. 4, and 18. 10. 7on May 27, 2026, addressing seven vulnerabilities, including a high-severity improper access control flaw in its Duo AI workflow runners across both Community Edition (CE) and Enterprise Edition (EE). The most critical fix addresses CVE-2026-4868(CVSS 8. 2), an…...

1+ day, 12+ hour ago  (379+ words) A newly disclosed exploit chain dubbed'Zapocalypse'demonstrates how a low-privilege code-execution feature within Zapier could have been chained into a supply chain attack path with platform-wide account takeover impact. Token Security said its researcher will present the full chain at'fwd: cloudsec…...

1+ day, 14+ hour ago  (364+ words) A critical zero-day vulnerability has been discovered in Gogs, the widely used open-source self-hosted Git service, allowing any authenticated user to achieve remote code execution (RCE) on the underlying server. Rapid7 researcher Jonah Burgess discovered the flaw, which carries a CVSSv4 score…...

2+ day, 11+ hour ago  (369+ words) The Clear Fake campaign is now utilizing a technique called Ether Hiding to store malicious payload instructions directly inside BNB Smart Chain (BSC) testnet smart contracts. By operating on the BSC testnet, threat actors enjoy the ultimate resilience of an…...

2+ day, 9+ hour ago  (335+ words) One captured 6-digit PIN is now all it takes for a phishing attacker to walk away with a victim's entire Google Password Manager (GPM) vault. By stealing a user's GPM PIN during a routine login, threat actors can decrypt and…...

2+ day, 10+ hour ago  (150+ words) Notepad++, one of the most widely used open-source text editors on Windows, has released an emergency patch addressing three security vulnerabilities, two of which enable arbitrary code execution. Users running version 8. 9. 6 or earlier are urged to update immediately. On May…...

2+ day, 9+ hour ago  (337+ words) FROST, developed by researchers at Graz University of Technology, targets the'Origin Private File System (OPFS)'API, a relatively new browser feature that allows web applications to create and store files on a user's local disk without triggering any permission dialog....