3+ hour, 49+ min ago  (288+ words) A critical warning has been issued about an active threat campaign targeting misconfigured Experience Cloud sites. According to Salesforce's Cyber Security Operations Center, this campaign does not rely on a vulnerability within the Salesforce platform itself. Instead, it preys on…...

20+ hour, 51+ min ago  (510+ words) Tools like Microsoft Copilot integrate directly into daily workflows, summarizing emails and meetings while pulling context from across the Microsoft 365 ecosystem. However, this convenience introduces a novel security boundary that many organizations have not yet prepared to defend. The vulnerability…...

18+ hour, 37+ min ago  (502+ words) Analysts at ANY.RUN has identified a sharp spike in phishing campaigns exploiting Microsoft's OAuth Device Authorization Grant flow, with more than 180 malicious URLs detected within a single week. Unlike conventional credential harvesting, this technique routes victims through legitimate Microsoft…...

7+ hour, 41+ min ago  (203+ words) A significant vulnerability in the GSSAPI Key Exchange patch was applied by numerous Linux distributions on top of their OpenSSH packages. The flaw, tracked as CVE-2026-3497, was uncovered by security researcher Jeremy Brown. It allows an attacker to crash SSH…...

6+ hour, 57+ min ago  (320+ words) The CrackArmor vulnerabilities trace their origins to Linux kernel version 4.11, released in 2017, and have remained undetected in production environments for nearly nine years. Discovered by the Qualys Threat Research Unit (TRU) and publicly disclosed on March 12, 2026, the flaws reside within…...

1+ day, 3+ hour ago  (479+ words) GitLab Security Update Patch XSS and API DoS Vulnerabilities GitLab has released urgent security updates for its Community Edition (CE) and Enterprise Edition (EE) to address a wide range of vulnerabilities. The newly released versions 18.9.2, 18.8.6, and 18.7.6 fix a total of…...

1+ day, 5+ hour ago  (472+ words) Chrome Security Update Patch for 29 Vulnerabilities Google has officially released Chrome version 146 to the stable channel, delivering crucial security updates for Windows, Mac, and Linux users. Rolling out over the coming days, Chrome 146.0.7680.71 for Linux and 146.0.7680.71/72 for Windows and Mac…...

1+ day, 1+ hour ago  (490+ words) Cybersecurity authorities have flagged a severe security flaw in SolarWinds Web Help Desk that requires immediate attention from system administrators. Tracked as CVE-2025-26399, this vulnerability allows malicious actors to execute unauthorized commands directly on the host machine. Because of its…...

1+ day, 3+ hour ago  (436+ words) A sophisticated Microsoft 365 credential harvesting campaign that weaponizes Cloudflare's own protective features to evade detection and silently steal user login data. The campaign demonstrates a growing and troubling trend: threat actors turning the very tools designed to defend websites into…...

22+ hour, 45+ min ago  (274+ words) The U.S. subsidiary of a Swedish telecommunications multinational has disclosed a data breach exposing the personal information of employees and customers. The incident did not occur on Ericsson's internal network, but rather targeted one of the company's third-party service providers. According…...