1+ hour, 40+ min ago  (196+ words) The Apache Software Foundation released Apache HTTP Server version 2. 4. 68 on June 8, 2026, addressing 13 security vulnerabilities spanning multiple modules. Administrators running any prior release are strongly urged to upgrade immediately. Two use-after-free vulnerabilities were patched in this release. CVE-2026-29167 affects mod_ldap in per-directory…...

2+ hour, 1+ min ago  (210+ words) A new wave of the Shai-Hulud supply chain campaign, adding 23 newly discovered malicious Py PI package-version artifacts to an already alarming operation that previously compromised 37 packages. The broader campaign identified by the Socket Threat Research team, tracked across the Mini…...

1+ hour, 57+ min ago  (495+ words) An autonomous security agent uncovered 21 zero-day vulnerabilities in FFmpeg, the world's most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. It's roughly 1. 5 million lines of heavily optimized C code…...

12+ hour, 11+ min ago  (401+ words) A use-after-free vulnerability in the Linux kernel's nftables subsystem has been disclosed, enabling unprivileged local attackers to escalate privileges to root on widely deployed distributions including Debian Bookworm, Debian Trixie, Ubuntu 22. 04 LTS, and Ubuntu 24. 04 LTS. Tracked as CVE-2026-23111, the flaw…...

12+ hour, 55+ min ago  (762+ words) Cybercriminals have found a new way to sneak malware past email security tools, and this time they are hiding behind a name that most systems trust without question. A recent malspam campaign has been caught using Google's own Double Click…...

12+ hour, 34+ min ago  (700+ words) A newly identified extortion group called Pink has emerged as a serious threat to enterprise organizations, using social engineering tactics to steal cloud storage credentials and sensitive data. The group, tracked under the cluster code CL-CRI-1147, launched its dedicated data…...

11+ hour, 39+ min ago  (359+ words) Check Point Research has uncovered active exploitation of CVE-2026-50751, a critical authentication bypass vulnerability (CVSS 9. 3) in Check Point Remote Access VPN and Mobile Access deployments, with confirmed post-compromise activity linked to the Qilin ransomware gang. CVE-2026-50751 targets deployments configured to…...

13+ hour, 52+ min ago  (669+ words) A newly identified piece of Windows malware is raising serious concerns among cybersecurity professionals for its wide reach and unusually deep set of capabilities. Discovered through underground channels linked to Telegram, the threat known as Lucid Stealer goes far beyond…...

14+ hour, 22+ min ago  (574+ words) Chrome users should treat the latest stable update as an urgent security priority, with Google patching 429 vulnerabilities, including 22 rated critical, in Chrome 149. 0. 7827. 53 across Windows, mac OS, Linux and Chrome for i OS. Google has promoted Chrome 149. 0. 7827. 53 to the stable channel…...

13+ hour, 35+ min ago  (658+ words) A sophisticated cybercriminal group known as UNC3753 has been running an aggressive campaign against US law firms since early 2026, using phone calls, screen-sharing tricks, and remote monitoring software to break into corporate systems and steal sensitive files. The group is also…...